Podmienky ochrany osobných údajov

Privacy Policy - techessence.sk

This privacy policy explains how we process personal data in the provision of our services within the company Martin Babčan, based in: Ottlýkovská 396/36, 01314 Kamenná Poruba, ID: 52611281, registration: the District Office of Žilina, Trade Register No. 580-66268 (hereinafter referred to as "operator" or "my"). For answers to any questions regarding the protection of personal data or the receipt and handling of requests from data subjects, please do not hesitate to contact us using the contact details.

Contact details:

E-mail: objednavky@techessence.sk

Phone number: 0949 819 436

Correspondence address: Ottlýkovská 396/36, 01314 Kamenná Poruba

These privacy conditions serve primarily to fulfil the information obligations under Articles 13 and 14 GDPR towards the data subjects about whom we process personal data. Typically, these are mainly our customers or employees of our business partners, clients or suppliers. In processing personal data, we are primarily governed by the EU General Data Protection Regulation ("GDPR"), which also governs your rights as a data subject,[1] 18/2018 Coll., on the protection of personal data (hereinafter referred to as "Data Protection Act") that apply to us as well as other legal regulations. If you do not fully understand any of the information in these terms and conditions please do not hesitate to contact us.

Why do we process personal data?

The processing of personal data is necessary on our part, in particular to enable us to:

to provide our services and products and to process the personal data of our customers, clients, suppliers, business partners, employees and others for this purpose;
manage our human resources effectively;
comply with various legal and contractual obligations; and
protect our legitimate interests.

For what purposes and on what legal basis do we process personal data?

We process personal data for the following purposes based on the following legal bases:

	Purpose of processing personal data	Legal basis
1.	Closing and order processing - merch techessence.sk	Performance of the contract
2.	Complaints procedure (complaint handling)	Fulfilling legal obligations
3.	Taking and publishing photos from techessence.sk events	Consent
4.	Tickets for events techessence.sk	Performance of the contract
5.	Proving, asserting or defending legal claims (legal agenda)	Legitimate interest
6.	Data subjects' rights agenda	Fulfilling legal obligations
7.	Fulfilling contractual relations with business and other partners	Performance of the contract
8.	Running social media profiles	Legitimate interest
9.	Marketing and PR purposes	Consent and/or legitimate interest
10.	Accounting and tax purposes	Fulfilling legal obligations
11.	Archival purposes and management of registers	Article 89 GDPR
12.	Statistical purposes	Article 89 GDPR

What are the legitimate interests we pursue in processing personal data?

For the following purposes, we rely on the legal basis of legitimate interest under Article 6(1)(f) GDPR. Please find below a more detailed explanation of these purposes or legitimate interests:

Proving, asserting or defending legal claims (legal agenda)	In rare cases, we have to prove, assert or defend our legal claims in or out of court or report certain facts to public authorities, which we consider to be in our legitimate interest.
Operation and management of profiles on social networks, including discussion forums	If we operate our own social media profiles (Facebook, Instagram, YouTube, etc.), we rely on our legitimate interest in raising awareness of our company in the online environment.
Marketing and PR purposes	When we organise events and activities to which we invite our business partners, we rely on our legitimate interest, which is for direct marketing purposes. In accordance with Recital 47 of the GDPR: "The processing of personal data for direct marketing purposes can be considered a legitimate interest."

What personal data do we process about you?

Common personal data necessary for order processing such as title, first name, last name, billing address, delivery address, contact details (phone number, email), in the case of business partners billing details and contact person.

Who do we provide your personal data to?

We take the confidentiality of personal information very seriously and have therefore adopted internal policies that ensure that your personal information is only shared with authorised employees of our company or vetted third parties. Our employees and staff may only have access to your personal information at "need-to-know" basis, i.e. only authorised employees of the specific department to which the processing of personal data relates may have authorised access, with such access typically limited by the position, function and job description of the specific employee. We provide personal data of our clients, employees, business partners and other individuals only to the extent necessary to the following categories of recipients of personal data:

our vetted and duly legally obliged intermediaries;
our professional advisors (e.g. lawyers, auditors);
payroll and accounting companies;
software and cloud service providers (e.g. Microsoft One Drive or Sharepoint);
provider of technical (IT) and organizational (event agencies) support for our company;
Social Insurance Institution, pension trustee insurance companies, supplementary pension insurance companies, health insurance companies, Office of Social Affairs and Family;
postal carriers and courier services;
employees of the above-mentioned persons.

If we use a processor to process your personal data, we will always check in advance whether the processor meets the organisational and technical requirements in terms of ensuring the security of the processing of your personal data. If we use our own recipients (internal staff of our company) to process personal data, your personal data is always processed on the basis of authorisations and instructions, which we use to inform our recipients not only about the internal rules of data protection, but also about their legal liability for violating them. If we are asked by a public authority to disclose your personal data, we examine the conditions set out in the legislation for disclosure and do not disclose your personal data without checking whether the conditions are met. If you would like information regarding our current processors, please do not hesitate to contact us.

Which countries do we transfer your personal data to?

By default, we restrict any cross-border transfers of personal data to third countries outside the European Economic Area (EU, Iceland, Norway and Liechtenstein).

How long do we keep your personal data?

We retain personal data for no longer than is necessary for the purposes for which the personal data is processed. In general, the retention period is based on legal regulations. If the legislation does not follow, the retention period of your personal data is always determined by us in relation to specific purposes through our group internal policy and/or our retention schedule. If we process your personal data on the basis of your consent, we are obliged not to process your personal data further for that purpose after withdrawal of consent. However, this does not preclude that we may continue to process your personal data on another legal basis, in particular to comply with legal obligations.

The general retention periods of personal data for our defined purposes of processing personal data are as follows:

Purpose	General retention period of personal data
Closing and order processing - merch techessence.sk	For the period of order processing and thereafter for a period of 2 years.
Complaints procedure (complaint handling)	For a period of 5 years.
Taking and publishing photos from techessence.sk events	For a period of 5 years.
Tickets for events techessence.sk	For the period of order processing and thereafter for a period of 2 years.
Proving, asserting or defending legal claims (legal agenda)	Until the legal claim is time-barred.
Data subjects' rights agenda	Until the legal claim is time-barred.
Fulfilling contractual relations with business and other partners	For the duration of the contractual relationship and for 10 years thereafter.
Running social media profiles	Until the post is deleted by the data subject, the post is removed by us, our profile is removed or the data subject requests the deletion of personal data. We delete messages via social networks by default once every 2 years.
Marketing and PR purposes	We keep photographs and videos of our events for the period specified in the notice or consent to take photographs or videos located at the event venue. Typically this may be for a period of 5 years. In the case of the newsletter, until we receive an objection to the processing of personal data or you unsubscribe from the newsletter.
Accounting and tax purposes	During the ten years following the accounting year to which the accounting documents, books of account, lists of ledgers, lists of numerals or other symbols and abbreviations used in accounting, the depreciation schedule, inventories, inventory entries, the chart of accounts relate.
Archival purposes and management of registers	During storage periods according to the filing plan.
Statistical purposes	For the duration/existence of other processing purposes.

The above retention periods only set out the general periods during which personal data are processed for the purposes in question. However, we will in fact proceed to the destruction or anonymisation of personal data before the expiry of these general periods if we consider the personal data concerned to be no longer necessary for the above-mentioned processing purposes. Conversely, in some specific situations, we may retain your personal data for longer than the above if required by law or our legitimate interest. If you would like information regarding the specific retention period for the retention of your personal data, please do not hesitate to contact us.

How do we collect personal data about you?

We most often obtain your personal data directly from you. In this case, the collection of personal data is voluntary. You can provide personal data to our company in various ways, e.g. :

by creating an order on our website;
in the process of concluding a contract with our company;
by communicating with you;
by participating in events organised by our company;
by participating in our company's social networking activities;
by submitting a contact form with your comments, queries or questions.

However, we may also obtain your personal data from your employer or from the company in connection with which we process your personal data. This is most often the case when we are entering into or negotiating a contractual relationship or its terms with that company. Where the obtaining of personal data relates to a contractual relationship, this is most often a contractual requirement or a requirement that is necessary to enter into a contract. Failure to provide personal data (either yours or your colleagues') may have negative consequences for the organisation you represent as the contractual relationship may not be concluded or implemented. If you are a member of the statutory body of an organisation that is a party to our contract or with which we are negotiating a contractual relationship, we may obtain your personal data from publicly available sources and registers. In any event, we do not systematically further process any personal data obtained incidentally for any personal data processing purpose defined by us.

What rights do you have as a data subject?

"If we process personal data about you on the basis of your consent to the processing of your personal data, you have the right to withdraw your consent at any time. However, its revocation does not affect the lawfulness of the processing of personal data prior to its revocation. You have the right to effectively object at any time to the processing of personal data for direct marketing purposes, including profiling."

"You also have the right to object to the processing of your personal data on the basis of the legitimate interests pursued by us as explained above. You also have this right to object to the processing of your personal data on the legal basis of public interest, which we do not carry out."

If you exercise this right, we will be happy to demonstrate the manner in which we have assessed these legitimate interests as overriding the interests, rights and freedoms of the data subjects.

The GDPR sets out the general conditions for exercising your individual rights. However, their existence does not automatically imply that they will be complied with by us when exercising individual rights, as exceptions may apply in a particular case or some rights are linked to specific conditions that may not be met in every case. Your request regarding a specific right will always be dealt with and examined in the light of the legislation and our internal policy for dealing with complaints from data subjects. In particular, as a data subject you have:

The right to request access to personal data under Article 15 of the GDPR that we process about you. This right includes the right to confirm whether we are processing personal data about you, the right to obtain access to that data and the right to obtain a copy of the personal data we are processing about you, where technically feasible;
The right to rectification and completion of personal data pursuant to Article 16 GDPR if we process incorrect or incomplete personal data about you;
The right to erasure of your personal data under Article 17 of the GDPR;
Right to restriction of processing of personal data under Article 18 GDPR;
The right to data portability under Article 20.

If you believe that we are processing inaccurate personal data about you with respect to the purpose and circumstances and you are unable to amend such personal data through the features of the App, Account or Website, you may request that we correct the inaccurate or complete the incomplete personal data using the additional statement below (all information is voluntary) and/or contact us via our contact details:

Supplementary declaration of rectification of personal data
Your name and surname:
Contact details:
Relevant purpose of processing:	Please specify the purpose of the processing to which your request relates.
The context or relationship between you and our society:	Please indicate whether you are our employee, business partner, job seeker, etc.
The nature of your repair:	Please explain whether you are requesting the correction of incorrect personal data or the completion of incomplete personal data.
Background to your request for correction:	Please explain why you believe that we are processing your personal data incorrectly or incompletely.
Correction:	Please indicate which specific personal data you require to be corrected or completed.
Please send us this supplementary declaration of correction of personal data using the contact details provided in the header of this document.

You also have the right to lodge a complaint with the Office at any time for the protection of personal data of the Slovak Republic or take legal action before the competent court. In any event, we recommend that you resolve any disputes, questions or objections primarily by communicating with us.

Is automated individual decision-making occurring?

No, we do not currently carry out processing operations that would lead to a decision with legal effect or other substantial impact on your person based solely on fully automated processing of your personal data within the meaning of Article 22 GDPR.

External websites

Our website may contain links to other websites and/or services of other providers (e.g. reCAPTCHA from Google Inc.). We are not responsible for the content and administration of the websites or services of other Providers to which we link. This privacy policy does not apply to the processing of personal data in the context of your movement on other websites.

How do we protect your personal data?

It is our duty to protect your personal data in an appropriate manner and we therefore pay due attention to its protection. Our company has implemented generally accepted technical and organisational standards in order to maintain the security of the personal data processed, in particular against loss, misuse, unauthorised alteration, destruction or other impact on the rights and freedoms of data subjects. In situations where sensitive data is transmitted, we use encryption technologies vid e.g. communication with a payment gateway. Your personal data is stored on our secure servers or on the servers of our website operators located in data centres located in the Slovak Republic and the Czech Republic. In the case of the use of third-party analytical tools, the data is stored on third-party servers (see cookies).

Cookies

Cookies are small text files that improve the use of a website by, for example, allowing recognition of previous visitors when logging into the user environment, remembering a visitor's choice when opening a new window, measuring website traffic or how the website is used for user improvement. In particular, our website uses cookies for the purpose of measuring its traffic. If we are able to identify the person of a visitor to our web environment when recording, this will be processing of personal data. We must have a legal basis for such processing. One legal basis may be your consent as a data subject. If we process your data on the basis of your consent, this consent can be withdrawn at any time.

You can control or delete cookies at your discretion. Please visit aboutcookies.org for details. You can delete all cookies stored on your computer and you can set most browsers to prevent them from being stored.

Cookies are useful as long as site owners do not misuse them for unauthorised data collection. If you do not trust the functionality of cookies, you can periodically delete them from your disk. In some cases, the information obtained through cookies may not be recorded correctly and therefore you may have problems logging in to, for example, our web applications. You can find instructions on how to delete all cookies, even incorrectly written cookies, below. Instructions for deleting cookies in individual web browsers

Internet Explorer™

https://support.microsoft.com/sk-sk/help/278835/how-to-delete-cookie-files-in-internet-explorer

Safari™

https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Opera™

https://www.opera.com/help/tutorials/security/privacy/

Mozilla Firefox™

https://support.mozilla.com/sk/kb/odstranenie-cookies

Google Chrome™

https://support.google.com/chrome/answer/95647?hl=sk&hlrm=en

Social networks

We encourage you to read the privacy policies of the providers of the social media platforms through which we communicate. Our privacy policy only explains basic issues related to the management of our profiles or those of our clients. We only have typical administrative permissions when processing your personal data through our or our clients' profiles. We assume that by using social networking sites you understand that your personal data is primarily processed by the providers of social networking platforms (such as Facebook, Instagram, YouTube, etc.) and that we have no control over and are not responsible for this processing, the onward transfer of your personal data to third parties and cross-border transfers to third countries by these social networking platform providers.

Changing the privacy policy

Data protection is not a one-off issue for us. The information we are required to provide you with in relation to our processing of personal data may change or cease to be up to date. For this reason, we reserve the right to modify and change these terms and conditions to any extent at any time. In the event that we change these terms in a material way, we will bring this change to your attention, for example, by a general notice on this website or a separate notice by email.

Martin Babčan (techessence.sk)

In Kamenná Poruba, 18.3.2022

[1] See Articles 12 to 22 GDPR: http://eur-lex.europa.eu/legal-content/SK/TXT/HTML/?uri=CELEX:32016R0679&from=EN