PERSONAL DATA PROTECTION

The company GQsystems, s.r.o., with its registered office at Kasalova 581/27, 949 01 Nitra, Slovak Republic, with its operation at: Strojnícka 34, 82105 Bratislava, Slovak Republic, ID No.: 46 371 621, Tax ID No: 2023343223, VAT ID No.: SK2023343223, registered in the Business Register of the District Court Nitra, Section: Sro, Insert number: 29893/N "). (hereinafter referred to as the „Company“)

PURPOSE OF PERSONAL DATA PROCESSING

The company GQsystems, s.r.o. processes personal data in several different ways and for appropriate purposes:

INFORMATION SYSTEM HUMAN RELATIONS AND WAGES - PAM

Personal data in the PAM - Human Resources and Wages information system are processed for the purpose of keeping the personnel agenda and paying wages to employees of the Company, as well as fulfilling the related legal obligations in accordance with the applicable legislation of the Slovak Republic. Personal data are processed within the fulfilment of the legal obligations of the operator pursuant to Art. 6 par. 1, point c) of Regulations (in particular obligations arising from Act No. 311/2001 Coll., the Labour Code and on amendments to certain acts as amended, and employer's obligations arising from Act No. 461/2003 Coll. on Social Insurance and Act No. 580/2004 Coll. on Health Insurance. The person affected has legal obligation to provide his/her personal data. Personal data are processed in accordance with Article 6 (1) (a) of the Regulation (processing based on consent - photograph). The employee's personal data will be provided to the following beneficiaries: entities providing development, management and support of information technologies, entities providing external audit performance, company on servers of which the personal data are stored, company providing personnel and payroll agenda. Data holding periods are laid down by separate regulations. Public authorities, auditors and lawyers, health insurance companies, Social insurance company, clients, intermediaries responsible for IT infrastructure management are recipients of personal data.

INFORMATION SYSTEM ACCOUNTING

The purpose of processing personal data in the information system accounting is to comply with legal obligations of the operator resulting from separate regulations (the Act on Accounting, the Act on Value Added Tax, the Act on Income Tax, etc.). The legal basis for the processing of personal data is the fulfilment of a legal obligation under Art. 6 par. 1, point (c) of the Regulation. The data holding period for personal data is 10 years. Public authorities, auditor and lawyer, intermediary company responsible for administration of accounting agenda, intermediary responsible for management of IT infrastructure are the recipients of personal data.

INFORMATION SYSTEM DIRECT MARKETING

Personal data in the information system direct marketing is processed for the purpose of customer care, providing information on products and services and market research (sending news, newsletters, etc.), where the data is processed only if the customer gives consent to the processing of personal data. Personal information within the information system is provided to the intermediary for the administration of the customer service agenda and customer care. Data holding periods are set in accordance with the provided consent of the data subject in question.

INFORMATION SYSTEM ARCHIVING AND REGISTRATION

Personal data in the registry administration information system are processed in compliance with the legal obligations of the operator pursuant to Art. 6 par. 1, point c) of the Regulation (in particular obligations arising from Act No. 395/2002 Coll. on archives and registries and on amendments to certain acts, as amended) and obligations arising from the Act No. 305/2013 Coll. on Electronic Form of the Exercise of Powers of Public Authorities Bodies and on amendments to certain acts - the Act on e-Government). The provision of personal data is a legal obligation of the data subject in question. The employee's personal data will be provided to the following beneficiaries: IT development, management and support entities, external audit entities, telecommunications service providers. Data holding periods are laid down by separate regulations.

INFORMATION SYSTEM FOR REPORTING OF ANTI-SOCIAL ACTIVITY AND SERIOUS ANTI-SOCIAL ACTIVITY

Personal data in the information system of reporting of anti-social activity and serious anti-social activity are processed within the fulfilment of legal obligations of the operator pursuant to Art. 6 par. 1, point c) of the Regulation (in particular obligations arising from Act No. 307/2014 Coll. on certain measures related to the reporting of anti-social activities and amendment of certain acts. The provision of personal data is a legal obligation of the person concerned. The employee's personal data will be provided to the following recipients: public authorities bodies. Individual data holding periods are laid down by separate regulations.

INFORMATION SYSTEM PERSONNEL ACTIVITY

Personal data in the information system personnel activity are processed within fulfilment of the contractual obligations pursuant to Art. 6 par. 1, point b) of the Regulation and based on the consent of the data subject in question within the meaning of Art. 6 par. 1, point a), article 9, par. 2, point (a) of the Regulation. The provision of personal data is necessary for performance of the contract to which the person concerned is a party, including pre-contractual relations. With the consent of the data subject in question, the operator shall provide personal data to the recipients in order to fill a job vacancy with a suitable candidate. Individual data holding periods are set in accordance with the processing of personal data, at least for 6 months respectively after fulfilling the purpose of providing personal data, which is the conclusion of the employment relationship of the person concerned with the operator.

 

The company GQsystems, s.r.o. processes personal data based on the consent of the data subjects in question or under legal regulation. Personal data are processed in the company GQsystems, s.r.o. primarily for the purpose of fulfilling the obligations of the employer in connection with the employment, within the pre-contractual relations processes the personal data of job seekers as well as for the purposes defined above.

PRINCIPLES OF PERSONAL DATA PROCESSING

The company GQsystems, s.r.o. when processing personal data, adheres to the following principles:

  • the principle of legality
    we only process the personal data in a lawful manner and pay a special attention to ensuring that the fundamental rights of the data subjects in question are not violated and we proceed in personal data processing in accordance with the Act No. 18/2018 Coll. on Personal Data Protection and the Regulation of the European Parliament and of the Council No. 2016/679 on Protection of Individuals with regard to Personal Data Processing and on Free Movement of such Data and repealing the Directive No. 95/46 / EC (General Data Protection Regulation).
  • the purpose limitation principle
    we only collect the personal data for a specific, explicitly stated and legitimate purpose and never process them in a manner that is incompatible with this purpose.
  • the principle of minimizing personal data
    we only process the personal data that are reasonable, relevant and limited to the extent necessary for the purpose for which they are processed
  • the principle of correctness
    we make sure that the personal data we process are correct, if necessary we shall update them and to this end we shall take appropriate and effective measures to ensure that personal data which are inaccurate for the purposes for which they are processed, are deleted or corrected without undue delay.
  • the principle of minimizing the data holding period
    we keep personal data in a form that allows the data subject to be identified at the latest until it is necessary for the purpose for which the personal data are processed.
  • the principle of integrity and confidentiality
    we shall only process the personal data in a manner that ensures adequate security of personal data through appropriate technical and organizational measures, including protection against unauthorized processing of personal data, unlawful processing of personal data, accidental loss of personal data, deletion of personal data or damage to personal data.
  • the principle of liability
    as an operator, we are responsible for adhering to the basic principles of personal data processing, for compliance of personal data processing with the principles of personal data processing and we can demonstrate this compliance with the principles of personal data processing at the Office's request.

 

PERSONAL DATA PROTECTION GUARANTEE

The company GQsystems, s.r.o. has adequate personnel, organizational and technical measures, which are processed in the personal data protection documentation.

The company GQsystems, s.r.o. has elaborated a security policy and guidelines for each information system governing the method of processing of personal data, with particular emphasis on the protection of the rights of data subjects in question.

The company GQsystems, s.r.o. does not carry out the cross-border transfer of personal data.

RIGHTS OF THE PERSONS CONCERNED

Upon written request, request sent by email or in person to the company GQsystems, s.r.o. the data subject in question has the right:

  • to require an access to his/her personal data and to correct, delete or restrict the processing of his/her personal data;
  • to object to the processing of his/her personal data;
  • of portability of personal data;
  • to file a petition to initiate proceedings at the Office for Personal Data Protection of the Slovak Republic;
  • to request information about the way and the personal data processed and the right of access to personal data that the company GQsystems, s.r.o. processes about him/her.

Requests from the persons concerned are processed free of charge, with the exception of Section 21 par. 3 of Act No. 18/2018 on Personal Data Protection.

PROVISION OF INFORMATION

Your written requests regarding scope, eligibility and other information as for processing of personal data in the company GQsystems, s.r.o. or issues of personal data protection in the company GQsystems, s.r.o. send to the address of the Company's operation: GQsystems, s.r.o., Strojnícka 34, 821 05 Bratislava or to the following e-mail address: office@gqsystems.eu. The company GQsystems, s.r.o. will handle your application free of charge except in accordance with Section 21 par. 3 of Act No. 18/2018 Coll. on Personal Data Protection no later than 30 days after receiving your request.