Personal Data Processing Principles by ALCASYS SLOVAKIA

Data protection is very important to us, and therefore, when using personal data, our principle is to be transparent about why and how we process personal data. We respect your privacy and personal sphere. We also inform you about the rights of the affected individuals whose personal data we process.

Why do we process personal data?

We collect and subsequently process personal data for various reasons and for multiple purposes, always based on the legal regulations established by legislation.

Based on your consent, we process:

  • Personal data of job applicants for potential employment opportunities within our company and for contacting the applicant in case of a job opening.
  • Selected personal data for sending newsletters and information related to the company's services and products, organized events, etc.
  • Selected personal data to contact you through a selected communication channel in connection with the information you have requested and are interested in (information about products, solutions, etc.).

Based on valid special laws, we process:

  • Data in the personnel and payroll records of former employees to fulfill employer obligations related to employment, including archiving records regarding health and social insurance, supplementary pension savings, salary amounts, bonuses, income compensation due to health reasons, deductions, tax payments, etc.
  • Billing data for accounting records.
  • Correspondence data for recording incoming and outgoing mail.

Based on the legitimate interests of ALCASYS, we process:

  • Business data for establishing contractual cooperation and maintaining relationships with existing customers, developing mutual cooperation, organizing workshops, conferences, and similar activities related to our products, services, or company brand.
  • Personal data in the visitor log to identify individuals upon single-entry access to our company premises.
  • Data from the camera system for monitoring publicly accessible areas to ensure the safety of employees, visitors, and company property, as well as to detect criminal activities.

What type of personal data do we process?

The data we process about the affected individuals primarily falls into the category of common personal data. A special category of personal data (voice biometrics) is processed only to the extent and under the conditions defined in the contract as a service provider, acting as a data processor.

Whose data do we process?

The affected individuals whose data we process as a data controller primarily include:

  • Job applicants.
  • Employees of our customers and partners.
  • Employees of our suppliers (including subcontractors and affiliated persons of our suppliers and subcontractors).
  • Visitors to our physical premises, offices, or parking areas.
  • Individuals requesting price quotes and other business information.
  • Current and former employees of the company.
  • Other individuals who contact us on their own initiative, e.g., for submitting a complaint, requesting feedback, providing information, or other communications.

The affected individuals whose personal data we process as a data processor primarily include:

Individuals whose personal data we obtain and process in connection with providing services to our customers, partners, and companies with whom we have separate agreements and contracts for this purpose.

To whom and on what basis do we provide or make available your personal data?

To whom and on what basis do we provide or make available your personal data?
We provide your personal data to other parties only when it is required by law. We may also provide personal data to our suppliers based on a contractual relationship and business terms. These agreements require our suppliers to adhere to security mechanisms for the protection of personal data and maintain at least the same level of security standards regarding confidentiality, integrity, and availability of data to ensure that the level of protection guaranteed by us is not diminished.

We do not transfer personal data to third countries.

How do we protect your personal data?

The security of personal data, as well as other confidential information required for providing our solutions and services, is a high priority for us. We adhere to international security standards, and all our business, production, marketing, management, organizational, and support processes are regularly audited by independent audits. We hold certification in accordance with the requirements of the information security management standard ISO 27001:2013.

How long do we retain your personal data?

We retain your personal data only for the necessary period as defined in our internal company policy, the Registry Plan and Order. After these retention periods, personal data is securely deleted or anonymized within the specified timeframe.

Do we perform automated profiling of individuals?

In our personal data processing activities, we do not conduct automated profiling of individuals.

What are your rights concerning your personal data?

In accordance with current applicable legislation, you have the right to access your personal data, request correction, deletion, or restriction of its processing, as well as the right to object to our processing.

You can exercise all your rights by submitting a request to the responsible person via email at GDPR@alcasys.eu. When processing your request, we are authorized to request additional identification details for the purpose of one-time identity verification. When handling your request under the rights of affected individuals, we will also take into account our demonstrable legitimate reasons for processing personal data or for demonstrating, asserting, or defending legal claims.

If we process your personal data as a data processor (service provider), we recommend directing your inquiries and requests primarily to the data controller, as we are not always authorized to process such requests from affected individuals without the knowledge of our customer (data controller).

We hope you never need to file a complaint regarding our use of personal data. However, if you do wish to do so, please send your complaint to GDPR@alcasys.eu. We will address and respond to any complaints and requests we receive. You also have the right to file a complaint with the Office for Personal Data Protection of the Slovak Republic.

Our contact details as a data controller

If you have any questions regarding this statement or want to know more about how and why we process your personal data, contact our data protection officers through one of the following methods:

By email: GDPR@alcasys.eu

By postal mail: ALCASYS Slovakia, a.s., Staré grunty 36, P.O. Box 41, 84100 Bratislava 4

Changes to this Data Protection Statement

This statement is based on the currently valid legislation within the EU and the Slovak Republic, specifically Regulation (EU) 2016/679 of the European Parliament and Council and Act No. 18/2018 on the Protection of Personal Data and on Amendments to Certain Acts.

We will regularly review the validity of this data protection statement to maintain transparency in communication with affected individuals.

This data protection statement was last updated on May 25, 2018.