PRIVACY POLICY

The following information pertains to the processing of personal data pursuant to Article 13 and other relevant provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”), in accordance with Section 19 of Act No. 18/2018 Coll. on the Protection of Personal Data (hereinafter referred to as the “Act”). The primary purpose of this document is to inform data subjects about the methods of processing and the protection of personal data which they provide to us, as the data controller.

STRUČNÝ OBSAH
1 DATA CONTROLLER AND DATA SUBJECT
2 PERSONAL DATA
3 DEFINITION OF PERSONAL DATA PROCESSING
4 PURPOSE OF USE AND RETENTION PERIOD OF PERSONAL DATA
5 RETENTION PERIOD
6 DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
7 TRANSFER TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
8 RIGHTS OF THE DATA SUBJECT

DATA CONTROLLER AND DATA SUBJECT

DATA CONTROLLER

SetupMART s.r.o., having its registered office at Vodná 21, 949 01 Nitra, Slovak Republic, Company ID No.: 48 284 700, registered with the Commercial Register of the District Court Nitra, Section: Sro, Insert No. 39337/N (hereinafter also referred to as “SETUPMART”).

Telephone: +421 (0) 910 399 090
Email: info@setupmart.com
Website: www.setupmart.com

DATA SUBJECT

A data subject is any natural person who provides personal data to the data controller in connection with the use of the controller’s services or in connection with expressing interest in such services.
A data subject shall also mean a natural person acting on behalf of a legal entity, where such natural person provides their personal data in connection with the use of, or interest in, the controller’s services.

 

PERSONAL DATA

Personal data means any information relating to an identified or identifiable natural person. The scope of personal data processed by SETUPMART depends on the purpose for which the personal data are being processed.

The extent and list of processed personal data derive from the specific contractual or pre-contractual relationship or are provided directly by the data subject through consent.

The controller obtains personal data directly from the data subject or from third parties that provide data about the data subject (e.g. public authorities, legal representatives, authorized persons, etc.).

 

DEFINITION OF PERSONAL DATA PROCESSING

The scope of personal data processed by the controller depends on the data subject’s request submitted to the controller.

Upon ordering a service via the controller’s website, the controller requires the data subject to provide their name, surname, telephone number, or email address for the purpose of providing the requested service.

Depending on the type of service provided, the controller may also process the following personal data: residence address, nationality, date of birth, national identification number, identity document and the information contained therein, likeness, place of birth, father’s and mother’s full names, and mother’s maiden name.

 

PURPOSE OF USE AND RETENTION PERIOD OF PERSONAL DATA

PURPOSE OF USE

The controller processes and uses the personal data of the data subject for several purposes and based on the following legal grounds:

  1. Ensuring communication between the controller and the data subject:
    • Communication through the controller’s contact form published on the website, used for handling requests and related communication. The personal data processed are name, surname, email address, and optionally, phone number. The data subject consents by submitting the form.
    • Sending job position notifications to data subjects who have expressed interest in employment with the controller.
  2. Performance of a contract to which the data subject is party, or to take steps at the data subject’s request prior to entering into a contract:
    • Concluding a valid contract and ensuring its proper performance.
    • Pre-contractual arrangements to handle the data subject’s service-related request submitted via the contact form or email.
  3. Legitimate interests of the controller:
    • Enforcement of potential claims arising from the contract.
    • Use of cookies without profiling or identifying the connection to a specific IP address. Details are available on the controller’s website.
    • Marketing purposes, especially promoting services to existing clients.
  4. Compliance with legal obligations:
    • Processing data as required by legal regulations on data retention and documentation (e.g. contracts, orders, invoices) in accounting systems or internal business databases.
    • Disclosing personal data to public authorities or entities resolving disputes or enforcing decisions.

 

RETENTION PERIOD

The controller retains and archives personal data for the period granted by the data subject or as required by applicable legal regulations.

For data subjects with whom the controller has a contract, data are retained for the duration of the contract and generally for five years thereafter.

 

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

The controller may disclose personal data to trusted third parties where necessary for the performance of a contract or where the data subject has consented to such disclosure.

These may include partner law firms, notaries, banks, accounting service providers, web developers, and IT service providers. Third parties may use the data solely for fulfilling the contract or delivering related services.

 

TRANSFER TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

The controller does not transfer personal data to third countries or international organizations.

 

RIGHTS OF THE DATA SUBJECT

The data subject has the right to access their personal data. Upon request, the controller will confirm whether their data are processed and, if so, provide a copy. The first copy is free of charge; subsequent copies may incur administrative fees. Requests may be submitted electronically and will be answered via email unless another method is requested.

The data subject has the right to rectification of inaccurate or incomplete data.

The data subject has the right to erasure of personal data, particularly if:

  • the data were unlawfully processed;
  • they were collected in relation to services offered to children under 16;
  • they are no longer necessary for their original purpose;
  • consent is withdrawn;
  • the data subject objects to the processing;
  • erasure is required to comply with legal obligations.

The controller will not erase data if processing is necessary for compliance with legal obligations, public interest tasks, public health, archiving, statistics, or legal claims.

The data subject has the right to data portability to another controller, provided the data were obtained based on consent or contract and processed by automated means.

The data subject may request restriction of processing where there is no legal ground for processing and instead of erasure, requests limitation.

The data subject may withdraw consent at any time where processing is based on consent.

The data subject may lodge a complaint with the Slovak Data Protection Authority pursuant to Section 100 of the Act.

The data subject has the right to object to processing under Section 27 of the Act if:

  • processing is for direct marketing purposes, including profiling;
  • processing is not required for public interest, scientific, historical, or statistical purposes under Section 78(8) of the Act.

The controller shall assess such objection and, unless overriding legitimate grounds exist, cease processing the objected data.

The data subject may contact the controller at any time regarding their personal data at info@setupmart.com.

CONTACT US