Privacy policy

INFORMATION WITH REGARD TO THE PROCESSING OF PERSONAL DATA FOR CLIENTS

IDENTIFICATION AND CONTACT DETAILS OF THE CONTROLLER

Business name: VN Group s.r.o. (VN Group LLC)
Principal office: 475 Lipova locality, 94102, Lipova, SR
Entity ID: 50952242
Contact: Viktor Nemeth
Data Protection Officer: In an instance of any questions related to the protection of personal data, you can contact us at the following contact details: +421 905 458 200 / nemeth@vngroup.sk

We approach your personal data responsibly and therefore, in terms of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR Regulation”) and the Protection of Personal Data Statute of 2018 (SR.S.18 of 2018) amending and supplementing certain other Acts in relation therewith (hereinafter referred to as the “Statute”), make another necessary information, besides our identification and contact details and the contact details of the data protection officer, available to you, as a Data Subject (a natural person whose personal data is being processed), on our website.

In terms of Art. 24 of the GDPR and the provision of section 31 of the Statute, we have approached the adoption of appropriate technical, organisational, personnel and security measures and warranties that take especially account of:

  • the principles relating to processing of personal data that are lawfulness, fairness and transparency, limitation and compatibility of the purposes of personal data processing, further minimization of personal data, their pseudonymisation and encryption, as well as integrity, confidentiality and availability;
  • the principles of necessity and proportionality (it also applies to the scope and amount of personal data processed, storage period and access to the personal data of a Data Subject) of the personal data processing with regard to purpose of the processing operation;
  • the nature, scope, context and purpose of the processing operation;
  • the strength and recovery of personal data processing systems;
  • the guidance to the controller's authorised persons;
  • taking measures to establish immediately whether a personal data breach has taken place and to inform promptly the supervisory authority and the data subject;
  • taking action to ensure the rectification or deletion of inaccurate data or the exercise of other data subject rights;
  • risks of varying likelihood and severity for the rights and freedoms of natural persons (especially accidental or unlawful destruction of personal data, loss or alteration of personal data, misuse of personal data - unauthorized access or unauthorized disclosure, risk assessment in terms of origin, nature, likelihood and severity of the risk in relation to the processing and the identification of best practices to mitigate the risk).

Purpose of personal data processing, the legal basis of personal data processing, the scope of personal data processed.

We obtain from you only those data that we strictly need to provide a full-valued service - registration for work abroad - i.e. when providing client support, or when handling any complaints that may arise. The purposes of personal data processing in each individual procedural steps are as follows:

  • When communicating with clients by telephone, in person, in the way of electronic/paper mail or over the online contact form, we process data, in terms of Art. 6(1)(f) of the GDPR, thus of the legitimate interest in order to respond to any inquiry/suggestion or question, being presented by you, regarding the services provided and products supplied, when it is indispensable to verify the relevance of the request, or to realise any incidental follow-on contacting you as the Data Subject;
  • In case of showing an interest in our services, in the course of developing the registration by phone, in person, in the form of electronic/paper mail, we process data in terms of Art. 6(1)(b) of the GDPR, where the data processing is inevitable to conduct the necessary measures according to your requirements in your capacity as a customer before concluding and confirming the registration, i.e. during the pre-contractual relationship process - e.g. identification of the client during the developing, definition or adjustment of the registration, where practicable, addition of other necessary data for concluding the registration;
  • After confirming the registration, i.e. after establishing a contractual relationship between us and you as a Data Subject, being an ordering party/client, in the necessary cooperative communication, while informing about changes in the purchase order status, at final personal delivery by hand, or in preparing and issuing a tax document (invoice), we process data in terms of Art. 6(1)(b) of the GDPR, where the data processing is inevitable for the fulfillment of the contractual relationship to which you, as the Data Subject (Client), are a Party;
  • Through a website, you have the possibility to voluntarily create and register a user account with us, to register an email address as a customer for receipt of the product news - newsletters, where we process data, in terms of Art. 6(1)(a) of the GDPR, on the basis of the consent granted to the processing of your personal data for the purpose of creating and maintaining a user account, or for the purpose of sending the current news in the way of newsletters to the email address provided.

List of personal data to be processed

The data necessary for sending a message via the online contact form:

  • Name;
  • Electronic mail address;
  • Telephone;
  • Other details provided by the message being sent, where practicable.

The data required in the registration for being in receipt of the newsletter - product news:

  • Electronic mail address.

The data necessary for registration of a user account:

  • Forename and Surname;
  • Electronic mail address;
  • Permanent residence address, where applicable other correspondence address;
  • Phone number.

The data necessary for registration to look for work abroad - consent of the Data Subject:

  • Forename and Surname;
  • Electronic mail address;
  • Permanent residence address;
  • NIN;
  • Phone number;
  • National Identity Card number;
  • Photograph - for the purpose of creating an access card;
  • Insurance card.

Billing Details:

  • Forename and Surname;
  • Permanent residence address, where applicable other correspondence address for the billing needs;
  • Account number / IBAN.

List of our Processors and Recipients of Personal Data

We process your data for our own purposes as a Controller. This means that we determine the purposes for which we collect your personal data, determine the means of processing and are responsible for proper execution of them. When you visiting our website https://www.vngroup.sk/, completing registration a user account, when marketing materials (newsletters) are been sent, when filling in a contact form, your data is also processed by another entity that is in the capacity of a Processor or Recipient:

  • Supplier of IT technologies and cloud services;
  • Supplier of marketing/newsletter services;
  • Supplier of tax and accounting services.

Transfer of personal data to a third country or to an international organisation It is not and does not intend to.

Period for which the personal data will be stored

Your personal data being processed or that are being processed by us in terms of Art. 6(1)(b) of the GDPR - within the fulfillment of obligations as the Controller (LLC) towards the ordering parties and clients, we further process in order to comply with our legal obligations in the area of taxes and accounting, arising for us from generally binding laws (e.g. keeping individual accounting records of your confirmed purchase orders and billing for the purpose of delivering by hand of selected goods to your contact address in terms of the Accountancy Act of 2002 (Legislation No. 431/2002), as amended by subsequent statutes, for instances of demonstration of compliance with tax obligations in terms of tax laws such as the Income and Corporation Taxes Act of 2003 (Legislation No. 595/2003), the Taxes Management Act of 2009 (Legislation No. 563/2009), etc. and we must keep them for the period provided for by the applicable laws. In any case, we are guided by the principle of minimizing the storage period of the personal data in terms of Art. 5(1)(e) of the GDPR and therefore your personal data, which are not subject to archiving pursuant to specific laws, will be deleted or anonymized.

We process the personal data, being processed in terms of Art. 6(1)(a) of the GDPR, on the basis of the consent to the processing of your personal data, granted by you for the purpose of creating and maintaining a user account, or for the purpose of sending the current marketing news, for a period of 3 years, or until the withdrawal of the consent. In the case of the end of the data processing period, we make contact in writing or via e-mail, when the consent to the processing of personal data for a defined purpose can be renewed and extended for the next processing period. In the event the consent is not given, when renewing and extending the purpose of processing, or not responding to the contact made, we shall no longer process your personal data - that means we automatically eliminate the data from the records, technically delete the electronic data from the systems and physically shred them.

The personal data processed in terms of Art. 6(1)(f) of the GDPR, by virtue of a legitimate interest, as obtained in response to any inquiry/suggestion or question, being presented by you, regarding the services provided and products supplied; when it is indispensable to verify the relevance of the request, or to realise any potential follow-on contacting the Client/Data Subject; that after completing all of the formalities are not subsequently forwarded to the pre-contractual or contractual relationship, are deleted without delay.

As the Controller, we shall ensure the deletion of personal data without undue delay after:

  • all contractual relationships between you and the Controller being terminated; and/or
  • all your obligations to the Controller being expired; and/or
  • all your complaints and requests being processed/dealt with; and/or
  • any other rights and responsibilities between you and the Controller being discharged; and/or
  • all the purposes of the processing, provided for by laws or the purposes of the processing, for which you gave us your consent, are fulfilled, if the processing take place upon the consent of the Data Subject; and/or
  • the expiry of the term for which the consent being granted or the consent being withdrawn by the Data Subject; and/or
  • the Data Subject’s request for deletion of personal data being satisfied and some of the grounds justifying the satisfaction of the request being fulfilled; and/or
  • the crucial legal fact for termination of the purpose of processing being happened and in the meanwhile the expiry of the protective retention term defined with regard to the principle of minimizing the personal data storage period;
  • and concurrently, the legitimate interest of the Controller does not hold, all obligations of the Controller laid down by generally binding laws that require storage of the Data Subject’s personal data (especially for the purposes of archiving, performance of tax inspection, etc.) or that may not be met without storage of them.

In no case we farther systematically process any personal data obtained incidentally for any purpose specified by us. Where possible, we inform a Data Subject, to whom belong the personal data obtained incidentally, of their incidental acquisition and, depending on the nature of the case, we shall provide them with the necessary co-operation leading to the restoration of control over their personal data. Immediately after these inevitable charges aimed at resolving the situation, we shell dispose of all incidentally obtained personal data in a secure manner and without delay.

In case of interest in further information regarding your personal data storage period, please contact us via the contact details referred to on our website.

Guidance on the rights of the Data Subject

In conformity with Art. 13 - 21 of the GDPR (Sec. 19-27 of the Personal Data Protection Act), as a Data Subject you have:

  • the right to request, from the Controller, access to the personal data pertaining to your person and confirmation of whether the personal data, pertaining to you, are processed (Art. 15 of the GDPR);
  • the right to rectification of your incorrect or incomplete personal data (Art. 16 of the GDPR);
  • the right to erasure of your personal data if the purpose of their processing has ceased or one of the conditions is met (Art. 17 of the GDPR);
  • the right to restriction of the personal data processing, if those are the cases pursuant to Art. 18 of the GDPR;
  • the right to object the personal data processing, if those are the cases pursuant to Art. 21 of the GDPR;
  • the right to the personal data portability pursuant to Art. 20 of the GDPR;
  • the right to lodge a complaint with a supervisory authority - the SR Government Office for Personal Data Protection (Úrad na ochranu osobných údajov Slovenskej republiky) located at: 12 Hraničná Street, Bratislava (27), 820 07, the Slovak Republic;
  • the right to file a motion to initiate proceedings pursuant to Section 100 of the Statute. You can find more information at: www.dataprotection.gov.sk.

You can exercise your rights with the Controller over contact details referred to in the heading hereof. To this end, you may use the Form for exercising the Data Subject Rights located at the business site. In an instance of any questions, please do not hesitate to contact us.

Automated decision-making, including profiling

The Controller does not use automated individual decision-making, nor profiling in the course of processing personal data for the given purpose.