Privacy Policy

The company MONICA TRADING s. r. o. (hereinafter referred to as the “Controller”) in accordance with Regulation 2016/679 GDPR on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and Act no. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts (hereinafter referred to as the “Act”), has developed security measures that are regularly updated. They define the scope and method of security measures necessary to eliminate and minimize threats and risks acting on the information system in order to ensure:

• the availability, integrity and reliability of management systems using state-of-the-art information technology
• protect personal data from loss, damage, theft, modification, destruction and maintain its confidentiality
• identify and prevent potential problems and sources of disruption.

Contact person in charge: Monica Van Cleven – office@monisgreens.com

Privacy Policy

Your personal data will be stored securely, in accordance with the security policy of the controller and only for as long as necessary to fulfil the purpose of the processing. Access to your personal data will be restricted to persons authorised by the controller to process your personal data and who process it on the basis of the controller’s instructions, in accordance with the controller’s security policy. Your personal data will be backed up, in accordance with the retention policy of the controller. Your personal data will be completely erased from the backup storage as soon as it is possible in accordance with the backup rules mentioned above. The personal data stored on the backup storage sites is used to prevent security incidents, in particular data availability disruptions due to a security incident.

Definitions

‘personal data‘ means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

‘processing‘ means an operation or set of operations concerning personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not carried out by automated or non-automated means

‘restriction of processing‘ means the marking of personal data stored in order to restrict their processing in the future;

‘profiling‘ means any form of automated processing of personal data which consists of using those personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of the natural person concerned relating to job performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements;

‘information system‘ means any organised collection of personal data which is accessible according to specified criteria, whether the system is centralised, decentralised or distributed on a functional or geographical basis;

‘controller‘ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down in Union law or in the law of a Member State, the controller or the specific criteria for determining him or her may be determined in Union law or in the law of a Member State;

‘processor‘ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

‘recipient‘ means the natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not a third party. However, public authorities which may receive personal data in the context of a specific survey in accordance with Union or Member State law shall not be considered as recipients; the processing of those data by those public authorities shall be carried out in accordance with the applicable data protection rules, depending on the purposes of the processing;

‘third party‘ means a natural or legal person, a public authority, an agency or an entity other than the data subject, the controller, the processor and persons who are entrusted with the processing of personal data on the direct authority of the controller or processor;

‘data subject consent‘ means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she consents, by means of a statement or an unambiguous affirmative act, to the processing of personal data concerning him or her;
‘personal data breach’ means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed;
‘supervisory authority’ means an independent public authority established by a Member State pursuant to Article;

Legal basis for processing your personal data:

• Your personal data will be processed on the basis of specific legal provisions and purposes that are set by the controller. These are set out individually in the Processing Purposes Information.
• The provision of personal data is a legal requirement for the purpose of fulfilling the obligations of the Controller as an employer under specific legislation and therefore without the provision of this personal data it will not be possible to fulfill the legal obligation.

Disclosure of your data outside the European Union:

Personal data is not transferred to a third country or international organisation.

Use of your data used for automated individual decision-making:

Personal data will not be used for automated individual decision-making, including profiling.

Retention period of your personal data:

• The storage of the personal data we process about you is subject to Act No. 395/2002 Coll. on archives and registers in conjunction with the Operator’s Registration Plan.
• For more detailed information about the purposes of processing your personal data, the legal basis and the retention period, please contact the Data Protection Officer.
• We retain the personal data we process about you on the basis of the “Consent” you have given us for the period of time for which you have given your consent.

What rights do you have?

• Withdraw consent – where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time. You can withdraw your consent electronically, by contacting the person responsible, in writing, by notice of withdrawal of consent or in person at the office. Withdrawal of consent does not affect the lawfulness of the processing of personal data we have processed about you on the basis of that consent.
• Right of access – you have the right to be provided with a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written paper form unless you request a different method of disclosure. If you have requested this information by electronic means, it will be provided to you electronically where technically possible.
• Right to rectification – we take reasonable steps to ensure that the information we hold about you is accurate, complete and up to date. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or complete the information.
• Right to erasure (to be forgotten) – you have the right to ask us to erase your personal data, for example, if the personal data we have collected about you is no longer necessary for the fulfilment of the original purpose of the processing. However, your right must be considered in light of all the relevant circumstances. For example, we may have certain legal and regulatory obligations which mean that we may not be able to comply with your request.
• Right to restriction of processing – in certain circumstances you are entitled to ask us to stop using your personal data. These include, for example, where you believe that the personal data we hold about you may be inaccurate or where you believe that we no longer need to use your personal data.
• Right to data portability – in certain circumstances, you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right of portability only applies to personal data that we have obtained from you on the basis of consent or on the basis of a contract to which you are a party.
• Right to object – you have the right to object to processing based on our legitimate interests. If we do not have a compelling legitimate ground for processing and you object, we will no longer process your personal data.
• The right to file a petition to initiate a personal data protection procedure – if you believe that your personal data is being processed unfairly or unlawfully, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; tel. +421 /2/ 3231 3214; e-mail: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk. In case of electronic submission of the proposal, it is necessary that it meets the requirements pursuant to § 19 par. 1 of Act No. 71/1967 Coll. on administrative procedure (Administrative Procedure Code). MONICA TRADING s. r. o. o.