Article I.
Introduction

Data Controller

NXT Soft s.r.o, Štúrova 44, 040 01, Košice

Contact details of Data Controller

NXT Soft s.r.o, Štúrova 44, 040 01, Košice, dataprotection@nxtsoft.sk

Data Controller is responsible for processing of personal data according the regulation of European Parliament and of the Council (EÚ) 2016/679, from 27th of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (further on just “GDPR“)

Data Controller has adopted all necessary technical and organizational policies for protecting of the personal.

Data Controller has not assigned any Data Protection Officer.

Data Controller has no intent of transferring personal data to third country or any international organization.

„Personal data“ is any information related to identified or identifiable individual (further on just  „Data Subject“); identifiable individual is a natural person, which can be identified directly or indirectly, especially by referencing the identifier, such as name, identification number, localization data, online identifier, or with reference to one or multiple data, which are specific for physical, physiological, genetic, mental, economical, cultural or social identity of this individual.

Your Personal Data, which you as a „Data Subject“ have provided us, we are processing under terms described in this Data Protection Privacy Policy.

Article II.
Processing purpose, legal basis of processing, categories of affected persons, retention period of personal data, recipients of personal data

Processing purpose Legal basis for processing
article 6 section 1 GDPR
laws in the wording of later regulations
Categories of affected persons Category of personal data Retention period of personal data Category of  receivers of personal data
Invoice creation article 6 section 1 letter c) GDPR
law 222/2004 Z. z.  of value added tax
customers usual personal data according the law noted in the legal basis accounting company

 

Contractual and pre-contractual relations article 6 section 1 letter b) GDPR
processing of personal data is needed for fulfilling of contract
customers usual personal data period defined in contract no receivers

 

claims article 6 section 1 letter c) GDPR
law 250/2007 Z. z. of customer’s protection, law 40/1964 Zb. Civil code
customers  

usual personal data

according the law noted in the legal basis no receivers
Social insurance article 6 section 1 letter b) GDPR
law 461/2003 Z. z. of social insurance, law 43/2004 Z. z. of  retirement pension savings , law 650/2004 Z. z. of supplementary pension savings
employees, family relatives of employee, related persons  

usual personal data

10 years social insurance company
Health insurance article 6 section 1 letter b) GDPR
law 580/2004 Z. z. of health insurance, witch changes and additions of law č. 95/2002 Z. z. of insurance
employees, family relatives of employee, related persons  

 

usual personal data

10 years health insurance company
Fulfilling obligations of employer related to employment of employee article 6 section 1 letter b) GDPR
processing of personal data is needed for fulfilling of contract
employees  

 

usual personal data

according the law noted in the legal basis accounting  company
Records of job applications article 6, section 1. letter a) GDPR
person expressed its consent with processing of personal data for at least one specific purpose
job applicants usual personal data until the end of interview process accounting  company
Attendance records article 6, section 1. letter c) GDPR
law 311/2001 Z. z. Labour code
employees usual personal data + special categories of personal data during the period of employment accounting  company
Medical records article 6 section. 1 letter b) GDPR
law 355/2007 Z. z. of protection, support and development of public health
employees special categories of personal data according the law noted in the legal basis no receivers
Login to online services article 6,section 1. letter a) GDPR
affected person expressed its consent with processing of personal data for at least one specific purpose
employees, probably other persons with explicitely granted access usual personal data during the period of registration Microsoft, Atlassian
Records of OSH trainings article 6, section 1. letter c) GDPR
law 124/2006 Z. z. of security and protection of health during working
employees usual personal data according the law noted in the legal basis no receivers

When providing the personal data, which are required by law or contract, is data subject required to provide this personal data. Without providing personal data it is not possible to process the order/closing of employee contract.

Article III
Rights of Data Subject

Rights of Data Subject are described in chapter 3 of GDPR.

It is the the right to provide from data controller access to the personal data of individual Data Subject, right for their correctness or deletion or restricting of their processing or objecting against their processing, as well as right to transfer this data.

You have also right to file a complaint to the supervisory authority (Bureau for protection of personal data in Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Tel: 02/ 32 31 3214, E-mail: statny.dozor@pdp.gov.sk)

If the data is processed on basis of written consent, affected person has the right to revoke this consent at any time. Revoking of the consent does not affect the legality of processing of processing of the data, which was done before this revoking.

For information regarding protection of personal data, as well as for enforcement of your rights as Data Subject please contact us by using the contact details described at the beginning of this document.

Click to read the manual about the data protection for the citizens of EU

Lenka EgrtovaData Protection