Article I.
Introduction
Data Controller
NXT Soft s.r.o, Štúrova 44, 040 01, Košice
Contact details of Data Controller
NXT Soft s.r.o, Štúrova 44, 040 01, Košice, dataprotection@nxtsoft.sk
Data Controller is responsible for processing of personal data according the regulation of European Parliament and of the Council (EÚ) 2016/679, from 27th of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (further on just “GDPR“)
Data Controller has adopted all necessary technical and organizational policies for protecting of the personal.
Data Controller has not assigned any Data Protection Officer.
Data Controller has no intent of transferring personal data to third country or any international organization.
„Personal data“ is any information related to identified or identifiable individual (further on just „Data Subject“); identifiable individual is a natural person, which can be identified directly or indirectly, especially by referencing the identifier, such as name, identification number, localization data, online identifier, or with reference to one or multiple data, which are specific for physical, physiological, genetic, mental, economical, cultural or social identity of this individual.
Your Personal Data, which you as a „Data Subject“ have provided us, we are processing under terms described in this Data Protection Privacy Policy.
Article II.
Processing purpose, legal basis of processing, categories of affected persons, retention period of personal data, recipients of personal data
| Processing purpose | Legal basis for processing article 6 section 1 GDPR laws in the wording of later regulations |
Categories of affected persons | Category of personal data | Retention period of personal data | Category of receivers of personal data |
|---|---|---|---|---|---|
| Invoice creation | article 6 section 1 letter c) GDPR law 222/2004 Z. z. of value added tax |
customers | usual personal data | according the law noted in the legal basis | accounting company
|
| Contractual and pre-contractual relations | article 6 section 1 letter b) GDPR processing of personal data is needed for fulfilling of contract |
customers | usual personal data | period defined in contract | no receivers
|
| claims | article 6 section 1 letter c) GDPR law 250/2007 Z. z. of customer’s protection, law 40/1964 Zb. Civil code |
customers |
usual personal data |
according the law noted in the legal basis | no receivers |
| Social insurance | article 6 section 1 letter b) GDPR law 461/2003 Z. z. of social insurance, law 43/2004 Z. z. of retirement pension savings , law 650/2004 Z. z. of supplementary pension savings |
employees, family relatives of employee, related persons |
usual personal data |
10 years | social insurance company |
| Health insurance | article 6 section 1 letter b) GDPR law 580/2004 Z. z. of health insurance, witch changes and additions of law č. 95/2002 Z. z. of insurance |
employees, family relatives of employee, related persons |
usual personal data |
10 years | health insurance company |
| Fulfilling obligations of employer related to employment of employee | article 6 section 1 letter b) GDPR processing of personal data is needed for fulfilling of contract |
employees |
usual personal data |
according the law noted in the legal basis | accounting company |
| Records of job applications | article 6, section 1. letter a) GDPR person expressed its consent with processing of personal data for at least one specific purpose |
job applicants | usual personal data | until the end of interview process | accounting company |
| Attendance records | article 6, section 1. letter c) GDPR law 311/2001 Z. z. Labour code |
employees | usual personal data + special categories of personal data | during the period of employment | accounting company |
| Medical records | article 6 section. 1 letter b) GDPR law 355/2007 Z. z. of protection, support and development of public health |
employees | special categories of personal data | according the law noted in the legal basis | no receivers |
| Login to online services | article 6,section 1. letter a) GDPR affected person expressed its consent with processing of personal data for at least one specific purpose |
employees, probably other persons with explicitely granted access | usual personal data | during the period of registration | Microsoft, Atlassian |
| Records of OSH trainings | article 6, section 1. letter c) GDPR law 124/2006 Z. z. of security and protection of health during working |
employees | usual personal data | according the law noted in the legal basis | no receivers |
When providing the personal data, which are required by law or contract, is data subject required to provide this personal data. Without providing personal data it is not possible to process the order/closing of employee contract.
Article III
Rights of Data Subject
Rights of Data Subject are described in chapter 3 of GDPR.
It is the the right to provide from data controller access to the personal data of individual Data Subject, right for their correctness or deletion or restricting of their processing or objecting against their processing, as well as right to transfer this data.
You have also right to file a complaint to the supervisory authority (Bureau for protection of personal data in Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Tel: 02/ 32 31 3214, E-mail: statny.dozor@pdp.gov.sk)
If the data is processed on basis of written consent, affected person has the right to revoke this consent at any time. Revoking of the consent does not affect the legality of processing of processing of the data, which was done before this revoking.
For information regarding protection of personal data, as well as for enforcement of your rights as Data Subject please contact us by using the contact details described at the beginning of this document.
Click to read the manual about the data protection for the citizens of EU