[email protected]
02/ 800 800 80

Information

Main page
Information
GDPR
GDPR
Subject name:

KJG a. s.

Business ID:

31439951

Address:

Malinovského 800/131, 916 21 Čachtice

Certificate number:

Osobnyudaj.sk-2017-6618

Certificate valid to:

23.06.2025
Contact us

Rights of the Data Subject

Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR Regulation"), and Act No. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws (hereinafter referred to as the "Act") guarantee the following rights to you as the data subject:

a) Right of Access to Personal Data:

This right includes:

  • The right to obtain from the Controller confirmation as to whether personal data concerning the data subject are being processed.

  • If the personal data of the data subject are being processed, the right to obtain access to the personal data being processed and to receive the following information:

    • The purposes of the processing.
    • The categories of personal data concerned.
    • The recipients or categories of recipients to whom the personal data have been or will be disclosed, especially in the case of recipients in third countries or international organizations.
    • Where possible, the anticipated retention period for the personal data or, if not possible, the criteria used to determine that period.
    • The existence of the right to request from the Controller the rectification, erasure, or restriction of the processing of personal data concerning the data subject, and the existence of the right to object to such processing.
    • The right to lodge a complaint with a supervisory authority.
    • If the personal data were not obtained from the data subject, any available information as to their source.
    • The existence of automated decision-making, including profiling as referred to in Article 22(1) and (4) of the Regulation, and in these cases, at least meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

  • The right to be informed about appropriate safeguards under Article 46 of the Regulation concerning the transfer of personal data to a third country or an international organization.

  • The right to obtain a copy of the personal data undergoing processing, provided that the right to request a copy of the processed personal data does not adversely affect the rights and freedoms of others.

The right to access personal data essentially means that the data subject has the right to obtain confirmation from us as to whether personal data concerning them are being processed, and if so, to access these personal data. Upon request, we will provide a copy of the personal data being processed. For any further copies requested by the data subject, we may charge a reasonable fee based on administrative costs. If the request is made electronically, the information will be provided in a commonly used electronic format unless the data subject requests another method. The information must be provided promptly, and no later than within one month. We have the right to extend the processing period by an additional two months if the request is complex or frequent, but we must notify the data subject within one month of the reason for the extension. In case of unjustified or excessive requests, we have the right to charge a fee based on the costs or refuse the request, and we must explain the reason for refusal and the right of the data subject to file a complaint with the supervisory authority.

b) Right to Rectification of Personal Data:

This right includes:

  • The right to have inaccurate personal data concerning the data subject rectified without undue delay.
  • The right to complete incomplete personal data concerning the data subject, including by providing a supplementary statement from the data subject.

The right to rectification means that you can request the correction or completion of your personal data if they are inaccurate or incomplete at any time.

c) Right to Erasure of Personal Data (Right to be Forgotten):

This right includes:

  • The right to obtain from the Controller the erasure of personal data concerning the data subject without undue delay, if one of the following grounds applies:

    • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
    • The data subject withdraws their consent on which the processing is based, and there is no other legal basis for the processing.
    • The data subject objects to the processing of personal data under Article 21(1) of the Regulation, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing under Article 21(2) of the Regulation.
    • The personal data have been processed unlawfully.
    • The personal data must be erased to comply with a legal obligation under EU law or the law of the Member State to which the Controller is subject.
    • The personal data were collected in relation to the offer of information society services referred to in Article 8(1) of the Regulation.

  • The right for the Controller to take appropriate measures, including technical measures, to inform other Controllers processing personal data that the data subject has requested the erasure of all links to, or copies of, those personal data.

However, the right to erasure does not apply if the processing of personal data is necessary for the following reasons:

  1. The exercise of the right to freedom of expression and information.
  2. Compliance with a legal obligation requiring processing under EU law or the law of the Member State to which the Controller is subject, or the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
  3. Public health reasons in accordance with Articles 9(2)(h) and (i) and 9(3) of the Regulation, or scientific, historical, or statistical research purposes in accordance with Article 89(1), provided that the right to erasure is likely to seriously hinder the achievement of such purposes.
  4. The establishment, exercise, or defense of legal claims.

d) Right to Restriction of Processing:

This right includes:

  • The right to request the restriction of the processing of personal data in the following cases:

    • The data subject contests the accuracy of the personal data, for a period allowing the Controller to verify the accuracy of the personal data.
    • The processing of personal data is unlawful, and the data subject objects to the erasure of personal data and requests instead the restriction of its use.
    • The Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal claims.
    • The data subject has objected to processing under Article 21(1) of the Regulation, pending verification of whether the legitimate grounds of the Controller override those of the data subject.

  • The right for the data subject to be informed in advance about the lifting of the restriction on processing personal data.

The right to restriction of processing means that, if we have not resolved any disputed issues concerning the processing of your personal data, we must restrict the processing of your personal data to storage only, and not process them further.

e) Right to Notification of Rectification, Erasure, or Restriction to Recipients:

This right includes:

  • The right to require the Controller to notify each recipient to whom the personal data have been disclosed of any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1), and Article 18 of the Regulation, unless this proves impossible or requires disproportionate effort.

  • The right to be informed of those recipients if the data subject so requests.

f) Right to Data Portability:

This right includes:

  • The right to obtain personal data concerning the data subject that the data subject has provided to the Controller in a structured, commonly used, and machine-readable format, and the right to transmit those data to another Controller without hindrance, provided that:

    • The processing is based on the consent of the data subject under Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation, or on a contract under Article 6(1)(b) of the Regulation.
    • The processing is carried out by automated means.
    • The exercise of the right to obtain and transmit personal data does not adversely affect the rights and freedoms of others.

  • The right to transmit personal data directly from one Controller to another, where technically feasible.

The right to data portability means that you have the right to obtain your personal data that you have previously provided to us in a structured, commonly used, and machine-readable format and request that we transmit your personal data to another Controller, under the legal conditions.

g) The right of the Data Subject to object, which includes:

The right to object at any time, on grounds relating to the specific situation of the Data Subject, to the processing of personal data concerning them, which is carried out based on Article 6(1)(e) or (f) of the Regulation, including the right to object to profiling based on these provisions of the Regulation;

[In the case of exercising the right to object at any time, on grounds relating to the specific situation of the Data Subject, to the processing of personal data concerning them, which is carried out based on Article 6(1)(e) or (f) of the Regulation, including the right to object to profiling based on these provisions of the Regulation] the right for the Controller not to further process the personal data of the Data Subject unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defense of legal claims;

The right to object at any time to the processing of personal data concerning the Data Subject for the purposes of direct marketing, including profiling to the extent related to such marketing; it applies that if the Data Subject objects to the processing of personal data for direct marketing purposes, such personal data shall no longer be processed for those purposes;

(In relation to the use of information society services) the right to exercise the right to object to the processing of personal data through automated means using technical specifications;

The right to object on grounds relating to the specific situation of the Data Subject to the processing of personal data concerning them, if the personal data are processed for scientific or historical research purposes or for statistical purposes under Article 89(1) of the Regulation, except in cases where the processing is necessary for the performance of a task carried out for reasons of public interest.

The right of the Data Subject to object means that, as a Data Subject, you have the right to raise an objection to the processing of your personal data that we process for direct marketing purposes or for legitimate reasons. In the case of processing personal data for marketing purposes, we will cease such processing immediately upon receiving the objection.

h) The right of the Data Subject related to automated individual decision-making, which includes:

The right not to be subject to a decision based solely on automated processing of personal data, including profiling, that has legal effects concerning the Data Subject or similarly significantly affects them, except in cases under Article 22(2) of the Regulation [i.e., except where the decision: (a) is necessary for the entering into or performance of a contract between the Data Subject and the Controller, (b) is authorized by Union or Member State law to which the Controller is subject, and which also lays down suitable measures to safeguard the rights and freedoms and legitimate interests of the Data Subject, or (c) is based on the explicit consent of the Data Subject];

The right of the Data Subject related to automated individual decision-making means that, as a Data Subject, you have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects concerning you or similarly significantly affects you. If such processing is necessary for the entering into or performance of a contract, or is based on the explicit consent of the Data Subject, the Controller will take appropriate measures to safeguard the rights and freedoms and legitimate interests of the Data Subject, including implementing at least measures such as the right to human intervention by the Controller, the right of the Data Subject to express their point of view, and the right of the Data Subject to contest the decision.

The Controller will provide the Data Subject with information about the measures taken based on requests under Articles 15 to 22 of the GDPR without undue delay and in any case within one month of receiving the request. This period may be extended by a further two months where necessary, considering the complexity of the request and the number of requests. The Controller will inform the Data Subject of any such extension within one month of receiving the request, along with the reasons for the delay. If the Data Subject has submitted a request by electronic means, information will, where possible, be provided by electronic means unless the Data Subject has requested another method.

In the cases mentioned, the Controller may refuse to act on the Data Subject's request under Articles 15 to 22 of the GDPR only if it can demonstrate that it is unable to identify the Data Subject.

i) The right of the Data Subject to submit a proposal to initiate proceedings under Section 100 of the Personal Data Protection Act, which includes:

The right of the Data Subject, who believes that their personal data is being processed unlawfully or their personal data has been misused, to submit a proposal to the Office for Personal Data Protection of the Slovak Republic (hereinafter referred to as the "Office") to initiate proceedings concerning the protection of personal data;

The proposal to initiate proceedings may be submitted in writing, in person orally for the record, electronically, with a qualified electronic signature, by telegram, or by fax, but it must be supplemented in writing or orally for the record within 3 days;

The proposal must, under Section 100(3) of the Personal Data Protection Act, include:

  • The full name, surname, address of permanent residence, and signature of the petitioner;
  • The designation of the party against whom the proposal is directed; the name or full name, address, legal form, and identification number, if applicable;
  • The subject of the proposal with the indication of the rights allegedly violated in the processing of personal data;
  • Evidence supporting the claims made in the proposal;
  • A copy of the document proving the exercise of the right under Section 28, if such a right could have been exercised, or the indication of reasons worth special consideration;

The Office will decide on the proposal within 60 days from the initiation of proceedings. In justified cases, the Office may extend this period by up to 6 months. The Office will inform the participants in the proceedings about any such extension in writing.

A sample proposal to initiate proceedings for the protection of personal data can be found on the Office's website (https://dataprotection.gov.sk/uoou/sites/default/files/vzor_navrhu_na_zacatie_konania_podla_noveho_zakona.docx).

Sumbit a complaint

Need to resolve a security incident or other issue? Send us a message and we will promptly resolve it.

Send us a message

Osobnyudaj.sk, s.r.o.

Mlynské Nivy 5 - mestská časť Ružinov 821 09 Bratislava