PERSONAL DATA PROTECTION AND GDPR

Privacy Policy 

Company Čoklitka. (hereinafter referred to as the "Operator") pursuant to Regulation 2016/679 GDPR on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation") and Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain laws (hereinafter referred to as the "Act") has developed security measures that are regularly updated. They define the scope and method of security measures necessary to eliminate and minimize threats and risks affecting the information system in order to ensure: 

  • availability, integrity, and reliability of management systems with the most advanced information technologies 
  • protect personal data from loss, damage, theft, modification, destruction, and maintain their confidentiality 
  • identify potential problems and sources of disruption and prevent them. Contact person: Kristián Kabina - info@coklitka.com 

    Privacy Policy 

Your personal data will be stored securely, in accordance with the operator's security policy, and only for the duration necessary to fulfill the purpose of processing. Access to your personal data will be granted exclusively to persons authorized by the operator to process personal data, who process it based on the operator's instructions, in accordance with the operator's security policy. Your personal data will be backed up in accordance with the operator's retention rules. Your personal data will be completely deleted from backup storage as soon as it is possible according to the backup rules. Personal data stored on backup storage serves to prevent security incidents, especially the disruption of data availability due to a security incident. 

Definition of terms 

personal data“ are any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online 

identifier, or by reference to one or more elements that are specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person 

processing“ is an operation or set of operations with personal data or sets of personal data, such as obtaining, recording, organizing, structuring, storing, adapting or altering, searching, browsing, using, providing by transmission, dissemination or otherwise making available, rearranging or combining, restricting, erasing or destroying, regardless of whether they are carried out by automated or non-automated means 

processing limitation“ is the designation of stored personal data with the aim to limit their processing in the future; 

profiling“ is any form of automated processing of personal data, which consists of using this personal data to evaluate certain personal aspects concerning a natural person, primarily analysis or prediction of aspects related to the performance at work, financial situation, health, personal preferences, interests, reliability, behavior, location, or movement of the data subject; 

information system“ is any organized set of personal data that is accessible according to specified criteria, regardless of whether it is a centralized, decentralized, or distributed system on a functional or geographical basis; 

operator“ is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for its designation may be provided for by Union law or the law of the Member State; 

intermediary“ is a natural or legal person, a public authority, an agency, or another entity that processes personal data on behalf of the controller;

recipient“ is a natural or legal person, public authority, agency, or another entity to whom personal data are disclosed, regardless of whether they are a third party. However, public authorities that may receive personal data within the framework of a specific investigation in accordance with Union law or the law of a Member State are not considered recipients; the processing of such data by those public authorities is carried out in accordance with applicable data protection rules depending on the purposes of the processing; 

third party“ is a natural or legal person, a public authority, an agency, or another entity other than the data subject, the controller, the processor, and persons authorized to process personal data based on a direct mandate from the controller or the processor; 

consent of the data subject“ is any freely given, specific, informed, and unambiguous expression of the will of the data subject, by which they, through a statement or a clear affirmative action, express consent to the processing of personal data concerning them; 

"personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data; 

"supervisory authority" is an independent public authority established by a Member State pursuant to Article; 

Legal basis for processing your personal data: 

  • Your personal data will be processed based on specific legal regulations and purposes established by the controller. These are individually listed in the Information on the purposes of processing. 
  • Providing personal data is a legal requirement for the purpose of fulfilling the Operator's obligations as an employer according to special legal regulations, and therefore, without providing this personal data, it will not be possible to fulfill the legal obligation. 

Providing Your Data Outside the European Union: 

The transfer of personal data to a third country or an international organization does not take place.

Use of your data for automated individual decision-making: 

Personal data will not be used for automated individual decision-making, including profiling. 

Retention period of your personal data: 

  • The storage of personal data that we process about you is subject to Act No. 395/2002 Coll. on Archives and Registries in connection with the Operator's Registry Plan. 
  • For more detailed information about the purposes of processing your personal data, legal bases, and retention periods, please contact the authorized person.  Personal data that we process about you based on the granted "Consent" are stored for the period for which you have given us consent. 

What rights do you have? 

  • Withdraw consent – In cases where we process your personal data based on your consent, you have the right to withdraw this consent at any time. You can withdraw your consent electronically, at the address of the responsible person, in writing, by notifying the withdrawal of consent, or in person at the office. The withdrawal of consent does not affect the lawfulness of the processing of personal data that we have processed about you based on it. 
  • Right of access – you have the right to receive a copy of the personal data we have about you, as well as information on how we use your personal data. In most cases, your personal data will be provided to you in written paper form, unless you request another method of provision. If  

if you requested the provision of this information by electronic means, it will be provided to you electronically, if technically possible.  Right to correction – we take appropriate measures to ensure the accuracy, completeness, and timeliness of the information we have about you. If you believe that the data we hold is inaccurate, incomplete, or outdated, please do not hesitate to ask us to correct, update, or supplement this information. 

  • Right to erasure (to be forgotten) – you have the right to request the deletion of your personal data, for example, if the personal data we have obtained about you is no longer necessary to fulfill the original purpose of processing. However, your right must be assessed in light of all relevant circumstances. For example, we may have certain legal and regulatory obligations, which means we may not be able to comply with your request. 
  • Right to restriction of processing – under certain circumstances, you have the right to ask us to stop using your personal data. This applies, for example, in cases where you believe that the personal data we have about you may be inaccurate or when you believe that we no longer need to use your personal data.
  • Right to data portability – under certain circumstances, you have the right to request us to transfer the personal data you have provided to us to another third party of your choice. However, the right to data portability only applies to personal data that we have obtained from you based on consent or based on a contract to which you are a party. 
  • Right to object – you have the right to object to the processing of data that is based on our legitimate interests. In the event that we do not have a compelling legitimate reason for processing and you file an objection, we will no longer process your personal data. 
  • The right to file a proposal to initiate proceedings on personal data protection – if you believe that your personal data is being processed unfairly or unlawfully, you may file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; phone number: +421 /2/ 3231 3214; e-mail:  

statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk. In the case of submitting a proposal electronically, it is necessary that it meets the requirements according to § 19 para. 1 of Act No. 71/1967 Coll. on Administrative Procedure (Administrative Code). Čoklitka.