DECLARATION OF THE CONTROLLER ON THE PROCESSING OF PERSONAL DATA
Data controller ICS ice cleaning systems s. r. o., with registered office at Robotnícka 2192, Považská Bystrica 017 01, Company ID No.: 45570370 (hereinafter referred to as the “Controller”), has implemented adequate technological and organisational measures to ensure data subjects’ rights are protected, thereby declaring the lawful processing of personal data. Furthermore, the Controller has implemented a transparent system for tracking security incidents as well as any questions from the data subject and others.
Below we provide information on personal data processing and protection in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Slovak Act No 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts (hereinafter referred to as the: “Personal Data Protection Act”).
ICS ice cleaning systems s. r. o.
Robotnícka 2192 Považská Bystrica, 017 01
Company ID No.: 45570370
As the Data Controller, we process your data for our own purposes. This means that we define the purposes for which we gather your personal data, choose the means of processing, and are responsible for their proper execution.
Categories of processors and recipients
In some situations, the Controller may additionally process the personal data of data subjects through processors entrusted with personal data processing under Article 28 of the GDPR.
Processors process the personal data of data subjects on behalf of the Controller. The processor’s processing of personal data must not impair the ability of data subject to exercise and enjoy his/her rights. The Controller shall only engage processors who could provide appropriate technological, organisational, and other means to guarantee that the processing complies with the GDPR standards and that the data subject’s rights are effectively protected.
When processing the personal data of data subjects, the Controller uses the following types of processors:
Categories personal data recipients: persons acting under the authority of the Controller, processors, legal counsel, auditor, state administration and public authorities for the exercise of control and supervision.
Purpose of personal data processing
On behalf of ICS ice cleaning systems s. r. o. as the Controller, we only collect the data that are necessary to offer you with a full service in the field of development, manufacturing, sales, and service of machines and equipment for dry ice blasting and dry ice production. The purposes of the processing of personal data for each procedural step are:
• When communicating with clients by phone, in person, or via electronic/paper mail, we process data in accordance with GDPR Regulation Article 6(1)(f) - legitimate interest for the purpose of responding to an enquiry/suggestion or question submitted by you regarding the services provided, when it is necessary to verify the relevance of the request, or to carry out a possible follow-up contact with you as a data subject.
• When expressing interest in our services or cooperation, when placing an order or enquiry by phone, in person, by electronic/paper mail, we process data in accordance with GDPR Regulation Article 6(1)(b) - where data processing is necessary in order to take steps prior to entering into a contract, i.e., in the course of pre-contractual relationship - e.g., identification of the client or prospective client.
• Once a contractual relationship has been established between the Controller ICS ice cleaning systems s. r. o. and you as a data subject, we process the data in accordance with GDPR Regulation Article 6(1)(b) - where the processing of the data is for the performance of a contract to which you as the data subject are a party.
List of personal data processed
• Data necessary for the execution of the order or contractual relationship
- First name and Surname
- Email address
- Permanent address, or other correspondence address
- Telephone number
• Invoice details
- First name and Surname
- Permanent address, or other correspondence address the purposes of invoicing
- account number / IBAN
Period of personal data processing and storage
Your personal data that we have processed or are processing in accordance with Article 6(1)(b) of the GDPR Regulation - in the performance of the obligations of the Controller ICS ice cleaning systems s. r. o towards customers and clients, or further processing for the purpose of fulfilling our legal obligations relating to taxation and accounting, which are imposed on us by generally binding legal regulations (for example, storage of individual accounting records of your confirmed orders and invoicing for the purpose of delivering selected goods to your contact address in accordance with Act No. 431/2002 Coll. on Accounting as amended, for cases of proving the fulfilment of tax obligations in accordance with tax legislation Act No. 595/2003 Coll. on Income Tax, Act No. 563/2009 Coll. on Tax Administration, and so on.), must be kept for the period of time specified by the relevant legislation. In any case, we are driven by the concept of minimising personal data retention in accordance with Article 5(1)(e) of the GDPR, and thus your personal data that are not subject to archiving under special legislation will be destroyed or anonymized.
Personal data processed in accordance with Article 6(1)(f) of the GDPR Regulation - on the basis of legitimate interest, obtained in response to an enquiry/suggestion or question submitted by you regarding the services provided and products supplied, where it was necessary to verify the validity of the request, or to carry out any follow-up contact of the client/data subject that was not subsequently transferred to a pre-contractual or contra contractual relationship, is deleted without delay.
As the Controller, we will ensure the erasure of personal data without undue delay if the following events have occurred: all contractual ties between you and us as the Data Controller have been terminated; and/or
- all your obligations to the controller have ceased; and/or
- all of your complaints and requests have been addressed; and/or
- all other rights and duties between you and the Controller have been resolved; and/or
- all statutory processing purposes or processing purposes for which you have given your consent have been met, if the processing was carried out on the basis of the data subject’s consent; and/or
- the consent period has expired, or the data subject has withdrawn his/her consent; and/or
- the data subject’s request for erasure of personal data has been granted, and one of the reasons for granting the request has been met; and/or
- a relevant legal event has transpired for the processing to terminate, and the protective retention period set in accordance with the principle of minimisation of personal data retention period has expired;
- and, at the same time, the Controller’s legitimate interest ceases to exist, and all obligations imposed by generally binding legal regulations requiring the storage of the data subject’s personal data (particularly for archiving purposes, tax inspection, and so on) or those that could not be fulfilled without the storage of the personal data have ceased to exist.
In any case, we do not systematically process any inadvertently collected personal data for any purpose stated by us. Where possible, we will notify the data subject to whom the inadvertently obtained personal data pertain of their accidental acquisition and, depending on the nature of the case, we will provide them with the cooperation required to reclaim control over their personal data. Following these required procedures to remedy the situation, we will securely dispose of any inadvertently collected personal data.
If you require any additional information about the particular retention period of your personal data, please contact us using the contact details provided.
Our company does not disclose the collected data in any case.
Cross-border transfer of personal data
There is no transfer of personal data across borders.
Rights and obligations of the data subject
·In the event of a change, the customer agrees to update his/her data at the latest before the first order following the change is placed.
·The customer agrees that if he/she submits personal data of a third party (name, surname, phone number), he/she does so only with the consent of the data subject and that the data subject is aware of the procedures, rights, and obligations outlined on this website.
·As a client and data subject, you are entitled to decide how your personal data is handled to the extent authorised by law. You can exercise the rights set out below:
- In person at the contact point of the Controller ICS ice cleaning systems s. r. o., with registered office at Robotnícka 2192 Považská Bystrica, 017 01;
- Via our customer service line: +421 (0)42 42 61 135
- Via email: email@example.com
We will make every effort to respond to you as soon as possible, but we will always respond within 30 days of receiving your request. The applicable legislation and the GDPR Regulation or the Personal Data Protection Act, provides you in particular with:
Right of access - You are entitled to ask us if we are processing your personal data and, if so, to receive a copy of that data and other information in accordance with Article 15 of the Regulation or Section 21 of the Act. We may require you to specify your request for a range of specific data that we process about you if we acquire a large amount of data about you.
Right to rectification - To ensure that we always process up-to-date personal data on you, we require you to notify us of any changes as soon as they occur. If we process inaccurate data about you, you are entitled to have it corrected.
Right to erasure - If the conditions of Article 14 of the Regulation or Article 23 of the Act are met, you may request that your personal data be erased. You may request erasure if, for example, you have withdrawn your consent to the processing of your personal data and there is no other legal basis for processing, or if we are processing your personal data unlawfully, or if the purpose for which we processed your personal data no longer exists and we are not processing it for another compatible purpose. We will not, however, erase your data if it is required for the establishment, exercise, or defence of legal claims.
Right to restrict the processing - If the conditions of Article 18 of the Regulation or Article 24 of the Act are met, you are entitled to request that we restrict the processing of your personal data. You can therefore request a restriction, for example, if you object to the integrity of the processed data or if the processing is unlawful and you do not want us to erase the data but need the processing to be restricted while you exercise your rights. We will continue to process your data where legal claims can be established, exercised, or defended.
Right to data portability - If the processing is based on your consent or carried out for the performance of a contract to which you are a party and also carried out by automated means, you are entitled to receive from us your personal data that we have collected from you in a commonly used machine-readable format. We can transmit your personal data directly to another controller if you request it and it is technically feasible. This right does not extend to processing done in the course of performing a duty in the public interest or exercising official authority.
Right to object to processing - You are entitled to object to processing if we process your personal data in the course of performing a duty in the public interest or exercising official authority vested in us, or if the processing is carried out on the basis of our legitimate interests or the legitimate interests of a third party. We will restrict the processing of your personal data based on your objection, and we will delete your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims. You are entitled to object to the processing of personal data for direct marketing purposes at any time, including profiling insofar as it is connected to such direct marketing. If you object, we shall stop using your personal information for this purpose.
Right to file a complaint - If you believe that the processing of your personal data violates the Regulation or the Act, you are entitled to file a complaint with one of the competent supervisory authorities, preferably in the Member State of your habitual residence, place of employment, or the alleged breach. For the territory of the Slovak Republic, the supervisory authority is the Office for Personal Data Protection, with its headquarters at: Hraničná 4826/12, 820 07 Bratislava, Slovak Republic, web: www.dataprotection.gov.sk, tel.: +421 /2/ 3231 3220.
Right to withdraw consent - If your personal data is processed with your consent, you are entitled to withdraw your consent at any time. The withdrawal of consent has no effect on the processing that has already occurred. If you change your mind and want to receive sales and marketing offers from us about our products and services again, you can re-grant your withdrawn consent (or file a complaint) at any time by contacting us using any of the contact methods listed above.
Contact details of the Office and of the person responsible
Office for Personal Data Protection of the Slovak Republic
820 07, Bratislava 27
Company ID No.: 36 064 220
Monday – Thursday: 8:00 - 15:00
Friday: 8:00 - 14:00
Data protection consultations over the telephone:
Tuesday and Thursday from 8:00 to 12:00 +421 2 323 132 20
Secretariat of chair of the Office +421 2 323 132 11
Secretariat of the Office +421 2 323 132 14
Fax: +421 2 323 132 34
Tel.: 0910 985 794
a) general: firstname.lastname@example.org
b) request for information in accordance with the Act No. 211/2000 Coll.: email@example.com
c) website: firstname.lastname@example.org
d) for requests for information in accordance with the Act No. 211/2000 Coll. on freedom of information please use the online form.
e) the email address where the authority will provide you personal data protection advice. It is meant for children, adolescents, students, teachers, and parents who believe their personal information has been misused: email@example.com
A template for initiating a personal data protection proceeding can be found on the website of the Office (https://dataprotection.gov.sk/uoou/sk/content/konanie-o-ochrane-osobnych-udajov).
Our website uses an encrypted SSL connection for any user connection and data transmission, which stops third parties from reading and altering sent data while it is being transmitted over the Internet. Personal data stored in the Controller’s databases is safeguarded by encryption and non-public access data in accordance with cutting-edge technical standards.