1. Principles of personal data processing
The company Lombard s.r.o. with its registered office in Školská 14, 921 01 Piešťany, ID 36 240 125 (hereinafter referred to as the “Controller”) within the meaning of the GDPR Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and in accordance with the appropriate state law has security measures in place, which are regularly updated. They define the scope and manner of security measures necessary to eliminate and minimize threats and risks affecting the information system in order to ensure:
Availability, integrity an reliability of the management systems byt the most modern information technologies,
protect personal data from loss, damage, theft, modification, destruction and maintain their confidentiality,
identify potential problems and sources of disruption and prevent them.
Contact to the responsible person (Data Protection Officer - DPO): dpo@lombard.sk
2. Principles of personal data protection
Your personal data will be stored securely, in accordance with the data retention policy and only for the time necessary to fulfill the purpose of the processing. Only persons authorized by the controller to process personal data, who process them on the basis of the controller's instructions, have access to personal data. Your personal data will be backed up in accordance with the controller's retention rules. Personal data stored in backup repositories is used to prevent security incidents that could arise in particular from breaches of security or damage to the integrity of processed data.
3. Definitions
3.1. “personal data” means any information relating to an identified or identifiable natural person (hereinafter reffered to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
3.2. “processing operation” means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3.3. „profiling“ is any form of automated processing of personal data which consists in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular analyzing or anticipating aspects of the natural person concerned related to work performance, assets, health, personal preferences, interests, reliability , behavior, position or movement;
3.4. „information system“ is any organized set of personal data that is accessible according to specified criteria, whether the system is centralized, decentralized or distributed on a functional or geographical basis;
3.5. „controller“ is a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down in Union law, or in the law of a Member State, the operator or the specific criteria for his designation may be determined in Union law or in the law of a Member State.;
3.6. „processor“ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
3.7. „third party“ is a natural or legal person, public authority, agency or entity other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are responsible for processing personal data;
3.8. „consent of the data subject“ is any freely given, specific, informed and unambiguous expression of the will of the data subject, by which he / she expresses his / her consent to the processing of personal data concerning him / her in the form of a declaration or unambiguous confirmatory act;
3.9. „personal data breach“ is a breach of security which leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data which are transmitted, stored or otherwise processed;
3.10. „relevant and substantiated objection“ is an objection to the draft regulation as to whether this regulation has been violated or whether the planned measure in relation to the controller or intermediary complies with this Regulation, which must clearly demonstrate the seriousness of the risks posed by the draft decision as regards the fundamental rights and freedoms of the persons concerned and, where applicable, the free movement of personal data within the Union.
4. Purposes of personal data processing
The purposes of the processing | Performance of the contract to which the data subject is a contracting party or that, at the request of the data subject, measures will be taken before the conclusion of the contract.
|
Legal basis | Article 6 para. 1 letter b) GDPR Regulation |
Scope of personal data processed | - title - name and surname - address - country - telephone - and e-mail |
The categories of personal data concerned | clients |
Processors | - |
Retention period | subsequently, they are stored in accordance with according state law. |
Cross - border transmission | the transfer of personal data to a third country does not take place |
The purposes of the processing | Requirement records |
Legal basis | Article 6 para. 1 letter a) GDPR Regulation |
Scope of personal data processed | - name - surname - address - telephone - and e-mail |
The categories of personal data concerned | clients and potential clients |
Processors | - |
Retention period | 1 year |
Cross - border transmission | the transfer of personal data to a third country does not take place |
The purposes of the processing | Live chat |
Legal basis | Article 6 para. 1 letter a) GDPR Regulation |
Scope of personal data processed | - name - surname - telephone - and e-mail |
The categories of personal data concerned | clients and potential clients |
Processors | Smartsupp.com, s.r.o., Šumavská 31, 602 00 Brno, Czech Republic |
Retention period | 14 days |
Cross - border transmission | the transfer of personal data to a third country does not take place |
5. Rights of the data subject
5.1. Right to revoke consent - in cases where we process personal data on the basis of your consent, you have the right to revoke this consent at any time. You can revoke the consent electronically, by sending the revocation of the consent to the e-mail address of the responsible person dpo@lombard.sk, in writing or in person at the headquarters of our company. Withdrawal of consent does not affect the lawfulness of the processing up to this point.
5.2. Right to access - you have the right to provide a copy of the personal information we hold about you available as well as information on how we use your personal data. In most cases, your personal data will be provided to you in writing, unless you require another method of providing it. If you have requested this information by electronic means, it will be provided to you electronically, if technically possible.
5.3. Right to correction - we take appropriate measures to ensure accuracy, completeness and the timeliness of the information we have about you. If you believe that the information, we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to modify, update or supplement this information.
5.4. Right to deletion - you have the right to ask us to delete your personal data, for example if the personal data we have obtained about you is no longer needed to fulfill the original purpose of the processing. However, your right must be assessed in the light of all the relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we will not be able to comply with your request.
5.5. Right to restrict processing - under certain circumstances, you may ask us to stop using your personal information. For example, when you think the personal information, we hold about you may be inaccurate, or when you think we no longer need to use your personal information.
5.6. Right to data portability - in certain circumstances, you have the right to ask us to transfer the personal data they have provided to the walls to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you with your consent or under a contract to which you are a party.
5.7. The right to object - you have the right to object to the processing of data which is based on our legitimate legitimate interests. If we do not have a compelling legitimate legitimate reason to process and you object, we will not further process your personal data.
If you believe that any personal information, we hold about you is incorrect or incomplete, please contact us.
If you wish to object to the way we process your personal data, please contact our authorized person (Data Protection Officer) by e-mail at: dpo@lombard.sk or in writing to the address:
Lombard s.r.o.
Školská 14
921 01 Piešťany
Slovakia
Our authorized person will review your objection and will cooperate with you to resolve the matter.
If you believe that your personal data is being processed unfairly or illegally, you can submit a complaint with the supervisory authority, which is Úrad na ochranu osobných údajov Slovenskej republiky, Hraničná 12, 820 07 Bratislava 27; phone: +421 /2/ 3231 3214; e-mail: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk.
Revised on 1.3.2021