Information on the processing of personal data

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF CONTACT PERSONS IN SUPPLIER-CUSTOMER RELATIONS

pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”),

We would like to inform you briefly about the processing of your personal data. This information does not apply to the personal data of legal entities, including the name, legal form and contact details of the legal entity.

1. WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

The controller of your personal data is:

TPA AUDIT, s.r.o. / TPA TAX, k.s. (hereinafter referred to as the “Controller”)

2. IN WHICH SITUATIONS WILL THE CONTROLLER PROCESS YOUR DATA?

We process your personal data without your consent only in cases where we are permitted to such processing by the applicable legislation.

We process your personal data without your consent on the following legal grounds:

• performance of a contract to which you are a party or implementation of measures adopted before the conclusion of the contract at your request, or
• legitimate interest of the Controller.

3. FOR WHAT PURPOSE WILL YOUR PERSONAL DATA BE PROCESSED

The purpose of the processing of your personal data is

• the performance of contractual obligations of the Controller in relation to clients/customers,
• the communication of the Controller with clients/customers.

The Controller processes your personal data only to the extent necessary for the performance of its contractual and legal obligations in relation to clients.

4. LEGITIMATE INTEREST OF THE CONTROLLER

The legitimate interest of the Controller in the processing of personal data is the performance of its rights and obligations in connection with the provision of its bookkeeping, personnel and payroll services.

The Controller needs to process your personal data to the extent necessary, since there are links between you and clients/customers. Without the processing of your personal data, the Controller would not be able to properly ensure the provision of its services according to the client/customer contract.

5. WHAT PERSONAL DATA ABOUT YOU DO WE PROCESS?

We process the following categories of personal data:

• identification data, in particular names, surnames, titles, job positions of the representatives of the clients,
• contact details, especially postal addresses, e-mail addresses, telephone numbers,
• other data, the processing of which is necessary for the execution of contracts with customers/clients.

6. FOR HOW LONG WILL WE PROCESS YOUR PERSONAL DATA?

We will process your personal data for the duration of the contractual relationship with the client/customer and for as long as required by the Slovak legislation.

7. WHAT ARE THE SOURCES OF THIS INFORMATION?

The personal data that we process about you come from you when you have provided them to us, for example, in the context of the conclusion of the contract or in the course of our cooperation, or they have been provided to us by another person from your organisation (client).

8. WHO IS THE RECIPIENT OF PERSONAL DATA

We provide your personal data in justified cases and only to the extent necessary to the following categories of recipients:

• our contractual partners, which we need for our normal operation and the implementation of a contractual relationship with customers, e.g., suppliers of information technologies,
• other entities in cases where the right or obligation to provide your personal data is imposed by legal regulations, or if it is necessary to protect our legitimate interests (e.g. courts, police, etc.).

9. WHAT ARE YOUR RIGHTS IN THE PROCESSING OF YOUR PERSONAL DATA?

• right of access – you may request access to the personal data that we process about you. The Controller will also provide a copy of the processed personal data.
• right to rectification – you may require rectification of inaccurate or incomplete personal data that we process about you.
• right to deletion – you may ask us to delete your personal data if one of the following situations occurs:
  • The personal data is no longer required for the purposes for which it was collected or otherwise processed;
  • you withdraw the consent on the basis of which your personal data has been processed and there is no other legal reason for its processing;
  • you have objected to being the subject of decision-making based on automated processing of your personal data and there are no prevailing legitimate reasons for such processing or you have objected to the processing of your personal data for the purposes of direct marketing;
  • your personal data has been processed unlawfully;
  • your personal data must be erased in order to comply with a legal obligation laid down in Union or Member State law applicable to the Controller;
  • your personal data has been collected in relation to the offer of information society services.
• right to restriction of processing – you may request the Controller to restrict the processing of your personal data if one of the following situations occurs:
  • you contested the accuracy of your personal data, for a period enabling the Controller to verify the accuracy of the personal data;
  • the processing of your personal data is unlawful, but you oppose the erasure of this data and request the restriction of its use instead;
  • the Controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims;
  • you have objected to the processing of your personal data pursuant to Article 21 (1) of the GDPR pending the verification whether the legitimate reasons of the Controller override your legitimate reasons.
• right to data portability – in the cases envisaged by the GDPR, you have the right to obtain personal data, which relates to you and which you have provided to the Controller, in a structured, commonly used and machine-readable format, but this right may not adversely affect the rights and freedoms of others
• right to object – you may object at any time to the processing of your personal data by the Controller for the purposes of direct marketing performed on the basis of the legitimate interest of the Controller
• right to lodge a complaint – you have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, uoou.sk.

The data subject can exercise their rights orally, in writing or electronically through the above contact details. If the data subject requests the exercise of a right, they will be required to prove their identity to the Controller.