This Directive is dedicated to the protection of personal data in connection with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the free movement of such data (the so-called GDPR = General Data Protection Regulation) and the Personal Data Protection Act no. 18/2018, hereinafter collectively referred to as the “Regulation”.
General Business Principles of Cyberpunk Technologies s.r.o. (“the Company”) express a commitment to seek the protection of the personal data of our customers, suppliers and business partners, hereinafter “the data subjects”. This directive sets out how this commitment will be implemented and what position a company will have as a personal data controller.
Cyberpunk technologies s.r.o.
Ďurčanského 898/19, 949 01 Nitra, Slovakia
IČO : 51 765 772
DIČ : 2120788626
registered in the Commercial Register of the District Court in Nitra, Slovakia, number : 45870/N
The Company processes the data of retail and wholesale partners, suppliers of goods and services, as well as data on potential clients, hereinafter referred to as the “data subject”.
Purpose of personal data processing
We process personal data for the following purposes:
- concluding, recording and performing contracts
- delivery of ordered goods and services
- client care (electronic client zone)
- providing online services
- improving our range of services and goods
- statistical processing
- processing of data within accounting documents
- offering direct marketing products and services
- registry administration
- protection of company rights (litigation and debt recovery)
For other processing purposes, the individual’s individual consent will be required and will be informed in advance of the purpose of the processing and of the rights in relation to the purpose.
The data subject has the right to refuse or at any time revoke consent to the processing of personal data in the form of a written declaration or electronically.
Legal basics of personal data processing
The legal basis for personal data processing is:
- Contract conclusion and performance
- Compliance with legal obligations (in particular the Consumer Protection Act or the Commercial Code)
- a legitimate interest (in particular, protection of company rights and fraud risk management)
- consent of the person concerned (in particular for the purpose of offering products and services and providing information in direct marketing and competitions)
The provision of personal data is a contractual requirement where the processing of the data subject’s personal data is necessary for the operator to perform the contract between the data subject and the operator. A possible consequence of not providing personal data is the inability of the operator to provide the person concerned with the performance agreed in the contract.
In the case of the provision of information services to minors, the child’s consent to the processing of his / her personal data is considered lawful if the child has reached the age of at least 13 years. The consent of the child under 13 must be expressed or approved by the legal guardian. This does not apply to the general contract law of the Member States, such as the rules on the validity, conclusion or effect of a contract with respect to a child.
Categories of personal data processed
Limited to data that is reasonable and relevant to the business purpose in question. These are primarily personal data for identifying and communicating with you in the following categories:
- Identification data (e.g. name, surname, client ID)
- Contact and Delivery Information (e.g., address, phone number, and email address)
- Billing and Payment Information (e.g. ID, Tax ID, Bank Account Number)
- Socio-demographic data (e.g. age and occupation)
- Information about previous contractual relationships with the company (e.g., order history)
We process personal data collected during visits to our website in accordance with the legal provisions in force in the Slovak Republic.
We also automatically collect and store other personal information, such as your IP address, browser type, language settings, operating system, ISP, to optimize our website for system performance, usability, and useful product and service information. ) and the date and duration of your visit. This information can be used to gather information about user behavior on the website, for marketing and promotional purposes, to analyze trends and to collect demographic data about our users as a whole. To protect privacy, these data are anonymized, i. j. we can’t associate them with a particular person.
Cookies are small text files stored directly on your computer or mobile device, allowing the website you visit to remember important information about your visit. The main purpose of cookies is to allow our Internet server to provide a website user with the experience they are used to.
Thanks to anonymous information obtained from file cookies, we are able to collect, analyze and subsequently evaluate your behavior on our website, enable us to better target ads or process forms.
If you do not wish to store cookies, you can easily change your browser settings.
We get the data we process mostly from a personal data subject. However, we can also learn about you from other sources to make sure that what we know about you is true and complete.
Furthermore, we process personal data legally obtained from public registers or when interacting with government authorities and institutions (in terms of legal measures against legalization of proceeds of crime and terrorist financing).
The processing of personal data may also occur if your data is provided by a third party to whom you have given your consent or that is directly empowered to do so. We can also add information about your published data from publicly available sources.
Categories of personal data recipients
Personal data may be provided to the following categories of recipients or third parties:
• Company employees
• Information technology providers and administrators
• service providers necessary for the performance of our business (administrative activity, accounting, archiving, just consulting, receivables management, etc.)
• Auditors or other independent persons assuring the fulfillment of legal obligations
• public authorities and courts
Company employees are bound by confidentiality and internal company policies. The company organizes and provides staff with training on rules and other data and security obligations. Similarly, internal audits are also in place to check compliance with these policies and policies when working with personal data. Access to personal data is managed and based on the rights of individual employees, as is strictly necessary for their work.
Personal data is provided to third parties only to the extent necessary for the purpose of doing business or legal duties.
When paying for credit card purchases, our company does not have access to and does not retain credit card information. Only a secure payment gateway has data.
We emphasize cooperation with companies that comply with the rules and statutory provisions and operate in accordance with the European Parliament and Council Regulation (EU) on the protection of personal data.
Rules for transferring data outside the European Union
Personal data may only be provided to a third party where an adequate level of protection of personal data is not provided unless:
• a contract has been concluded between the Company and the third party that provides guarantees that the third party will maintain a similar level of protection as that set out in our company;
• a third party has been certified under a code of conduct or a certification program that is recognized under applicable law to provide a “reasonable” level of data protection;
• a third party has introduced binding corporate rules or a similar mechanism to control the transfer of personal data, which provides appropriate safeguards under applicable law;
• the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the Company and a third party;
• the transfer is necessary for the performance of the contract with the customer, supplier or business partner, or at the request of the customer, supplier or business partner before accepting the contract,
• the transfer is necessary to protect the vital interest of the individual,
• the transfer is necessary to determine, exercise or defend legal claims
• the transfer is necessary to meet a serious public interest reason
• the transfer is required by any law to which the company is subject.
Retention period of personal data
The Company is authorized to process the personal data of the persons concerned for the period stipulated by law. In particular, the Act on Accounting no. 431/2002 Coll. §35 Preservation and Protection of Accounting Documentation, which provides for the retention of accounting documentation for ten years, the Value Added Tax Act, the Consumer Protection Act, the Civil Code and the Commercial Code. Due to consistency and compliance with these laws, we keep accounting documents (orders, invoices, delivery notes, etc.) and contracts for 10 years.
Processing of personal data for the legal basis for granting consent is only possible during the period for which consent was granted.
Upon termination of the processing and retention period of your personal data, your data will be securely deleted or destroyed, anonymized or transferred to the archive.
Automated decision making and profiling
As part of its business activities, the Company also carries out the profiling of new clients based on demographic and social data as well as product data to optimize its product and service offerings and consequently increase sales.
Rights of the person concerned
The persons concerned are entitled, under the Regulation, in particular Articles 15 to 21, to:
• Information on personal data processing
• access to your personal data
• correction of personal data
• deleting personal data
• limiting the processing of personal data
• raise objections to the processing of personal data
• portability of your personal data
• removal from automated decision making and profiling
• Revoke consent (if consent is the legal basis for processing)
• Complain to the supervisory authority, ie. j. Office for Personal Data Protection of the Slovak Republic
The person concerned shall exercise these rights by means of a written request in accordance with the Regulation and other relevant legislation delivered to the Company. If a company has legitimate doubts as to the identity of the data subject, he may ask the data subject to provide additional information necessary to confirm his identity, e.g. documenting the application with a certified signature of the person concerned.
If our contractual relationship is based on an agreement with your employer, we are in this relationship as the processor of your personal data. In order to exercise your rights, you must contact your employer as a personal data controller who will provide us with more detailed information about the processing of personal data.
In the event that the right to delete personal data that has been disclosed to us by third parties is exercised, we take the necessary steps to contact all recipients of your personal data and submit a request to delete all personal data or references.
Your right to delete may be exercised only after expiry of the specified period for determining, enforcing or defending legal claims.
We would also like to point out that when you exercise your rights in relation to your privacy, we may have some restriction on our activities against you and our contractual relationship.
Control and compliance
In our company, we carry out internal audits of processes and procedures that involve the processing of personal data in order to comply with established policies and rules.
Person responsible for personal data protection supervision
Cyberpunk technologies s.r.o.
Ing. Martin Bugár | CEO
Ďurčanského 898/19, 949 01 Nitra
ID: 51 765 772
Tax ID: 2120788626
At the address given, the persons concerned may exercise their rights under the Regulation. We will process your requests / complaints without undue delay and we will notify you of the solution no later than 30 days after receiving the request / complaint.