1. PERSONAL DATA WE COLLECT AND HOW WE USE SUCH DATA
We collect and store your personal data in a variety of situations. For example, when you communicate with us via e-mail and provide us with your name and contact information, when you apply for a job in Gratex, when you order a product or when we provide you a service, when you do business with us as our business partner, or when you browse our website, etc. Personal data is any information about you by which you can be identified or on the grounds of which you can be identifiable.
You may provide us with information about yourself in connection with your job application. In such cases we may process your personal data, (i.e. your resume, etc.) in order to consider you for employment purposes. Lawful basis for such processing is Article 6(1)(a) of GDPR. Personal data provided for this purpose are processed no more than 1 year from your job application, unless you agree to further processing.
Providing services and/or delivering products
If you order services or products, we will use your personal data that you have provided us (usually name, surname, e-mail address, telephone number, company name nad address, your job title, bank details) only to process your order or to provide requested services and/or products. This may include taking the necessary steps prior to conclude the contract, responding to your inquiries, ship the products or deliver the services. Furthermore, it may include personal data provided during our mutual conversations via telephone or e-mails. Should you not provide us with your personal data in certain situations, we will not be able to provide you with our services or deliver you products. Lawful basis for this processing is Article 6(1)(b) of GDPR. We keep and process your personal data for this purpose 5 years after the last part of the performance of the contract has been fulfilled unless the obligation to keep the contractual documentation for a longer period of time arises from a generally binding legal regulation.
When you use Gratex’s secure Web sites (for example Help Desk), we may require you to provide us with personally identifiable information, which may include your name, password, company or e-mail address.For the purpose of dealing with third parties in solving Help Desk incidents we may also collect information on your suppliers involved in supplying IT services to you. We process this data in accordance with Article 6(1)(b) of GDPR. We keep and process your personal data for this purpose 5 years after the last part of the performance of the contract has been fulfilled unless the obligation to keep the contractual documentation for a longer period of time arises from a generally binding legal regulation.
Cookies and similar technology
Fulfillment of legal obligations
In some cases we need to process your personal data for fulfillment of legal obligations (i.e. Act on Accounting, Act on VAT, Act on Income Tax, etc.). Lawful basis for such processing is Article 6(1)(c) of GDPR. Personal data are processed for time period set out in particular generally binding legal regulation.
2. LAWFUL BASIS FOR PROCESSING
Consent of the data subject
(Article 6(1)(a) GDPR) – This is where you as a data subject have given us your specific, informed and unambiguous permission to process your personal data for a given purpose.
(Article 6(1)(b) GDPR) – This is where processing of your personal data is necessary to fulfill our contractual obligations. For example you are our business partner and we need to process your delivery.
(Article 6(1)(f) GDPR)– This is where processing of your personal data is necessary for the purposes of our legitimite interests, except where such interests are overridden by the interests of your fundamental rights and freedoms as the data subject.
Required by Law
(Article 6(1)(c) GDPR) – This is where processing of your personal data is necessary for compliance with a legal obligation.
3. SECURITY OF YOUR PERSONAL DATA and where we process
Gratex have implemented appropriate technical and organisational measures to protect your personal data against unauthorized processing and against accidental loss, damage or destruction. The personally identifiable information we collect about you is stored in limited access servers. Gratex maintains safeguards to protect the security, integrity, and privacy of these servers and your personally identifiable information.
Your personal data may be stored and processed in Slovakia and in European Union. We do not intend to transfer your data outside European Union. However, if your data will be processed in countries outside European Union, this may be done only if such countries ensure an adequate level of protection (e.g. EU Commission´s adequacy decision or suitable guarantees, Article 45 GDPR).
4. REMOTE ACCESS
It is agreed and understood that when employing the services of Gratex, we may have both remote and/or onsite access to your computer systems. These privileges are used solely for the purposes of maintaining, troubleshooting or configuring systems as required.
Gratex employs strict guidelines to protect its clients’ privacy and data is stored in password-controlled servers with limited access. All employees sign confidentiality agreements at the commencement of their employment (to ensure security for both the clients’ and company’s data). Your personal data is never shared outside the company without your permission, except under conditions explained in this document.
5. HOW LONG WE KEEP YOUR PERSONAL DATA
6. DISCLOSING INFORMATION COLLECTED
At times, it may be necessary for us to employ a third party to perform services on our behalf. In these cases, we will request your verbal consent to disclose the information required by the appointed third party to perform their services. We may disclose any information about you to law enforcement agencies, government officials or other authorities, which we, in our sole discretion, believe necessary or appropriate in the given circumstances. Except when required by law, we will only disclose information concerning you under circumstances described above.
7. AUTOMATED DECISION MAKING
You personal data will not subject to automated decision-making nor profiling.
8. LINK TO OTHER WEBSITES
9. YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA
Under data protection laws you have rights as an individual in relation to the personal data we keep and process about you. These includes following:
• right to obtain information about what personal data we process about you,
• right to request rectification of your personal data that is inaccurate,
• right to ask us to erasure of your personal data or restrict the way how it is used,
• right to object direct marketing,
If you have provided us with consent to use your personal data, you can withdraw your consent at any time.In case you have any doubts as to compliance with the obligations relating to your personal data processing, you have the right to contact us or the supervisory authority, Office for Personal Data Protection of the Slovak Republic.
11. COMMENTS AND QUESTIONS
Gratex International, a.s.
GBC IV., Galvaniho 17/C
Bratislava 821 04