SECURITY PROTECTION PROVISIONS

Privacy of personal data of natural persons is particularly important to us. In these privacy policy we would like to provide you with detailed and comprehensible information about the processing of your personal data in the terms of our company in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") and Articles 19 and 20 of Act No. 18/2018 Coll. on the protection of personal data (hereinafter referred to as "the Act").

This privacy policy is addressed to all data subjects about whom we process personal data, including job applicants, employees, clients, suppliers and contractors.

Definitions

Affected Person - any natural person whose personal data is processed.

Personal data processing restriction - a marking of personal data held with the aim of restricting its processing in the future.

Online identifier - an identifier provided by an application, tool or protocol, in particular an IP address, cookies, login data to online services, radio frequency identification, which may leave traces that, in particular in combination with unique identifiers or other information, may be used to create a profile of the data subject and to identify him or her.

Personal data - means data relating to an identified natural person or an identifiable natural person who can be identified directly or indirectly, in particular by reference to a commonly used identifier, another identifier such as a first name, surname, identification number, location data, or an online identifier, or on the basis of one or more characteristics or traits that constitute his or her physical identity, physiological identity, genetic identity, psychological identity, mental identity, economic identity, cultural identity or social identity.

Performer- anyone who, alone or jointly with others, defines the purpose and means of processing personal data and processes personal data on his or her own behalf; the controller or the specific requirements for its determination may be laid down in a special regulation or an international treaty by which the Slovak Republic is bound, if such regulation or treaty provides for the purpose and means of processing personal data.

Recipient - anyone to whom personal data are provided, regardless of whether he or she is a third party; a public authority which processes personal data on the basis of a special regulation or an international treaty by which the Slovak Republic is bound, in accordance with the rules on the protection of personal data applicable to the purpose for which the personal data are processed, shall not be regarded as a recipient.

Profiling - any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal characteristics or characteristics relating to a natural person, in particular to analyse or predict the characteristics or characteristics of the data subject relating to his or her performance at work, financial situation, health, personal preferences, interests, reliability, behaviour, location or movement.

Consent of the data subject - any binding and freely given, specific, informed and unambiguous indication of the data subject's wishes, in the form of a statement or an unambiguous confirmatory act, by which the data subject consents to the processing of his or her personal data.

Processing of personal data - a processing operation or set of processing operations concerning personal data or sets of personal data, in particular the obtaining, recording, organisation, structuring, storage, alteration, retrieval, consultation, consultation, disclosure by transmission, alignment or otherwise, alignment or combination, restriction, erasure, whether or not by automated or non-automated means.

Processor - anyone who processes personal data on behalf of the controller.

Encryption- the transformation of personal data in a way whereby reprocessing is only possible after a selected parameter, such as a key or password, has been entered.

Third party - anyone who is not a data subject, controller, processor or other natural person who processes personal data on behalf of the controller or processor.

Who is the controller and where can you contact us?

The controller that processes your personal data is the company

TRANSFER International Staff k.s.
with registered office at 831 02 Bratislava, Racianska 96
ICO 48 260 436
registered in the Commercial Register of the District Court Bratislava I, section: Sr, insert c.: 1557/B

Transfer Personalmanagement k. s.
with registered office at 831 02 Bratislava, Racianska 96
ICO 46134026
Registered in the Commercial Register of the District Court Bratislava I, sec. Sr, vl.c.1027/B

(hereinafter referred to as ,,Operator" or ,,We").

If you have any questions, comments or requests regarding the processing of personal data, you can contact us:

• in writing at 831 02 Bratislava, Racianska 96.
• in person on working days between 08.00-17:00 at Braneckého 17, Nitra.
• by telephone on the following numbers: +421(0)948 186 912
• electronically at the e-mail address: recruiting@transfer-personal.sk.

Why do we process your personal data?

The processing of personal data is necessary on our part, in particular to be able to carry out our obligations and tasks

• from generally binding legal regulations,
• contractual relations,
• from the legitimate interests that we pursue.

For what purposes and on what legal basis do we process your personal data?

In particular, we process your personal data for the following purposes:

Who do we provide your personal data to?

When processing your personal data, we also use the services of vetted and contracted external business partners and suppliers of various services to help us process and protect your personal data. These are so-called processors who process your personal data for our purposes, generally in the delivery of services that we have commissioned in order to streamline our operations and fulfil our company's tasks.

The recipients of the personal data of the data subjects are also the various groups of entities to which we provide your personal data, most often in the context of the performance of our legal obligations and/or our own employees with whom you come into contact as data subjects.

Is there a cross-border transfer of your personal data?

We do not carry out cross-border transfers of your personal data to third countries outside the European Economic Area (EU, Iceland, Norway and Liechtenstein) and to international organisations.

Does automated processing of your personal data with legal effect and/or other substantial impact on you take place with us?

In our company there is no automated processing of personal data with legal effect and/or other substantial impact on you according to cl. 22 GDPR - Your personal data will not be used for automated individual decision-making, including profiling.

How long do we keep your personal data?

We retain personal data for no longer than is necessary for the purposes for which the personal data is processed. In general, the retention period results from legal regulations. If this does not follow from the legislation, the retention period of your personal data is determined by us through our internal regulations and/or our retention schedule, always in relation to the specific purposes.

If we process your personal data on the basis of your consent, we are obliged not to process your personal data further for the given purpose after its revocation. However, this does not preclude us from continuing to process your personal data on another legal basis, in particular to comply with a legal obligation.

The general retention periods for the purposes of processing personal data as defined by us are as follows:

How do we collect personal data about you?

In principle, we obtain your personal data directly from you.

If the legal basis for processing your personal data is your consent under cl. 6 para. 1 lit. a) GDPR, you are never obliged to provide your personal data. The provision of your personal data is voluntary and based on your free discretion. You have the right to withdraw your consent at any time. Failure to provide personal data should not have any negative and substantial consequences for you, but it may reduce the comfort of using some of the services provided by us.

If the legal basis for the processing of your personal data is the conclusion or performance of a contractual relationship pursuant to cl. 6 (1) (b) GDPR, the provision of personal data is a requirement that is necessary for the conclusion of the contract. Failure to provide personal data may result in the contractual relationship not being concluded.

If the legal basis for the processing of your personal data is the performance of our legal obligation under cl. 6(1)(c) GDPR, the provision of your personal data is a legal requirement.

If the legal basis for the processing of your personal data is our legitimate interest pursuant to cl. 6(1)(f) GDPR, you are obliged to accept this processing, but you have the right to object to this processing.

In some cases, we may also obtain personal data from publicly available registers/sources, from public authorities or from other persons.

What rights do you have as a data subject?

We care about the protection of your personal data and therefore strive to safeguard it through individual, modern technical and organizational measures, as well as through the possibility to exercise your rights as a data subject at any time by means of a request.

Requests for the exercise of the rights of the data subject can be sent to us electronically or in writing to the above contact details. We recommend that you explain in as much detail as possible in each request what right you are exercising under the GDPR, what your identification data are (for verification of identity), or what purposes and data the request relates to. For more general requests we will have to ask for clarification.

The GDPR lays down general conditions for the exercise of your individual rights. Their existence does not automatically imply that we will always comply with them when exercising individual rights, as exceptions may apply in a particular case, or certain rights are linked to specific conditions that may not be met in every case. We will always deal with your request concerning a specific right and examine it in the light of the legislation and our internal rules for dealing with complaints from data subjects.

We would like to inform you that we may ask you for a credible verification of your identity when processing your request, in particular in cases where there are doubts about your identity. It is our duty to prevent your personal data from being disclosed to an unauthorised person.

The process of processing your request related to the exercise of your right as a data subject under the GDPR is free of charge. However, if your request is manifestly unfounded or disproportionate, in particular because it is repetitive, we are entitled to charge a reasonable fee to reflect the administrative costs.

As a data subject you have in particular:

Right to withdraw consent - if we process personal data about you on the basis of your consent to the processing of your personal data, you have the right to withdraw that consent at any time. You can withdraw your consent electronically, in writing or in person at the contact addresses listed above, provided that you can always withdraw your consent as easily as you gave it to us. However, withdrawal of consent does not affect the lawfulness of the processing of personal data that we have already carried out on the basis of the consent.

Right of access to the personal data we process about you - this right includes the right to confirm whether we are processing personal data about you, the right to access the personal data we process about you and the right to receive a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in a written documentary form, unless you request a different method of disclosure. If you have requested this information by electronic means, it will be provided to you electronically where technically possible.

Right to rectification and amendment - We take reasonable steps to ensure that the information we hold about you is accurate, complete and up to date. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or complete the information.

Right to erasure (forgetting) - you have the right to ask us to erase your personal data if

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• you withdraw the consent on the basis of which the processing is carried out,
• object to the processing of personal data,
• the personal data have been unlawfully processed,
• the reason for erasure is the fulfilment of an obligation under a law, a special regulation or an international treaty by which the Slovak Republic is bound.

Your right must each be assessed in the light of all relevant circumstances. We may have certain legal and regulatory obligations for which we may not be able to comply with your request.

Right to restriction of processing - in certain circumstances, you are entitled to ask us to stop processing your personal data, except for storing it. This includes, for example, where you believe that the personal data we hold about you may be inaccurate or where you believe that we no longer need to use your personal data.

Right to data portability - you have the right to ask us to transfer the personal data you have provided to us to another third party that you nominate. The right of portability applies only to personal data that we have obtained from you on the basis of your consent or on the basis of a contract to which you are a party and which we process by automated means.

Right to object - you have the right to object to the processing of your personal data if the processing is carried out

• on the basis of the legal title of performance of tasks carried out in the public interest or in the exercise of official authority,
• on the basis of a legitimate interest of the Data Controller,
• for direct marketing purposes,
• for the purposes of scientific or historical research or for statistical purposes.

If you object to the processing of your personal data and we do not demonstrate a compelling legitimate justifiable reason for processing it, we will not be able to process your personal data further.

Right to bring a data protection action - if you believe that we are processing your personal data in breach of the GDPR or the Data Protection Act, you may lodge a complaint with the supervisory authority, which is:

The Office for Personal Data Protection of the Slovak Republic

Hranicná 12
820 07 Bratislava 27
tel. +421 /2/ 3231 3214
mail: statny.dozor@pdp.gov.sk
https://dataprotection.gov.sk

In the case of an electronic submission, the proposal must comply with the requirements of Article 19(1) of Act No 71/1967 Coll. on administrative procedure (Administrative Procedure Code).

How do we protect your personal data?

It is our duty to protect your personal data in an appropriate manner and for this reason we pay particular attention to its protection. We have implemented generally accepted technical and organizational standards for this purpose in order to maintain the security of the personal data we process, in particular to protect it from loss, misuse, unauthorized modification, destruction or other negative impact on your rights and freedoms as data subjects. If it is necessary to transmit personal data, we use encryption technologies.

Changes to Privacy Policy

Privacy is not a one-off concern for us. The information that we are required to provide to you in relation to our processing of personal data may change or cease to be up to date. For this reason, we reserve the right to modify and change these terms and conditions to any extent at any time. In the event that we change these terms in a material way, we will bring this change to your attention, e.g. by a general notice on this website or by a separate notice via email.

PERSONAL DATA PROTECTION NOTICE

Our company, Transfer Planconsulting Datentransfer und Anlagenconsulting GmbH, hereafter referred to as the website operator, treats your personal data very responsibly and the purpose of the following privacy statement is to give you an overview of what happens to your data and what protection we offer.

Subject of the privacy statement
This statement applies to data that is disclosed through the use of our website and informs you about how we handle this data. There is no exchange of data with other companies, as a result of which the privacy statement is limited to your visit to our website only.

Website tracking
For marketing and optimization purposes, the products and services of WiredMinds AG ( www.wiredminds.de ) are used on this website. In doing so, data is collected, processed and stored, which is used under a pseudonym to create user profiles. As far as possible and consistent, the user profiles are completely anonymous. Cookies may be used for this purpose. Cookies are small text files that are stored in the visitor's web browser and are used to re-recognise the web browser. The collected data, which may also contain personal data, is forwarded to WiredMinds or collected directly by WiredMinds. WiredMinds may use the information that is stored through the website visits to create anonymous user profiles. The data collected in this way may not be used to personally identify the visitor of this website without the specific consent of the data subject, nor may it be used in connection with personal data concerning the bearer of a pseudonym. In the event that IP addresses are collected, these addresses will become anonymous as soon as they are obtained, as a result of the deletion of the last number block. The collection, processing and storage of data can be revoked at any time with effect for the future.

Exclude from website tracking

Personal data and its application
Personal data is collected when customers enquire and apply for jobs. In doing so, it is data that is recorded in form fields.
This data is automatically stored by us.

Data transfer
We do not pass on the data we have collected from you to third parties.

Cookies
Cookies that are stored on a visitor's computer often become a source of insecurity. These small files each serve purely as a memory of information. No viruses are created, your computer will not be hacked and your identity will not be explored.
Cookies have the sole purpose of storing your personal activities and interests so that we can follow up on this information on your next visit. You also benefit from the fact that when you visit our website you can immediately see the offers that match your interests. This is possible because the cookie contains information about which products you last viewed, and when you call up this page, the system displays suitable alternatives or add-ons for you.

Data deletion
You can withdraw your consent to data storage at any time in writing.

Privacy Policy
As we have already mentioned, the data is not passed on. To ensure data security, your data ...... is not stored on the website/mobile application, but is sent directly via email to our corporate server, where it is stored in a protected environment (firewall, virus protection, ...) for internal use only.

Modification of this privacy statement
The website operator reserves the right to change this privacy statement.