PRIVATE CONDITIONS

Privacy terms of the company ECO & METALI s.r.o.

MEANING OF TERMS

Privacy terms

The privacy conditions of the internal act of the company ECO & METALI s.r.o. (from now on: the processor) and apply to all legal relationships between them and the clients of the service (from now on: the operator). The act defines the rights and obligations of the processor and controller when managing and processing personal data of individuals.

Personal data

Personal data means any information relating to a specific or identifiable individual who is a natural person. The designated individual is the one whose personal data is specified and processed in the warehouse for the purpose specified by the controller. The designated individual is the person who can process the personal data in the warehouse for the purpose specified by the controller.

Individual

An individual is any natural person whose personal data is processed on a legal or contractual basis between the controller and that individual or on the basis of explicit consent given by the individual to the controller.

Adjuster

Upravljavec določa določa in sredstva obrazlave v svore svoje registred activitie in/ali zakonovnih obtravlje. The individual is informed in advance who is the controller of personal data and who is the processor of his personal data.

Worker

The processor processes the personal data of individuals on behalf of the controller, according to his instructions, within the framework of lawful purposes and processing methods.

Subdivider

The sub-processor processes the personal data of individuals on behalf of and at the instructions of the processor, within the framework of lawful purposes and methods of processing.

Finishing

The processing of personal data means any act, or any act, performed in connection with personal data or personal data by automated means or without them, such as collection, recording, editing, structuring, storage, adaptation or modification, retrieval, viewing, use .

Limited processing

Omejitev obtravlave pomeni označevanje šrannih personal podatov zaradi omejevaja najvoje obtravlave v bodoče.

Forming profiles

Creating profiles means any form of automated processing of personal data, which includes the use of personal data for evaluating certain personal aspects in relation to an individual, especially for analyzing or predicting performance at work, economic position, health, personal taste, interests, reliability, leadership, location or the movement of this individual.

Pseudonymization

Pseudonymization means the processing of personal data in such a way that the personal data without additional information can no longer be attributed to the specific individual to whom the personal data relates, if such information is handled separately and technical and organizational measures are applied to ensure
that the personal data are not attributed to a specific individual.

Volition of the individual

The consent of the data subject means any voluntary, explicit, informed and unequivocal statement of the will of the data subject expressing consent to the processing of personal data relating to him.

Breach of personal data layer

Kršitev varstva pséchény podatkov pomeni príštění ségurítje, ki začiňa merno ali unobličné krnutanje, práštvo, články, unoblaščeno razkritje ali obsov do pséchni podatkov, ki so poslani, shranani ali kako obdrečná obraztani.

PROCESSING OF PERSONAL DATA

Taxes of the processor

COMPANY NAME: ECO & METALI s.r.o.
COMPANY ADDRESS: Galvaniho 33 A, 82104 Bratislava
Tax number:  56 112 998
Email: info@ecoandmetali.com



Subdividers

The processor has signed agreements on the further processing of personal data of individuals of the specified controller in cases where it has external processors for the implementation of its services, which are sub-processors in relation to the controller. The processor is responsible for the selection of subcontractors and care, so that
they are bound to the same or higher level of protection of personal data as required by Slovenian regulations and European Union regulations. The processor informs the manager about its existing processors and about any replacement of processors or the hiring of new processors. This will announce the discovery of new privacy conditions, in which the new processors will be listed and the manager will be given thirty days to comment on the changes, confirm or oppose them.

Legal basis for processing personal data

The processor has a legal basis for processing the personal data of the individuals of the specified controller in a previously concluded contract between the controller and the processor or on the basis of a second agreement on the order of the service.

The processor is responsible for making the managers aware of this act and other acts of the processor, as far as they regulate the processing of personal data of individuals and/or the conditions of business for the implementation of the ordered services.

The controller is responsible for ensuring the appropriate legal basis for the processing of personal data (legal interest, contractual interest and/or express consent of the individual).

Types of personal data

The processor processes the personal data provided to him by the controller. The processor does not process other personal data of individuals of the specified controller.

Purpose of personal data processing

The processor processes the personal data of individuals of a specific controller only for the purposes for which the controller has instructed it. The processor does not process the personal data of individuals of the specified controller for other purposes.

Manager role

The controller is obliged to give instructions to the processor for the processing of those personal data of the individuals it manages. The controller must clearly and unequivocally provide the processor with information about which types of personal data and for which purposes it can process.

The operator’s manual is documented

After that act, the controller is obliged to the processor to determine the content and duration of the processing of personal data, the nature and purpose of the processing, the types of personal data and the categories of individuals to which the personal data is related.

The manager’s instructions must be documented, and they can be given in writing by regular or electronic mail, in the case of verbal instructions, the processor requires written confirmation by regular or electronic mail.

The processor is not responsible for the legality of the instructions it receives from the controller for the processing of personal data of individuals of the specified controller.

Privacy of data

The processor guarantees that it is bound to confidentiality by itself, which is authorized to process personal data, or is bound to confidentiality by the relevant law. The processor has adopted an internal rulebook on the protection of personal data and obtains a written commitment to data confidentiality from all employees and external collaborators, familiarization with the rulebook and appropriate security measures implemented by the processor to ensure a proper level of data security.

The rights of individuals

The processor technically ensures that, following the controller’s instructions and within the legal scope, he provides support and technical solutions and final data that the controller needs, that individuals with the controller exercise one or more rights that are defined by the legislation: the right to correct, the right to erase , the right to limit processing, the right to transfer data and the right to object.

Izbris ali prenos datak

The processor deletes or returns all the personal data of the controller after the completion of the service performed by the controller on behalf of the controller and destroys the existing copies, except in cases where data storage is prescribed by law.

Access to information

The processor provides the manager with all the information necessary to demonstrate compliance with the obligations of this act and legislation, as well as with the manager or another auditor assigned by the manager, who enables the implementation of revisions, including inspections, and participates in them.

SECURITY OF PROCESSING PERSONAL DATA

Safety treatment

The processor and operator, taking into account the latest technological development and costs of implementation of the nature, scope, circumstances and purposes of the processing, as well as risks to the rights and freedom of individuals, which differ in probability and severity, the operator and processor from the implementation of appropriate technical and organizational measures level of security according to the risk, including among other measures, which include:

  • pseudonymization and encryption of personal data,
  • the ability to guarantee permanent confidentiality and integrity, availability and resilience of processing systems and services,
  • the ability to provide timely compensation for availability and access to personal data in the event of a physical or technical incident,
  • procedures of regular testing, evaluation and evaluation of the effectiveness of technical and organizational measures for ensuring processing safety.

Pri določanju objektivnega ravni seguritja se izjenajo svetne risika, ki jih pomeni obdravalava, zadei zaradi nenamernega ali obsolnega ruttanja, uživare, prmenje, neopolaščenega razkritja ali acceso do oscien podatov, ki so poslani, shranani ali kako obdrečnje obdravlani.

Authorized person for data protection

The processor is not obliged to appoint himself, authorized for the protection of personal data, because the processing is not carried out as a public body or body, nor does it carry out processing in its core activity, which would be necessary due to its nature, scope and/or purposes of individuals for which se apprätte ossefni podatki, redno in systematično vošeštní smyttati, ter fundamentala obdelavalači na obedeláva na izvodno prášeční prášného prásné prásné data
.

Security measures

The processor ensures adequate security measures when processing personal data to ensure the protection of personal data. Security measures are regularly monitored and updated in accordance with technological developments and legislative requirements.

The processor informs the controller about security measures and relevant technical solutions in a separate document, which is an integral part of the privacy conditions governing the legal relationship between the controller and the processor and the Rulebook on the protection of personal data, which governs the legal relationship between the processor and employees who process personal data individuals of the specified controller.

FINAL CLAUSES

Binding nature of legal conditions

  • The privacy conditions  apply to all managers with whom the processor has a regulated legal-business relationship with a contract or in writing via e-mail, and if the managers confirm via e-mail, then it is considered that an annex to the existing legal relationship or with a written annex to
    the existing document has been accepted contracts, if the controller requires it.
  • The privacy terms are  binding on all legal transactions based on them.
  • Terms of privacy with  the component part of the service order  from the operator’s side.
  • The administrator acknowledges  and agrees  with these privacy terms before ordering the service (in the contract or in writing via electronic communication).

Changes to the privacy terms

  • The processor regularly updates the privacy terms with legal changes.
  • The operator informs the operator about changes in a timely manner in written form with an electronic message.
  • The processor provides an archive of changes to privacy conditions, which is available to any controller with a prior written request to the processor’s contact email address.

Dispute resolution

The processor and the operator undertake  to resolve any disagreements and disputes peacefully and amicably.  If an