Information and Instruction

on the Collection and Processing of Personal Data

in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation” or “GDPR”) and Act No. 18/2018 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts (hereinafter referred to as the “Act”)

The Controller – the company TuCon, a.s., with its registered office at K cintorínu 63, 010 04 Žilina – Bánová, company ID (IČO): 44 802 030, entered in the Business Register of the District Court of Žilina, Section: Sa, Insert No.: 10695/L, hereby informs data subjects about the collection and processing of their personal data.

This information is intended for you if you are:

  • visitors to our website;
  • our customer, but also if you are an employee of our customer being a legal entity or you work for him on the basis of a relationship established e.g. upon a power of attorney, appointment or election, or you hold any office for him or represent our customer as a self-employed person appointed by our customer in individual areas of communication related to the performance of construction works within the contractual relations;
  • ob applicant.

Personal Data Protection Rules

We process your personal data only on the basis of the legal grounds stipulated by the Regulation or the Act. As the controller, we are responsible for the protection of your personal data that we have collected or will collect about you in accordance with the Regulation and the Act to the extent and in the manner provided in this information letter. Should you have any question concerning the processing of your personal data, please contact us in person or by post at the address of our registered office, by phone at the phone number +421 41 5046 204 or by e-mail at the address: ochranaudajov@tucon.sk.

Personal Data Collection

We collect your personal data primarily directly from you, when you voluntarily provide them to us in connection with your query or order for our supplies and works or in connection with a job application addressed to us in person, by telephone, in writing by post or electronically by e-mail or via our contact form on the company’s website.
If you are an employee of our customer being a legal entity, or a self-employed person in a position of his authorized representative for individual areas of communication related to the supply of products and services within the contractual relationship, we collect your personal data from your employer; the provision of data referred to in this information letter shall be without prejudice to the information obligation of your employer to the extent stipulated by Article 13 of the Regulation or Section 19 of the Act when collecting and processing your personal data in connection with the employment relationship between the employee and the employer.

Categories of Collected and Processed Personal Data

We will only collect and process your current personal data to the extent necessary in connection with our activities related to providing our services. We will not process personal data of a special category that would reveal your racial or ethnic origin, political opinions, political or philosophical beliefs, trade union membership, genetic data,

biometric data, sexual orientation and other sensitive personal data about you. We will process your personal data mainly to the following extent:

Identification data: name, surname, employer (company name, address, company ID (IČO), VAT taxpayer ID (DIČ)), position (job title), department, and signature.

Contact details: correspondence address, e-mail address and phone number.

Supply data: history of orders, purchased products and works, prices of purchased products and works, and data related to the conditions of carrying out of works.

Bank, financial and transaction data: credit card number, bank account details, and payment details.

Job applicant data: title, name, surname, date of birth, residence, nationality, contact details (phone number and e-mail address), data on educational attainment, qualifications and professional experience, assessment of medical fitness to perform work, employment evaluation from previous employer, signature and other information provided in the job application and CV.

On-line identifiers: IP address, cookies.

Correspondence data: communication content and communication-related metadata.

Recipients of Personal Data

All your personal data will be processed and stored in our internal systems and will be further provided by us to other recipients only if it is necessary to achieve the purpose of processing or on the basis of a legal obligation arising from special legal regulations.

Recipients of personal data may include:

  • control, supervisory and other state authorities performing their activities in accordance with a special legal regulation (e.g. Slovak Trade Inspection, Office for Personal Data Protection, tax authorities, etc.);
  • courts and law enforcement authorities at their request or within the legitimate interests of the controller in proving, asserting and defending legal claims;
  • contracted service providers, such as providers of IT infrastructure support services, software administration services, postal and courier services, and financial and insurance services;
  • other recipients to whom the controller is obliged to provide personal data in accordance with a special law or legitimate interest, such as auditors, legal advisers, tax and accounting advisers, insurance companies, banks, credit registers, our subsidiaries and organizational units, and persons in an employment or other similar relationship with us, to the extent strictly necessary for the performance of their work or the exercise of their rights, with the proviso that, in relation to the personal data provided or made available, they are obliged to maintain confidentiality of such information to the extent and under the conditions established by generally binding legal regulations or agreed in a written agreement concluded with us.

Purpose of Personal Data Processing

We will collect and process your personal data for the following purposes:

  • Conclusion and performance of a contract; for the purposes of performing contractual obligations or taking measures at your request before concluding a contract with you, especially for the purposes of preparing and sending price quotations and preparing and concluding the contract, as well as its registration, including all amendments thereto, in our internal system, the control of contract performance and fulfilment of obligations of the parties thereto, in particular in the context of commercial and framework contracts, as well as other obligations related to contract administration, taking over and handing over the subject matter of the contract, settlement of insurance claims, handling of complaints and grievances, invoicing, recovery of claims and receivables arising in connection with the supply of works, goods and services, keeping related documentation and records, mutual communication of the contracting parties, etc. The legal basis for the processing of your personal data for this purpose is Article 6 (1) (b) and (c) of the Regulation, i.e. performance of the contract and fulfilment of the legal obligations of the controller resulting in particular from the Act of the National Council of the Slovak Republic No. 513/1991 Coll., the Commercial Code, as amended. In this case, providing personal data by the data subject shall be a contractual requirement. If personal data are not provided, it will not be possible to enter into the contractual relationship with the data subject;
  • Direct communication; for the purposes of direct communication with you in order to answer your questions and meet your requirements sent by e-mail or via our web form, we may ask you for your contact details based on the nature or purpose of communication. If you have sent us service orders or other requests, we may need to contact you to obtain additional information necessary to deal with or fulfil the order or request. For this purpose, as well as for the purpose of the required supply of goods and services, the processing of personal data is necessary. The legal basis in this case is Article 6 (1) (b) and (f) of the GDPR. In this context, it is in our interest to meet your requirements.
  • Marketing; in case of your consent, we will send you business information about the offer of our activities by e- mail, SMS message, or in any other form. We will only send business information to such an extent and frequency that it is not inconvenient for you. The legal basis for the processing of your personal data for this purpose is Article 6 (1) (a) of the Regulation, i.e. the consent granted by the data subject. You can withdraw your consent at any time. Processing for marketing purposes can be considered as processing based on the legitimate interests of the controller provided that you are our customer. The legal basis in this case is Article 6 (1) (f) of the GDPR. We consider it our legitimate interest to inform you about news and offers in the area of our supplies and to obtain feedback on your satisfaction with our supplies in order to improve our quality. In this case, we may send you information about the offer or a survey questionnaire of your satisfaction without the required consent. You have the right at any time to object to the processing of your personal data for marketing purposes or to directly stop sending our marketing messages via a link provided in such messages;
  • Bookkeeping and preparation of accounting documents; in particular the administration and invoicing of the price of the supply of works, goods and services and preparation of accounting and tax documents and invoices. The legal basis for the processing of your personal data for this purpose is Article 6 (1) (c) of the Regulation, i.e. fulfilment of our legal obligations arising in particular from Act No. 431/2002 Coll. on Accounting as amended (hereinafter referred to as the “Accounting Act”), Act No. 222/2004 Coll. on Value Added Tax, as amended, etc;
  • Mail registration and registry management; registration and administration of postal items and mails delivered and sent from and to our electronic mailbox and registration and archiving of contracts and accounting, tax and related documents in our internal systems. The legal basis for the processing of your personal data for this purpose is Article 6 (1) (c) of the Regulation, i.e. fulfilment of the legal obligation of the controller according to special regulations, especially according to the Accounting Act and Act No. 395/2002 Coll. on Archives and Registries and on Amendments and Supplements to Certain Acts.
  • Selection procedure; personal data stated in the CV, motivation letter or documents on educational attainment sent to us at your request to establish a pre-contractual relationship for the purposes of filling a specific vacant position will be used to prepare personal documents for conducting the selection procedure. The legal basis for the processing of your personal data for this purpose is Article 6 (1) (f) of the GDPR. We consider it a legitimate interest for us to establish a pre-contractual relationship for the purposes of filling a specific vacant position and process personal data to take measures before entering into the employment contract (employment relationship);
  • Database of job applicants; in case of your consent, we will register your personal data stated in the CV, motivation letter or documents on educational attainment in the database of job applicants for a period of 2 years. During this period, your personal data will only be used for the purposes of further selection procedures. The legal basis for the processing of your personal data for this purpose is Article 6 (1) (a) of the Regulation, i.e. the consent granted by the data subject. You can withdraw your consent at any time. We will inform you about the specific method of withdrawal of your consent (depending on the method of its granting) in the request for your consent. Withdrawal of the consent shall not affect the lawfulness of processing based on the consent prior to its withdrawal;
  • Ensuring the functionality of our website; we record and store your IP address and cookies to ensure the functionality of our website and to adapt the operation of the website to your needs. The legal basis in this case is Article 6 (1) (b) and (f) of the GDPR. In this context, it is in our interest, as regards the personal data processing, to ensure the proper functioning of our website and the business carried out through our website.

Retention Period of Personal Data

We will process your personal data for the time necessary to achieve the purposes of their processing, but no longer than for the duration of the contractual relationship, or until the withdrawal of your consent, if your personal data are processed on the basis of your consent.

In the event that we assert legal claims and conduct legal or administrative proceedings against you, or if you assert legal claims and conduct legal or administrative proceedings against us, personal data will be processed to prove, assert or defend legal claims until the final termination of such proceedings.

After the termination of the contractual relationship or after the final termination of the proceedings under the previous sentence, your personal data will only be stored (archived) for a period of 10 years from the termination of the contract, because the obligation to keep the contract and accounting and tax documents related to the contract that contain your personal data results from generally binding regulations, especially from the Accounting Act. The retention period shall begin on the first day of the calendar year following the year in which the contract was terminated. After this time, personal data will be erased or destructed / discarded.

Should you at any time object to the processing of your personal data for direct marketing, we will stop processing your personal data for this purpose.

If you are a job applicant and have provided us with your personal data in order to fill a vacant position, your personal data will be retained for a maximum of 6 months after the selection procedure and will subsequently be destroyed. If you are interested in being included in the database of job applicants, your data will be registered with the company with your consent for a period of 2 years, but no longer than until the withdrawal of your consent.

We will store all data to identify and prosecute misuse in connection with the security of our website, in particular your IP address, for a maximum of 7 days.

Persistent cookies will be stored in the web browser and will remain valid until a specified expiration date, unless deleted by the user before the expiration date; session cookies will expire at the end of the user’s session when the web browser is closed.

Transfer of Personal Data to Third Countries or to an International Organization

If TuCon, a.s., carries out construction works abroad, the transfer of personal data to the necessary extent is assumed only to our subsidiaries and organizational units, as well as to the recipients of personal data listed above (in the section “Recipients of Personal Data”) operating within the European Union (e.g. Czech Republic, Germany), Switzerland, and the countries which are members of the European Free Trade Association (Norway, Iceland).

Your personal data are not provided to third countries or international organizations, and we do not intend to transfer such personal data. The transfer of personal data to third countries shall be carried out only if the European Commission has decided that those countries guarantee an adequate level of protection or, in the absence of such a decision, only if the controller or processor has provided adequate guarantees and the data subject has enforceable rights and effective remedies.

Automated decision-making, including profiling

When processing your personal data, we do not use profiling or automated decision-making.

Cookies

To make a pro-user website and to adapt the operation of our website to your needs, our website may use cookies. A cookie is a small file that is stored locally on your computer when you visit a website. For example, when you visit a website on the same device, a cookie indicates that you are a repeat visitor. Cookies also allow us to analyze the use of our website. They do not include any personal data and cannot be used to identify you on third-party websites – including analysis providers.

We use the following types of cookies:

Basic / necessary cookies

These cookies are necessary for the functioning of our website, which includes, for example, issuing anonymous session IDs to summarize multiple queries to a web server or ensuring that registrations and orders work properly.

Functional cookies

These cookies help us to save your chosen settings or support other functions when you navigate our website. For example, they allow us to remember your preferred settings for the next visit or to save your login details on our website.

Performance / statistics cookies

These cookies collect information about how you use our website (for example, which Internet browser you use, how often you visit our website, which pages you open or how long you stay on our website). These cookies do not store any information that allows personal identification of visitors. The information collected through these cookies is aggregated and therefore anonymous.

You can accept or reject cookies – including those used to track websites – by selecting the appropriate settings for your browser. You can set your browser to notify you when you receive a new cookie, or block it completely. However, if you choose to decline cookies, you may not be able to use all the features of our website. Your browser also offers you the option to delete cookies (for example, using the Clear Browsing History feature). For more information, see the User Help in the Settings section of your web browser.

Anonymized Website Tracking

In order to better align this website with the needs of our customers, we analyze how our customers communicate with the website. We anonymize your IP address and then use it to analyze the data. We also use cookies for this purpose. The cookie contains only one unique number with which we can re-identify you on our website, but not on third-party websites. We use the recorded data only for statistical purposes. In particular, the IP address will not be assigned to any individual user. Data will not be shared with third parties.

Rights of Data Subjects as regards Personal Data Protection

In connection with the processing of your personal data, in addition to the above rights, you have in particular the following rights:

  1. Right of access to personal data (Article 15 of the Regulation); you have the right to obtain a confirmation from us as to whether or not your personal data are being processed, and, where that is the case, access to the personal data (their copies) and additional information to the extent stipulated by Article 15 of the Regulation. In most cases, you will be provided these copies of your personal data and additional information in written paper form, unless you require another way. If you have requested this information by electronic means, it will be provided to you electronically, if technically possible.
  2. Right to rectification of personal data (Article 16 of the Regulation); we take reasonable measures to ensure the accuracy, completeness and up-to-dateness of the information we have about you; however, this right allows you to request us to rectify inaccurate personal data concerning you without undue delay or to complete your personal data if they are inaccurate, incomplete or out of date. Please note that you are obliged to provide us with personal data that are complete and correct and you are responsible for the falsity of the personal data you have provided to us.
  3. Right to erasure of personal data (“right to be forgotten”) (Article 17 of the Regulation) without undue delay after the exercise of this right, for example, if your personal data are no longer necessary for the purpose for which we collected or processed them provided that you withdrawn your consent to the processing of personal data on the basis of which we process your personal data and where there is no other legal basis for the processing of personal data (for example, the contract we concluded with you), if you object to the processing of personal data under Article 21 (1) of the Regulation, or if we process your personal data in violation of the Regulation and the Act. However, your right must be assessed in the light of all relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we will not be able to grant your request.
  4. Right to restriction of personal data processing (Article 18 of the Regulation); in cases stipulated by the Act, you have the right to ask us to stop processing your personal data, e.g. if you object to the accuracy of the personal data we hold about you, but only during the period allowing us to verify the accuracy of your personal data, you object to the processing of personal data by automated decision-making, or the processing of your personal data is contrary to the Regulation and the Act, and you object to the erasure of your personal data, which we as the controller no longer need and want to erase, but which are needed by you, for example, to prove, assert or defend your legal claims in ongoing legal proceedings.
  5. Right to personal data portability (Article 20 of the Regulation); it means the right to obtain from us your personal data that you have previously provided to us in a structured, commonly used and machine-readable format, and the right to request that we transfer your personal data to another operator in compliance with legal conditions; exercising this right shall be without prejudice to your right to the erasure of personal data. However, the right to portability concerns only personal data that we have collected from you on the basis of your consent or under the contract to which you are one of the parties.
  6. Right to object to processing of personal data (Article 21 of the Regulation); if the processing of your personal data is based on our legitimate and justified interest or if we process your personal data for the purpose of direct marketing, including profiling in such processing. If you raise an objection and we do not demonstrate a compelling legitimate grounds for processing of your personal data, or if you object to the processing of your personal data for the purposes of direct marketing, we will not further process your personal data for these purposes.
  7. Right not to be subject to a decision based solely on automated processing of personal data, including profiling; you have this right if such automated decision-making and profiling produces legal effects concerning you or significantly affects you (Article 22 of the Regulation). As we have stated above, when processing your personal data, we do not use profiling or automated decision-making.
  8. Right to lodge a compliant with a supervisory authority (Article 77 of the Regulation); if you believe that the processing of your personal data is in conflict with the Regulation or the Act of the National Council of the Slovak Republic No. 18/2018 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts, you can lodge a complaint (proposal to initiate proceedings for personal data protection pursuant to Section 100 of Act No. 18/2018 Coll.) with the Office for Personal Data Protection of the Slovak Republic. Contact details:
    Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27 www.dataprotection.gov.sk, phone: +421 /2/ 3231 3214; e-mail: statny.dozor@pdp.gov.sk.

You can exercise your rights by sending a written request by post to the address of the registered office of our company or electronically via e-mail to the address: ochranaudajov@tucon.sk. You will be informed about the method of reviewing and handling your request within 30 days of its receipt.

In the event that we find that there has been a leak of personal data managed by us, which is likely to lead to a high risk to the rights and freedoms of individuals, we will immediately notify all data subjects of such fact. We will also inform the data subjects about the steps and measures we have taken to remedy the situation in accordance with Article 33 (3) (b), (c) and (d) of the GDPR.