(+421) 94 888 2468

greenblue@greenblue.sk

Client zone

Home > Privacy policy

Privacy policy

We value the trust you place in us when you entrust us with your personal information and we are committed to protecting your personal information so that you feel safe with us. In this document, we would therefore like to inform you about how we handle your personal data, how you can contact us if you have any questions about the processing of your personal data and provide you with other important information about the processing of your personal data.

When processing your personal data, we are governed by applicable law, in particular Act No. 18/2018 Coll. on the Protection of Personal Data, as amended (hereinafter referred to as the “Act”) and Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”).

Operator

We are the controller for the processing of your personal data:

Green Blue, s.r.o.
Mesačná 18, 821 02 Bratislava
IČO: 47 102 349
Email: office@greenblue.sk

Categories of personal data

We process the following categories of personal data about you:

  • common personal data, such as in particular personal contact and identification data (in particular name, surname, date of birth, email), business contact data, contractual data, payment data, IP address, electronic documents and the data contained therein.

Purpose and legal basis of processing

Careers

Recruitment: we process personal data for the purposes of the recruitment procedure on the basis of your application for employment (pre-contractual relationships).

Contractual relations

Performance of the contract: If you are a party to a contract concluded with us, the processing of your personal data is necessary for the performance of the subject matter of this contract and the related liability relationships (claims, liability for defects) and this processing will be carried out on the basis of this contract and specific legal provisions, such as in particular Act No. 250/2007 Coll. on Consumer Protection, as amended, Act No. 40/1964 Coll. on the Civil Code, as amended, Act No. 513/1991 Coll. on the Commercial Code, as amended.

Processing of your personal data for the purpose of performance of a contract may also occur if you are not a party to the contract, but the contract is otherwise related to you, e.g. You are a contact person (employee) of our contractual partner (your employer) mentioned in the contract and so we will process your personal data on the basis of our legitimate interest as we need to process it to the extent necessary as there is a relationship between you and our supplier and without processing your personal data we would not be able to properly ensure our activities and perform the contract.

Communication

Mutual communication: if you contact us on any matter by any communication channel (by post, e-mail or telephone) we process your personal data for the purpose of mutual contact with you. We process personal data to communicate with you on the basis of your request. Such communication may be made on the legal basis of a pre-contractual relationship, a contract, or our legitimate interest to provide our services and products to you in the highest possible quality.

Security

The security and stability of our information systems and network: For this purpose, we process your personal data on the basis of our legitimate interest to protect the rights, legitimate interests and property owned by us, as well as to protect the rights, legitimate interests and property owned by others, and to ensure the proper operation of IT systems, infrastructure and applications, their security and protection against disruption.

Debt recovery and litigation

Debt recovery and litigation: for this purpose, we process your personal data on the legal basis of our legitimate interest in defending and pursuing our legal claims.

Marketing

Sending you information about company news, events and special offers: We will only send you newsletters and marketing information to the extent and at intervals that are not intrusive to you. We process personal data for direct marketing purposes on the basis of your consent or, in the case of our customers, on the basis of our legitimate interest.

Fulfilling our legal obligations

Compliance with legal obligations: when processing your personal data for individual purposes, we also process your personal data on the basis of various special regulations that impose various obligations on us, e.g. the processing of accounting, bookkeeping and economic documents, the management of registers, the provision of data to state and other authorities that supervise our activities or that resolve disputes, or in the implementation of decisions. Such special regulations are e.g. the Act, GDPR, Act No. 124/2006 Coll. on Health and Safety at Work and on Amendments and Additions to Certain Acts, as amended, Act No. 355/2007 Coll. on Protection, Promotion and Development of Public Health and on Amendments and Additions to Certain Acts, as amended, Act No. 314/2001 Coll. No. 102/2014 Coll. No. 431/2002 Coll., on Accounting, Act No. 395/2002 Coll., on Archives and Registers.

Retention period

We store personal data for the purpose of the performance of the contract and thus the provision of the service for as long as the purpose of the processing is not fulfilled (proper performance of the contract) and the time limit for the exercise of any claims expires, however, for a maximum of 4 years from the fulfilment of the subject of the contractual relationship.

Personal data processed on the basis of your consent will be retained for the period specified in the consent or in this policy.

Personal data processed on the basis of our legitimate interest will only be retained for the duration of the reasons for such processing.

We will only process personal data processed for the purpose of complying with a legal obligation for a period of time that depends on the obligation to comply with a specific regulation and the time limit set by the specific regulation.

Necessity to provide personal data

If the provision of personal data is a legal or contractual requirement, or a requirement that is necessary for the conclusion of a contract, the data subject is obliged to provide personal data. Otherwise, the purpose of the processing which the controller intended to carry out in the case of the provision of personal data cannot be fulfilled.

Provision and disclosure of your personal data

We may generally disclose and/or share your personal data with other entities such as governmental and public authorities for control and supervision (e.g. labour inspectorate), courts, law enforcement authorities, accountants, auditors, attorneys, IT systems and support suppliers, private security services, other external professional advisors and other entities (legal entities/individuals) that provide products and services to us. We are responsible for the appropriate protection of your personal data that is provided and/or disclosed to other entities in an intermediary capacity. An up-to-date list of specific recipients of personal data can be provided upon request via our email address.

Transfer of personal data to a third country or international organisation

We may also transfer your personal data in some cases to a country that is not part of the EU or the European Economic Area, namely the USA, but only to companies that fall under an adequacy decision and thereby provide an adequate level of protection for your personal data.

Automated decision-making

No automated decision-making is carried out when processing personal data for the purposes set out above.

Profiling

The processing of personal data for the purposes set out above does not involve profiling.

Rights of the data subject

As a data subject, you have the following rights:

Right of access to data

Simply put, you have the right to know what data we process about you, for what purpose, for how long, where we obtain your personal data, to whom we disclose it, who processes it besides us, and what other rights you have in relation to the processing of your personal data. However, if you are unsure which personal data we are processing about you, you can ask us to confirm whether or not the personal data relating to you is being processed by us and, if so, you have the right to obtain access to that personal data and additional information under Article 15 of the GDPR and Section 21 of the Act respectively. As part of your right of access, you may ask us for a copy of the personal data processed, whereby we will provide you with the first copy free of charge and subsequent copies with a fee. However, the rights of third parties may not be restricted thereby.

Right to rectification

Personal data must be correct, up-to-date and true. If you discover that the personal data we process about you is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay. By exercising this right, you will help us to keep your personal data correct and up to date.

Right to erasure (‘right to be forgotten’)

In some cases, you have the right to have your personal data erased if the conditions of Article 17 GDPR or Section 23 of the Act are met. We will delete your personal data without undue delay, in particular if one of the following reasons is met:

  • We no longer need your personal data for the purposes for which we processed it;
  • you withdraw your consent to the processing of your personal data, which is data for which your consent is necessary and for which we have no other basis or reason for further processing;
  • you exercise your right to object to the processing of personal data that we process on the basis of our legitimate interests and we determine that no such legitimate grounds on our part no longer outweigh your legitimate grounds;
  • we discover that we have processed your personal data unlawfully.

But please keep in mind that even if it is for one of these reasons, it does not mean that we will immediately delete all of your personal data. However, this right cannot be exercised if the processing of your personal data is still necessary for compliance with our legal obligation or for the establishment, exercise or defence of legal claims.

Right to restriction of processing

In some cases, in addition to the right to erasure, you may exercise the right to restrict the processing of your personal data if the conditions of Article 18 of the GDPR or Section 24 of the Act are met. This right allows you in certain cases to request that your personal data be marked and not subject to any further processing operations – in this case, however, not forever (as in the case of the right to erasure), but only for a limited period of time. We must restrict the processing of personal data when:

  • you challenge the accuracy of your personal data during a period that allows us to verify the accuracy of your personal data;
  • We process your personal data unlawfully, but you will prefer to restrict such data before deleting it;
  • We no longer need your personal data for the stated processing purposes, but you require it to establish, exercise or defend your legal claims, or
  • you object to the processing, for a period during which we determine whether your objection is justified.

Right to data portability

You have the right to obtain from us the personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to transfer the personal data so obtained to another controller without us preventing you from doing so. Such transfer of personal data is possible if your personal data has been processed on the basis of consent or on the basis of a contract and if the processing has been carried out by automated means. Where technically feasible, you have the right to a direct transfer from one controller (us) to another controller. However, the rights of third parties may not be restricted thereby.

Right to object to processing

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data carried out by us for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, or where the processing is carried out on the basis of our legitimate interest or that of a third party, including to object to the related profiling. You also have the right to object to the processing of personal data for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing.

Right to withdraw consent to processing

If your personal data are processed on the basis of consent, you, as the data subject, are entitled to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of consent.

Exercise of rights

If you choose to exercise any of the above rights against us in relation to the processing of your personal data, you may do so in writing at our registered office or electronically at the following email address: office@greenblue.sk.

We will respond to your request regarding the processing of your personal data without undue delay and in any event within one month of receipt. In special cases, the time limit may be extended by a further two months, but in any case we will inform you of the reasons for the extension within one month of receipt of the request. The information is provided free of charge. However, if your requests are excessive or repetitive we may charge a reasonable administrative fee for dealing with them.

Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the supervisory authority competent for the supervision of the processing of personal data. In the territory of the Slovak Republic, this authority is the Office for Personal Data Protection of the Slovak Republic, https://dataprotection.gov.sk, Hraničná 12, 820 07 Bratislava 27; telephone number: +421 /2/ 3231 3214; E-mail: statny.dozor@pdp.gov.sk

Security of personal data

We have taken appropriate measures to protect the security of your personal data in the light of current technical developments, in particular to prevent the leakage, misuse or destruction of your personal data.

These measures are detailed and defined in the company’s internal regulations, and every employee who comes into contact with personal data is obliged to familiarize themselves with and comply with them.

If we provide and/or disclose personal data to a third party that provides services necessary for the fulfilment of any of the purposes of processing personal data, such third party in its capacity as processor shall also have appropriate measures in place to protect the confidentiality, integrity and security of the personal data.

Contact details

If you would like to send questions or have any concerns regarding the processing of your personal data you can do so by email: office@greenblue.sk, or by post at our registered office.

We may update this Policy without notice. Therefore, we ask you to periodically consult the current version, which you can find either on our website or we will be happy to provide it to you upon request.

This version of the Policy was issued on 20.03.2024