Privacy Policy

STATEMENT OF THE CONTROLLER ON THE PROCESSING OF PERSONAL DATA

The controller, NOVOFRUCT SK, s.r.o., Komárňanská cesta 13, 940 43 Nové Zámky, ID: 31427294 (hereinafter referred to as the “controller”), has implemented appropriate technical and organizational measures to ensure the protection of the rights of data subjects, which declare the lawful processing of personal data. The controller has also established a transparent system for recording security incidents and any inquiries from the data subject and other persons.

Individual information can also be obtained by the data subject via telephone at: +421 35 64 24 296, email: info@novofruct.sk, or in person at NOVOFRUCT SK, s.r.o., Komárňanská cesta 13, 940 43 Nové Zámky.

Below we provide information on the processing and protection of personal data in accordance with the EP and EU Council Regulation No. 2016/679 on the protection of natural persons regarding the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) and the SR Act No. 18/2018 Coll. on the protection of personal data and on amendments to certain laws (hereinafter referred to as the “Data Protection Act”).

1. Controller

NOVOFRUCT SK, s.r.o.

Komárňanská cesta 13

940 43 Nové Zámky

ID: 47341831

We process your data for our own purposes as the Controller. This means we determine the purpose for which we collect your personal data, determine the means of processing, and are responsible for its proper execution.

1. Processors

The controller may, in certain cases, process personal data of data subjects through processors who are commissioned to process personal data in accordance with Article 28 of the GDPR Regulation.

Processors process personal data of data subjects on behalf of the controller. Processing personal data through a processor does not negatively affect the performance and exercise of the data subject’s rights. The controller uses only processors providing appropriate technical, organizational, and other measures to ensure that processing meets GDPR requirements and fully ensures the protection of the data subject’s rights.

The controller uses the following categories of processors for the processing of personal data:

Suppliers providing services in the field of payroll, personnel, and accounting.

Suppliers providing technical solutions, web hosting services, maintenance, and support of IT systems used by the controller.

Categories of recipients of personal data: persons acting on behalf of the controller, processors, legal representatives, auditors, state administration bodies, and public authorities for control and supervision purposes.

1. Purpose of Personal Data Processing

As the controller, we process personal data exclusively for purposes that we can substantiate with a legitimate legal basis and defined purpose:

When responding to a request, suggestion, or question submitted physically, by phone, or via electronic/paper mail, for the purpose of responding to the data subject, we apply the legal basis for processing under Article 6(1)(f) of the GDPR – legitimate interest of the controller. As a data subject, you have the right to object to such processing at any time.

When expressing interest in our services or products, when planning to establish cooperation, the legal basis for data processing is Article 6(1)(b) of the GDPR – where data processing is necessary to take the necessary steps before concluding a contract, i.e., during the pre-contractual relationship.

After a contractual relationship arises between the controller and the data subject, during the necessary cooperative communication, data processing again takes place under Article 6(1)(b) of the GDPR, which is necessary for fulfilling the contractual relationship.

If you are looking for a job and would like to work for our company, you can leave us your CV with a cover letter based on your consent to the processing of personal data under Article 6(1)(a) of the GDPR. Such received data are included in the job applicant database. You can withdraw your consent at any time.

1. Duration of Processing and Retention of Your Personal Data

Your personal data, which we have processed or are processing under Article 6(1)(b) of the GDPR – within the fulfillment of the controller’s obligations, we further process for the purpose of fulfilling our legal obligations in the field of taxes and accounting, which arise from generally binding legal regulations (e.g., retention of individual accounting records and invoices under Act No. 431/2002 Coll. on Accounting as amended, to demonstrate fulfillment of tax obligations under tax law Act No. 595/2003 Coll. on Income Tax, Act No. 563/2009 Coll. on Tax Administration, etc.), we must retain for the period specified by the relevant legal regulations. However, we always adhere to the principle of minimizing the retention of personal data under Article 5(1)(e) of the GDPR, so your personal data that is not subject to archiving according to specific legal regulations will be deleted or anonymized.

Personal data processed under Article 6(1)(a) of the GDPR – based on consent, e.g., for including the data subject in the job applicant database or for sending current marketing news, we process for 3 years or until its withdrawal. At the end of the processing period, we contact the data subject, where it is possible to renew and extend the consent for the next processing period. If the data subject does not renew the consent or does not respond to the contact, we will no longer process the personal data – i.e., we will automatically remove the data from the records, delete electronic data from the systems, and shred physical data.

Personal data processed under Article 6(1)(f) of the GDPR – based on legitimate interest, which were processed when responding to a request/suggestion or question for the purpose of responding to the data subject and were not subsequently transferred into a pre-contractual or contractual relationship, are deleted immediately.

As the controller, we ensure the deletion of personal data without undue delay after:

• all contractual relationships between you and us as the controller have ended; and/or
• all your obligations to the controller have ceased; and/or
• all your complaints and requests have been resolved; and/or
• all other rights and obligations between you and us as the controller have been settled; and/or
• all processing purposes set by legal regulations or purposes for which you gave us consent have been fulfilled, if processing was based on the data subject’s consent; and/or
• the period for which consent was given has expired or the data subject has withdrawn consent; and/or
• the data subject’s request for data deletion has been fulfilled and one of the reasons justifying the fulfillment of this request has been met; and/or
• the decisive legal fact for the termination of the processing purpose has occurred, and the retention period defined concerning the principle of minimizing the retention period of personal data has expired;
• and at the same time, the legitimate interest of the controller does not persist, and all obligations set by generally binding legal regulations that require the retention of the data subject’s personal data (especially for archiving purposes, tax inspection, etc.) have ceased, or which could not be fulfilled without their retention.

Any accidentally obtained personal data is not systematically processed for any defined purpose. If possible, we inform the data subject to whom the accidentally obtained personal data belongs about their accidental acquisition and, depending on the case, provide necessary cooperation leading to the restoration of control over their personal data. Immediately after these necessary actions to resolve the situation, all accidentally obtained personal data will be securely disposed of without delay.

For more information about the specific retention period of your personal data, please contact us using the provided contact details.

1. Disclosure of Data

Our company does not disclose the obtained data under any circumstances.

1. Cross-border Data Transfer

Cross-border transfer is not implemented.

1. Rights and Obligations of the Data Subject

The customer is obligated to provide only complete and truthful data. The customer undertakes to update their data in case of any changes, at the latest before placing the first order following the change. The customer undertakes that if they provide personal data of a third party (name, surname, phone number), they do so only with their consent, and the data subject is informed of the procedures, rights, and obligations stated on this page. As our client and data subject, you have the right to decide on the handling of your personal data within the specified scope. You can exercise the rights listed below:

• In person at the contact point of the controller NOVOFRUCT SK, s.r.o., Komárňanská cesta 13, 940 43 Nové Zámky;
• Via our customer line: +421 35 64 24 296;
• Via email: info@novofruct.sk

We will try to respond to you as soon as possible; however, we will answer you no later than 30 days after receiving your request. Applicable legal regulations and the GDPR, or the Act, ensure you the following rights, especially:

Right of Access – You have the right to request confirmation from us as to whether your personal data is being processed, and if so, obtain a copy of this data and additional information resulting from Article 15 of the Regulation, or Section 21 of the Act. If we collect a large amount of data about you, we may ask you to specify your request for the specific scope of data we process about you.

Right to Rectification – To ensure we always process only current personal data about you, we need you to notify us of any changes as soon as they occur. If we process incorrect data about you, you have the right to request its correction.

Right to Erasure – If the conditions of Article 14 of the Regulation, or Section 23 of the Act, are met, you can request the deletion of your personal data. You can request deletion, for example, if you have withdrawn your consent to personal data processing and there is no other legal basis for processing, or if we process your personal data unlawfully, or if the purpose for which we processed your personal data has ceased and we do not process it for another compatible purpose. However, we will not delete your data if it is necessary for proving, asserting, or defending legal claims.

Right to Restriction of Processing – If the conditions of Article 18 of the Regulation, or Section 24 of the Act, are met, you can request us to restrict the processing of your personal data. You can request restriction, for example, while you dispute the accuracy of the processed data or if the processing is unlawful and you do not want us to delete the data but need the processing to be restricted while you assert your rights. We will continue to process your data if there are reasons for proving, asserting, or defending legal claims.

Right to Data Portability – If processing is based on your consent or carried out for the performance of a contract concluded with you and is also carried out by automated means, you have the right to receive your personal data that we have obtained from you in a commonly used machine-readable format. If you are interested and it is technically feasible, we will transfer your personal data directly to another controller. This right will not be possible to exercise for processing carried out due to the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Right to Object to Processing – If we process your personal data due to the performance of a task carried out in the public interest or in the exercise of official authority vested in us, or if processing is based on our legitimate interests or the legitimate interests of a third party, you have the right to object to such processing. Based on your objection, we will restrict the processing of personal data, and unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or grounds for proving, asserting, or defending legal claims, we will no longer process and will delete your personal data. You have the right to object at any time to the processing of personal data for direct marketing purposes, including profiling to the extent related to such direct marketing. After raising an objection, we will no longer process your personal data for this purpose.

Right to Lodge a Complaint – If you believe that the processing of your personal data is in violation of the Regulation, or the Act, you have the right to lodge a complaint with one of the relevant supervisory authorities, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement. For the territory of the Slovak Republic, the supervisory authority is the Office for Personal Data Protection, located at: Hraničná 4826/12, 820 07 Bratislava, Slovak Republic, website: www.dataprotection.gov.sk, tel.: +421 /2/ 3231 3220.

Right to Withdraw Consent – If the processing of your personal data is based on consent, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the processing carried out before its withdrawal. If you later decide you want to receive commercial and marketing offers about our products and services from us again, you can renew your withdrawn consent (or objection) at any time in any of the forms of contact mentioned above.

1. Contact Details of the Office and the Data Protection Officer

Office for Personal Data Protection of the Slovak Republic

Address:

Hraničná 12

820 07, Bratislava 27

Slovak Republic

ID: 36 064 220

Reception:

Monday – Thursday: 8:00 – 15:00

Friday: 8:00 – 14:00

Telephone consultations on personal data protection:

Tuesday and Thursday from 8:00 to 12:00 +421 2 323 132 20

Chairman’s Secretariat +421 2 323 132 11

Office Secretariat +421 2 323 132 14

Fax: +421 2 323 132 34

Spokesperson:

mobile: 0910 985 794

email: hovorca@pdp.gov.sk

Email:

1. a) general: statny.dozor@pdp.gov.sk
2. b) for providing information under Act No. 211/2000 Coll.: info@pdp.gov.sk
3. c) website: webmaster@pdp.gov.sk
4. d) for submitting requests for information under Act No. 211/2000 Coll. on free access to information, use the online form.
5. e) email address through which the Office provides advice on personal data protection. It is intended for children, youth, students, teachers, parents who suspect that their personal data has been misused: ochrana@pdp.gov.sk

A sample proposal for initiating personal data protection proceedings can be found on the Office’s website (https://dataprotection.gov.sk/uoou/sk/content/konanie-o-ochrane-osobnych-udajov).