Information about personal data protection

following applicable provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”

Identity and contact info of the Controller:

RED ARROW, s.r.o., Pred poľom 12, 911 01 Trenčín, Company ID Number: 50 157 256, redarrow@redarrow.sk, +421 915 433 061 (hereinafter referred to as “the Controller”).

Purposes and legal basis for the processing:

  1. Data from the contact form available on the website of the Controller up until 28th January 2022 (hereinafter referred to as “the Contact Form”) shall be used for marketing purposes, providing information about news related to the Controller and to contact persons who had expressed interest in the Controller’s products. The legal basis is given by the legitimate interests of the Controller (article 6, point 1., letter f) of GDPR). Legal interests of the Controller lay in the field of direct marketing purposes (recital 47 of GDPR).
  2. Shall the data subject provide the Controller with data outside of the Contact Form, mainly via a registration form, available on the Controller’s website (hereinafter referred to as “the Registration form”), these data will be processed for the purposes of performing a contract. The legal basis is the performance of a contract (article 6, point 1., letter b) of GDPR), during the pre-contract negotiations phase and during the phase of performing of the contractual duties themselves.
  3. Personal data of data subjects who are employees and/or collaborators (hereinafter referred to as “the Subordinates”) of the subject which is a party of the contract with the Controller (hereinafter referred to as “the Controller’s Contractual Party”) will be processed for the purposes of performing a contract, both in the phase of pre-contractual negotiations and in the phase of performing of the contractual duties themselves. Performance of a contract is therefore the legal basis for such processing (article 6, point 1., letter b) of GDPR).

Recipients of personal data and cross-border processing:

The Controller may grant his trusted contractual partners, with whom the Controller provides his services, access to data subjects’ personal data, including the Controller’s contractual partners abroad. Cross-border processing will be performed mainly in the EU. In case of cross-border processing performed outside of the EU, the Controller shall adopt adequate measures to protect affected personal data at the EU level of standards.

Period of storage of personal data:

The Controller shall store the personal data up until the contract with the data subject is entered into, no more than 3 years since the personal data has been provided. After the contract is entered into, the Controller shall store the data subject’s personal data for the period of the contract and 3 years after the contract termination. The Controller may process personal data longer if such processing is necessary to comply with a legal obligation (e.g. accounting records), or if such processing is necessary to protect legal interests of the Controller (e.g. legal documentation in ongoing legal disputes).

Rights of the data subject:

The data subject has the right to access their personal data processed by the Controller. The data subject also has the right to:

  • rectification of inaccurate personal data concerning the data subject;
  • erasure of their personal data;
  • restriction of processing of their personal data;
  • object to processing of their personal data;
  • data portability;
  • file a complaint against the Controller at the supervisory authority, which is Office for Personal Data Protection of the Slovak republic, Hraničná 12, 820 07 Bratislava 27, e-mail: statny.dozor@pdp.gov.sk, tel.: +421 2 32 31 32 14.

Cookies:

The Controller only uses functional cookies on his website. These cookies are necessary for correct website performance and are identified as follows:

  • Elementor;
  • Login press (remembers logging in);
  • Cookie notice (remembers clicking on the cookie notice button);
  • WPML (remembers language selection).

The Controller also uses these external services on his website:

  • Google Fonts;
  • YouTube video (saves user information typical for YouTube).

The Controller does not use any cookies for the purpose of marketing, analytics, etc. More info on cookies can be found here: https://en.wikipedia.org/wiki/HTTP_cookie.

More information:

Providing data subject’s personal data is a contractual requirement of the Controller. Not providing personal data by the data subject, or by the Controller’s Contractual Party shall result in the Controller’s inability to provide services to the data subject.

The Controller’s Contractual Party undertakes to inform his Subordinates, whose personal data he intends to provide to the Controller, about the conditions of the personal data processing by the Controller, before the Controller’s Contractual Party provides any personal data of his Subordinates to the Controller. Following article 14, point 5., letter a) of GDPR, the Controller is not obliged to provide the Subordinates with any more personal data processing information. The right to access this information, nor any other right of a data subject, are not affected by this.

The Controller may perform profiling of the data subjects, mainly on the grounds of their primary business focus, age (if provided), gender, country of residence, etc. This data will be used for marketing purposes (providing relevant information to data subject, according to their target group classification) and/or to evaluate services provided by the Controller. Legal basis for such processing is a legitimate interest of the Controller (article 6, point 1., letter f) of GDPR) and the legitimate interest lays in the field of direct marketing (recital 47 of GDPR) and/or in the field of increasing effectiveness of the Controller’s right to enterprise (article 35, point 1 of the Constitution of the Slovak republic).

The Controller does not process any special categories of personal data (such as biometric data, data concerning health, etc.).

This information about personal data protection shall come into effect on 4th February 2022 which is also a date of its publication on https://mantra-online.eu/personal-data-processing-information/?lang=en. This information overrides any prior information about personal data protection issued by the Controller.

2020-2022 mantra-online.eu

Personal data protection