KFB Control Ltd.
Information pursuant to Section 15(1) of Act No. 122/2013 Coll.
on Protection of Personal Data, as amended
Dear Licensee/User,
For the purpose of the license agreement and the provision of services within the scope of the license granted, we need your personal data. We process your personal data in accordance with Act No.122/2013 Coll. on Protection of Personal Data as amended (hereinafter referred to as “Act on Protection of Personal Data“), whereas your data shall only be used for the purpose specified therein.
I.
Controller
The Controller of the information system is:
Commercial name: KFB Control Ltd., registered with the Commercial Register of District Court in Bratislava I, section: Sro, file no.:19582/B,
Registered seat: Svätoplukova 19, 900 27 Bernolákovo, Slovak RepublicCorporate ID,
Corporate ID Number: 35 772 042,
Tax Identification Number: 202 023 26 54,
EU VAT Identification Number: SK 202 023 26 54.
II.
Purpose of the processing of personal data
The controller processes personal data in accordance with Act no. 618/2003 Coll., Copyright Act, as amended (hereinafter referred to as “Copyright Act”) and other applicable laws for the purpose of:
• concluding the license agreement,
• providing the services within the scope of the license,
• management of the user accounts of particular users,
• carrying out marketing activities,
or for other purpose pursuant to the agreement or applicable laws therein.
III.
List of personal data
- The controller processes personal data of the persons concerned to the extent in accordance with applicable laws, agreements and other documents of the controller.
- The controller processes, in particular, following data of the persons concerned, and persons concerned who are users:
• title,
• name and surname,
• contact details (telephone number, e-mail address);
in particular following personal data of persons concerned who are licensees:
• title,
• name and surname,
• contact details (telephone number, e-mail address,
• bank account details,
• credit card number.
IV.
Voluntary character of the provision of personal data
- Licensee and user provide their personal data voluntarily for the purpose of the performance of their respective rights and obligations pursuant to the agreement and applicable laws.
- The controller processes the personal data of the person concerned only during a period of time required for the performance of his obligations set forth in the agreement and applicable laws.
- The controller processes personal data of the persons concerned for marketing purposes upon the consent of the person concerned in accordance with Section 11 of Act No. 122/2013 Coll. on Protection of Personal Data, as amended. The person concerned shall grant his consent to the processing of her personal data upon the registration on websites linkedin.com. The person concerned shall grant the consent for an indefinite period of time. The consent may be revoked upon a written request at any time. The consent shall cease no later than within 1 month since the delivery of the revocation of buyer´s consent to the seller. Data shall be consequently destroyed.
V.
Provision and disclosure of personal data
- The controller provides personal data of persons concerned to third parties only to the extent necessary for the purpose of performance of the responsibilities pursuant to the agreement and applicable laws.
- The controller provides personal data of the persons concerned to:
• intermediary Microsoft Azure, Microsoft Ireland Operations Limited, Atrium Block B, Carmenhall Road, Sandyford Istustrial Estate, Dublin 18, Ireland pursuant to the agreement in accordance with Section 8 of Act on Protection of Personal Data.
• intermediary ChargeBee Inc., 340 S- Lemno Ave. # 1537, Walnut, CA 91789, USA, Pursuant to the agreement in accordance with Section 8 of Act on Protection of Personal Data.
• intermediary SUMA Consulting, Ltd., Drotárska 1, 811 02 Bratislava, reg. number: 31 382 614, Pursuant to the agreement in accordance with Section 8 of Act on Protection of Personal Data.
- The controller makes personal data of the persons concerned available to:
• intermediary Magazine Ventures, Ltd. pursuant to the agreement in accordance with Section 8 of Act on Protection of Personal Data.
VI.
The forms of publication of personal data
- The controller shall not make public personal data of the persons concerned.
VII.
Advice on rights of the person concerned
- The person concerned shall be entitled to request upon a written application from the controller
a) confirmation whether his personal data are or are not being processed,
b) information about the state of processing of his personal data in the filing system in a generally intelligible form and in the extent under Section 15 Paragraph 1 Points a) to e) Numbers 1 to 6; if a decision under Paragraph 5 is issued, the data subject shall be entitled to familiarise himself with the procedure of the processing and evaluating of operations
c) exact information, in a generally intelligible form, about the source from which the controller obtained his personal data for their processing,
d) list of his personal data, in a generally intelligible form, which constitute the subject of the processing,
e) rectification or erasure of his inaccurate, incomplete or not updated personal data, which constitute the subject of the processing,
f) erasure of his personal data, if the purpose of their processing was fulfilled; if any official documents containing personal data constitute the subject of the processing, he may request their returning,
g) erasure of his personal data which constitute the subject of processing if there was a violation in the Law,
h) blocking of his personal data due to the cancelation of the consent for personal data processing before its expiration if the controller processes personal data based on the consent of the person concerned.
- The right of the person concerned may be restricted only under Paragraph 1 Points e) and f) only if such restriction results from a special Act or its application would infringe the protection of the person concerned or would infringe the rights and freedoms of others.
- The person concerned shall be entitled to object to the controller upon a written application, to the following
a) processing of his personal data, in respect of which he expects that they are or would be processed for the purposes of direct marketing without his consent and he shall be entitled to request for their erasure,
b) use of the personal data referred to in Section 10 Paragraph 3 Point for the purposes of direct marketing in the mail correspondence; or
c) provision of personal data referred to in Section 10 Paragraph 3 Point for the purposes of direct marketing.
- The person concerned shall be entitled to object to the controller anytime upon a written request or in person, provided that the matter cannot be postponed to the processing of personal data in the cases under Section 10 Paragraph 3 Points a), e), f) or g) by stating the legitimate reasons or by submitting evidence of infringement of his rights and legitimate interests that are or can be violated by the processing of personal data in a concrete case; if it is proved that the legitimate reasons do not prevent it and the objection of the data subject is valid, the controller shall be obliged to block the personal data, the processing of which was objected by the data subject without undue delay and erase them as soon as possible.
- The person concerned shall be further entitled anytime upon a written request or in person, provided that the matter cannot be postponed to object to the controller and refuse to submit to the controller’s decision, which would produce legal effects on him or significantly affect him, provided that such decision is based solely on the acts of the automatic processing of his personal data. The person concerned shall be entitled to request the controller for examination of the issued decision by a method other than the automatic processing, whereas the controller shall be obliged to satisfy the request of the person concerned in such manner that the person concerned shall have a decisive role in the examination of the decision; the controller shall inform the data subject about the manner of examination and the outcome of his finding in a period under Section 29 Paragraph 3. The person concerned shall be deprived of the above right only if so stipulated by a special Act in which are regulated the measures for securing the legitimate rights of the data subject or if the controller issued a decision satisfying the request of the data subject during the pre-contractual relationship or in the course of existence of contractual relationship or if the controller adopted other adequate measures to ensure person´s concerned legitimate interests based on the contract.
- If the person concerned claims his right
a) in a written form and it is clear from the content of his request that he claims his right, the application is considered as submitted pursuant to this Act; the application submitted via electronic mail or fax shall the data subject delivers in a written form not later than in three days from the date of its expedition,
b) in person, verbally into the record, from which it must be clear on who executes his rights, what right is he executing and who and when created the record, his signature and the signature of the data subject; the controller shall be obliged to deliver a copy of the record to the data subject,
c) with the intermediary pursuant to Point a) or Point b), he shall be obliged to deliver this request or record to the controller without undue delay.
- The person concerned may submit the petition initiating the procedure of personal data protection to the Office when suspecting that his personal data are processed unlawfully.
- If the person concerned does not enjoy full legal capacity, his rights may be exercised by his legal representative.
- If the person concerned is deceased, his rights which he had pursuant to this Act may be exercised by his close person.
- The person concerned is obliged to provide accurate personal data. The personal who provided personal data to the information system shall be held liable for incorrectness of the personal data pursuant to Section 16 Paragraph 1 of the Act on Protection of Personal Data.
VIII.
Liability of the controller
- The controller shall not be liable for the misuse of personal data by a unauthorised third party.
- Liability of the controller for violations of the provisions of Act No.122/2013 Coll. on Protection of Personal Data as amended shall be governed by the provisions of the Act thereof.
Revision.: 1.1 Revision date: 05.10.2017