+421 34 6540 521
micromill@micromill.sk
1. IDENTIFICATION OF THE CONTROLLER AND GENERAL INFORMATION
This Privacy Policy (the “Policy“) contains information about the processing of your personal data by Micromill SK, s. r. o., 29. augusta 2999/12, 908 51 Holíč, ID No.: 44 799 802, registered in the Commercial Register of the District Court of Trnava, Section Sro, Insert No. 27856/T (hereinafter referred to as the “Controller“), which occurs through the website www.micromill.sk (hereinafter referred to as the “Website”) or related profiles of the Controller on social networks.
Through this Policy, the Controller provides you with information about why your personal data is processed, how it is processed, how long it is stored by the Controller, what your rights are in relation to the processing of your personal data and other relevant information about the processing of your personal data.
Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “Regulation“), Act No. 18/2018 Coll. On protection of personal data as (hereinafter as “Act“) and other respective legislation in relation to personal data protection (Regulation, Act and other personal data protection legislation hereinafter as “Personal data protection legislation“).
You can contact the Data Controller in matters relating to the processing and protection of personal data at Micromill SK, s. r. o., 29. augusta 2999/12, 908 51 Holíč, Slovak Republic or by e-mail to micromill@micromill.sk. The Controller has not appointed a responsible person in the area of processing and protection of personal data.
The Data Controller obtains your personal data directly from you via the website or social media profiles, if you provide it to the Data Controller yourself (by means of a message or other automated means).
2. INFORMATION ON PROCESSING OPERATIONS (categories of personal data, purposes of processing, legal bases and retention periods)
The Controller processes your personal data exclusively in accordance with the principle of minimization, which means that the Controller does not request personal data from you that are not necessary for the specific and justified purpose of the processing. The Data Controller processes personal data only if there is a legal basis for processing it, and therefore it is processed in accordance with the principle of lawfulness. The specific purposes, including the legal basis and the retention period, for which the Controller processes your personal data can be found in the table below.
| Purposes | Responding to messages and handling inquiries/requests from messages received by the Controller via the contact form on the website, messages on social networks, email communication or by telephone to the published contact details on the website (other than inquiries about the Controller’s products from a natural person), including the handling of inquiries and requests from legal entities |
| Legal Basis | Art. 6 (1) letter f) of the Regulation – the processing of personal data is carried out on the basis of the legitimate interest of the Controller, which is to respond to the messages received for the proper conduct of business communication, improving the quality of services provided and attracting new clients |
| Categories of personal data | Name, surname, e-mail address, telephone number, other data provided in the report, in the case of a natural person acting on behalf of a legal person, identification data of his/her affiliation to a specific legal person and function or job position in that legal person |
| Retention period or criteria for its determination | 60 days from the date of receipt of the request or until the request is processed (purpose fulfilled), whichever is sooner |
| Purposes | Handling inquiries from legal entities for the purpose of establishing cooperation (B2B) on the Controller’s products and services delivered via the contact form on the website, e-mail communication or by telephone |
| Legal Basis | Art. 6 (1) letter b) of the Regulation – the processing of personal data is carried out in the framework of pre-contractual relations (implementation of measures at the request of the data subject before the conclusion of the contract) |
| Categories of personal data | Personal data of the natural person acting on behalf of the legal entity – name, surname, e-mail address, telephone number, identification data of his/her affiliation to the specific legal entity and function or job position in the said legal entity and other data specified in the report (in the case of an FO – entrepreneur, place of business, business registration number, tax identification number, other identification data) |
| Retention period or criteria for its determination | Until the enquiry has been dealt with (conclusion of the relevant contract or termination of pre-contractual relations – at the latest within 6 months of the date of receipt of the enquiry, if no contract has been concluded). After the conclusion of the contract, until the expiry of the statutory limitation periods for the exercise of legal claims under the contract, but at the latest until the conclusion of legal or other proceedings relating to claims under the relevant contract |
| Purposes | Receipt and registration of service orders and implementation of pre-contractual relations |
| Legal Basis | Art. 6 (1) letter b) of the Regulation – performance of the contract and implementation of pre-contractual relations |
| Categories of personal data | Ordinary personal data (name, surname, address of residence / place of business, contact details – phone number, email address, bank connection) |
| Retention period or criteria for its determination | Until the conclusion of the contract or within 1 year from the date of receipt of the request for cooperation / quotation from the data subject |
| Purposes | Fulfilment of the contractual obligations of the controller (on the basis of contracts concluded with suppliers and customers – natural persons), including contracts concluded at a distance (in particular via an online form) |
| Legal Basis | Art. 6 (1) letter b) of the Regulation – processing is necessary for the performance of a contract to which the data subject is a party or to carry out steps at the request of the data subject before entering into a contract |
| Categories of personal data | Ordinary personal data (first name, last name, residential address / registered office, contact details – telephone number, e-mail address, bank details) |
| Retention period or criteria for its determination | During the term of the contract and after its termination until the legal claims arising from the contract have been settled in full or until the expiry of the relevant limitation period, whichever is the earlier |
| Purposes | Processing of service delivery complaints and keeping of respective evidence |
| Legal Basis | Art. 6 (1) letter c) of the Regulation – compliance with legal obligations |
| Categories of personal data | Ordinary personal data necessary for compliance with legal obligations |
| Retention period or criteria for its determination | 3 years from the date of processing of the claim, if the claim is made by the customer – a natural person and 4 years from the date of processing of the claim, if the claim is made by the customer – a legal person |
| Purposes | Keeping records (list) of suppliers, other business partners and customers and their representatives (in the case of suppliers, customers and business partners – legal entities) and concluded contracts and fulfilment of legal obligations towards legal entities – contracting parties |
| Legal Basis | Art. 6 (1) letter f) of the Regulation – processing is necessary for the purposes of the legitimate interests of the controller, which consist in the need to keep a register of its suppliers, business partners and clients and their representatives (in the case of legal persons) for the purposes of the proper performance of the contractual relationship and the proof of legal claims |
| Categories of personal data | Ordinary personal data (first name, last name, residential address / registered office of the company, contact details – telephone number, e-mail address, bank details, function in the legal entity, other personal data specified in the contract |
| Retention period or criteria for its determination | During the duration of the contract concluded with the legal entity and after its termination until the legal claims arising from the contract have been settled in full or until the expiry of the relevant limitation period, whichever is the earlier |
| Purposes | Processing of accounting documents |
| Legal Basis | Art. 6 (1) letter c) of the Regulation processing is necessary for compliance with a legal obligation to which the controller is subject |
| Categories of personal data | Natural persons – suppliers, customers and business partners and their employees and representatives |
| Retention period or criteria for its determination | 10 years following the year, which they relate to |
| Purposes | Making audiovisual recordings of data subjects and publishing them on the website and on the Controller’s social media profiles in the course of its presentation and business activities |
| Legal Basis | Art. 6 (1) letter a) of the Regulation – the processing of personal data is carried out on the basis of the data subject’s consent |
| Categories of personal data | Images and expressions of a personal nature |
| Retention period or criteria for its determination | 5 years from the date of consent or until its revocation, whichever is the earlier |
| Purposes | Handling with the rights exercised by data subjects |
| Legal Basis | Art. 6 (1) letter b) of the Regulation -processing is necessary for compliance with a legal obligation to which the controller is subject |
| Categories of personal data | Ordinary personal data, which are part of the request |
| Retention period or criteria for its determination | Until the handling of with the exercised rights and submitted request (max 120 days) |
| Purposes | Keeping records of the executed rights of data subjects |
| Legal Basis | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller which lays in keeping records of the rights exercised by the data subjects for proving fulfilment of the obligations arising out of legal regulations |
| Categories of personal data | Ordinary personal data, which are part of the request |
| Retention period or criteria for its determination | 5 years following the day when exercised right of submitted request is handled with |
| Purposes | Processing of personal data in order to measure traffic on the website and online advert targeting (via cookies) |
| Legal Basis | Art. 6 (1) letter a) of the Regulation – the data subject has given consent to the processing of his or her personal data for one or more specific purposes; |
| Categories of personal data | IP address and other data on the activity on the website of the controller and online preferences |
| Retention period or criteria for its determination | 2 years following consent granting or until its withdrawal, whichever occurs first (depends on the type of cookie) |
In order to ensure the protection of your personal data, the Controller has adopted appropriate security measures, which it has documented, both at an organisational and technical level.
3. TO WHOM DOES THE CONTROLLER PROVIDE YOUR PERSONAL DATA?
In certain cases, the controller is obliged to disclose your personal data to public authorities that are authorised to process your personal data, e.g. courts, law enforcement authorities as well as supervisory and oversight authorities (e.g. the Data Protection Authority in the case of an inspection) (third parties).
The Controller also provides your personal data to its processors, i.e. external entities that process your personal data on behalf of the Controller. The processors process personal data on the basis of a contract concluded with the Controller, in which they undertake to take appropriate technical and security measures in order to process your personal data securely. The Controller’s processors include:
-
- a company providing hosting services (including mailhosting services),
- a company providing website management and online marketing services; and
- a company providing online services related to the presentation of the Controller’s business activities.
The recipients of your personal data include Google Ireland Limited, which provides analytical and marketing services through the use of cookies, which are stored on your device by the website if you grant the Controller your consent to the storage of these files. For more information on cookies, please see the section of the website on the use of Cookies.
The recipients of your personal data also include the controllers of the social networks and platforms Instagram (Meta Platforms Ireland) and LinkedIn (LinkedIn Corporation), if you contact the Controller by means of a message on social networks, if you share a website or its content on social networks or if you grant the Controller consent to the publication of an audiovisual recording containing your likeness on the Controller’s profile on social networks or on the Controller’s website.
The aforementioned companies act as joint controllers with the Controller in the processing of personal data and the processing of personal data in this case is governed by the joint controllers’ agreement within the meaning of Article 26 of the Regulation, according to which the Controller is the point of contact for handling your requests concerning the processing of personal data.
4. ARE YOUR PERSONAL DATA TRANSFERRED TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS?
When using analytics and marketing cookies on the Controller’s website and if you contact the Controller via a message on the Controller’s social networks, share the website or its content on social networks or if you give the Controller consent to publish your photo on a social network, your personal data may be transferred to Meta Platforms, Inc., Google, LLC. and LinkedIn Corporation in the USA).
The transfer of your personal data is secured by appropriate means of securing the transfer of personal data to third countries in accordance with the Data Protection Regulations, in particular through the use of standard contractual clauses included in the terms of use of the aforementioned services, as well as through additional transfer guarantees accepted by the providers of the aforementioned services. Transfers may only take place exceptionally, on the basis of the relevant legislation in force in that third country (the USA), which applies to those service providers (FISA).
The controller does not use profiling when processing your personal data and does not process personal data in any form of automated individual decision-making, which would lead to the evaluation of your personal aspects.
5. WHAT ARE OUR RIGHTS IN RELATION TO PERSONAL DATA PROCESSING?
As the data subject, your rights regarding the processing of your personal data are as follows:
| Right of access – You have the right to obtain a copy of the personal data which we hold about you, as well as the information on how we use your personal data. In most cases, your personal data will be provided to you by electronic means of communication, unless otherwise requested by you | Right to rectification – We take reasonable measures in order to ensure that the data which we hold about you are accurate, complete and up-to-date. In case the personal data we hold are inaccurate, incomplete or outdated, we will modify, update or complete such personal data on basis of your request. |
| RIGHT TO OBJECT
You have the right to object to processing of your personal data, for example if we process your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, we will not further process your personal data unless we demonstrate compelling legitimate grounds for such processing |
|
| Right to erasure – Under certain circumstances, you have the right to ask us to erase your personal data, for example, if the personal data we have obtained about you, are no longer necessary to fulfil the original purpose of processing or if you withdraw your consent to the personal data processing. We assess exercising your right to erasure (right to be forgotten) on the basis of individual circumstances of each particular case of processing. However, your right has to be assessed in the light of all relevant circumstances. For example, there may be certain circumstances or cases arising for us from applicable legislation when your personal data cannot be erased. In such case, we will not be able to accept your request. | Right to data portability – Under certain circumstances, you have right to transmit the personal data to another subject according to your choice. However, the right to portability applies only to personal data that we process under the contract to which you are one of the parties or on the basis of the consent which you have granted us. |
| RIGHT TO WITHDRAW CONSENT
If we process your personal data on the basis of your consent, you have the right to withdraw such consent for further processing of your personal data. You may withdraw your consent at any time in writing, by e-mail or orally (in person). |
|
| Right to restriction of processing – You have also the right to ask us not to process your personal data. If you believe that the personal data we process about you are not accurate, that the processing is unlawful and you request the restriction of their processing, that we no longer need your personal data, but they are required by you as the Data subject for the exercise of legal claims or if you believe that we as the controller are not entitled to further process your personal data, we will not further process your personal data on the basis of your request. | Right to lodge a complaint or request – If you believe that we breach Personal data protection legislation when processing your personal data or that we have not handled your request in accordance with such legislation, you can lodge a complaint with the supervisory authority which is for the EU Úrad na ochranu osobných údajov SR, Hraničná 12, 820 07 Bratislava 27, Slovak republic, website: dataprotection.gov.sk, tel. No.: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk. |
You may exercise your rights specified in the table above at the contact addresses of the Controller listed at the beginning of this document.
The Controller will provide you with the answer to the exercise of your rights free of charge. In the event of a repeated, unreasonable or inappropriate request for the exercise of your rights, the Controller is entitled to charge a reasonable fee for the provision of information. The Controller will provide you with an answer within 1 month from the day when you exercised your rights. In certain cases, the Controller is entitled to extend this period, in the case of a high number and complexity of applications of the data subjects, maximally by 2 months. The Controller will always inform you about the extension of the deadline in advance.
6. SOCIAL MEDIA AND LINKS TO OTHER WEBSITES
As a part of the support of marketing and advertising you can find on the Controller´s website links to various social networks, such as LinkedIn. The Controller hereby wishes to inform you that after clicking on the plugin on the website and visiting the social network, the personal data protection rules of the social network operator will apply, except if you contact the Controller via a message on the social network (in which case the processing of your personal data is also governed by this Privacy Policy and your personal data shall be processed by the Controller in accordance with the information provided above).
For more information on the processing of your personal data by the social network operator, please visit the following links: (i) Instagram, (ii) LinkedIn a (iii) YouTube.
7. VALIDITY
An updated version of this Privacy policy is valid and effective as of 01. 05. 2023. As it is possible that an update of the information on personal data processing contained in this Privacy policy may be necessary in the future, the Controller is entitled to update this Privacy policy at any time. In such case, the Controller will inform you about it in an adequate manner in advance.