Home / GDPR

GDPR

Identification and Contact Details of the Controller

Your personal data are processed by the controller:

CHEMOSVIT, a.s., Štúrova 101, 059 21 Svit, Slovak Republic, Company ID No. 31 671 047, registered in the Commercial Register of the Slovak Republic maintained by the District Court Prešov, Section Sa, Insert No. 136/P.

Your personal data will be processed and stored securely in accordance with the controller’s security policy and only for the period necessary to fulfil the purpose of the processing. Access to your personal data will be granted exclusively to persons authorized by the controller to process personal data, who process such data based on the controller’s instructions and in compliance with the controller’s security policy. Your personal data will be backed up for the purpose of preventing security incidents, in particular the loss of data availability due to a security incident, in accordance with the security requirements of the General Data Protection Regulation and Act No. 18/2018 Coll.

Contact Details of the Responsible Persons:

Head of Organizational Management

Tel.: +421-52-715-2794
E-mail: zodpovedna_osoba@chemosvit.sk

 

Information Notice on the Processing of Personal Data

Purposes of Processing, Legal Basis, and Recipients

We process personal data for the following purposes:

 

  1. SHAREHOLDER AGENDA

Administration of shareholder records in connection with the obligations of a joint-stock company under the legal order of the Slovak Republic and the exercise of shareholders’ rights (e.g. convening general meetings, payment of dividends, transfer of shares, etc.).

Personal data are processed on the legal basis of specific legislation (including the Securities Act and the Commercial Code of the Slovak Republic), as well as on the basis of a contract to which the data subject is a party.

The provision of personal data constitutes both a statutory and contractual requirement. Without your personal data, it will not be possible to conclude a contract with you or to fulfil legal obligations under applicable legislation.

Your personal data may be disclosed to data processors, namely CHEMOSVIT SLUŽBY, s.r.o. and Berník & Partners s.r.o., for the purpose of organizing general meetings, as well as to other authorized entities entitled to receive such data under applicable legislation.

 

  1. ARCHIVING AND RECORDS MANAGEMENT

Fulfilment of obligations related to the registration and distribution of mail, provision of email communication (including the creation and administration of email accounts), and the performance of duties related to the management of registry records arising from the controller’s business activities, which are stored in the registry centre (including the disposal and destruction of documents and the archiving of archival records in accordance with applicable legislation).

The legal basis for the processing of personal data consists of specific statutory acts (including the Postal Services Act, the e-Government Act, and the Archives and Records Management Act). The provision of personal data constitutes a statutory requirement. Without the provision of personal data, we are unable to fulfil obligations imposed by legislation in the area of postal services and records management.

Access to your personal data is granted to data processors, including providers of postal and forwarding services, CHEMOSVIT SLUŽBY, s.r.o., OZO–RECYCLING, s.r.o., which ensures the destruction of disposed registry records upon expiry of their retention periods, and Apptc.me s.r.o., which provides maintenance and updates of email communication systems. Access may also be granted to researchers carrying out archival research activities in accordance with applicable legislation (only where documents containing your personal data have permanent archival value), as well as to other authorized entities entitled to access such data under applicable legislation.

 

  1. OCCUPATIONAL HEALTH AND SAFETY (OHS) – EXTERNAL PERSONS

Ensuring the safety and protection of the health of external persons entering the controller’s premises (including OHS training and education, preventive OHS activities, and the recording of accidents occurring on the controller’s premises).

Personal data are processed in accordance with specific legislation (in particular, the Occupational Health and Safety Act). The provision of personal data constitutes a statutory requirement and is therefore an obligation of the data subject, as such data are necessary for the fulfilment of our legal obligations.

Personal data may be disclosed to your employer, the data processor CHEMOSVIT SLUŽBY, s.r.o., and other authorized entities in accordance with applicable legislation.

 

  1. COOKIES

Provision of services related to the operation of the website in essential mode; improvement and optimization of the website’s content and performance; and the collection of statistical and marketing information.

The legal basis for the processing of personal data in relation to functional cookies is the legitimate interest of the controller. The controller requires such data to ensure the proper technical functioning of the website. If such data are not provided, certain elements of the website may not function correctly. Other types of cookies (statistical and marketing) are processed on the basis of the data subject’s consent.

Personal data may be disclosed to third parties providing website development and related services, as well as to other authorized entities in accordance with applicable legislation.

 

  1. WHISTLEBLOWING RECORDS

Administration of reports related to the submission and investigation of notifications concerning socially harmful activities submitted to the controller, which is subject to the mandatory application of the Whistleblower Protection Act.

The legal basis for the processing of personal data is a specific law (the Act on the Protection of Whistleblowers Reporting Anti-Social Activity). The provision of personal data constitutes a statutory requirement; the data subject is therefore obliged to provide personal data necessary for the fulfilment of legal requirements and the employer’s statutory obligations. The data subject may also make use of the statutory option of submitting an anonymous report.

Personal data are disclosed to the processor Berník & Partners and to other authorized entities in accordance with applicable legislation.

Note: This system is active only if the company employs at least 50 employees.

 

  1. ACCESS CONTROL AND PREMISES SECURITY

Maintenance of records concerning the entry and exit of persons and vehicles to and from a secured facility for the purpose of ensuring the protection of property and individuals within the controller’s premises.

Personal data are processed on the legal basis of the controller’s legitimate interest in ensuring the protection of property and persons present within the premises, arising from specific legislation governing the provision of private security services. The provision of personal data constitutes a requirement arising from the controller’s legitimate interest.

Personal data are processed by the data processor SBS CHEMOSVIT, s.r.o., and may be disclosed or made accessible to authorized entities in accordance with applicable legislation.

 

  1. INFOWEB

The controller’s internal network – a portal ensuring operational and administrative functions of the controller, including access to individual applications, employee contact directories, registration for training sessions, medical examinations, and related activities.

Employees’ personal data, to the extent set out in Section 78(3) of Act No. 18/2018 Coll. on the Protection of Personal Data, are disclosed on the basis of the controller’s legitimate interest pursuant to that Act. In such case, the processing of personal data is lawful without the consent of the data subject.

Access to personal data published on the Infoweb is granted to employees of the controller, employees of companies within the CHEMOSVIT and FINCHEM group, employees of other companies with granted access rights, and the data processor CHEMOSVIT SLUŽBY, s.r.o.

 

  1. INTERNAL DOCUMENTATION

Preparation, maintenance, and distribution of internal documents (organizational, technical, and management documentation).

Personal data are also processed in the course of creating certain documents necessary to safeguard the controller’s legitimate interests, in particular in the organization and management of operational activities. The requirement to provide personal data in this context arises from the controller’s legitimate interest, which may be objected to by the data subject.

Access to personal data is granted to the data processor CHEMOSVIT SLUŽBY, s.r.o.; personal data may also be made accessible to authorized entities in cases provided for by applicable legislation.

 

  1. MEASUREMENT OF BODY TEMPERATURE OF PERSONS PRIOR TO ENTRY INTO THE CONTROLLER’S PREMISES

Participation in measures aimed at preventing the spread of infectious diseases for the purpose of protecting the health of persons within industrial premises.

The legal basis for the processing of personal data is the consent of the data subject, expressed by requesting a member of the security service to carry out a temperature measurement. Personal data are provided voluntarily by the data subject, and failure to provide such data does not result in any adverse consequences for the data subject.

Personal data are disclosed to the data processor SBS CHEMOSVIT, s.r.o.

 

  1. CCTV MONITORING OF PREMISES

Monitoring of premises by means of a camera system for the purpose of protecting property, safeguarding health, and detecting criminal activity.

The legal basis for the processing of personal data through the camera system is the legitimate interest of the controller. This mechanism is used to ensure the protection of the company’s property, the property of employees, and the property of other persons within the monitored area, as well as to assist in the detection of criminal activity and the protection of the health of persons present in such areas.

Personal data are obtained through voluntary entry into and movement within the monitored area, of which you are informed at the point of entry to such area, which is clearly marked as being subject to CCTV monitoring.

Access to personal data obtained via the camera system is granted to the data processors SBS CHEMOSVIT, s.r.o., CHEMOSVIT STROJCHEM, s.r.o., and, in the case of criminal or administrative offence proceedings, to authorized entities in accordance with applicable legislation.

 

  1. EMPLOYEE MONITORING

Monitoring of employees on the basis of serious grounds inherent in the specific nature of the employer’s activities, serving as a control mechanism in accordance with internal policies.

Personal data are processed on the legal basis of the controller’s legitimate interest arising from the Labour Code. Personal data relating to the behaviour of individuals within information and communication systems are recorded by technical means during working hours when such individuals use the controller’s systems in the course of their activities. This constitutes a processing requirement arising from the controller’s legitimate interest. The data subject is informed of such monitoring through internal regulations.

Access to personal data is granted to the data processors CHEMOSVIT SLUŽBY, s.r.o. and ALCASYS Slovakia, a.s.

 

  1. PERSONNEL AND PAYROLL AGENDA

Fulfilment of the employer’s obligations related to employment relationships or similar arrangements (including agreements on work performed outside an employment relationship), including pre-contractual relations, arising from applicable labour, social security, healthcare, and occupational health and safety legislation.

The legal basis for the processing of personal data for this purpose consists of specific statutory acts (including the Labour Code, the Social Insurance Act, the Health Insurance Act, the Income Tax Act, the Employment Services Act, the Old-Age Pension Savings Act, the Supplementary Pension Savings Act, the Income Compensation during Temporary Incapacity for Work Act, the Social Fund Act, the Public Health Protection, Support and Development Act, the Act on Bailiffs and Enforcement Activities, and the Occupational Health and Safety Act).

The provision of personal data constitutes a contractual requirement for the conclusion of an employment contract or agreements on work performed outside an employment relationship and, at the same time, a statutory requirement for the fulfilment of the controller’s obligations arising from applicable labour, social, healthcare, and occupational health and safety legislation. Without the provision of personal data, an employment relationship cannot be established.

For purposes related to the employment relationship, we also process your photograph (not in biometric form) – within the personnel file, on identification cards, and in attendance and HR systems – on the basis of the controller’s legitimate interest, namely the need to identify the data subject as an employee of the controller.

We may copy or scan necessary official documents for the purpose of verifying the employee’s eligibility to work, substantiating claims for benefits, documenting changes in personal data, and demonstrating relevant facts to public authorities in the course of inspections, which constitutes our legitimate interest.

For the purpose of providing benefits, in certain cases it is necessary to provide your personal data to a third party. This is based on our legitimate interest, which includes employee motivation and retention, differentiation from competitors, health care, satisfaction, and social security.

Access to your personal data is granted to data processors including CHEMOSVIT SLUŽBY, s.r.o., SOFTIP, a.s., providers of occupational health services, WEGA LH, s.r.o. for the administration of attendance and catering systems, intermediaries providing catering services (Ticket Service, s.r.o. and REKREATOUR, s.r.o.), and FINCHEM INSURANCE, s.r.o. for the administration of supplementary pension savings. Personal data are also disclosed or made accessible to authorized entities in accordance with applicable legislation.

 

  1. CORPORATE NEWSPAPER

Informing employees, former employees, business partners, visitors, and the public about the company's activities, social events, and business developments through the corporate newspaper.

Personal data related to the data subject’s work for the controller or documenting work-related, business, and social activities within the company are processed on the basis of the controller’s legitimate interest, namely the need to ensure an appropriate level of information for target groups, to develop good public relations, and to increase awareness of the company.

Identification and contact details of employees may be published without consent pursuant to Section 78(3) of Act No. 18/2018 Coll. on the Protection of Personal Data.

Personal data related to the employee’s privacy are processed on the basis of their granted consent. This consent may be withdrawn at any time (in person, by email, or by telephone).

The provision of personal data is voluntary. Providing an interview to the corporate newspaper editor and consenting to being photographed constitute an expression of the data subject’s free will. The data subject may also express objection to processing through their conduct, for example by leaving the range of the editor or photographer, or by formally objecting to the processing with the controller.

Access to personal data is granted to the data processor Popradská tlačiareň, s.r.o., which provides printing services for the corporate newspaper, as well as to subscribers of the corporate newspaper (employees of companies within the CHEMOSVIT and FINCHEM group, former employees), business partners, visitors, and the public.

 

  1. LEGAL AGENDA

Handling legal matters in the areas of commercial and labour law, including legal representation of the controller in civil litigation, insolvency and restructuring proceedings, enforcement proceedings, and criminal proceedings.

The legal basis for the processing of personal data consists of specific statutory acts (e.g. the Code of Civil Procedure, the Act on Bailiffs and Enforcement Activities, the Code of Criminal Procedure and the Code of Administrative Court Procedure), and the pursuit of our legitimate interests, such as the resolution of labour law disputes, debt collection, resolution of other litigation in the areas of civil, commercial, and labour law, and the preparation of contracts and other legal documents. The provision of personal data is a statutory requirement and a requirement arising from the controller's legitimate interest.

Personal data are provided to our processor, the law firm BERNÍK & partners, s.r.o. Other parties to the proceedings and authorized entities under applicable legislation may also have access to the data.

 

  1. PROJECTS CO-FINANCED FROM EU AND STATE BUDGET FUNDS

Preparation of documentation for EU-funded projects and grant applications in accordance with the requirements set out in published calls, and fulfilment of the recipient’s contractual obligations under agreements on non-repayable financial contributions.

The legal basis for the processing of personal data consists of specific statutory acts (e.g. the Act on Contributions from the European Structural and Investment Funds). The provision of personal data constitutes a statutory requirement for the fulfilment of the controller’s obligations in accordance with applicable legislation.

Personal data may be disclosed to authorized entities in accordance with applicable legislation.

 

  1. EMPLOYMENT PROJECTS CO-FINANCED BY THE CENTRAL OFFICE OF LABOUR, SOCIAL AFFAIRS AND FAMILY

Fulfilment of the employer’s obligations related to the employment of disadvantaged job applicants/graduates under national projects of the Central Office of Labour, Social Affairs and Family of the Slovak Republic, in accordance with applicable legislation.

The legal basis for the processing of personal data is a specific statutory act (the Employment Services Act). The provision of personal data constitutes a statutory requirement, meaning that the data subject is obliged to provide personal data necessary for the fulfilment of legislative requirements and the employer’s obligations.

Personal data are disclosed only to authorized entities on the basis of applicable legislation.

 

  1. JOB APPLICANTS

Maintenance of records of applications submitted by job applicants included in the applicant database for the purpose of their potential use in filling vacant positions in the future.

Personal data are processed on the basis of the data subject’s consent. Consent is granted by a written declaration upon submission of an application for employment. Personal data are provided voluntarily, and the granted consent may be withdrawn at any time in writing, either by letter or by email delivered to the company’s registered office.

Your personal data may be disclosed to managerial employees of other companies within the CHEMOSVIT and FINCHEM group for the purposes of recruitment processes carried out within those companies, thereby increasing your chances of employment within the group.

 

  1. ACCOUNTING AND ACCOUNTING DOCUMENTS

Fulfilment of obligations related to the processing of accounting documents in accordance with applicable legislation.

Personal data are processed on the basis of specific statutory acts (including the Accounting Act, the Value Added Tax Act, the Income Tax Act, the Act on Local Taxes and Local Charges for Municipal Waste, the Administrative Fees Act, the Commercial Code of the Slovak Republic, the Social Fund Act, and the Travel Allowances Act).

The provision of personal data constitutes a statutory requirement for the fulfilment of the controller’s obligations in accordance with applicable legislation. The data subject is obliged to provide personal data in accordance with such legislation.

Personal data are made accessible to the data processor CHEMOSVIT SLUŽBY, s.r.o., to the auditing company AUDIT-CONSULTING, s.r.o. for the purpose of conducting an audit of the accounts, and to authorized entities in accordance with applicable legislation.

 

  1. HANDLING OF DATA SUBJECT REQUESTS

Fulfilment of obligations related to handling requests from data subjects in the exercise of their rights under applicable personal data protection legislation.

Personal data are processed on the basis of specific legal provisions (the General Data Protection Regulation and Act No. 18/2018 Coll. on the Protection of Personal Data).

The provision of personal data is carried out in accordance with this legislation when exercising data subject rights vis-à-vis the controller. Without your identification and contact details, we will not be able to process your request.

Personal data may be disclosed to authorized entities in accordance with applicable legislation.

 

  1. WEBSITE / SOCIAL MEDIA

Providing information to the public about the company, promoting the company, and informing about its activities and events through the website and social media platforms.

Identification and contact details of employees are published on the basis of the controller’s legitimate interest pursuant to Section 78(3) of Act No. 18/2018 Coll. on the Protection of Personal Data. Personal data contained in photo galleries are processed on the basis of the data subject’s consent.

Processing of personal data within the scope of applicable legislation is lawful without the data subject’s consent; the provision of personal data beyond the scope of legal requirements is voluntary.

Access to published personal data is granted to the data processor CHEMOSVIT SLUŽBY, s.r.o.; data may also be accessed by social media platform providers and the general public accessing the controller’s website.

 

  1. CONTRACTS / AGREEMENTS

Conclusion, administration, and performance of contracts/agreements (including pre-contractual relations).

The legal basis for the processing of personal data is the performance of a contract to which the data subject is a party. The provision of personal data constitutes a contractual requirement. Without your personal data, it will not be possible to conclude a contract with you.

Access to personal data is granted to the data processors CHEMOSVIT SLUŽBY, s.r.o. and FINCHEM INSURANCE, s.r.o. Personal data may also be made accessible to authorized entities in accordance with applicable legislation.

 

Will your personal data be transferred outside the European Union?

The transfer of personal data from our company to a third country or an international organization does not take place.

An exception applies to cookies, which may be transferred to countries where the third-party service providers used by the website are established.

 

Will your personal data be used for automated individual decision-making?

Personal data within our company are not used for automated individual decision-making, including profiling.

 

How long will your personal data be retained?

Retention periods for personal data are, in most cases, determined by specific legislation, including the Archives and Records Management Act, and are in accordance with the controller’s records management plan approved by the Ministry of the Interior of the Slovak Republic – State Archives.

Personal data of shareholders are retained for the duration of the contractual relationship between the controller and the natural person – shareholder, and subsequently for a period of 10 years.

Personal data forming part of registry records are subject to retention periods determined by the type of record in the relevant legislation and the controller’s records management plan.

Records of occupational accidents are retained for 50 years; other personal data in the field of occupational health and safety are retained for 5 years.

Session cookies are automatically deleted upon closing the web browser. Persistent cookies remain on your device until their expiration (for a maximum period of 13 months) or until deleted by you.

Reports of anti-social activity are retained for three years from receipt of the report or until its resolution.

Records of entry and exit of persons and vehicles to and from the controller’s premises are retained for 3 years.

Personal data published on the Infoweb are retained for the duration of the data subject’s employment with the controller.

Internal documentation is retained for an additional 5 years after the document ceases to be valid.

Data relating to body temperature measurements prior to entry to the controller’s premises are not retained.

Personal data obtained from CCTV recordings are retained for at least 72 hours from the creation of the recording; in the case of criminal or administrative offence proceedings, they are retained for the duration of such proceedings.

Personal data obtained through monitoring of internet communication are retained for 6 months, and email communication data for 5 years from their collection.

Corporate newspapers are retained for 5 years from publication; one copy is designated for permanent storage due to its documentary value and is retained in the archive.

Legal agenda documents are retained for 5 or 10 years depending on the type of document; certain documents have permanent documentary value in accordance with the law and internal policies.

Personnel files of employees are retained for 90 years from the date of birth; documentation on occupational accidents for 50 years from the occurrence of the accident; agreements for 10 years; attendance records for 3 years; and other personnel and payroll documents for 5 years.

Personal data related to projects co-financed from EU and state budget funds and employment projects co-financed by the Central Office of Labour, Social Affairs and Family are retained for 5 years from the completion of the project or in accordance with the terms of the relevant contract.

Personal data of job applicants are retained for 1 year from the granting of consent or until the withdrawal of consent by the data subject.

Accounting documents containing personal data are retained for 10 years following the end of the accounting period in which they were issued.

Personal data related to the handling of data subject requests are retained for 5 years from the registration of the request.

Personal data of members of statutory and supervisory bodies published on the website are retained for the duration of their term of office; photographs in photo galleries are retained for a maximum of 10 years from the granting of consent.

Personal data contained in contracts and agreements are retained for 5 or 10 years depending on the type of contract/agreement.

Upon expiration of the statutory or designated retention periods, your personal data will be securely erased. In the event of withdrawal of consent, your personal data will be erased without undue delay.

 

Rights of the Data Subject


What rights do you have?

Right of access – You have the right to obtain a copy of the personal data we hold about you, as well as information on how your personal data are processed, including the purposes of processing, the recipients of your personal data, and the retention period. In most cases, your personal data will be provided to you in written form, unless you request another method of delivery. If you request this information by electronic means, it will be provided electronically, where technically feasible.

Right to rectification – We take reasonable steps to ensure that the personal data we hold about you are accurate, complete, and up to date. If you believe that the personal data we process about you are inaccurate, incomplete, or outdated, please do not hesitate to request that we correct, update, or supplement such data.

Right to erasure (“right to be forgotten”) – You have the right to request the erasure of your personal data, for example where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed. However, this right must be assessed in light of all relevant circumstances. For example, we may be subject to certain legal or regulatory obligations which may prevent us from complying with your request.

Right to restriction of processing – Under certain circumstances, you are entitled to request that we restrict the processing of your personal data. This may apply, for example, where you contest the accuracy of your personal data or where you believe that we no longer need to process your personal data.

Right to data portability – Under certain circumstances, you have the right to request that personal data you have provided to us be transferred to a third party of your choice. However, the right to data portability applies only to personal data processed on the basis of your consent or on the basis of a contract to which you are a party.

Right to object – You have the right to object to the processing of personal data based on our legitimate interests. If we do not have compelling legitimate grounds for the processing and you raise an objection, we will cease processing your personal data.

Right to withdraw consent – Where personal data are processed on the basis of your consent, you have the right to withdraw such consent at any time. Consent may be withdrawn electronically, in writing, by submitting a notice of withdrawal of consent, or in person at the company’s registered office. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority – If you believe that your personal data are processed unfairly or unlawfully, you may lodge a complaint with the supervisory authority:

Úrad na ochranu osobných údajov Slovenskej republiky, Hraničná 12, 820 07 Bratislava 27; Company ID No.: 36 064 220; Tel.: +421 /2/ 3231 3214; E-mail: statny.dozor@pdp.gov.sk; https://dataprotection.gov.sk.

In the case of electronic submission, the complaint must meet the requirements set out in Section 19(1) of Act No. 71/1967 Coll. on Administrative Proceedings (Administrative Procedure Code).

Right to information on the source of data – Where personal data have not been obtained directly from you, you have the right to request information on the source from which such data were obtained.

Right to information on the existence of automated individual decision-making, including profiling – You have the right to request information as to whether your personal data are used for automated individual decision-making, including profiling. Where this is the case, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to information on appropriate safeguards for data transfers – Where your personal data are transferred to a third country or an international organization, you have the right to request information regarding the appropriate safeguards in place for such transfers.

You may exercise the above rights by submitting a written request or by electronic means to the controller’s responsible person. Where you request the provision of information orally, such information will be provided subject to verification of your identity.