The data administrator is the limited liability company ICS Industrial Cables Slovakia,spol. s r.o., ID: 35970910, registered at Dolné Hony 25, 949 01 Nitra. The company is registered in the Commercial Register of the Slovak Republic of the District Court Nitra, Section N, File 20829.
Email address: email@example.com
Link to the impressum: https://www.ics-cables.sk
TYPES OF PERSONAL DATA PROCESSED:
- Personal data (e.g. names, addresses)
- Contact details (e.g. email address, telephone numbers)
- Content (e.g. text material, photos, videos)
- Website traffic data (e.g. websites visited, interest in content, access times)
- Metadata and communication data (e.g. information about devices, IP addresses)
CATEGORIES OF DATA SUBJECTS
Visitors and users of the online offer (referred to collectively as “users”).
PURPOSE OF PERSONAL DATA PROCESSING
- Providing the online offer, its features and content
- Answering requests for contact and communication with users
- Security measures
- Measuring impact / marketing
“GDPR” is Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“Personal data” is any information relating to an identified or identifiable natural person (“data subject”); natural persons who can be directly or indirectly identified, in particular by classifying the data to certain identification data like name, identification number, location data, online identifier (e.g. cookie), or by classifying the data to one or more special features that express physical, physiological, genetic, mental, economic and cultural, or the social identity of that natural person, are considered identifiable.
“Processing” is any process carried out with or without the aid of automatic means, or a series of such processes in the context of personal data. The concept has a broad content and includes virtually any handling of personal data.
“Pseudonymization” is the processing of personal data in such a way that the personal data can no longer be assigned to a particular data subject without the use of further additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure the personal data is not assigned to an identified or identifiable natural person.
“Profiling” is any form of automated processing of personal data that involves using them in evaluating certain personal aspects relating to a natural person, in particular for the purposes of analysis or estimation, or for analyzing or anticipating aspects relating to work performance, economic situation, health status, personal preferences, interests, reliability, behavior, or the location or movement of that person.
An “administrator” is a natural or legal person, public authority, agency or other entity that decides on its own or jointly with others the purpose and means of processing personal data.
A “processor” is a natural or legal person, public authority, agency or other entity that processes personal data for the administrator.
DEFINING THE LEGAL BASIS FOR PROCESSING PERSONAL DATA
SAFEGUARDING THE PROCESSING OF PERSONAL DATA
Under the provisions of Article 32 of GDPR and taking into account the state of the technology, the cost of implementation and the nature, scope, context and purposes of processing, as well as the risks of varying likelihood and severity for rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures particularly include ensuring the confidentiality, integrity and availability of personal data that are subject to inspection of physical access, data entry, transmission, ensuring availability and separate storage. In addition, we have implemented procedures to ensure the protection of the rights of data subjects, data deletion and response to the breach of data protection. We keep the protection of personal data in mind during development, respectively the selection of hardware, software and procedures governed by the principle of data protection by design and by default (Article 25 of GDPR).
To ensure the security and confidentiality of personal data, which is especially important to us, we use technical and organizational measures, especially to protect against unauthorized access to data and their misuse. All measures are regularly evaluated and updated.
The organization is governed by the following organizational security points:
Staff training, internal and external audits, diligence with contracts with suppliers and employees, minimizing the processing of personal data, minimizing the archiving of documents with the sensitive data of natural persons and safeguarding the filing and archiving of documents.
The security technology and measures used by the organization include:
Firewall, anti-virus, logging tools and disk encryption of laptops; we make steady additional investments in this area.
The company has internal documentation elaborating on the protection of personal data in greater detail, consisting of the following directives: Personal Data Protection Directive, Records and Retention Rules, and IT Guidelines.
COOPERATION WITH PROCESSORS AND THIRD PARTIES
If we share personal data processed by us with other persons and companies (processors or third parties), we transfer it to the third parties or companies, or we provide them access to the data using other means, we do so only on the basis of legal consent (e.g. if the transfer of personal data to third parties such as payment service providers is absolutely necessary for the purpose of contract performance under Article 6, paragraph 1(b) of GDPR), you have agreed to this legal obligation, or we do so based on our legitimate interests (such as using the services of authorized persons, web hosters, etc.).
If we entrust third parties with the processing of personal data on the basis of a “contract for the processing of personal data”, we will comply with the provisions of Article 28 of GDPR.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
If we process personal data in a third country (i.e. in a non-member state of the European Union (EU) or European Economic Area (EEA)), or the data is processed using the services of third parties or the personal data is released, i.e. transferred to third parties, we will do so only if it is necessary for the fulfillment of our (pre)contractual obligations, based on your consent, a legal commitment or our legitimate interests. Subject to legal or contractual consent, we process personal data or have personal data processed in a third country only if they meet the special requirements stipulated by Article 44 et seq. of GDPR. This means that the personal data will be processed on the basis of special safeguards. This guarantee means official recognition that the level of protection of personal data corresponds with standards in the European Union (e.g. for the U.S. under the Privacy Shield Agreement), or observance of officially recognized specific contractual obligations (“standard contractual clauses”).
RIGHTS OF DATA SUBJECTS
You have the right to request confirmation that personal data relating to you is processed and, if so, you may request information on such data as well as other information and copies of personal data under the provisions of Article 15 of GDPR.
Under Article 16 of GDPR, you have the right to request that incomplete personal data relating to you be completed, or inaccurate data be corrected.
Under the provisions of Article 17 of GDPR, you have the right to request that your personal data be erased immediately, or you can request limitations on the processing of your personal data under Article 18 of GDPR.
Under Article 20 of GDPR, you have the right to obtain the personal data concerning you that you have provided to us, and request that they be transferred to another administrator.
You also have the right under Article 77 of GDPR to file a complaint with the competent supervisory authority.
RIGHT TO WITHDRAW YOUR CONSENT
Under Article 7, paragraph 3 of GDPR, you have the right to withdraw your consent to the processing of your personal data any time, without prejudice to the lawfulness of the processing before the withdrawal of your consent.
RIGHT TO OBJECTION
Under Article 21 of GDPR, you have the right to object to the processing of personal data relating to you. You can particularly object to processing for direct marketing purposes.
COOKIES AND THE RIGHT TO OBJECT TO DIRECT MARKETING
“Cookies” are small data files that are stored on users’ computers. Various data can be stored in these files. Cookies are used primarily to store data about users (or data about the device on which the cookie is stored) during their visit or afterwards within the framework of the online offer. “Temporary” cookies are files that are deleted after the user exits the online offer and closes his browser. Such cookies can store things like the contents of a shopping cart in an online store or login status. “Permanent” or “persistent” cookies are those that remain stored even after you close your browser. For example, to store their login status should users visit again in a few days. The cookie can also store user interest, which is then used to measure the effectiveness of advertising or for marketing purposes. Third-party cookies are those offered by persons other than the administrator who operate the online offer (we call the cookies of the administrator first-party cookies).
If users do not want the cookies to be stored on their computers, they will be asked to deactivate the relevant option in the system settings of their browsers. Stored cookies can be deleted in the system settings of the browser. Blocking cookies can lead to limitations in this online offer.
DELETING PERSONAL DATA
In accordance with the legal provisions of the Slovak Republic, personal data are stored depending on the nature of the documents in which they are contained, in particular 10 years under the provisions of Section 35 of Act 431/2002 Coll., on accounting, as amended (accounting documents, accounting books, invoices, accounts, business documents, summaries of income and expenditure, etc.), unless provided otherwise by another law.
COMMERCIAL PROCESSING OF PERSONAL DATA
We also process the following data from our customers, interested parties and business partners for the purpose of providing contractual performance, customer care and service, marketing, advertising and market research:
- Contractual data (e.g. scope of the contract, term of the contract, customer category)
- Payment information (e.g. bank, payment history)
ADMINISTRATION, FINANCIAL ACCOUNTING, OFFICE ORGANIZATION, CONTACT MANAGEMENT
We process personal data as part of administrative tasks and organizing our operations, financial accounting and complying with obligations stipulated by law, such as archiving. We process the same data that we process within the framework of providing our contractual performance. The basics of data processing are provided in the provisions of Article 6, paragraph 1(c) of GDPR and Article 6, paragraph 1(f) of GDPR. The personal data of customers, interested parties, business partners and visitors to the website are processed. The purpose and reason for our interest in processing personal data is administration, financial accounting, office organization, data archiving, i.e. the work we undertake to maintain our activities, complete our tasks and provide our services. The deletion of personal data relating to contractual performance and contractual communication corresponds to the data reported for these processing activities.
We share or transfer personal data to financial administrations and advisors, such as tax advisors or auditors and other authorities that collect fees, as well as to payment service providers.
Based on our economic interests, we also store data about suppliers, organizers and other business partners for the purpose of possibly concluding a later contact. This data, which mostly concerns businesses, is basically stored by us permanently.
CORPORATE ECONOMIC ANALYSIS AND MARKET RESEARCH
In order to be able to carry out our business activities efficiently, to monitor developments in the market and know the desire of our contractual partners and users, we analyze the personal data we obtain from business transactions, contracts, inquiries, etc. We process status data, communication data, contractual, payment, user data and metadata in accordance with Article 6, paragraph 1(f) of GDPR, where the data subjects are contractual partners, interested parties, customers, visitors and users of our online offer.
We do these analyses in order to maintain accounting records and conduct marketing and research. The profiles of registered users can be useful to us, i.e. the services used by them. These analyses help us increase user comfort and optimize our offer and efficiency. The analyses are only for our needs and will not be provided to external entities unless they are anonymous analyses with aggregate values.
Should these analyses or profiles relate to individuals, they will be erased or anonymized when the user revokes his consent to the processing of his personal data, otherwise two years after the conclusion of the contract. In other cases, company-wide economic analyses will be elaborated and general trends identified anonymously if possible.
When we are contacted (e.g. through a contact form, email, or via social media), the user’s data is processed in order to allow us to make contact and process inquiries in accordance with Article 6, paragraph 1(b) (in the context of contractual/pre-contractual relations), Article 6, paragraph 1(f) (other queries) of GDPR. The user’s data can be stored in the customer relationship management system (“CRM system”) or in a comparable organizational system.
We delete inquiries once they are no longer needed. Archiving obligations stipulated by law shall furthermore apply.
HOSTING AND SENDING EMAILS
Our hosting services are used to provide the following services: infrastructure and platform services, computing capacity, storage and database services, sending email, security services and technical maintenance. We use these services for the purposes of facilitating our online offer.
We, or our hosting provider, process the status data, contact data, content data, contractual data, user data, metadata and communication data of customers, interested parties and viewers of this online offer based on our legitimate interests in the efficient and secure provision of this online offer under Article 6, paragraph 1(f) of GDPR in conjunction with Article 28 of GDPR (concluding a contract for the processing of personal data).
COLLECTING DATA ON ACCESSES AND LOGS
Based on our legitimate interests within the meaning of Article 6, paragraph 1(f) of GDPR, we collect data about every access to the server on which this service is located (i.e. server log files). The data about such access include the name of the visited website, file, date and time viewed, transferred amount of data, reports on successful page loads, browser type and its version, operating system of the user, referring URL (previously visited page) and the provider that requested it. IP addresses are anonymous.
These data are not personal data; we therefore cannot go back to find which user searched for which data, and we do not try to obtain such information.
Google is certified under the Privacy-Shield agreement and provides a guarantee that the European law on personal data protection will be respected (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf in order to evaluate the use of our online offer by users, prepare reports on activities within the framework of the online offer, and provide other services associated with the use of the online offer and Internet usage. For this purpose, pseudonymized user profiles may be compiled from the processed data.
We only use Google Analytics with IP anonymization enabled. This means that Google shortens the IP address of users located in member states of the European Union or in other countries of the European Economic Area. Only in exceptional cases will a complete IP address be transferred to one of the servers of Google in the US, where it will be truncated.
An IP address transmitted by the browser of the user will not be linked to other data by Google. Users can prevent the storage of cookies by selecting the appropriate settings in the software of their browser. In addition, users can prevent the collection of data via cookies and data about their use of the online offer and the processing of this data by Google by downloading and installing a browser plug-in that is available at this link: http://tools.google.com/dlpage/gaoptout?hl=de.
In addition to the service of Browser Add-On or as part of browsers on mobile devices, another option is to click on the link to prevent future data collection using Google Analytics on this website: Analytics Opt-Out. This will save the Opt-Out-Cookie on your device. If you delete your cookies, you will need to click this link again.
The personal data of users will be deleted after 14 months or made anonymous.
GOOGLE ADWORDS AND TRACKING CONVERSION
Based on our legitimate interests (i.e. the analysis, optimization, and economic facilitation of our online offer within the meaning of Article 6, paragraph 1(f) of GDPR), we can use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy-Shield agreement and provides a guarantee that the European law on personal data protection will be respected. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the online marketing of Google “AdWords” to place ads on the Google Display Network (e.g. in the search results, videos, websites, etc.) in order to appear to users who might be interested in such advertising. This allows us to display more targeted advertising for our online offer and within our online offer so that we can only present ads that match users’ potential interests. For example, if users see ads for products that they are interested in within other online offerings, this is called “remarketing”. For these purposes, Google directly implements Google code when our website or other websites where the Google Display Network are active, and it integrates remarketing tags within the website (invisible images or codes designated as “web beacons”). With their help, an individual cookie is stored in the user device (other comparable technology may be used instead of cookies). This file records what websites the user is searching, what content he is interested in, and what offer the user clicked on, as well as technical information about the browser and operating system, the referring websites, length of the visit and other data about the use of online offerings.
We furthermore receive an individual “conversion cookie”. The information received using the cookie is used by Google to compile conversion statistics for us, but we only learn of an anonymous total number of users who clicked on our ad and opened the website that contains the conversion tracking tag. We do not, however, obtain any information that would allow us to identify the user.
The personal data of the user is processed under pseudonyms within the advertising network of Google. This means that Google does not store and process the name or email address of the user, but it processes relevant data from cookies within pseudonymised user profiles. From the vantage point of Google, they manage and display ads not for a specifically identified person, but for the owners of the cookie regardless of who the owner of the cookie is. This does not apply if the user has explicitly permitted Google to process the data without pseudonimization. The information obtained via users is transmitted to Google and stored on Google servers in the US.
ONLINE PRESENTATIONS ON SOCIAL MEDIA
We make online presentations on social networks and platforms so that we can communicate with customers, interested people and users and inform them about our services.
Please note that the personal data of users may be processed outside of European Union states. This may pose a risk for users, as it may be more difficult for them to exercise their rights. We would like to inform you that service providers in the US are certified under the Privacy Shield agreement and are pledged to abide by the standards of the European Union on protecting personal data.
Furthermore, the personal data will usually be processed for the purposes of market research and advertising. For example, user profiles can be compiled from behavior and the interests indicative of it. User profiles can be used for displaying advertisements on the platform and outside it, which are probably relevant to your interests. For these purposes, cookies that store the behavior and interests of users are usually stored on the computers of these users. In addition, data independent of the devices used by users can be stored in the user profiles (especially if users are members of a certain platform and are logged onto it).
We process the personal data of users based on our legitimate interests, which includes effective communication with users and providing them with information in accordance with the provisions of Article 6, paragraph 1(f) of GDPR. If users are prompted by the service provider to give their consent to the processing of their personal data (i.e. their consent by ticking the appropriate box or confirmation button, for example), the legal basis for the processing of personal data is Article 6, paragraph 1(a) and Article 7 of GDPR.
You can find more information about the processing of personal data and the opt-out option by clicking the links of the service providers given below.
Also, in the case of requests for information and the application of user rights, we would like to remind you that the best place to make such requests and applications are the service providers. Only service providers have access to user data and can directly take appropriate measures and provide information. Should you still require assistance, you may contact us.
- Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – privacy statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
INTERCONNECTING THE SERVICES AND CONTENT OF THIRD PARTIES
As part of our online offer, we use the content and service of third-party providers based on the legitimate interests of our offer (such as the analysis, optimization and economic facilitation of our online offer within the meaning of Article 6, paragraph 1(f) of GDPR) so that we can use their content and services such as videos or fonts (collectively referred to as “content”).
It is always a prerequisite for third-party content providers to store the IP addresses of users, because they cannot send their content to the browsers of these users without an IP address. An IP address is therefore necessary to display this content. We try to only use the content of providers who use an IP address only to provide content. Third-party providers may also use pixel tags (invisible images that are also referred to as “web beacons”) for statistical and marketing purposes. Pixel tags make it possible to evaluate information such as traffic on this website. Pseudonymized information can also be stored in cookies on the user’s device, and they include technical information about the browser and operating system, the referring website, length of the visit to the website and other data about the use of our online offer. In addition, it can be interconnected with information from other sources.