+421 911 145 355 (sales department)

Enter a query

SK | EN | DE

Contact Us

SK  |  EN  |  DE

DECLARATION OF THE CONTROLLER ON THE PROCESSING OF PERSONAL DATA

In this section, we provide information on the processing and protection of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and Act No. 18/2018 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts (hereinafter referred to as the “Personal Data Protection Act”).

The Controller, ROLFES, s. r. o., with its registered office at Dolné Hony 28B, Identification No.: 52738060 (hereinafter referred to as the “Controller”), has adopted appropriate technical and organizational measures to ensure the protection of the rights of data subjects, which declare the lawful processing of personal data. The Controller has further established a transparent system for recording security incidents and any questions from the data subject, as well as other persons.

If needed, the data subject can also obtain individual information by telephone at: +421 911 137 101 or by e-mail: rolfes@rolfes.sk

  1. Controller

ROLFES, s. r. o. Dolné Hony 28B 951 41 Lužianky Identification No.: 52738060

We process your data for our own purposes as the Controller. This means that we determine the purpose for which we collect your personal data, determine the means of processing, and are responsible for their proper execution.

  1. Processors and Recipients

In certain cases, the Controller may also process the personal data of data subjects through processors who are entrusted with the processing of personal data in accordance with Article 28 of the GDPR Regulation.

Processors process the personal data of data subjects on behalf of the Controller. The processing of personal data through a processor does not negatively affect the exercise and application of the data subject’s rights. The Controller only uses processors who provide adequate technical, organizational, and other measures so that the processing meets the requirements of the GDPR and the protection of the data subject’s rights is fully ensured.

Categories of Processors:

  • Supplier providing technical solution delivery, web hosting services, maintenance and support of IT systems used by the Controller (e.g., email service providers).
  • Supplier providing services in the field of accounting and tax obligations of the Controller.

Categories of Personal Data Recipients:

  • Persons acting on the basis of the Controller’s authorization, legal representatives, law firms, and auditors.
  • State administration bodies and public authorities for the purpose of control and supervision.
  1. Purpose of Personal Data Processing

As the Controller, we process personal data exclusively on a legitimate legal basis and in accordance with precisely defined purposes:

  • Response to an inquiry, suggestion, or question submitted by telephone, e-mail, contact form, or post We process data for the purpose of handling your request, especially if it concerns questions about our products and services (production of technological containers, steel structures, custom metal production). Legal basis: legitimate interest of the controller pursuant to Art. 6 Par. 1 Letter f) of the GDPR. You have the right to object to such processing.
  • Expression of interest in our products and services (pre-contractual negotiations) We process data for the purpose of preparing a price offer, project proposal, or other necessary steps before concluding a contract. Legal basis: Art. 6 Par. 1 Letter b) of the GDPR (pre-contractual relations).
  • Data processing within the scope of the contractual relationship (e.g., orders, project documentation, production and delivery of containers and structures, assembly, invoicing, service) Processing is necessary for the conclusion and performance of commercial contracts, production orders, and the provision of our services. Legal basis: Art. 6 Par. 1 Letter b) of the GDPR.
  • Data processing of job applicants If you respond to a job offer, we process your data within the pre-contractual relationship. When included in the applicant database, processing is carried out based on your consent. Legal basis: Art. 6 Par. 1 Letter b) of the GDPR and Art. 6 Par. 1 Letter a) of the GDPR.
  • Fulfilling legal obligations We process data necessary for accounting, tax obligations, OHS (Occupational Health and Safety), labor law agenda, registration obligations, and other obligations arising from law. Legal basis: Art. 6 Par. 1 Letter c) of the GDPR.
  • Record keeping of contracts, invoices, correspondence, and administrative documents This is processing related to the proper performance of business activities, operation of projects, and manufacturing agenda. Legal basis: Art. 6 Par. 1 Letter b), c), or f) of the GDPR (depending on the nature of the documentation). You have the right to object to processing carried out based on legitimate interest.
  • Maintaining a register of business partners’ contacts (employees and company representatives) We process data for the purpose of managing business relationships, coordinating orders, material supplies, and contractual cooperation. Legal basis: legitimate interest of the controller pursuant to Art. 6 Par. 1 Letter f) of the GDPR in conjunction with Section 78 Par. 3 of the Personal Data Protection Act. You have the right to object to such processing.
  • Marketing activities and project promotion We may process personal data (e.g., e-mail, telephone, photograph, video recording) for the purposes of marketing and presentation of our products and completed projects (technological containers, steel structures). Activities include sending commercial communications, newsletters, participation in events, PR materials, publishing references and realizations on the web or social networks. Legal bases:
    • Legitimate interest (Art. 6 Par. 1 Letter f) of the GDPR) – if you are an existing client and the marketing relates to similar products or services. You have the right to object.
    • Consent (Art. 6 Par. 1 Letter a) of the GDPR) – if you are not a client or if the marketing requires consent (e.g., newsletter, photographs, and videos from events). You can withdraw your consent at any time.

Categories of Data Subjects

  • Clients and potential clients
  • Contractual partners and suppliers
  • Job applicants
  • Employees and associates
  • Natural persons communicating with the Controller
  • Natural persons as participants in marketing activities or events

Scope of Processed Personal Data

  • Identification data: name, surname, company name, ID No., Tax ID No., title
  • Contact details: telephone, e-mail, address of registered office or operation
  • Data related to business relationships: orders, contracts, project documentation, technical documentation
  • Transaction data: payment details, recipients, and senders
  • Photographs and audiovisual recordings: used only for marketing or presentation purposes
  • Content of communication: e-mails, messages from forms, correspondence
  • Data necessary for fulfilling legal obligations: accounting and tax documents, labor law agenda, OHS documentation
  1. Duration of Processing and Retention of Your Personal Data

Your personal data that we have processed or are processing according to Art. 6 Par. 1 Letter b) of the GDPR Regulation – within the scope of fulfilling the Controller’s obligations, we also process for the purpose of fulfilling our legal obligations regarding taxes and accounting. These obligations arise from generally binding legal regulations, such as Act No. 431/2002 Coll. on Accounting as amended, or Act No. 595/2003 Coll. on Income Tax and Act No. 563/2009 Coll. on Tax Administration. We must retain the data for the period stipulated by these legal regulations. We adhere to the principle of minimizing the retention of personal data according to Art. 5 Par. 1 Letter e) of the GDPR Regulation, and therefore your personal data that is not subject to archiving according to special legal regulations will be deleted or anonymized.

Personal data processed on the basis of granted consent according to Art. 6 Par. 1 Letter a) of the GDPR Regulation, for example, for the inclusion of the data subject in the register of job applicants or for the purpose of sending current marketing news, are processed for a period of 3 years or until consent is withdrawn. If the end of the data processing period is approaching, we will contact the data subject with the option to renew and extend the consent for a further processing period. If the data subject does not grant consent or does not respond to the contact, we will stop processing the personal data – we will automatically remove them from the register, electronically delete the data from the systems, and shred the physical documents.

Personal data processed based on legitimate interest according to Art. 6 Par. 1 Letter f) of the GDPR Regulation, which were obtained in response to an inquiry, suggestion, or question for the purpose of providing feedback to the data subject, are immediately deleted after handling, unless they were subsequently transferred to a pre-contractual or contractual relationship.

As the Controller, we will ensure the erasure of personal data without undue delay after: all contractual relationships between you and us as the Controller have been terminated; and/or

  • all your obligations towards the Controller have ceased; and/or
  • all your complaints and requests have been handled; and/or
  • all other rights and obligations between you and us as the Controller have been settled; and/or
  • all purposes of processing stipulated by legal regulations or purposes of processing for which you gave us consent have been fulfilled, if the processing was carried out based on the data subject’s consent; and/or
  • the period for which consent was granted has expired or the data subject has withdrawn their consent; and/or
  • the data subject’s request for the erasure of personal data has been granted and one of the reasons justifying the granting of this request has been met; and/or
  • the decisive legal fact for the termination of the processing purpose has occurred and at the same time the protective retention period defined with regard to the principle of minimization of the personal data retention period has also expired;
  • and simultaneously the Controller’s legitimate interest does not persist, all obligations stipulated by generally binding legal regulations that require the retention of the data subject’s personal data (especially for the purpose of archiving, performing tax audits, etc.) or which would be impossible to fulfill without their retention have ceased.

Any accidentally obtained personal data will in no case be systematically further processed by us for any defined purpose. If possible, we inform the data subject to whom the accidentally obtained personal data belong about their accidental acquisition and, depending on the nature of the case, we provide them with the necessary cooperation leading to the restoration of control over their personal data. Immediately after these necessary steps aimed at resolving the situation, we securely dispose of all accidentally obtained personal data without undue delay.

If you are interested in further information on the specific retention period of your personal data, please contact us using the contact details provided.

  1. Disclosure of Data

Our company does not arbitrarily disclose the personal data obtained under any circumstances.

  1. Cross-border Transfer and Profiling of Personal Data

Cross-border transfer outside the EU and the profiling of personal data are not carried out and are not intended for the future.

  1. Rights and Obligations of the Data Subject
  • The data subject is obliged to provide only complete and truthful data.
  • The data subject undertakes to update their data in case of change, no later than before the execution of the first order following the occurrence of the change.
  • The data subject undertakes that if they provide personal data of a third party (name, surname, telephone number), they do so only with their consent and the data subject is familiar with the procedures, rights, and obligations set out on this page.
  • As a data subject, you have the right, within the stipulated scope, to decide on the handling of your personal data. You can exercise the above rights in person at the Controller’s registered office or by telephone – in writing (by post / e-mail).

We will try to respond to you as soon as possible, but we will always respond no later than 30 days from the delivery of your request. Valid legal regulations and the GDPR Regulation, resp. the Act, ensure you especially:

Right of access – You have the right to request confirmation from us as to whether your personal data is being processed, and if so, to obtain a copy of this data and additional information resulting from Art. 15 of the Regulation, resp. Section 21 of the Act. In the event that we obtain a large amount of data about you, we may require you to specify your request for the range of specific data we process about you.

Right to rectification – In order for us to constantly process only up-to-date personal data about you, we need you to notify us of any change as soon as it occurs. If we process incorrect data about you, you have the right to request their rectification.

Right to erasure (‘right to be forgotten’) – If the conditions of Article 14 of the Regulation, resp. Section 23 of the Act are met, you may request the erasure of your personal data. You can therefore request erasure, for example, if you have withdrawn your consent to the processing of personal data and there is no other legal basis for processing, or if we process your personal data unlawfully, or the purpose for which we processed your personal data has ceased and we are not processing them for another compatible purpose. However, we will not erase your data if it is necessary for the establishment, exercise, or defense of legal claims.

Right to restriction of processing – If the conditions of Article 18 of the Regulation, resp. Section 24 of the Act are met, you can request us to restrict the processing of your personal data. You can therefore request restriction, for example, while you contest the accuracy of the processed data or if the processing is unlawful and you do not wish us to erase the data, but you need their processing to be restricted while you exercise your rights. We continue to process your data if there are reasons for the establishment, exercise, or defense of legal claims.

Right to data portability – If the processing is based on your consent or carried out for the purpose of fulfilling a contract concluded with you and is also carried out by automated means, you have the right to receive the personal data that we have obtained from you in a commonly used machine-readable format. If you are interested and it is technically possible, we will transfer your personal data directly to another controller. This right cannot be applied to processing carried out for the performance of a task carried out in the public interest or in the exercise of official authority.

Right to object to processing – If we process your personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, or if the processing is carried out based on our legitimate interests or the legitimate interests of a third party, you have the right to object to such processing. Based on your objection, we will restrict the processing of personal data and, unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or reasons for the establishment, exercise, or defense of legal claims, we will no longer process the personal data and will erase your personal data. You have the right to object at any time to the processing of personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. After raising an objection, we will no longer process your personal data for this purpose.

Right to lodge a complaint – If you believe that the processing of your personal data is in conflict with the Regulation, resp. the Act, you have the right to lodge a complaint with one of the competent supervisory authorities, especially in the Member State of your habitual residence, place of work, or place of the alleged infringement. For the territory of the Slovak Republic, the supervisory authority is the Office for Personal Data Protection, with its registered office at: Hraničná 4826/12, 820 07 Bratislava, Slovak Republic, website: www.dataprotection.gov.sk, tel.: +421 /2/ 3231 3220.

Right to withdraw consent – If the processing of your personal data is based on consent, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the processing already carried out. If you decide at any later time that you are interested in receiving commercial and marketing offers about our products and services again, you can re-grant your withdrawn consent (or submitted objection) at any time, using any of the contact forms mentioned above.

  1. Contact Details of the Office for Personal Data Protection

Office for Personal Data Protection of the Slovak Republic Address: Park One Building Námestie 1.mája 18 811 06 Bratislava Slovak Republic ID No.: 36 064 220

Filing room: Monday – Thursday: 8:00 a.m. – 3:00 p.m. Friday: 8:00 a.m. – 2:00 p.m.

Telephone consultations in the area of personal data protection: Tuesday and Thursday from 8:00 a.m. to 12:00 p.m. +421 2 323 132 20 Secretary of the Office Chairman +421 2 323 132 11 Secretary of the Office +421 2 323 132 14 Fax: +421 2 323 132 34

Spokesperson: mobile: 0910 985 794 e-mail: hovorca@pdp.gov.sk

E-mail: a) generally: statny.dozor@pdp.gov.sk b) for providing information according to Act No. 211/2000 Coll.: info@pdp.gov.sk c) website: webmaster@pdp.gov.sk d) to submit requests for information according to Act No. 211/2000 Coll. on Free Access to Information, use the online form. e) e-mail address through which the Office will provide you with advice on personal data protection. It is intended for children, youth, students, teachers, parents who suspect that their personal data has been misused: ochrana@pdp.gov.sk