Address: Masarykova 10, 040 01 Košice
The National Labor Inspectorate as an operator has assigned a responsible person, which you can contact at the email address: firstname.lastname@example.org
In accordance with the applicable legislation in the field of personal data protection (Articles 13 and 14 of the GDPR / Sections 19 and 20 of Act No. 18/2018 Coll. On Personal Data Protection), the Operator processes personal data of natural persons (ie for personal data protection purposes), which it obtains either directly from them or indirectly from other entities.
In the case of direct collection of personal data, the controller is obliged to inform the data subject about the processing of his personal data at the latest during the collection itself (demonstrably, in a reasonable manner, simply, comprehensibly).
In the second case, it proceeds according to Art. 14, resp. § 20 of Act no. 18/2018 Coll.
Thus, in carrying out the tasks and responsibilities of the operator, the latter obtains the personal data of the persons concerned directly from them, or obtains them from third parties (eg from the employer with which the operator exercises control, or from the entities providing cooperation, etc.).
The processing of personal data of data subjects obtained by the controller in the performance of its tasks and obligations from third parties shall be subject to the exceptions provided for in Art. 14 par. 5 GDPR, resp. § 20 par. 5 of Act no. 18/2018 Coll. This concerns in particular the processing of personal data of the persons concerned in the performance of the operator’s control activities, as well as processing in the performance of the operator’s obligations as an employer, if the persons concerned are family members of the operator’s employee or a person close to him.
The personal data of the data subjects are processed by the operator on the basis of special legal regulations, their non-disclosure could result in the impossibility of performing the tasks and duties of the Office.
- The operator has a legal obligation to provide personal data of the persons concerned during control, surveillance activities or at the request of authorized third parties, if this follows from special legal regulations (eg law enforcement, police, court, supervisory and control authorities).
- The other beneficiaries are the persons concerned themselves (when exercising the rights of the persons concerned).
- Personal data is stored securely and only for the time necessary to fulfill the purpose of its processing. They shall be accessible only to authorized operators of the operator who are properly instructed and process the personal data of the persons concerned on the instructions of the operator, in accordance with the security policy of the operator.
- The storage of personal data processed by the controller is subject to Act no. 395/2002 Coll. on archives and registries in connection with an internal regulation: the Registry Plan.
- Personal data is stored in accordance with retention rules. They will be completely deleted from the backup repositories as soon as possible in accordance with the backup rules. Personal data stored in back-up storage facilities serve to prevent security incidents, in particular data breaches due to a security incident. The operator is obliged to ensure data backup in accordance with the security requirements of the GDPR and Act no. 18/2018 Coll.
- The operator does not disclose the personal data of the persons concerned, it does not transfer them to third countries / international organizations. The provision of personal data to third countries and international organizations according to a special regulation is carried out on the legal basis of Regulation EP and Council no. 1024/2012 – IMI Regulation.
- Personal data will not be used for automated individual decision-making, including profiling.
Legal basis for the processing of personal data:
The personal data of the data subjects are processed on the basis of specific legal regulations and purposes, which are specified by the controller in accordance with these regulations.
The data subjects have in connection with the processing of their personal data the rights (so-called data subjects’ rights) which they exercise with the controller:
- Right of access – the data subject has the right to provide a copy of the personal data available to the controller about the data subject, as well as to information on how the data controller uses the personal data. In most cases, personal data will be provided to the data subjects in written paper form, unless they require another method of providing them. If they request this information by electronic means, it shall be provided electronically, if technically possible.
- Right of rectification – the controller is obliged to ensure the accuracy, completeness and timeliness of the processed personal data available to the data subjects. If the data subject considers that the data held by the controller are inaccurate, incomplete or out of date, he should ask the controller to modify, update or supplement them.
- Right to erase – the data subject has the right to request the erasure of personal data, e.g. where personal data are no longer needed to fulfill the original purpose of the processing. However, the operator will assess the law in the light of all relevant circumstances. E.g. the operator may have certain legal obligations, which means that he will not be able to comply with the request.
- Right to restrict processing – in certain circumstances, the data subject is entitled to request the controller to stop using his or her personal data. E.g. cases where the data subject thinks that his or her personal data may be inaccurate or if the controller no longer needs to use his personal data.
- Right to data transfer – in certain circumstances, the data subject has the right to request the controller to transfer personal data to another third party of his or her choice. The right of portability shall apply only to personal data obtained by the controller with the consent or under the contract to which the data subject is a party.
- Right to object – the data subject has the right to object to the processing of his or her personal data, which is based on the legitimate legitimate interests of the controller. If the controller does not have a compelling legitimate legitimate reason for processing and the data subject objects, the controller will not further process the personal data.
- Right to withdraw consent – in cases where the data controller processes personal data on the basis of consent, the data subject has the right to withdraw this consent at any time. The consent may be revoked in writing or in person. Withdrawal of consent does not affect the lawfulness of the processing of personal data which the controller has processed on the basis of the persons concerned.
- The right to initiate personal data protection proceedings – if the data subject considers that his or her personal data are being processed unfairly or illegally by the controller, he or she may lodge a complaint with the supervisory body, the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; tel. number: +421 / 2/3231 3214; mail: email@example.com, https://dataprotection.gov.sk. In the case of submitting the proposal in electronic form, it is necessary that it meets the requirements of § 19 par. 1 of Act no. 71/1967 Coll. on Administrative Procedure (Administrative Procedure Code).
The application and objections of the affected person can be sent to the correspondence address of the National Labor Inspectorate, Masarykova 10, 040 01 Košice or to the email address: firstname.lastname@example.org.