By these data protection regulations, we inform you (hereinafter also referred to as the "User" or "Data Subject") about our data processing in general, when you visit our website, when contacting us by e-mail or phone, as well as carried out on the basis of the existing supplier-customer relationship with you or other contractual relations. We hereby inform you of your rights regarding the processing of your data. Conceptually, "data processing" always means processing of personal data.
1.1 Categories of personal data
We process the following categories of personal data:
• Credentials (e.g. names, addresses, executable functions, organization affiliation, etc.);
• Contact details (e.g. email, phone/fax numbers, etc.);
• Content data (e.g. text data, image files, video files, etc.);
• Usage data (e.g. access data);
• Metadata/communication data (e.g. IP addresses).
1.2 Recipient or categories of recipients of personal data
If, as part of our data processing, we disclose, transfer data or otherwise provide access to data to other persons and companies, such as web hosts, order processors or third parties, we do so legally (for example, if the transfer of data to third parties in accordance with Article 6 of Chapter 1, paragraph b DS-GVO (General Data Protection Regulation) is necessary to fulfill the terms of a contract), if data subjects have expressed their consent to this or it is provided for by a legal obligation.
1.3 Place and duration of personal data storage
The criterion for the duration of storage of personal data is the corresponding statutory retention period. After this period, we delete the relevant data if they are no longer required to achieve a goal, fulfill or prepare contracts.
1.4 Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or we do so as part of the use of third-party services, or there is a disclosure or transfer of information to third parties, then this can only take place if required to fulfill our (preliminary) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Provided that there are no legal or contractual obstacles, we process or allow the processing of data in a third country only if there are special conditions in accordance with Article 44 et seq. articles of DS-GVO (General Data Protection Regulation), that is, processing is carried out, for example, on the basis of special guarantees, such as an officially recognized conclusion on the compliance of the level of confidentiality with EU standards, or compliance with officially recognized special contractual obligations (so-called “standard contractual provisions”).
We cooperate, among other things, with enterprises in Belarus. Currently, there is no decision of the European Commission on the sufficiency of data protection measures in Belarus. However, with regard to the transfer of data to Belarus, we have agreed on additional suitable or reasonable guarantees in the form of standard EU contractual terms in accordance with Article 46 of Chapter 2 (c) DS-GVO. The agreed EU standard contractual terms can be requested from us in the form of a copy.
2.1 Log Files
Every time a data subject accesses our website, general data and information are entered and stored in the registration files of our system:
-date and time of data call (time tag);
-information about the request and the transmission address (protocol version, HTTP method, referrer, client application identification string (UserAgent));
-the name of the called file and the amount of data transmitted (the requested URL, including the Query string, size in bytes);
-a message indicating whether the data call was successful (HTTP status code).
When using this general data and information, we do not draw any conclusions about the data subject. Personal evaluation or evaluation of personal data for marketing purposes or for the formation of a profile are not carried out. The IP address is not saved in connection thereof.
The legal basis for temporary data storage is Article 6, Chapter 1, paragraph f of DS-GVO (General Data Protection Regulation). The collection of data to enable the use of the site and the storage of data in the registration files are absolutely necessary for smooth operation of our website. Therefore, no objections can be filed on the part of the data subject.
2.2 Malware detection and log data analysis
We collect log data accumulated during the operation of our company’s communication equipment and automatically analyze it if necessary to detect, localize or eliminate failures or errors in communication devices or to protect against attacks on our information technology or to detect and protect against malware.
The legal basis for temporary storage and analysis of data is Article 6, Chapter 1, paragraph f of DS-GVO (General Data Protection Regulation). Data storage and analysis are absolutely necessary to ensure the possibility of using the website and its smooth operation. Therefore, no objections can be filed on the part of the data subject.
The hosting services we use are designed to provide the following services: infrastructure and platform support services, computing capabilities, disk space and database services, security services and also maintenance services that we use to operate our website.
At the same time, we or our third-party data operator provider process credentials, contact data, content data, contract data, usage data, metadata and communication data of users of our website based on our legitimate interests in the effective and reliable provision of this Internet service platform in accordance with Article 6, Chapter 1, Clause f of DS-GVO (General Data Protection Regulation) together with Article 28 DS-GVO (conclusion of contracts for data processing by third-party service providers).
3.1 Establishing communication by e-mail
You can contact us at the email address published on our website, as well as via the contact form.
If you use this method of establishing communication, the data specified in your message (for example, first name, last name, address), however, at least the email address, as well as the information contained in the email, may be stored together with the personal data that you provide, for the purposes of contacts and processing your requests. In addition, our system collects the following data:
• IP address of the computer from which the request is being sent;
• Date and time of sending the email.
Data from the contact form is transmitted using SSL or TLS encryption.
The legal basis for processing personal data within the framework of the messages sent to us by e-mail is Article 6, Chapter 1, paragraph b or f of DS-GVO (General Data Protection Regulation). The legitimate interest stems from the data collection purposes indicated before.
3.2 Establishing communication by regular mail/or fax
If you send us a letter or fax, the data that you transmit (for example, first name, last name, address) and the information specified in the letter or fax are stored together with the personal data that you provide for the purposes of contacting and processing your requests.
The legal basis for the processing of personal data within the framework of letters and faxes transmitted to us is Article 6, Chapter 1, paragraph b or f of DS-GVO (General Data Protection Regulation).
From our customers, suppliers and other contractors, we collect and process, in particular, contact data (for example, name, address, phone number, email address) and other personal information necessary for the implementation of contractual relations between supplier and customer and/or other contractual relations. We collect and process personal data in order to identify customers, suppliers and/or contractors, to ensure the processing of orders, and to conduct correspondence.
The legal basis for the collection and processing of personal data is Article 6, Chapter 1, Part 1, paragraphs b and f of DS-GVO (General Data Protection Regulation). The legitimate interest stems from the data collection purposes indicated before.
As a data subject, you have the following rights in connection with the processing of your personal data:
5.1 The right to receive information
(1) The data subject has the right to request confirmation from the responsible person whether the personal data concerning them are being processed; if so, they have the right to receive a statement about such personal data and the following information:
a) processing purposes;
b) categories of personal data that are being processed;
c) recipients or categories of recipients to whom personal data has been disclosed or is still being disclosed, especially those from third countries or international organizations;
d) if possible, the planned period of storage of personal data or otherwise — the criteria for determining this period;
e) the right to correct or delete personal data concerning them, or to restrict its processing by the responsible person or to object to such processing;
f) the right to file a complaint with a supervisory authority;
g) if personal data is not collected from the data subject itself, then all available information about the origin of the data;
h) availability of automated decision-making, incl. regarding data profiling, in accordance with Art. 22, Chapter 1 and Chapter 4 of the DS–GVO (General Data Protection Regulation), and – at least in these cases – reliable information about the logic involved, as well as the scale and the expected consequences of such processing for the data subject.
(2) If personal data is transferred to a third country or an international organization, the data subject has the right to be informed of the relevant guarantees in accordance with Article 46 of the DS-GVO (General Data Protection Regulation) related to the transfer.
5.2 The right to rectification
The data subject has the right to immediately demand from the responsible person the rectification of any incorrect personal data related to the data subject. Taking into account the purpose of processing, the data subject has the right to request additional completion of incomplete personal data, including by means of an additional explanation.
5.3 The right to erasure / right to be forgotten
(1) The data subject has the right to require the responsible person to immediately erase personal data related to the data subject, and the responsible person is obliged to immediately erase personal data if there are the following reasons:
a) personal data is no longer required for the purposes for which they were collected or otherwise processed.
b) the data subject withdraws the consent on the basis of which the processing was carried out in accordance with Article 6, Chapter 1, paragraph a) or Article 9, Chapter 2, paragraph a) DS-GVO (General Data Protection Regulation), and there are no other legal grounds for such processing.
c) the data subject objects to processing in accordance with Article 21, Chapter 1 of the DS-GVO (General Data Protection Regulation), and there are no more valid legal grounds for processing, or the data subject objects to processing in accordance with Article 21, Chapter 2 of the DS-GVO.
d) personal data has been processed illegally
e) the erasure of personal data is necessary to fulfill legal obligations in accordance with the legislation of the Union or the EU Member States to which the person responsible for data protection is subordinate.
f) personal data was collected within the framework of services offered by the information society, in accordance with Article 8, Chapter 1 of the DS-GVO (General Data Protection Regulation).
(2) If the responsible person has made personal data public and is obliged to erase it in accordance with Chapter 1, they shall take appropriate measures, taking into account the available technologies and the cost of implementation, including technical measures, to inform the responsible persons who process personal data about the data subject’s requirement to them to erase all personal data and all links to these personal data or their copies, or replications of such personal data.
(3) Chapters 1 and 2 are not applicable if data processing is required
a) to exercise the right to freedom of speech and information;
b) to fulfill a legal obligation requiring the processing of data in accordance with the legislation of the Union or the EU Member States to which the responsible person is subordinate, or to perform a task in the public interest, or if the processing takes place within the exercise of authority vested in the responsible person;
c) based on the public interest in the field of public health in accordance with Article 9, Chapter 2 of paragraph h) and paragraph i), as well as Article 9, Chapter 3 of DS-GVO (General Data Protection Regulation);
d) for the purposes of archiving in the public interest, scientific or historical research or for statistical purposes in accordance with Article 89, Chapter 1, if it is expected that the right referred to in Chapter 1 makes it impossible or seriously affects the achievement of the purposes of this processing, or
e) in order to comply with, execute or defend legal requirements.
5.4 The right to restrict processing
(1) The data subject has the right to require the responsible person to restrict processing if one of the following conditions is present:
a) the accuracy of personal data is disputed by the subject of personal data, while during such a period of time that allows the responsible person to verify the accuracy of personal data,
b) the processing is unlawful, and the subject of data refuses to delete personal data, and instead requires restrictions on the use of personal data;
c) the responsible person no longer needs personal data for processing purposes, but the data subject needs them to assert, exercise or protect their legal rights, or
d) the data subject has objected to data processing in accordance with Article 21, Chapter 1 of the DS-GVO (General Data Protection Regulation) until it is established whether the legitimate grounds of the responsible person have priority over the legitimate grounds of the data subject.
(2) If the processing of personal data is restricted in accordance with Chapter 1, then these personal data can, except for their preservation, be processed only with the consent of the data subject or for compliance, implementation or protection of legal claims, or to protect the rights of another natural or legal person, or for reasons related to important public interests Union or EU Member State.
5.5 The right to data portability
(1) The data subject has the right to receive personal data related thereto, which they has provided to the responsible person, in a structured, generally accepted and machine-readable format, and has the right to transfer this data to another responsible person without the intervention of the responsible person to whom this data was provided, if
a) processing is based on consent in accordance with Article 6, Chapter 1, paragraph a) or Article 9, Chapter 2, paragraph a) DS-GVO or is based on a contract in accordance with Article 6, Chapter 1, paragraph b) DS-GVO and
b) processing is carried out using automated processes.
(2) When exercising their right to data portability in accordance with Chapter 1, the data subject has the right to request the transfer of personal data directly from one responsible person to another responsible person, to the technically feasible extent.
The right under Chapter 1 must not infringe on the rights and freedoms of others.
This right does not apply to processing necessary for the performance of tasks for the purposes of public interest, or if the processing takes place within the framework of the exercise of authority entrusted to the responsible person;
5.6 The right to object to processing:
The data subject has the right at any time to object to the processing of personal data relating to them, occurring in accordance with Article 6, Chapter 1, paragraph e) or f) of the DS-GVO (General Data Protection Regulation), for reasons arising from his specific situation; this also applies to profiling data based on these provisions. In such a case, the responsible person stops processing personal data, except in cases when he can present valid legal grounds for processing that prevail over the interests, rights and freedoms of the data subject, or when the processing serves to comply with, fulfill or protect legitimate requirements.
Due to the use of information society services, the data subject may, regardless of Directive 2002/58/EC, exercise their right to object by automated means using technical specifications.
5.7 The right to withdraw consent to data processing:
The data subject has the right to withdraw their consent to the processing of personal data carried out in accordance with the legislative provision on data protection at any time. The consent withdrawal does not affect the legality of processing performed on the basis of consent prior to its revocation.
5.8 The right to lodge a complaint with a supervisory authority
Any data subject has the right to lodge a complaint with a supervisory authority without prejudice to any other administrative-legal or judicial remedies, in particular in the EU Member State at his place of residence, place of work or place of alleged violation, if the data subject believes that the processing of personal data concerning him violates this Provision.