Principles of Personal Data Processing and Data Protection System in Compliance with the GDPR Regulation
Prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, pursuant to Articles 13 and 14 of the Regulation (hereinafter referred to as “GDPR”), and Act No. 18/2018 Coll. on the Protection of Personal Data (hereinafter referred to as the “Personal Data Protection Act”).
Data Controller
Backron Capital s.r.o.
Farská 50, 949 01 Nitra, Slovakia
Company ID: 54409616
VAT ID: 2121678845
Phone: +421 908 326 638
Email: info@backroncapital.eu
What is Personal Data?
Personal data refers to any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, particularly by reference to a universally applicable identifier or another unique identifier such as a name, surname, identification number, location data, online identifier, or based on one or more factors that constitute the person’s physical, physiological, genetic, psychological, mental, economic, cultural, or social identity.
What is Personal Data Processing?
Personal data processing refers to any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means. This includes but is not limited to collecting, recording, organizing, structuring, storing, modifying, retrieving, consulting, using, disclosing by transmission, dissemination, aligning, restricting, erasing, or destroying data.
The Data Controller is not required to appoint a Data Protection Officer.
Sources and Categories of Personal Data Processed
The Data Controller processes personal data:
- Directly provided by you, or
- Personal data obtained as part of fulfilling your order.
This includes identification and contact details necessary to fulfill contractual obligations.
Legal Basis and Purpose of Processing
The processing of personal data is based on:
- Your consent to process personal data for direct marketing purposes under Article 6(1)(a) GDPR.
- Performance of a contract between you and the Data Controller under Article 6(1)(b) GDPR.
- Compliance with a legal obligation by the Data Controller under Article 6(1)(c) GDPR.
The purpose of data processing includes:
- Processing your order and fulfilling the rights and obligations arising from the contractual relationship.
- Successful execution of the order (including payment, service delivery, complaint handling, etc.).
- No separate consent is required, as processing is legally based on fulfilling contractual obligations.
- Providing agreed-upon services in metalworking, stainless steel piping installation in pharmaceutical factories, and isometric reading.
The Data Controller declares that no personal data will be shared with third parties.
Data Retention Period
The Data Controller retains personal data:
- For the period necessary to fulfill contractual obligations and exercise legal claims arising from these contracts.
- Until the expiration of the retention period under Act No. 395/2002 Coll. on Archives and Registries, after which personal data will be deleted.
Recipients of Personal Data
A recipient is any entity to whom personal data is disclosed, regardless of whether it is a third party. However, a public authority that processes data under specific legal regulations is not considered a recipient.
Recipients include entities involved in delivering goods, services, or processing payments under a contract.
The Data Controller does not transfer, publish, or make personal data available to third countries.
Personal Data Security Measures
The Data Controller declares that appropriate personnel, technical, and organizational measures have been taken to protect personal data.
- Technical measures have been implemented to secure data storage and protect physical records.
- Access to personal data is restricted to authorized personnel only.
Your Rights
Under GDPR, you have the right to:
- Access your personal data (Article 15 GDPR)
- Request correction of inaccurate data (Article 16 GDPR)
- Restrict processing (Article 18 GDPR)
- Request deletion of your personal data (Article 17 GDPR)
- Object to data processing (Article 21 GDPR)
- Data portability (Article 20 GDPR)
- Withdraw consent (electronically or via written request)
- File a complaint with the data protection authority if you believe your rights have been violated
How to Exercise Your Rights?
Right of Access
You have the right to know whether we process your personal data. If we do, you may request access to your data. Upon request, we will provide confirmation of the processing of your data.
Submit your request via email: info@backroncapital.eu
Or by post: Backron Capital s.r.o., Farská 50, 949 01 Nitra, Slovakia
Right to Rectification
Your personal data must be accurate, complete, and up-to-date. If your data is incorrect or outdated, you can request a correction.
Submit your request via email: info@backroncapital.eu
Or by post: Backron Capital s.r.o., Farská 50, 949 01 Nitra, Slovakia
Right to Erasure (“Right to be Forgotten”)
In certain circumstances, you have the right to request the deletion of your personal data. You may request deletion at any time, and we will comply if:
- The data is no longer necessary for the purpose it was collected.
- You withdraw your consent.
- You object to the processing.
- The data has been processed unlawfully.
- The data must be erased to comply with legal obligations.
- You are a minor, or you are the parent of a minor who consented to online data processing.
Right to Restrict Processing
You can request a restriction on the processing of your personal data, meaning we will only store it and not use it further if:
- You dispute the accuracy of your data, until we verify it.
- The data has been unlawfully processed, but you do not wish for it to be deleted.
- We no longer need the data, but you require it for legal claims.
- You have objected to processing, pending verification of whether our legitimate interests override yours.
Right to Data Portability
You may request your personal data in an electronic format (e.g., XML or CSV) for transfer to another company. You may also request that we transfer your data directly to another company, provided:
- You supplied the data directly.
- You consented to its processing.
Right to Object
You may object to the processing of your personal data if it is:
- Based on our legitimate interests.
- Used for customer profiling.
How to Contact Us?
You can exercise your rights via:
Email: info@backroncapital.eu
Post: Backron Capital s.r.o., Farská 50, 949 01 Nitra, Slovakia
If you believe your personal data protection rights have been violated, you have the right to file a complaint with the data protection authority:
Office for Personal Data Protection
Hraničná 12, 820 07 Bratislava 27, Slovakia
Phone: +421 2 3231 3214
Email: statny.dozor@pdp.gov.sk
Company ID: 36064220
VAT ID: 2021685985