Information memorandum on personal data protection

Lighting Beetle s.r.o., with registered office at Budyšínska 8, 831 03 Bratislava, Slovak Republic, Company identification number: 51 685 671, entered in the Commercial Register of the Bratislava I District Court, Section: Sro, File no.: 59475/B („Controller“ or „Company“) processes your personal data for the purposes and on legal bases as provisioned below in this Information Memorandum.

As the Company cares about the protection of your personal data, in this information memorandum you will also find more detailed information on the processing of your personal data as well as information on your rights as a data subject which pertains to you under Regulation (EU) of the European Parliament and of the Council no. 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR") and, where applicable, the Act no. 18/2018 Coll. on the Protection of Personal Data and on the changes and supplements to certain laws as amended (hereinafter referred to as Data Protection Act or "DPA").

The Company is the Controller of your personal data, which means that the Company determines the purpose and means of processing of your personal data.

We have tried to provide all important information regarding the processing of personal data by our Company in this memorandum, but if you have a reasonable impression that this memorandum does not contain all information about how your personal data is processed by our Company, you have the right to access to this personal data and to request additional information from our Company on the processing of your personal data (for more information on the right of access and other rights arising from the GDPR, see section 8 of this notice below).

1. COMPANY CONTACT DETAILS

Business name: Lighting Beetle s.r.o.
Address: Budyšínska 8, 831 03 Bratislava, Slovenská republika
Email: gdpr@lbstudio.sk
Telefonický kontakt: +421 948 225 552

2. WHAT PERSONAL DATA WE PROCESS

2.1. Standard personal data: as the Controller, the Company processes the following personal data that you provide to the Company in person or the data that the Company obtains from other sources, electronically by email, through our website or by other means, in particular:

2.1.1. identification data (in particular your name, surname, maiden name, academic degree, date of birth, type and number of identification document, other data from identification card, nationality, client number, legal entity ID number, designation of the official register or other official records);
2.1.2. contact details (in particular address of permanent residence or address of temporary residence, address for delivery, place of business, email address, telephone number, bank account number);
2.1.3. transaction data (in particular data on transactions on accounts, recipients and senders);
2.1.4. audio-video recordings (in particular recordings made by camera systems);
2.1.5. other relevant data (for example, data on seizure proceedings, bankruptcy proceedings, personal bankruptcies, data related to fulfilment of your contractual obligations and duties, data on your payment discipline);
2.1.6. other personal data that you voluntarily provide us with for a given purpose or personal data that we are obliged to process pursuant to a specific legislation.

2.2. Special categories of personal data (sensitive data): as the Controller, the Company processes special categories of your personal data (sensitive data) solely if you voluntarily provide us with this data, we process them on the relevant legal basis, and they are essential for the Company.

3. THE PURPOSE OF THE PROCESSING OF PERSONAL DATA (WHY WE HAVE YOUR PERSONAL DATA) AND THE LEGAL BASIS FOR THEIR PROCESSING (WHAT LEGISLATION SERVES AS THE BASIS FOR US KEEPING YOUR PERSONAL DATA)

3.1. Processing purposes and the relevant legal basis: We process your personal data for the following purposes and on the following legal bases:

3.1.1. For the purpose of conclusion and performance of contracts/agreements with clients (as well as within the framework of pre-contractual relations): for this purpose we mainly process your contact details, identification and transactional personal data within pre-contractual relations as these are necessary for concluding and performing the agreement with the Company. These are most often agreements for the provision of services, work performance contracts and other business agreements that are/will be concluded between you (or your company) and the Company. We need the personal data in question for the entire period of validity and performance of the agreement, while after the termination/discharge of the agreement we shall still archive the personal data as laid down in the applicable legislation (especially pursuant to the Act No. 431/2002 Coll. on Accounting as amended).

3.1.2. For the purposes of UX design analysis (based on consent or contract): this concerns the processing of your identification, contact and other personal data that the Company essentially needs for the given purpose and the project of UX design analysis. UX design analysis consists in testing and designing of improvements and simplifying of the use and operation of websites, applications, or other software. By evaluating your personal information and the way how you use the subject of our UX design analysis as well as your feedback on the subject of our UX design analysis, we can provide you, our client, with tailor-made solutions. We can also use the individual outputs from the above analysis to advise our clients on how to improve/change their business model or service provision in the online or offline/non-digital environment. We process your personal data on the basis of:

3.1.2.1. your consent, which you voluntarily grant us (for example by email, electronic or written form, our website or by means of a statement in an audio/video recording), while you have the right to withdraw this consent at any time (for example by using the contact details of the Company indicated in item COMPANY CONTACT DETAILS above); or
3.1.2.2 the contract (agreement) you enter into with the Company for the given purpose and project of the UX design analysis.

3.1.3. Marketing purpose (based on consent or legitimate interest): this concerns the processing of your contact and identification personal data primarily for the purpose of direct marketing, i.e. sending of a newsletter, evaluation of customer satisfaction, sending of offers for products and services supplied by the Company as well as products and services of companies and partners of the Company or sending of invitations to organized events or conferences. We process your identification and contact personal data for the purpose in question either on the basis of:

3.1.3.1. your consent, which you voluntarily grant to us (for example by email, our website or in writing), whereas you have the right to withdraw such consent at any time (for example by contacting the Company using the contact details indicated in the section COMPANY CONTACT DETAILS above); or
3.1.3.2. egitimate interest - the legitimate interest of the Company in the processing of your contact and identification personal data for the marketing purpose in question lies in the fact that the promotion of the services and products of the Company to our existing and former clients ensures development and growth of the Company; simultaneously, communication with our former and existing clients enables the Company to identify, within the feedback provided, how to improve our services and products and how to eliminate any deficiencies. The Company has eminent interest in providing its clients with the best and highest-quality services and products, it is therefore a legitimate interest of the Company to use the basic contact and identification data of our former and existing clients and based on this legitimate interest to send information about our offers and, at the same time, to receive continuous feedback from the above communication. The above is almost essential for the proper functioning and development of the Company, as in today's modern era, every company operating in the market strives to maintain regular contact with its clients.

Also, for the case of electronic communication, we also would like to point out to the provision of Section 62 par. 3 of Act no. 351/2011 Coll. on Electronic Communications, as amended, according to which the prior consent of the recipient of electronic mail is not required in the case of direct marketing of own similar goods and services of a legal entity, whose contact information for electronic mail delivery was obtained by the same entity in connection with the sale of goods or services and in accordance with the applicable law or special regulation.

GDPR allows the Company as the Controller to process personal data without receiving consent to the processing of such personal data and it also allows the Company to process personal data on another legal basis such as performance of an agreement or contract or fulfilment of an obligation under a special legislation. According to the GDPR, the Company is entitled to process personal data also on the basis of a legitimate interest.

You have the right to object to such processing of personal data on the basis of legitimate interest, whereas the details of this right are also provisioned in the item Right to object: You have the right to object to the processing of your personal data which is performed in public interest, legitimate interest, including an objection to profiling based on a legitimate interest. The Company shall not further process your personal data unless the Company demonstrates necessary legitimate reasons for such processing that outweigh your interests, rights and freedoms, or unless the Company demonstrates reasons for establishment, exercise or defence of its legal claims. below. If you object to the processing of your personal data on the basis of a legitimate interest, specifically for the above purpose of direct marketing, the Company shall no longer process your personal data for the given purpose.

3.1.4. For the purposes of processing and registration of accounting and contractual documentation (based on the performance of the agreement and to comply with the legal obligation): this concerns the processing of personal data of business partners, contractors and subcontractors of the Company who are natural persons, including the contact details of their representatives for the purposes of contractual and business relationships. We process the above personal data within the framework of pre-contractual relations and these data are necessary for the conclusion and performance of the agreement with the Company and the Company needs them during the entire period of validity and performance of the agreement (whether oral or written). After the fulfilment or cessation of the contractual relations in question, the Company shall archive the concerned personal data in accordance with the relevant legislation (in particular pursuant to Act No. 431/2002 Coll. on accounting, as amended).

3.1.5. For the purposes of exercising and defending the Company's legal claims (based on a legitimate interest): this concerns processing of personal data for the purposes of exercising and defence of the Company's legal claims in judicial, out-of-court, arbitration, administrative, enforcement, bankruptcy and restructuring proceedings. The Company essentially needs the personal data in question in order to be able to effectively exercise and defend its legitimate claims and rights. To this end, particularly identification and contact personal data, or transaction data will be processed; however, if it is really necessary for the given purpose of exercising and defending the Company's claims, the Company will also process other personal data.

GDPR allows the Company as the Controller to process personal data without receiving consent to the processing of such personal data and it also allows the Company to process personal data on another legal basis such as performance of an agreement or contract or fulfilment of an obligation under a special legislation. According to the GDPR, the Company is entitled to process personal data also on the basis of a legitimate interest.

You have the right to object to such processing of personal data on the basis of legitimate interest, whereas the details of this right are also provisioned in the item Right to object: You have the right to object to the processing of your personal data which is performed in public interest, legitimate interest, including an objection to profiling based on a legitimate interest. The Company shall not further process your personal data unless the Company demonstrates necessary legitimate reasons for such processing that outweigh your interests, rights and freedoms, or unless the Company demonstrates reasons for establishment, exercise or defence of its legal claims. below. If you exercise the right to object to a particular processing, the Company shall no longer process the concerned personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms as the data subject or unless the Company demonstrates reasons for the establishment, exercise or defence of legal claims.

3.1.6. For the purposes of providing cooperation, information and to establish contact (based on a legitimate interest): his concerns the processing of identification and contact details of natural persons and representatives of legal entities which we obtain from publicly available sources designed for the above purpose, from these persons directly as well as from other persons or entities, whereas it is in the interest of the Company to be able to establish contact with other legal and natural persons for the purposes of proper business operation of the Company or to provide such persons and entities with cooperation or information they request from the Company.

GDPR allows the Company as the Controller to process personal data without receiving consent to the processing of such personal data and it also allows the Company to process personal data on another legal basis such as performance of an agreement or contract or fulfilment of an obligation under specific legislation. According to the GDPR, the Company is entitled to process personal data also on the basis of a legitimate interest.

You have the right to object to such processing of personal data on the basis of legitimate interest, whereas the details of this right are also provisioned in the item Right to object: You have the right to object to the processing of your personal data which is performed in public interest, legitimate interest, including an objection to profiling based on a legitimate interest. The Company shall not further process your personal data unless the Company demonstrates necessary legitimate reasons for such processing that outweigh your interests, rights and freedoms, or unless the Company demonstrates reasons for establishment, exercise or defence of its legal claims. below. If you exercise the right to object to a particular processing, the Company shall no longer process the concerned personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms as the data subject or unless the Company demonstrates reasons for the establishment, exercise, or defence of legal claims.

3.1.7. For the purposes of protection of property, security and public order - CCTV camera systems (based on legitimate interest): this concerns the processing of your personal data (especially images, behaviour and expressions of a personal nature) through CCTV camera systems (audio-video recordings) for the purpose of property protection and the safety of the Company and our employees/workers as well as for the safety of the data subjects located on the premises of the Company. The CCTV camera systems are properly marked on the appropriate locations. The Company has a legitimate interest in using the CCTV camera recording to monitor the premises where the Company operates. It represents an important interest of the Company to ensure the protection of its property and activity as well as to maintain public order and simultaneously to ensure the safety particularly of our employees, workers, and clients.

GDPR allows the Company as the Controller to process personal data without receiving consent to the processing of such personal data and it also allows the Company to process personal data on another legal basis such as performance of an agreement or contract or fulfilment of an obligation under a special legislation. According to the GDPR, the Company is entitled to process personal data also on the basis of a legitimate interest.

You have the right to object to such processing of personal data on the basis of legitimate interest, whereas the details of this right are also provisioned in the item Right to object: You have the right to object to the processing of your personal data which is performed in public interest, legitimate interest, including an objection to profiling based on a legitimate interest. The Company shall not further process your personal data unless the Company demonstrates necessary legitimate reasons for such processing that outweigh your interests, rights and freedoms, or unless the Company demonstrates reasons for establishment, exercise or defence of its legal claims. below. If you exercise the right to object to a particular processing, the Company shall no longer process the concerned personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms as the data subject or unless the Company demonstrates reasons for the establishment, exercise or defence of legal claims.

3.1.8. For the purposes of keeping the sent and delivered mail (based on legitimate interest): the Company processes common personal data (basic identification data and personal contact details) based on its legitimate interest which consists in keeping proper records of the sent and delivered mail.

GDPR allows the Company as the Controller to process personal data without receiving consent to the processing of such personal data and it also allows the Company to process personal data on another legal basis such as performance of an agreement or contract or fulfilment of an obligation under a special legislation. According to the GDPR, the Company is entitled to process personal data also on the basis of a legitimate interest.

You have the right to object to such processing of personal data on the basis of legitimate interest, whereas the details of this right are also provisioned in the item Right to object: You have the right to object to the processing of your personal data which is performed in public interest, legitimate interest, including an objection to profiling based on a legitimate interest. The Company shall not further process your personal data unless the Company demonstrates necessary legitimate reasons for such processing that outweigh your interests, rights and freedoms, or unless the Company demonstrates reasons for establishment, exercise or defence of its legal claims. below. If you exercise the right to object to a particular processing, the Company shall no longer process the concerned personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms as the data subject or unless the Company demonstrates reasons for the establishment, exercise or defence of legal claims.

3.1.9. For the purposes of handling and registration of the applications and requests of data subjects under the GDPR (based on legal obligation or a legitimate interest): the Company processes your personal data in order for us to comply with our legal obligation under Articles 12 through 21, 33 and 34 of the GDPR for the purpose of processing applications and other requests by data subjects related to the protection of their personal data.

The Company further keeps your applications, the manner of their handling and the related communication and documentation on the basis of its legitimate interest, which consists in the exercise and defence of our rights in the event of an audit by the supervisory authority or in the event of initiation of a litigation concerning your application.

3.1.10. For the purpose of selecting employees - job seekers (within the scope of pre-contractual relations or on the basis of consent): for this purpose, the Company processes common personal data, which you provide to us mainly through your CV, cover letter and other attached documents. In the selection procedure, we assess your personal data whether you are a suitable candidate for the vacancy in terms of your experience, skills, your education and other personal characteristics that are necessary for the given position. We process your personal data within the scope of pre-contractual relations, which lead to the conclusion of an (employment) contract or agreement between you and the Company. In the event that you are not successful in the selection procedure, i.e. no (employment) contract or agreement is concluded between you and the Company, we will delete/destroy your personal data without any undue delay, unless there is another legal basis for their processing or unless you voluntarily give your consent for us to continue to process/keep your personal data in our database of job seekers, on the basis of which we can proactively contact you in the future if we have a new job vacancy and if we evaluate that your experience, skills, education and other personal characteristics are suitable for this position.

If you grant your consent to the processing of your personal data by the Company, you may withdraw this consent to the processing of your personal data at any time (for example, using the Company's contact details indicated in the item COMPANY CONTACT DETAILS above). In doing so, the withdrawal of consent does not affect the lawfulness of the processing based on consent granted prior to its withdrawal.

4. THE RECIPIENTS OR THE CATEGORIES OF RECIPIENTS OF PERSONAL DATA

4.1. The list of recipients of personal data: Your personal data may be provided to the following recipients, whereas prior to each provision of your personal data, we shall first thoroughly assess whether the Company is authorized to provide your personal data to another entity:

4.1.1. marketing and PR companies (as intermediaries) that perform marketing and PR services for the Company (including services related to sending of newsletters);
4.1.2. IT service providers (as intermediaries) who provide certain IT security and infrastructure services for the Company, including the website;
4.1.3. legal representatives and law firms which provide the Company with comprehensive legal consultancy and advice, represent the Company at courts and before other government agencies, as well as against debtors and other entities for the purpose of exercising and defending the rights and legal claims of the Company;
4.1.4. companies that provide debt collection and management of receivables for the Company;
4.1.5. interpreters and translators (as intermediaries), if in relation to the activities of the Company, for the provision of our services or for any other purpose, it is necessary to ensure the translation of certain documents into or from a foreign language;
4.1.6. auditors who perform an audit of the Company, for example, to verify the financial statements of the Company;
4.1.7. accounting companies and tax advisors (as intermediaries) who provide the Company with comprehensive bookkeeping and processing of accounting, including accounting and tax advice;
4.1.8. companies (as intermediaries) that provide the Company with email service (Google) and corporate external storage (Dropbox);
4.1.9. companies (as intermediaries) that provide the Company with management of registry records and archiving;
4.1.10. banks and other companies which ensure for the Company in particular the execution of financial and business transactions and provide the Company with financial services;
4.1.11. companies providing press services and mass correspondence services;
4.1.12. partners of the Company.

4.2. Anyone who processes personal data on behalf of the Company is a Controller.

4.3. State authorities and other entities: Your personal data may also be provided to other entities if the Company believes that such provision of personal data is:
4.3.1. in compliance with generally binding legal regulations, DPA or GDPR; or
4.3.2. necessary for the purposes of exercising, establishing, or defending the legal rights/claims of the Company; or
4.3.3. necessary to protect the vital interests of the Company or vital interests of another entity,

this may concern the provision of personal data to any of the following entities:

4.3.4. any competent law enforcement agents, prosecutors or courts;
4.3.5. regulators;
4.3.6. notaries as a judicial commissioner;
4.3.7. tax authorities;
4.3.8. supervisory and control authorities;
4.3.9. government agencies;
4.3.10. enforcement officers;
4.3.11. the trusties or provisional trusties in bankruptcy or restructuring proceedings, liquidation or debt relief proceedings or supervisory trusties performing supervisory bankruptcy or restructuring administration;
4.3.12. municipalities, cities, self-government regions;
4.3.13. government ministries;
4.3.14. The Supreme Audit Office of the Slovak Republic;
4.3.15. The National Security Authority of the Slovak Republic;
4.3.16. Slovak Trade Inspection;
4.3.17. The Justice Treasury;
4.3.18. Office for Personal Data Protection of the Slovak Republic;
4.3.19. Financial Directorate of the Slovak Republic;
4.3.20. or other entities.

4.4. Provision of personal data based on instruction issued by the data subject: We may also provide your personal data to other recipients if you consent to such provision of your personal data or instruct the Company to provide such personal data to other entities.

5. THE TERM FOR RETENTION OF PERSONAL DATA

5.1. We shall retain your personal data for as long as necessary for the purposes​ of processing of your​ personal data by the Company, ​unless a generally binding legal regulation permits or requires that we retain the personal data in question for a longer period.

5.2. We retain your personal data for the following periods:

Purpose:
Conclusion and performance of agreements/contracts with clients (including pre-contractual relations)
Data storage period:
Accounting documents are/will be stored during the term of the contract/agreement and for ten (10) years following the year in which the contract/agreement expired/was fulfilled (according to Act No. 431/2002 Coll. on Accounting, as amended). In the event of the initiation of judicial or administrative proceedings, the Company will be processing your personal data for the necessary period during which the judicial or administrative proceedings in question will continue.

Purpose:
UX design analysis
Data storage period:
During the period of validity of your consent or until the moment of withdrawal of your consent.
In the case of personal data processing based on a contract or agreement, the data will be processed for the term of the contract/agreement and subsequently, accounting documents are/will be stored for ten (10) years following the year in which the contract/agreement expired/was fulfilled (according to Act No. 431/2002 Coll. on Accounting, as amended).
In the event of the initiation of judicial or administrative proceedings, the Company will be processing your personal data for the necessary period during which the judicial or administrative proceedings in question will continue.

Purpose:
Marketing purposes
Data storage period:
During the period of validity of your consent or until the moment of withdrawal of your consent.
In the case of the processing of personal data on the basis of a legitimate interest, for the period necessary to fulfil the purpose of the processing, but no longer than for the period of ten (10) years.

Purpose:
Processing and registration of accounting and contractual documentation
Data storage period:
Accounting documents are/will be stored during the term of the contract/agreement and for ten (10) years following the year in which the contract/agreement expired/was fulfilled (according to Act No. 431/2002 Coll. on Accounting, as amended). In the event of the initiation of judicial or administrative proceedings, the Company will be processing your personal data for the necessary period of time during which the judicial or administrative proceedings in question will continue.

Purpose:
Exercising and defending legal claims
Data storage period:
For the period necessary to exercise and defend the rights and claims of the Company, not shorter than for the duration of the limitation period under the Civil Code or the Commercial Code, but no longer than for ten (10) years after the termination/fulfilment of obligations under the contractual relationship. In the event of the initiation of judicial or administrative proceedings, the Company will be processing your personal data for the necessary period during which the judicial or administrative proceedings in question continues.

Purpose:
Providing cooperation, information and establishing contact
Data storage period:
For the period necessary to establish contact with the said entities or to provide cooperation and information required by these entities, but not longer than ten (10) years from the receipt of the concerned information.

Purpose:
Protection of property, security and public order (CCTV camera systems)
Data storage period:
For 7 days

Purpose:
Management of sent and delivered mail
Data storage period:
For the period necessary to keep the mailing records, but not more than ten (10) years from their receipt.

Purpose:
Processing and registration of applications and complaints of data subjects pursuant to the GDPR
Data storage period:
For the period necessary to process and record applications and complaints, but not more than ten (10) years from their receipt

Purpose:
Hiring of employees - job seekers
Data storage period:
If no contract or agreement is concluded between you and the Company, we will immediately delete/destroy the personal data received for that purpose.
In the case of granting your consent, we shall keep tha data for the period of validity of such consent or until the moment when such consent is withdrawn.

5.3. We also believe it is necessary to point out that the Company will be processing personal data for a longer period than stated above, where a competent state authority (such as a law enforcement authority) issues a justified request on the basis of a generally binding legal regulation that the Company stores your personal data for a longer time for the purposes of infringement proceedings, criminal or administrative proceedings.

6. AUTOMATED DECISION-MAKING AND PROFILING

6.1. Your personal data will not be used for automated individual decision-making or profiling.

7. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

7.1. The Company does not anticipate that any transfer of your personal data to third countries that do not provide an adequate level of personal data protection will be required for the processing purposes set out in the item THE PURPOSE OF THE PROCESSING OF PERSONAL DATA (WHY WE HAVE YOUR PERSONAL DATA) AND THE LEGAL BASIS FOR THEIR PROCESSING (WHAT LEGISLATION SERVES AS THE BASIS FOR US KEEPING YOUR PERSONAL DATA) of this Memorandum above, unless such transfer is expressly required by a generally binding legal regulation or a decision issued by a government authority. Third countries are defined as all countries except the Member States of the European Union and countries that are party to the Agreement on the European Economic Area.

7.2. In the event that the concerned purpose requires a transfer of personal data to third countries, in such transfer we shall comply with all conditions provisioned in Articles 44 to 49 of the GDPR as well as other GDPR conditions ensuring this transfer complies with all security standards and does not violate your rights and freedoms.

8. YOUR RIGHTS AS A DATA SUBJECT IN RELATION WITH THE PROCESSING OF YOUR PERSONAL DATA

8.1. Individual rights of the data subjects: Just as the Company has its rights and obligations in relation to the protection of personal data, you also have rights in relation to the protection of your personal data (personal data concerning you). These concerned rights include the following:

8.1.1. The right of access: You have the right to obtain confirmation from the Company as to whether the Company processes your personal data, what personal data it processes, for what purposes it processes them, for how long it stores them, from where the Company collected them, to whom it provides them, which entities other than the Company processes the personal data in question, whether and how automated decision-making including profiling is performed in the processing of your personal data, and what other rights you have in relation to the processing of your personal data. All of the above information is provided in this Information Memorandum, but if you feel that you do not know whether and what personal information the Company processes and how it processes it, you have the right to access this personal data. As part of this right of access, you may request a copy of the processed personal data from the Company. The first copy provided by the Company will be free of charge while any further provision of copies will be charged.

8.1.2. Right to rectification: Should you find that your personal data that the Company processes are inaccurate, incorrect, or incomplete, you have the right to have the Company rectify or complete your personal data.

8.1.3. The right to erasure (the right to be forgotten): In the following cases, you have the right to have your personal data that are processed by the Company deleted without any undue delay:

8.1.3.1. your personal data are no longer required for the purposes for which the Company obtained or otherwise processed them; or
8.1.3.2. you have withdrawn your consent to the processing of your personal data, your consent was required for the processing of these personal data and at the same time the Company has no other reason or legal basis for their processing (for example for exercising the rights and claims of the Company); or
8.1.3.3. you will exercise your right to object to the processing of your personal data (more details on the right in question are provided in the section Right to object: You have the right to object to the processing of your personal data which is performed in public interest, legitimate interest, including an objection to profiling based on a legitimate interest. The Company shall not further process your personal data unless the Company demonstrates necessary legitimate reasons for such processing that outweigh your interests, rights and freedoms, or unless the Company demonstrates reasons for establishment, exercise or defence of its legal claims. below), which the Company processes on the basis of a legitimate interest and the Company finds that it has no other legitimate interests that would entitle the Company to further processing of these personal data
8.1.3.4. if the Company processed your personal data illegally; or
8.1.3.5. to comply with the legal obligation provisioned in the generally binding legal regulation that applies to the Company; or
8.1.3.6. if personal data were obtained in relation to the offer of information society services addressed directly to a child.

It is necessary to inform you that the right to erasure (the right to be forgotten) is not absolute and even if it is one of the above cases, the Company is not obliged to delete your personal data (personal data concerning yourself) if their processing is required:

8.1.3.7. to exercise the right to freedom of expression and information; or
8.1.3.8. to fulfil a legal obligation of the Company according to a generally binding legal regulation; or
8.1.3.9. for archiving purposes in public interest, for scientific or historical purposes, or for statistical purposes; or
8.1.3.10. to demonstrate, enforce or defend legal claims of the Company.

8.1.4. The right to restriction of processing: In certain cases, in addition to the right to erasure, you also have the right to restrict the processing of your personal data, by which you can request in specific cases that your personal data be marked and require that this personal data not be subject to any further processing operations for a certain period of time. The Company is obliged to limit the processing of your personal data in cases where:

8.1.4.1. you contest the accuracy of your personal data for the period allowing the Company to verify the accuracy of your personal data; or
8.1.4.2. the processing of your personal data is is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
8.1.4.3. the Company no longer needs your personal data for processing purposes, but you need them for the establishment, exercise or defence of legal claims;; or
8.1.4.4. you will exercise your right to object to the processing of your personal data (more details on the right in question are given in the point Right to object: You have the right to object to the processing of your personal data which is performed in public interest, legitimate interest, including an objection to profiling based on a legitimate interest. The Company shall not further process your personal data unless the Company demonstrates necessary legitimate reasons for such processing that outweigh your interests, rights and freedoms, or unless the Company demonstrates reasons for establishment, exercise or defence of its legal claims. below), pending the verification whether the legitimate grounds of the Company override your rights as the data subject.

If the processing of your personal data has been restricted under this right to restrict processing, such personal data, with the exception of storage, may only be processed by the Company with your consent or for establishment, exercise or defence of the Company's legal claims or to protect the rights of another natural person or legal entity, or for reasons of overriding public interest of a country that is a Member State of the European Union or a party to the Agreement on the European Economic Area.

8.1.5. Right to data portability: You have the right to receive all your personal data that you have provided to the Company, if the Company processes it on the basis of consent to the processing of personal data or on the basis of performance of an agreement whereas this must concern exclusively the personal data that the Company processes by automated means (electronically). We will provide your personal data in a structured, commonly used and machine-readable format and you have the right to transmit this personal data directly to another controller, if technically feasible.

8.1.6. Right to object: You have the right to object to the processing of your personal data which is performed in public interest, legitimate interest, including an objection to profiling based on a legitimate interest. The Company shall not further process your personal data unless the Company demonstrates necessary legitimate reasons for such processing that outweigh your interests, rights and freedoms, or unless the Company demonstrates reasons for establishment, exercise or defence of its legal claims.

If the Company processes your personal data for direct marketing purposes, you have the right at any time to object to the processing of this personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. Should you object to the processing of your personal data for direct marketing purposes, the Company will no longer process this personal data for such purposes.

8.1.7. How to exercise your rights: You can exercise the above rights using the contact details of the Company, which are provided in section COMPANY CONTACT DETAILS above.

8.1.8. The right to lodge a complaint with the Data Protection Office: In the event of a suspicion of unauthorized processing of your personal data, in addition to exercising the above rights, you may lodge a complaint with the supervisory authority, in particular in your Member State of your habitual residence, the place of performance of work or the place of the alleged infringement. The supervisory body in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic. The registered office of the Office for Personal Data Protection of the Slovak Republic is at Hraničná 12, 820 07 Bratislava, Slovak Republic and the contact details of the said office are as follows: email: statny.dozor@pdp.gov.sk; web: https://dataprotection.gov.sk/

In the case of filing of a complaint/proposal in electronic form, it is necessary that it meets the requirements under the provisions of Section 19 par. 1 of Act no. 71/1967 Coll. on Administrative Proceedings (Administrative Procedure Code) as amended.

9. THE RIGHT TO WITHDRAW CONSENT TO THE PROCESSING OF PERSONAL DATA AT ANY TIME

9.1. If you have granted the Company your consent to the processing of some of your personal data (the legal basis for the processing of certain personal data by the Company is your consent), you may withdraw such consent at any time, for example using the Company's contact details indicated in the section COMPANY CONTACT DETAILS above. In doing so, the withdrawal of consent does not affect the lawfulness of the processing based on consent granted prior to its withdrawal.

10. CHANGES TO THIS INFORMATION MEMORANDUM

10.1. We may update this Information Memorandum on Personal Data Protection on an ongoing basis in response to changes in legal, technical, or business developments. When updating this Information Memorandum on Personal Data Protection, we shall take appropriate measures to inform you depending on the significance of the changes we apply.