1. THE PURPOSE OF THIS NOTICE. THE DATA CONTROLLER
1.1. What is the purpose of this privacy notice?
This privacy notice (“Notice”) is intended to help business partners and other private individuals to understand how CHIYODA INTEGRE SLOVAKIA, s.r.o. (“Company”) processes personal data of private individuals having dealings (directly or indirectly through their employers) with the Company.
The Notice is addressed to any private individual who has or (to the extent still applicable) had relationship established with the Company or whose personal data were provided to the Company by employer of such private individual. Whether you are our business partner or representative of our business partner or whether you have been nominated by our business partner as the business partner’s contact person or whether you have only sent an email, mail or other form of communication to the Company, to the extent our encountering with you led to the Company having access to your personal data, this Notice is relevant to you.
This Notice, however, does not cover processing operations with personal data carried out by the Company in context of employment (including the recruitment process), where separate rules available at the Company’s Human Resources department apply.
The Notice shall be read carefully and in its entirety. The Company strived to ensure that the Notice contains complete and comprehensible information about the processing activities regarding your personal data. However, if you have any questions or if you are not sure about any aspects of processing of your personal data by the Company, please, do not hesitate to contact us at the following email address: admi1@chiyoda.sk or phone number: +421 2 6353 2358.
1.2. Who is the data controller?
The data controller with respect to the personal data is the Company (i.e., CHIYODA INTEGRE SLOVAKIA, s.r.o. with its registered seat at: Údernícka 9, 851 01 Bratislava, ID number: 36 709 981, registered with the Commercial Register of the District Court Bratislava I, Section: Sro, File No.: 50095/B).
The Company needs to process your personal data in order to fulfil its contractual and other legal obligations. At the same time, the Company may need to process your personal data to protect its legitimate interests, including operating its business activities in appropriate manner.
It is the objective of the Company to process all personal data in line with the applicable data protection laws, particularly (i) the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data, and repealing Directive 95/46/EC, and (ii) Slovak Act No: 18/2018 Coll. on Protection of Personal Data and On Amendment and Supplement of Certain Acts (to the extent applicable). It is also the objective of the Company to ensure that all processing operations are conducted in a secure way only to the extent necessary for achieving purpose of the processing as described below.
1.3. What could happen if personal data are not provided to the Company?
The Company has numerous contractual and legal obligations towards its business partners and towards the public authorities or other public bodies. In order to fulfil these obligations, but also in order to ensure protection of the Company’s interests it is necessary to process your personal data.
If your personal data are not provided to the Company, the Company may not be able to fulfil its obligations, which may result in the Company not being able to enter into contract with its business partners or to respond to your communication.
2. PERSONAL DATA. PROCESSING OPERATIONS
2.1.Where does your personal data come from?
The Company collects the personal data directly from you or from your employer who provided your personal data to the Company in the course of the business relationship. The Company may also receive some of the personal data from public authorities in relation to their queries or investigations. It may be also the case that the Company will process personal data which are publicly available, particularly with respect to contact data which include also reference to a particular person or personal data shared by the group companies belonging to the same group of companies as the Company. Please, also be aware that the Company may create other data about you, which could qualify as personal data and the Company will use and store also such personal data.
2.2. What kind of personal data are processed by the Company?
Unless a particular situation requires otherwise, the personal data that the Company will be processing may include:
- identification and characteristic information: such as name, surname, title, details of your employer, job position,
- contact data: such as address, business address, (business) phone number, (business) e-mail address, working position,
- background information and skills overviews: such as information stated on any professional certificate or license (to the extent applicable).
If other personal data are provided to the Company, the Company will at all times carefully evaluate whether such personal data are necessary for the intended processing purposes. To the extent not necessary, the Company will not process such personal data.
2.3. What are the purposes for processing of your personal data by the Company?
The Company processes personal data of its business partners, representative(s) of business partners and/or business partner’s contact persons in order to fulfil its contractual obligations and statutory obligations (such as keeping of accounting, tax purposes and similar). Such personal data may also be processed for purposes of legitimate interests of the Company aimed at ensuring effective and secure conducting of Company’s and group’s business activities. The personal data may also be used for distribution of marketing and promotional materials to the business partner by the third party.
Your contact data will also be used to for communication purposes, including responding to any queries you may address to the Company as well as sharing with you promotional and marketing materials regarding the Company’s and the group’s business activities and products.
2.4. What is the legal base for the processing operations?
Pursuant to applicable data protection laws, personal data may only be processed on the basis of adequate legal base. The Company processes personal data on the basis of the following legal bases:
- performance of a contract
Data processing by the Company is necessary in order for the Company to be able to fulfil its obligations deriving from the agreement concluded with you or with your employer. - fulfilment of legal obligation
Data processing by the Company is necessary in order for the Company to be able to comply with its obligations prescribed in law, including the transmission of data to authorities. - legitimate interest of the Company
In certain cases the Company will also process personal data on the basis of the fact that the Company has a legitimate interest to do so. These cases include:- making or defending against claims;
- proving compliance with applicable laws (such as upon requests of supervisory authorities);
- security of the Company (such as controlling access to the Company’s premises);
- sharing of your business related personal data with other companies from the same group of companies to conduct the Company’s (and also the group’s) business activities effectively and securely.
In cases where data processing by the Company is based on the legitimate interest of the Company, the Company has, upon thorough deliberation, arrived at the conclusion that your interests or fundamental rights and freedoms that require protection of personal data do not override the legitimate interest of the Company.
2.5. For how long will your personal data be processed?
The Company will not store or process personal data for a period longer than necessary to fulfil the purpose of the processing or as prescribed or allowed by applicable laws. Accordingly, when the purpose has been fulfilled in relation to a specific type of personal data, we will stop using the personal data for that purpose and, if the same data is not relevant for any other purpose, delete the relevant personal data as soon as reasonably possible
The basic rule is that the Company will store and process your personal data throughout the duration of the contract with the business partner and for a period of ten years after its termination, unless the applicable laws provide for different period. To the extent possible, the Company will anonymize your personal data for their use for statistical purposes.
3. YOUR RIGHTS
3.1. What does the Company do to protect your personal data?
The Company ensures that the principles of protection of personal data laid down by the applicable data protection laws are strictly followed and adhered to. Particularly, the Company ensures that (i) only those personal data are processed which are necessary for the purpose of processing, (ii) personal data are processed only for purpose for which the data were collected or (to the extent permitted by the applicable data protection laws) for purpose which is compatible with the original purpose, and (iii) the personal data are processed no longer than necessary.
The personal data will be stored and processed manually and also automatically with the help of electronic devices.
The Company has taken appropriate technical, administrative, physical and procedural protection measures for the protection of personal data in their use and possession in order to ensure that such personal data are protected against misuse, unauthorized access, publication, corruption, modification and destruction. Such measures include the following:
- technical protection measures: e.g., firewalls, anti-virus and endpoint protection software, encryption technologies, password-protected access and monitoring of our systems and data centers to ensure compliance with our security policies,
- physical protection measures: e.g., closed doors and file cabinets, controlled entry to the premises of the Company, and
- organizational protection measures: by means of educational and awareness-raising programs regarding security and confidentiality, with the purpose of securing that the employees of the Company understand and know the importance of protecting personal data and the tools that are mandatory to use, further, also by means of a data protection policy and regulations that define how the Company processes personal data.
3.2. What are your rights with regard to processing of personal data?
The applicable data protection laws confer on you several rights when it comes to processing of your personal data. Details of these rights are outlined below. Be aware that the rights below could be qualified in certain circumstances (e.g., in case of legal proceedings regarding you). Please, do not hesitate to contact the Company, if you have any questions regarding your rights.
Right to be informed
As a data subject you have a right to be informed about all important aspects of the processing operations regarding your personal data, unless the applicable data protection laws provide otherwise. The Company fulfils its obligation to inform you, primarily, through this Notice. Though, from time to time, the Company may distribute further information or update this Notice to ensure that you have correct and up to date information about the processing operations at all times.
Right to access and rectification
As an employee, you have the right to request access to the personal data relating to you. This includes the right to be informed whether or not personal data about you are being processed, what personal data are being processed, and the purpose of the processing. We do not have to provide your personal data if this would adversely affect the rights and freedoms of others. You also have the right to rectify or add personal data if the personal data are inaccurate or incomplete.
Right to erasure (“right to be forgotten”)
You have the right to request that your personal data are erased in certain cases, e.g., if the personal data are no longer necessary for the purposes for which these were collected and no other legal bases exist for continuing to process such data, if the processing is unlawful, or the personal data have to be erased in order to enable the Company to comply with a legal requirement. Please note that we could reject your request if the processing is permitted or required according to law or any other relevant legal base.
Right to object and restriction of processing
You are also entitled to object to certain processing or request that the processing of the personal data is restricted such as if you believe the personal data may not be correct, if you believe the processing is unlawful, or if you believe that Company no longer needs the personal data for the purposes stated in this Notice.
Right to data portability
You are also entitled to request that personal data about you that you yourself have provided, if such personal data are being processed with your consent or in accordance with a contract between you and Company, are provided to you in a structured, commonly-used and machine-readable format and you may also request that such personal data are transmitted to another controller, if this is technically feasible.
3.3. What should you do, if you want to exercise your rights or if you have a complaint?
To exercise your rights you can (i) contact the Human Resources department of the Company (particularly, if you want to update any of the personal data processed by the Company), (ii) contract the Company using the above contact details, or (iii) contact the Company’s representative responsible for a particular agenda submit your request to him/her. Be aware that you may be contacted to verify your identity so that your personal data are not disclosed or discussed with other person than you. If you have a complaint regarding the processing of your personal data by the Company, please, contact the Company at the above contact details and submit to it your complaint. You can also submit your complaint directly to the supervisory authority, which is:
Name: Úrad na ochranu osobných údajov Slovenskej republiky (Office for Personal Data Protection of the Slovak Republic)
Address: Hraničná 12, 820 07, Bratislava 27, Slovak Republic
Phone: +421 2 323 132 14
Fax: +421 2 323 132 34
E-mail: statny.dozor@pdp.gov.sk
Webpage: https://dataprotection.gov.sk/uoou/
You have undisputable right to submit your complaint directly to the above mentioned supervisory authority or to use other remedies available to you under the applicable (data protection) laws. However, we believe that any request or complaint you may have may be dealt with between you and the Company, and therefore we encourage you to first submit your request or complaint to the Company before approaching the authorities. We assure you that we will handle any request or complaint in line with the applicable data protection laws.
4. DATA RECIPIENTS. THIRD PARTIES. TRANSFERS
4.1. Who has access to your personal data?
The Company processes your personal data through its employees or through external service providers.
Every employee having access to your personal data has been duly trained and informed about the rules and principles of handing your personal data. These employees only get access to your personal data in accordance with the principle of minimization, meaning that they will only have access to personal data that is strictly necessary for the purpose of the processing to perform their work.
In cases where your personal data are processed by a service provider engaged by the Company, the Company and the service provider concluded a data processing agreement in accordance with the applicable data protection laws. Such service providers may include (without limitation) IT service provider. Every person processing your personal data must follow the instructions of the Company.
The Company may also transfer your personal data to third parties, who process them for their own purposes. Such third parties include (without limitation) (i) public authorities or bodies (e.g., tax authority) particularly in connection with fulfilment of the Company’s obligations or in order to respond to queries the public authorities or bodies may have, (ii) Company group companies, particularly to ensure efficient operation of the entire group to which the Company belongs to or to accept services which are provider by specific companies from the group to all other members of the group, and (iii) other third parties who may be engaged by the Company to provide specific services to the Company in relation to the relationship with you, but who will not process personal data in the name of and on behalf of the Company.
4.2. To what countries will your personal data be transferred?
Your personal data are primarily processed within the European Union, European Economic Area and Switzerland where adequate level of protection of your personal data is secured.
It may be the case that from time to time the Company may transfer your personal data or other data derived from your personal data (such as statistical data) to its group companies located in countries which offer a lower level of protection than applicable in the European Union, European Economic Area or Switzerland. In such cases, the Company ensures that the transfer is made in accordance with the rules laid down by the applicable data protection laws, particularly (but without limitation) based on the Model Contractual Clauses adopted by the European Commission. For further details, please, contact the Company.
5.MISCELLANEOUS
5.1. To ensure that the Company complies with the applicable data protection laws or to reflect any changes in the processing operations, this Notice may be changed by the Company at any time. You will be informed of any such changes made via the commonly used means and forms.
5.2. We encourage you to report any non-compliance with this Notice to the Company. The Company will thoroughly investigate any such allegations and will take steps and actions necessary to ensure compliance with the applicable data protection laws.
5.3. Please notify the human resources department of the Company of any changes to the personal data relating to you to enable the Company to process personal data accurately and securely.
5.4. Please, if you are our business partner, be sure to notify any of your employees whose personal data will be provided to the Company about this Notice and all relevant aspects of processing of their personal data. If you fail to do that, please inform the Company immediately so that we can comply with the information obligation and notify the affected data subjects directly.