Principles of Personal Data Processing
Who processes your personal data?
Your personal data is processed by MNB s. r. o. with registered office at Karpatská 8, 811 05 Bratislava – Staré Mesto, ID No.: 50 340 298, registered in the Commercial Register of the Municipal Court of Bratislava III, Section: Sro, Insert No.: 111638/B (hereinafter referred to as the "Controller").
In the processing of personal data by the controller, you are in the position of a data subject, i.e. a person about whom personal data concerning him or her are processed. Your personal data will be processed securely, in accordance with the security policy of the controller.
What rights do you have as a data subject?
- Right of access – you have the right to be provided with a copy of the personal data we hold about you, as well as information about how we use your personal data.
- Right to rectification – if you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or complete the information.
- Right to erasure (to be forgotten) – you have the right to ask us to erase your personal data.
- Withdraw consent – where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing of personal data we have processed about you on the basis of that consent.
- Right to restriction of processing – in certain circumstances you are entitled to ask us to stop using your personal data.
- Right to data portability – in certain circumstances, you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice.
- Right to object – you have the right to object to the processing of your personal data based on our legitimate interests.
- Right to file a petition – if you believe that we are processing your personal data unfairly or unlawfully, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic.
- Right not to be subject to automated decision-making, including profiling.
The controller will not use your personal data for automated individual decision-making, including profiling.
If the provision of personal data is a legal/contractual requirement, you as the data subject are obliged to provide this personal data. Failure to provide the personal data necessary for the conclusion of a contract may result in the contractual relationship not being concluded.
If you object to the processing of your personal data, you have the right to submit a complaint or request in writing to the address of the controller's registered office at Karpatská 8, 811 05 Bratislava – Staré Mesto district or by e-mail: privacy@mnb.solutions.
Before we start processing your personal data based on our legitimate interests, we have carried out so-called comparative tests in which we have assessed the lawfulness, necessity, appropriateness, proportionality, as well as the application of appropriate safeguards to protect your rights and freedoms.
1. Web
1.1. Web communication
| Purpose of processing | Ensuring communication via the web, handling requests |
| Legal basis | Legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The main legitimate interest is to ensure effective communication via the website |
| Category of persons concerned | Information seekers |
| Category of personal data | Email address, subject of the message |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, entities to which the controller is obliged to provide personal data by law |
| Time limit for erasure | 10 days from the end of the month in which the request was received |
| Transfer to third countries | Not implemented |
2. Business Activity
2.1. Quotations
| Purpose of processing | Preparation of quotations |
| Legal basis | Pre-contractual relationship within the meaning of Article 6(1)(b) of the GDPR |
| Category of persons concerned | Potential clients, person authorised to act on behalf of the potential client, contact person of the potential client |
| Category of personal data | Name, surname, title, function, e-mail, telephone number, subject of the quotation, identification data on the basis of which the person concerned can be identified |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller (collaborators), entities to which the controller is obliged to provide personal data by law |
| Time limit for erasure | 3 months from the delivery of the quotation to the potential client |
| Transfer to third countries | Not implemented |
2.2. Contracts/Orders
| Purpose of processing | Conclusion and management of contractual relations/orders, provision of business activities |
| Legal basis | Contractual relationship within the meaning of Article 6(1)(b) of the GDPR |
| Category of persons concerned | Clients, a person authorised to act on behalf of the client |
| Category of personal data | Name, surname, title, function, e-mail, telephone number, address, data of the legal person/company on the basis of which it is possible to identify the person concerned (in particular Company ID No., Tax ID No., VAT ID No.), subject of the contract/order, bank details |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller (collaborators), entities to which the controller is obliged to provide personal data by law |
| Time limit for erasure | 10 years from the end of the contractual relationship |
| Transfer to third countries | Not implemented |
2.3. Records of clients and contact persons
| Purpose of processing | Registration of clients and contact persons |
| Legal basis | Legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The main legitimate interest is the efficient provision of communication with the contractual partner |
| Category of persons concerned | Clients, person authorised to act on behalf of the client, contact person of the client |
| Category of personal data | Name, surname, title, function, e-mail, telephone number, identification data of the company on the basis of which the data subject can be identified |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller (collaborators), entities to which the controller is obliged to provide personal data by law |
| Time limit for erasure | After termination of the contractual relationship |
| Transfer to third countries | Not implemented |
2.4. Suppliers
1. Contractual relations with suppliers
| Purpose of processing | Conclusion and management of contractual relations with suppliers |
| Legal basis | Contractual relationship within the meaning of Article 6(1)(b) of the GDPR |
| Category of persons concerned | Suppliers, a person authorised to act on behalf of the supplier |
| Category of personal data | Name, surname, title, function, e-mail, telephone number, correspondence address, identification data of the company on the basis of which the data subject can be identified |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, entities to which the controller is obliged to provide personal data by law |
| Time limit for erasure | 10 years from the end of the contractual relationship |
| Transfer to third countries | Not implemented |
2. Records of suppliers and contact persons
| Purpose of processing | Records of suppliers and contact persons |
| Legal basis | Legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The main legitimate interest is the efficient provision of communication with the contractual partner |
| Category of persons concerned | Clients, person authorised to act on behalf of the client, contact person of the client |
| Category of personal data | Name, surname, title, function, e-mail, telephone number, identification data of the company on the basis of which the data subject can be identified |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, entities to which the controller is obliged to provide personal data by law |
| Time limit for erasure | After termination of the contractual relationship |
| Transfer to third countries | Not implemented |
3. Accounting and Tax Obligations
| Purpose of processing | Fulfilment of legal obligations in the field of taxation and accounting in the area of business relations |
| Legal basis | Act No. 431/2002 Coll. on Accounting, Act No. 595/2003 Coll. on Income Tax as amended |
| Category of persons concerned | Clients, persons authorised to act on behalf of clients, suppliers, persons authorised to act on behalf of suppliers |
| Category of personal data | Name, surname, bank account number (or e-mail), payment-related data, company identification data on the basis of which the data subject can be identified |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, entities to which the controller is obliged to provide personal data by law, an intermediary ensuring the fulfilment of the controller's legal obligations |
| Time limit for erasure | 10 years from the fulfilment of the legal obligation |
| Transfer to third countries | Not implemented |
4. Social Media
| Purpose of processing | Ensuring communication via social networks |
| Legal basis | Legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The main legitimate interest is to ensure effective communication |
| Category of persons concerned | Information seekers |
| Category of personal data | Data provided when carrying out communications via social networks |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, entities to which the controller is obliged to provide personal data by law, the operator of social networks |
| Time limit for erasure | For as long as you are actively using your social media account |
| Transfer to third countries | Not implemented |
5. Job Seekers / Co-workers
5.1. Selection procedures
| Purpose of processing | Conducting selection procedures with job/cooperation applicants |
| Legal basis | Pre-contractual relationship within the meaning of Article 6(1)(b) of the GDPR |
| Category of persons concerned | Job applicants / co-workers |
Category of personal data:
Jobseekers:
- Name, surname, date of birth, address of residence, e-mail, telephone number, details given in the application, CV or cover letter
Candidates for cooperation:
- Name, surname, title, e-mail address, telephone number, ID number, VAT number, business name, place of business, and other identifying data, notes from pre-contractual negotiations, data contained in the CV, motivation letter, application for cooperation
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, entities to which the controller is obliged to provide personal data by law |
Time limit for erasure:
Job seekers:
- In the case of a decision to recruit: retain personal data for 1 year from the date of the last processing operation. In the event of a decision not to recruit: destroy within 1 month after the last processing operation.
Candidates for cooperation:
- In the event of a decision to establish cooperation: keep personal data for 1 year from the date of the last processing operation. In the event of a decision not to cooperate: destroy within 1 month after the last processing operation.
| Transfer to third countries | Not implemented |
5.2. Registration of job seekers / co-workers
| Purpose of processing | Registration of job seekers / co-workers |
| Legal basis | Consent of the data subject within the meaning of Article 6(1)(a) of the GDPR |
| Category of persons concerned | Job applicants / co-workers |
Category of personal data:
Jobseekers:
- Name, surname, date of birth, address of residence, e-mail, telephone number, details given in the application, CV or cover letter
Candidates for cooperation:
- Name, surname, title, e-mail address, telephone number, ID number, VAT number, business name, place of business, and other identifying data, notes from pre-contractual negotiations, data contained in the CV, motivation letter, application for cooperation
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, entities to which the controller is obliged to provide personal data by law |
| Time limit for erasure | 1 year after consent to the processing of personal data |
| Transfer to third countries | Not implemented |
6. Exercising the Rights of Data Subjects – Data Protection
| Purpose of processing | Records of exercised rights of data subjects and breaches of protection pursuant to Act No. 18/2018 Coll. on the Protection of Personal Data, records of exercised rights pursuant to Chapter III and notifications pursuant to Articles 33 and 34 of Regulation 2016/679 |
| Legal basis | Legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The main legitimate interest is the recording of exercised rights and notifications of personal data breaches |
| Category of persons concerned | Data subjects concerned by the application for the exercise of the right; data subjects affected by the personal data breach |
| Category of personal data | Data relevant for the exercise of the right, data to be provided by the whistleblower when notifying the infringement |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, entities to which the controller is obliged to provide personal data by law |
| Time limit for erasure | Within 6 months of the expiry of 5 years from the exercise of the right or the occurrence of the data breach |
| Transfer to third countries | Not implemented |
7. Pursuing Legal Claims
| Purpose of processing | The exercise of legal claims arising from contractual relations |
| Legal basis | Legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The main legitimate interest is the exercise of legal claims |
| Category of persons concerned | Clients, persons authorised to act on behalf of clients, suppliers, persons authorised to act on behalf of suppliers |
| Category of personal data | Name, surname, title, function, e-mail, telephone number, identification data of the company, data specified in the order/contract |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, entities to which the controller is obliged to provide personal data by law |
| Time limit for erasure | In the case of the right to compensation, the limitation period runs from the date on which the injured party knew or could have known about the damage and who is liable, but ends no later than 10 years from the date on which the breach of duty occurred |
| Transfer to third countries | Not implemented |
8. Network Administration
| Purpose of processing | Network administration (network security, information security) |
| Legal basis | Legitimate interest within the meaning of Article 6(1)(f) of the Regulation. The main legitimate interest is to ensure information and network security |
| Category of persons concerned | Persons whose personal data are processed in the context of electronic data processing |
| Category of personal data | Personal data held on designated workstations, personal data in electronic form necessary for the proper safeguarding of information and network security |
| Categories of beneficiaries | Entities to which the controller is obliged to provide personal data by law, authorised persons and other persons in a contractual relationship with the controller |
| Time limit for erasure | Depending on the processing operation |
| Transfer to third countries | Not implemented |
9. Intra-company Transfer of Personal Data
| Purpose of processing | Intra-company transfer of personal data within a group of undertakings – internal administrative |
| Legal basis | Legitimate interest within the meaning of Article 6(1)(f) of the Regulation. The main legitimate interest is the internal administration of undertakings |
| Category of persons concerned | Clients, persons authorised to act on behalf of clients, contact persons of clients, potential clients – in the case of quotations |
| Category of personal data | Name, surname, title, function, e-mail, telephone number, correspondence address, identification data of the company, subject of the quotation/contract/order |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, entities to which the controller is obliged to provide personal data by law |
| Time limit for erasure | For the duration of the contractual or pre-contractual relationship |
| Transfer to third countries | Not implemented |
10. Cookies
A cookie is a small text file that a website stores on your computer or mobile device when you visit that website.
Each time you visit the website, you will be prompted to accept or decline cookies. The purpose of this is to allow the website to retain information about your preferences for a certain period of time. This way, you do not have to re-enter them when you browse the website.
10.1. What cookies do we process?
Technical cookies (required)
We need to use some cookies to ensure the operation of our website. Your consent to the processing of personal data is therefore not required in connection with the processing of these cookies.
| Legal basis | Legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The main legitimate interest is to ensure the proper and error-free operation of the website |
| Category of persons concerned | Website visitors |
| Category of personal data | A unique identifier that is part of the cookie |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, the website administrator |
| Time limit for erasure | More information is available in the cookie bar, category Details/Needed |
| Transfer to third countries | Not implemented |
Statistics
Statistical cookies help us understand how we interact with website visitors by collecting and reporting information anonymously.
| Legal basis | Consent of the data subject within the meaning of Article 6(1)(a) of the GDPR |
| Category of persons concerned | Website visitors |
| Category of personal data | A unique identifier that is part of the cookie |
| Categories of beneficiaries | Authorised persons in a contractual relationship with the controller, the website administrator |
| Time limit for erasure | More information is available in the cookie bar, category Details/Statistics |
| Transfer to third countries | The controller does not directly transfer personal data to third countries or international organisations, but its partners may do so |
10.2. How to give/revoke consent to the processing of personal data?
We can only process statistical cookies provided that you give us your free consent to such processing. You can consent to processing by "clicking" in the cookie bar depending on your preferred settings. You can withdraw your consent by "clicking" again in the cookie bar, depending on your preference to stop the processing of selected cookies. If you wish to modify your cookie settings at a later date, including withdrawing your consent, you may do so at any time by clicking on the "Change your consent" link.
10.3. How can you manage cookies?
You can manage the cookies set and used on our website by selecting your preferred setting in the cookie consent panel. If you wish to modify your cookie settings at a later date, including by removing your consent to cookies, you may do so at any time by clicking on the "Change your consent" link or by using your browser. Cookies set as a result of previous choices will remain stored in your browser, but will not be used after you revoke your consent. You can view or delete these cookies manually in your browser settings.
Removing cookies from your device
By clearing your browsing history in your browser, you can delete all cookies that are on your device. However, in this case you may lose some of the information stored.
Blocking
You can set most modern browsers to prevent all cookies from being stored on your device, but in this case you may need to manually adjust some preferences each time you visit a website. In addition, some services and features may not work properly at all.