GDPR

PUT YOUR DATA IN HANDS OF LEADERS

And keep personal data under control

Find out more

ENERGY AUDITS AND CERTIFICATES, ENERGY SERVICE

OPTIMIZE YOUR ENERGY COSTS

Energy audits for large and industrial enterprises, audits for grants4

Find out more

Privacy policy

Privacy policy

 

The following information relates to the processing of personal data of the data subjects pursuant to Art. 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation") by PROENERGY, s. r. o., Priemyselná 1, 031 01 Liptovský Mikuláš, ID: 43 965 849, email contact: proenergy@proenergy.sk, telephone contact: +421 948 044 466 (hereinafter referred to as the "Controller"). The Controller has determined the purpose and means of the processing of personal data and has transparently identified his respective responsibilities for fulfilling the obligations under the Regulation, in particular as regards the exercise of the data subject's rights and his obligations to provide information referred to in Articles 13 and 14 of the Regulation. This information aims to provide knowledge about what personal data the Controller process, how he deal with it, for which purposes he use it, to whom he can provide it, where can the data subject obtain information about personal data and enforce his/her rights in the processing of personal data.

 

 

Article 1     Accounting

 

1.             Purpose of personal data processing and legal basis for processing

The purpose of the personal data processing is processing of the accounting documents of the data subjects when implementing and performing pre-contractual and contractual relationships.

 

Personal data are processed pursuant to Article 6 point 1(b) of the Regulation, Civil Code, Commercial Code, Act No. 222/2004 Coll. On Value Added Tax as amended (Paragraph 74), Act No. 431/2002 Coll. On Accounting as amended.

 

The processing of personal data for a purpose of the legitimate interests of the Controller or third party does not apply.

 

2.             Identification of processed personal data of the data subjects

Data subjects, whose personal data are processed are clients/Controller's contractors

 

The extent of processed personal data: the name and surname of the taxable person or the name of the taxable person, the address of its registered office, the place of business, the place of residence or the address of the place of usual residence and the tax identification number of the taxable person which was used to  provide service or goods or name or surname of the recipient of the service or goods; the place of business of the recipient, the place of his residence or the address of the place where he usually resides and his tax identification number for the tax under which the goods were supplied or under which the service was provided to him, company registration number, VAT Number, bank account number, signature.

 

3.             Identification of recipients, categories of recipients

The Controller may provide personal data to the authorized entities, such as institutions and organizations, under a specific legal regulation or to the contractors (especially the data Processors) who have undertaken to accept reasonable safeguards for the protection of the processed personal data, as follows:

 

Tax Office

 

Act No. 595/2003 Coll. On Income Tax Act as amended

Act No. 222/2004 Coll. On Value Added Tax as amended

Act No. 563/2009 Coll. On Tax Administration (Tax Procedure Code) as amended

Other authorized entity

Generally binding legal regulation pursuant to Article 6 point 1(c) of the Regulation

Contractor (based on a contract)

 

Financon, s. r. o., Priemyselná 1, 031 01 Liptovský Mikuláš, ID: 36 366 714

Article 28 of the Regulation

 

- providing processing of accounting documents

Personal data may be provided to other recipients if the data subject consents or orders to provide his/her personal data to them.

 

4.             Transfer of personal data to third country/international organization

Transfer of personal data to third countries or international organizations does not apply.

 

5.             Identification of the source of which the data were collected

Directly from the data subject (in person, by email, phone call, through the website of the Controller).

 

6.             The retention period of personal data

The Controller shall process the personal data for the period necessary to fulfill the purpose, but maximum for the period of 10 years.

 

7.             Profiling

The Controller does not process the personal data by profiling, or by other similar means based on automated individual decision-making.

 

8.             Rights of the data subject

The data subject shall have the right to request from the Controller the access to processed personal data concerning him/her, the right to rectification of personal data, the right to personal data erasure or restriction, the right to object to the processing of personal data, the right not to be subject to a decision based solely on automated processing, including profiling, the right to data portability as well as the right to initiate the proceeding to supervisory authority. When the Controller processes the personal data based on data subject's consent, the data subject shall have the right to withdraw his or her consent to processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The data subject can exercise his/her rights by sending an e-mail to e-mail address: proenergy@proenergy.sk, or by sending the letter to the address of the Controller.

 

9.             Obligation to provide personal data

The provision of personal data is a legal requirement/contractual requirement or the requirement that is needed to conclude the contract. The data subject has the obligation to provide personal data; if he/she refuses to do so, the Controller does not guarantee the processing of the accounting documents.

 

 

Article 2    Evidence of business partners

 

1.             Purpose of personal data processing and legal basis for processing

The purpose of the personal data processing is evidence of data subjects of business partners/potential business partners of the Controller.

 

Personal data are processed pursuant to Article 6 point 1(f) of the Regulation if the data subject is an employee of business partner/potential business partner.

 

Personal data are processed pursuant to Article 6 point 1(b) of the Regulation if the data subject is a statutory body or a person acting on behalf of business partner/potential business partner.

 

The processing of personal data for a purpose of the legitimate interests of the Controller is applied.

 

2.             Identification of processed personal data of the data subjects

Data subjects, whose personal data are processed are employees of business partners/potential business partners of the Controller or statutory body or a person acting on behalf of business partner/potential business partner.

 

The scope of processed personal data: title, name, surname, job, service or administrative position, department, place of work, telephone number, fax number or electronic address of workplace, identification of employer.

 

3.             Identification of recipients, categories of recipients

The Controller may provide personal data to the authorized entities, such as institutions and organizations, under a specific legal regulation or to the contractors (especially the data Processors) who have undertaken to accept reasonable safeguards for the protection of the processed personal data, as follows:

 

Other authorized entity

Generally binding legal regulation pursuant to Article 6 point 1(c) of the Regulation

Personal data may be provided to other recipients if the data subject consents or orders to provide his/her personal data to them.

 

4.             Transfer of personal data to third country/international organization

Transfer of personal data to third countries or international organizations does not apply.

 

5.             Identification of the source of which the data were collected

Directly from the data subject or his/her employer.

 

6.             The retention period of personal data

The Controller shall process the personal data for the period necessary to fulfil the purpose, but for a maximum of one year after the termination of purpose.

 

7.             Profiling

The Controller does not process the personal data by profiling, or by other similar means based on automated individual decision-making.

 

8.             Rights of the data subject

The data subject shall have the right to request from the Controller the access to processed personal data concerning him/her, the right to rectification of personal data, the right to personal data erasure or restriction, the right to object to the processing of personal data, the right not to be subject to a decision based solely on automated processing, including profiling, the right to data portability as well as the right to initiate the proceeding to supervisory authority. When the Controller processes the personal data based on data subject's consent, the data subject shall have the right to withdraw his or her consent to processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The data subject can exercise his/her rights by sending an e-mail to e-mail address: proenergy@proenergy.sk, or by sending the letter to the address of the Controller.

 

9.             Obligation to provide personal data

The provision of personal data is a contractual requirement, processing of personal data is necessary. In the case of non-disclosure of personal data, the contractual relationship with the data subject or with statutory body or a data subject acting on behalf of company he represents shall not be concluded. Data subject has the obligation to provide true personal information, in the event of non-disclosure, he/she violates the Regulation.

 

 

Article 3    Registry administration

 

1.             Purpose of personal data processing and legal basis for processing

The purpose of the personal data processing is registry administration and management of communication of the Controller with public authorities.

 

Personal data are processed pursuant to: Act No. 395/2002 Coll. on Archives and Registries and on the amendment of certain other Acts and Act No. 305/2013 Coll., as amended.

 

The processing of personal data for a purpose of the legitimate interests of the Controller or third party does not apply.

 

2.             Identification of processed personal data of the data subjects

Data subjects, whose personal data are processed are senders and recipients of the correspondence.

 

The extent of processed personal data: title, name, surname, signature, address, e-mail, telephone number, the extent of communication pursuant to No. 305/2013 Coll.

 

3.             Identification of recipients, categories of recipients

The Controller may provide personal data to the authorized entities, such as institutions and organizations, under a specific legal regulation or to the contractors (especially the data Processors) who have undertaken to accept reasonable safeguards for the protection of the processed personal data, as follows:

 

Ministry of Interior of Slovak Republic

Act No. 395/2002 Coll. on Archives and Registries and on the amendment of certain other Acts

Other authorized entity

Generally binding legal regulation pursuant to Article 6 point 1(c) of the Regulation

Contractor (based on a contract)

 

Financon, s. r. o., Priemyselná 1, 031 01 Liptovský Mikuláš, ID: 36 366 714

Article 28 of the Regulation

 

- archiving company

Personal data may be provided to other recipients if the data subject consents or orders to provide his/her personal data to them.

 

4.             Transfer of personal data to third country/international organization

Transfer of personal data to third countries or international organizations does not apply.

 

5.             Identification of the source of which the data were collected

Directly from the data subject.

 

6.             The retention period of personal data

The Controller shall process the personal data for the period necessary to fulfill the purpose, but maximum for the period of 10 years.

 

7.             Profiling

The Controller does not process the personal data by profiling, or by other similar means based on automated individual decision-making.

 

8.             Rights of the data subject

The data subject shall have the right to request from the Controller the access to processed personal data concerning him/her, the right to rectification of personal data, the right to personal data erasure or restriction, the right to object to the processing of personal data, the right not to be subject to a decision based solely on automated processing, including profiling, the right to data portability as well as the right to initiate the proceeding to supervisory authority. When the Controller processes the personal data based on data subject's consent, the data subject shall have the right to withdraw his or her consent to processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The data subject can exercise his/her rights by sending an e-mail to e-mail address: proenergy@proenergy.sk, or by sending the letter to the address of the Controller.

 

9.             Obligation to provide personal data

The provision of personal data is a legal requirement, processing of personal data is compulsory. The data subject has the obligation to provide personal data and its refusal is considered to be a breach of law.

 

 

Article 4    Marketing

 

1.             Purpose of personal data processing and legal basis for processing

The purpose of the personal data processing is marketing purposes (information about news, discounts and other marketing offers).

 

Personal data are processed for the purposes of the legitimate interests of the Controller pursuant to Article 6 point 1(f) of the Regulation.

 

The processing of personal data for a purpose of the legitimate interests of the Controller is applied.

 

2.             Identification of processed personal data of the data subjects

Data subjects, whose personal data are processed are clients/customers/potential customers.

 

The extent of processed personal data: title, name, surname, email address, telephone number, work position.

 

3.             Identification of recipients, categories of recipients

The Controller may provide personal data to the authorized entities, such as institutions and organizations, under a specific legal regulation or to the contractors (especially the data Processors) who have undertaken to accept reasonable safeguards for the protection of the processed personal data, as follows:

 

Other authorized entity

Generally binding legal regulation pursuant to Article 6 point 1(c) of the Regulation

Personal data may be provided to other recipients if the data subject consents or orders to provide his/her personal data to them.

 

4.             Transfer of personal data to third country/international organization

Transfer of personal data to third countries or international organizations does not apply.

 

5.             Identification of the source of which the data were collected

Directly from the data subject (in person, by email, phone call, through the website of the Controller)

 

6.             The retention period of personal data

The Controller shall process the personal data for the period necessary to fulfill the purpose, but for a maximum of 5 years from the date of its acquisition.

 

7.             Profiling

The Controller does not process the personal data by profiling, or by other similar means based on automated individual decision-making.

 

8.             Rights of the data subject

The data subject shall have the right to request from the Controller the access to processed personal data concerning him/her, the right to rectification of personal data, the right to personal data erasure or restriction, the right to object to the processing of personal data, the right not to be subject to a decision based solely on automated processing, including profiling, the right to data portability as well as the right to initiate the proceeding to supervisory authority. When the Controller processes the personal data based on data subject's consent, the data subject shall have the right to withdraw his or her consent to processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The data subject can exercise his/her rights by sending an e-mail to e-mail address: proenergy@proenergy.sk, or by sending the letter to the address of the Controller.

 

9.             Obligation to provide personal data

The data subject provides his/her personal data voluntarily, and in the future he/she expects to be informed about various marketing activities (information about news, discounts and other marketing offers) related to the purchased or procured service or goods. If personal data are not provided, data subject will not be informed about news, discounts or other marketing offers and at the same time data subject could not be provided with the service or goods he/she procures.