Welcome to our website! Our goal is to develop the research and innovation environment in Slovakia and to connect research, development and innovation actors together with the public. The security of your personal data is of key importance to us. This document serves to provide information about the general rules for processing your personal data when using the Platform www.sovva.sk (hereinafter referred to as the “Platform”) and social media accounts, which are processed when using the Platform by the Slovak Organisation for Research and Development Activities, o. z. with registered office at Špitálska 10, 811 08 Bratislava, ID No.: 37929551 (hereinafter referred to as the “Controller”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.12.2016. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR Regulation”) and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts (hereinafter referred to as the “PDPA”). Please note that the specific conditions for processing your personal data depend on the purpose of the personal data processing.
However, we will be happy to provide you with any information regarding the handling of your personal data at info@sovva.sk
Personal data is information relating to a specific person who can be directly or indirectly identified, such as a first name, surname, identification number, location or online identifier, as well as other characteristics that relate to his or her identity, such as physiological, genetic, psychological, economic, cultural or social attributes.
The processing of personal data includes various operations or processes with that data, such as collecting, recording, organising, storing, modifying, retrieving, using, disclosing to third parties, moving, sharing or otherwise manipulating it, whether carried out manually or by computer systems.
We only process your personal data without your consent in cases where applicable law permits us to do so. You must provide us with the personal data you provide on the basis of a contract, a specific regulation or a legitimate interest, otherwise we will not be able to fulfil your or our obligations for the purpose.
We only process your personal data without your consent in the following cases and on the following legal bases:
PURPOSE OF PERSONAL DATA PROCESSING – To ensure the functionality and performance of the Operator’s website.
LEGAL BASIS – Art. 6(1)(f) GDPR – the legitimate interest of the Data Controller in the processing of the personal data of the data subjects
STORAGE TIME – automatic deletion
The legitimate interest of the Operator in ensuring the functionality and efficient performance of the website, which the data subjects can reasonably expect by visiting the website.
PURPOSE OF PROCESSING PERSONAL DATA – To create basic statistics on fanpage traffic and to improve awareness of the Operator and its activities.
LEGAL BASIS – Art. 6(1)(f) GDPR – the legitimate interest of the Data Controller in the processing of the personal data of the data subjects
STORAGE PERIOD – for the necessary period
Corrected Operator’s interest in raising awareness of Operator’s activities to improve fanpage content.
We may also process your personal data on the basis of your consent, which we may ask you for whenever we do so. Providing consent is voluntary, i.e. it is your choice whether or not to provide us with personal data. If you give us your consent, you may subsequently withdraw it at any time.
Only with your consent can we process your personal data in the following cases:
Provision of the data subject’s consent pursuant to Article 6(1)(a) GDPR
PURPOSE OF SHARING PERSONAL DATA – Sending newsletters and invitations to events organized by the Operator.
LEGAL BASIS – consent of the data subject
STORAGE PERIOD – 5 years
PURPOSE OF PERSONAL DATA PROCESSING – Overview of the number of participants at events organized by the Operator.
LEGAL BASIS – consent of the data subject
STORAGE PERIOD – 5 years
PURPOSE OF PERSONAL DATA PROCESSING – Overview of the number of participants at events organized by the Operator.
LEGAL BASIS – consent of the data subject
STORAGE PERIOD – The controller processes personal data for the period necessary to fulfil the purpose – the end of the competition. In the case of a separately granted consent, the controller may also publish the personal data of the data subject for a period of 2 months from the date of evaluation of the contest through the Platform on which the contest was implemented.
In some situations, we transfer your personal data to third countries outside the EU. When using our suppliers’ services in connection with online social networking activities and in connection with the use of the software products we provide, data is transferred to third countries – the United States of America (USA). Standard contractual clauses approved by the Commission are used for data transfers:
Facebook:
https://www.facebook.com/help/566994660333381?ref=dp
LinkedIn:
https://www.linkedin.com/legal/l/dpa
Google:
https://policies.google.com/privacy/frameworks?hl=en
4. Transfer to a third country
In order to improve the quality of marketing campaigns, the controller uses automated profiling. By profiling, we segment the offer(s) that may be of interest to you and are more profitable for you. In the case of profiling, we use the following systems Google Adwords, Facebook. Consent is not required for basic statistical data collection, e.g. by using the Google Analytics measurement code.
Is a set of numbers uniquely identifying a device on a computer network. An IP address can be regarded as data relating to an identifiable person from a data protection perspective. An IP address becomes personal data if:
a. The IP address is personal data if it is processed by the ISP together with another identification (name, email…).
b. static IP addresses used by natural persons/individuals are to be considered as personal data.
c. the dynamic IP address will be considered personal data if the online service provider processes, together with the dynamic IP address, other identifiers considered personal data (e.g. first name, last name, email, etc.).
d. In the case of storing the IP address on a website (e.g. WordPress editorial system for comments), you must choose an appropriate processing purpose or use pseudonymisation.
Your personal data is transmitted securely thanks to encryption. The SSL (Secure Socket Layer) encryption system is most commonly used for secure communication with web servers. The personal data in our systems as well as the website are secured by appropriate technical and organisational measures against loss, destruction, alteration and further dissemination of data by unauthorised persons.
Your personal data is secure because its processing is carried out automatically through our information systems and through appropriate technical and organisational measures to guarantee the security of personal data, including protection against unauthorised processing of personal data, accidental loss of personal data, erasure of personal data or damage to personal data.
In terms of the “GDPR”, we have the status of controller, which means that it is our company that defines the purposes of the processing. In connection with our activities, your personal data may be transferred or disclosed to other entities, either as an independent controller or as a processor. As a controller, we ensure that all those to whom your personal data is transferred maintain a high standard of protection and have adequate personnel, technical, organisational and professional competence. In no case shall we provide personal data to a subject where this standard is not ensured.
9. Links to other sites
The Platform may contain links to our partners’ websites and other websites that are not operated by us. If you click on a link to a third party website, you will be redirected to that website. We strongly encourage you to read the privacy policy for each website you visit.
You have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, Slovak Republic, www.uoou.sk. However, please be advised that in certain circumstances, in particular where requests are manifestly unfounded or unreasonable, we may refuse your request or charge you a reasonable fee.
a) Right of access to personal data
You have the right to access and obtain a copy of your personal data. If we process your personal data, we will provide you with information about what data we process about you, for what purpose, to whom we have provided your personal data, whether it has been transferred to a third country, and how long we will keep the data. If you request a copy by electronic means, we will provide you with the information in a commonly used electronic format unless you request otherwise.
b) Right to rectification of personal data
If your personal data is incorrect, you have the right to have it corrected. If it is incomplete, you have the right to complete it. You can correct or complete your personal data in your Profile settings, or you can ask us to correct it.
c) Right to restriction of processing of personal data
You have the right to restrict processing in the cases specified by the Personal Data Protection Act, for example, until they are corrected (or verified for accuracy), or if the processing of personal data is unlawful and you request a restriction on their use instead of deletion, or if we no longer need the personal data for the purpose of their processing, but you need them to assert a legal claim.
d) Right to erasure of personal data (to be forgotten)
You have the right to erasure of data in the cases specified by the OU Protection Act, unless this right is restricted by law. The right to erasure applies, for example, if your personal data is no longer necessary for the purposes for which it was collected or if you withdraw your consent to the processing of your personal data and there is no other legal basis for processing it.
(e) Right to portability of personal data
If we process data on the basis of your consent or a contract and the processing of personal data is carried out by automated means, you have the right to data portability (the right to obtain the data in a structured, commonly used, machine-readable format and the right to transfer it to another controller).
(f) Right to withdraw consent
If we process your personal data on the basis of your consent, you have the right to withdraw your consent to the processing of your personal data at any time.
(g) Right to bring an action for data protection
If you feel that your rights have been affected, you may file a petition with the Office for Personal Data Protection of the Slovak Republic for personal data protection proceedings pursuant to § 100 et seq. of the Personal Data Protection Act.
h) Right to object to the processing of personal data
Pursuant to Section 27(3) of the Data Protection Act, we expressly notify you of your right to object to the processing of personal data concerning you (i) on grounds relating to your particular situation carried out pursuant to Section 13(1)(e) (processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller) or (ii) on grounds relating to your particular situation carried out pursuant to Section 13(1)(e) (processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller) or (iii). (f) (processing of personal data is necessary for the purpose of the legitimate interests of the controller or of a third party) of the OU Protection Act, including profiling based on these provisions, and (ii) for the purpose of direct marketing, including profiling to the extent that it is related to direct marketing.
You can exercise your rights in writing at the address: the Slovak Organisation for Research and Development Activities, o. z. Špitálska 2209/10 81108 Bratislava – the Old Town district, by telephone, by e-mail at info@sovva.sk. The Controller may ask you to provide additional information necessary to confirm your identity.
Our services are also for people under 16 years of age. If you are under 16, please ask your legal guardian (parent) for consent to the processing of your personal data. If we become aware that we have collected personal information from persons under the age of 16 without verifying parental consent, we will take steps to remove that information from our servers and databases.
If you have any questions or comments regarding the processing of your personal data, you can contact us and we will be happy to answer your questions.
Contact details of the operator:
Name of company: the Slovak Organisation for Research and Development Activities
Registered office/place of business: Špitálska 2209/10 81108 Bratislava – Staré Mesto
IČO: 379 295 51
Contact details: e – mail: info@sovva.sk
We respond to requests in paper or electronic form, usually in the same form as the request.
We will provide you with information on the measures taken on the basis of your request pursuant to Sections 21 to 28 of the OU Protection Act within one month of receipt of your request. However, we may extend this period by a further two months in justified cases, even repeatedly, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the extension.
Information pursuant to Sections 19 and 20 of the OU Protection Act and notifications and measures taken pursuant to Sections 21 to 28 and 41 of the OU Protection Act are generally provided free of charge. However, if your request is manifestly unfounded or unreasonable, in particular because of its repetitive nature, we may:
13. Change to the Terms and Conditions of Processing of Personal Data
We may change these Terms from time to time (particularly in the event of technological changes, if we have added new features to the Platform or changed existing features, or if legislation changes). The most recent and up-to-date version of the Terms will always be posted on the Platform together with its effective date.
By using the Platform after the effective date of such changes, we will assume that you are aware of the change to the Terms and the then-current version of the Terms in effect at the time you use the Platform.