Personal data protection
The companies Workcontrol sro and WorkcontrolEU sro process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as Act 18/2018 Coll. on the protection of personal data, as amended.
For information related to personal data protection for all companies, Workcontrol sro and WorkcontrolEU sro, please contact the responsible person:
email address: gdpr@workcontrol.sk
Definition of terms
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject") who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of personal data is any operation or set of operations which is performed on personal data, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, disclosure by means of personal data, restriction, erasure or destruction, whether or not by automated means.
Profiling is any form of automated processing of personal data which serves to evaluate certain personal aspects relating to a natural person.
Pseudonymization is the processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without the use of additional information, as long as such additional information is kept separately and appropriate technical and organizational measures are taken to secure it.
The controller for the purposes of this document is the companies Workcontrol sro and WorkcontrolEU sro
A processor is a natural or legal person who processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority or other entity to whom personal data are provided.
Principles of personal data processing by Workcontrol sro and WorkcontrolEU sro
The companies Workcontrol sro and WorkcontrolEU sro process the personal data of the data subjects in a lawful and transparent manner.
These are collected exclusively for legitimate purposes to a reasonable and precise extent and on the basis of defined legal bases.
The companies Workcontrol sro and WorkcontrolEU sro have designated technical and organizational measures to ensure adequate protection of personal data, in particular protection against unauthorized or unlawful processing, protection against damage or loss.
Lawfulness of Personal Data Processing by Workcontrol s.r.o. and WorkcontrolEU s.r.o.
The companies Workcontrol s.r.o. and WorkcontrolEU s.r.o. process personal data primarily for the purpose of concluding employment and non-employment relationships, the purpose of temporary assignment to a user employer, and payroll processing.
The legal basis for this processing lies in special laws within the labour law and payroll legislation, in particular, the Labour Code, the Act on Employment Services, the Act on Social Insurance, the Act on Health Insurance, the Income Tax Act, the Social Fund Act, the Act on Illegal Work, the Act on Travel Allowances, the Minimum Wage Act, the Act on Old-Age Retirement Savings, the Act on Supplementary Retirement Savings, the Act on Income Compensation, the Execution Code, the Act on the Protection, Promotion and Development of Public Health, the Act on Occupational Safety and Health (OSH), and others. This means that the processing of personal data is necessary for compliance with a legal obligation.
Another legal basis is a contractual and pre-contractual relationship with the data subject, particularly in connection with the conclusion of an employment relationship.
In the case of obtaining the data subject's consent, the scope and purpose of the personal data processing are defined in the consent provided by the data subject itself.
The personal data obtained are primarily processed for the purpose for which they were obtained.
Data Subject's Consent
In the case of obtaining and processing personal data based on the data subject's consent, the employee is informed of the purpose, scope, and duration of the consent before providing their data.
Consent may be withdrawn at any time in writing and delivered to the address of the employer to whom the consent was granted. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Categories of Personal Data Recipients
-
State and public administration bodies (Social Insurance Agency, health insurance companies, Financial Administration, Labour Inspectorates, Executors, Office of Labour, Social Affairs and Family, etc.)
-
Courts and law enforcement authorities
-
Supplementary retirement savings companies
-
Commercial insurance companies
-
Companies providing the companies' information and technical environment
-
Catering companies
-
Companies providing OSH services
-
User employers
-
Shredding companies
Personal Data Retention Period
After the purpose has ceased, personal data are processed and stored only to the necessary extent for the purposes of archiving, statistics, and in accordance with applicable legislation.
In the case of personal data obtained with the data subject's consent, the period of validity is defined in the specific consent.
Data Subject's Rights
The data subject has the right:
-
to request from the controller access to and the right to rectification, erasure, and restriction of personal data concerning the data subject. This data is provided in the form requested by the data subject.
-
to request from the controller information about the purposes of personal data processing, the categories of personal data concerned, the recipients of the personal data concerned, and the retention period of the personal data concerned.
-
to request the source if the personal data were not obtained directly from the data subject.
-
to request information about appropriate safeguards if the personal data are transferred to a third country.
-
to the immediate rectification of inaccurate personal data.
-
to the erasure of personal data, in cases where the processing is no longer necessary, if the data subject withdraws consent, if they object to the processing of personal data, if the data are processed unlawfully, if the personal data must be erased to comply with an obligation under a special law, or if the data were obtained in connection with an offer of services.
-
to the restriction of personal data processing if the data subject contests the accuracy of the personal data, if the processing is unlawful, or if the controller no longer needs the personal data for the purposes of processing.
-
to object to the processing of personal data.
-
to the portability of personal data.
-
to withdraw their consent at any time.
-
to lodge a proposal to initiate proceedings against the controller if their rights are affected.
-
to be informed whether the processing of their personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, and whether they are obliged to provide such data, and the possible consequences of not providing them.
-
to be informed about the existence of automated decision-making, including profiling, and about the anticipated consequences of such processing.
-
to be informed of a personal data breach without undue delay if it is likely to result in a high risk to the rights of the natural person.
-
to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic.
The controller is obliged to provide the data subject with answers based on the points above without undue delay and in any case within 1 month of receipt of the request. If necessary, this period may be extended by another 2 months. The controller is obliged to inform the data subject of such an extension.