GDPR
Personal data protection is a particularly high priority for the management of Sandberg Capital, správ. spol., a.s. The use of our website (www.sandbergcapital.com) is possible without indication of any personal details. However, if personal data processing is necessary and there is no legal basis for said processing, we generally obtain a consent from the person concerned.
Processing of personal details, such as name, address, e-mail address or phone number of the concerned person, must always be in accordance with the General Data Protection Regulation (GDPR) and in accordance with special data protection for individual countries relating to Sandberg Capital, správ. spol., a.s. We want to inform the general public about the nature, extent and purposes of the personal data we collect, use and process. In addition, the concerned persons are hereby informed of the data protection and the rights to which they are entitled.
As an operator, Sandberg Capital, správ. spol., a.s. has introduced a number of technical and organizational measures to ensure full protection of personal data processed through this website. In principle, internet traffic may have security gaps, so absolute protection may not be guaranteed. For this reason, any data provider may freely transfer personal data through alternative means, e.g. by phone.
Basic definitions
- The company Sandberg Capital, správ. spol., a.s. is the personal details administrator, which processes personal data alone or which uses services of personal data processors for this purpose.
- Personal details represent all information about the identified or identifiable natural person (hereinafter referred to as the “data subject”); identifiable natural person is a natural person, who may be identified directly or indirectly.
- Data subjects in relation to the Company are always primarily clients.
- The processing of personal data is any operation or set of operations with personal data or sets of personal data which is carried out using automated procedures such as collecting, recording, arranging, structuring, storing, adapting or altering, searching, inspecting, etc.
- The processor of personal data in the context of said directive is any natural person or legal entity, public authority body, agency or another entity, which processes personal data for the Company as the personal data administrator.
- The recipient of personal data is a natural person or legal entity, public authority body, agency or another entity, to which the personal data is provided, either it is a third party or else. However, public authority bodies, which may obtain personal data within special investigation in accordance with the law of the Slovak Republic, shall not be considered as recipient.
- Third party is a natural person or legal entity, public authority body, agency or another entity, which is not the data subject, administrator, processor.
Name and address of the operator
For purposes of the general regulation GDPR, other laws on personal data protection valid in member states of the European Union and other provisions related to data protection, the operator is:
Sandberg Capital, správ. spol., a.s.
Dvořákovo nábrežie 8
811 02 Bratislava
Slovak Republic.
Phone: +421 2 59 418 181
E-mail: info@sandbergcapital.com
Website: www.sandbergcapital.com
Personal data protection principles
The company Sandberg Capital, správ. spol., a.s.
- processes personal data in relation to data subjects correctly, legally and transparently;
- collects personal data only for certain, clear and lawful purposes and does not process them in the manner, which is irreconcilable with said purposes (further processing for purposes of archiving in public interest, for purposes of scientific or historical research or for statistical purposes shall not be considered as irreconcilable with original purposes);
- processes only such personal data which are reasonable, relevant and limited to a necessary extent in relation to the purpose for which they are processed;
- processes only such personal data which are accurate and updated when needed;
for this purpose the Company shall take all necessary measures so that the inaccurate personal data, with respect to purposes for which they are processed, are forthwith deleted or adjusted; - shall store the personal data in the form allowing identification of the concerned person for the period not longer than necessary for purposes, for which they are processed;
- processes personal data in a manner that ensures that personal data are adequately safeguarded, including their protection by appropriate technical or organizational measures against unauthorized processing and accidental loss, destruction or damage.
We can process data about using our websites and services (i.e. usage data). Usage data may contain your IP address, geographic location, web browser and its version, operating system, reference source, visit length, page views, and page navigation paths, as well as timing, frequency, and usage patterns of our service. The Google Analytics service is the source of usage data (see below for more information about Google Analytics). These usage data may be processed for purposes of usage analysis of websites and services. Legal basis of said processing is the consent and our legitimate interests, i.e. monitoring and improving our websites and services.
We can process information (i.e. contact details) contained in or connected to any communication, in which you send us contact details. Correspondence data may contain communication contents and metadata connected to the communication. Correspondence data may be processed for purposes of communication with you and records keeping. Legal basis for said processing are our legitimate interests, i.e. duly administration of our websites and enterprise and communication with users and / or performance of contract between you and us and / or steps leading to contract conclusion.
We can process any your personal data stated in these rules, if it is necessary for creation, exercise or defense of legal claims, either in litigations or in administrative or extrajudicial proceeding. Legal basis for said processing are our legitimate interests, i.e. protection and enforcement of our legal rights, your legal rights and legal rights of others.
We can also process any your personal data, if said processing is necessary for fulfilment of a legal obligation to which we are subject or for protection of our life interests or life interests of other natural person.
The company Sandberg Capital, správ. spol., a.s. will use only such processors for personal data processing, which provide sufficient guarantees of ensuring appropriate technical and organizational measures so that said processing fulfils requirements of the Regulation and so that the protection of rights of concerned persons is ensured. The company shall be responsible for compliance with all the above stated principles and it shall be able to substantiate compliance with these principles in accordance with the GDPR regulation.
As a responsible company, we do not use automatic decision making or profiling.
Rights of concerned persons
Right to access personal data – The client shall be entitled to request from the company Sandberg Capital, správ. spol., a.s. access to his personal data, especially the client shall be entitled to request information on processing of his personal data always containing at least the notice about the purpose of personal data processing, extent and contents of personal data (e.g. with a list), or about categories of personal data, which are subject to processing, including all available information about their source, nature of automated processing in relation to its use for decision-making, if any acts or decisions, the contents of which is intervention to right and legitimate interests of the data subject, are performed or carried out on the basis of this processing.
Right to correction of personal data – The client shall be entitled to raise objection against an incorrect or unauthorized processing of personal data and shall be entitled to demand correction or of this personal data or that the personal data are supplemented. In said case the company Sandberg Capital, správ. spol., a.s. shall be obliged to inform the recipient about the request of the data subject without undue delay.
Right to personal data portability – The client shall have the right to obtain the personal data processed about him by the company Sandberg Capital, správ. spol., a.s., in a structured, commonly used and machine-readable format and the client shall have the right to transfer these personal data to the other operator,
- if technologically possible
- if personal data are processed with the consent of the concerned person or if the personal data processing is necessary for duly fulfilment of rights and obligations resulting for the company in a contractual relationship with the Client and
- if personal data processing is carried out by automated means.
Rights in case of breach of obligations set forth by the Act on Personal Data Protection – in case of breach of obligations of the company Sandberg Capital, správ. spol., a.s. related to collecting or processing such personal data, the Client shall be entitled to demand from the company to explain its actions, to refrain from such actions, to remove such condition or to provide, at its own costs, an apology or other atonement, to ensure that the personal data are blocked or liquidated (except for personal data, which the company is obliged to collect and process on the basis of the law), to pay a monetary consideration, if the right of a person for human dignity, personal honour, good reputation or the right for name protection is violated, or the Client shall claim the damages resulted by the breach of obligations of the Company in relation to personal data processing. The Client shall be further entitled to submit a motion for commencement of proceeding on personal data protection at the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, https://dataprotection.gov.sk/uoou/.
With regards to the above stated rights of the Client, the company shall be obliged to forthwith inform the Client about blockage, corrections, supplements or liquidation of its personal data, to provide the Client necessary cooperation and explanation
Personal data protection in relation to the application and using of the Google Analytics service (with anonymizer function)
The operator has integrated the Google Analytics component (with anonymizer function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, acquisition, and analysis of behavioural data about website visitors. The web analysis service collects, among other things, data about the websites from which a person came (the so-called referrer) about the subpages visited, how often and how long the subpage was viewed. Web analysis is especially used for optimizing websites and analysing costs and benefits of internet advertisements.
The Google Analytics component is operated by Google Inc., 1600 AmphitheaterPkwy, MountainView, CA 94043-1351, United States of America. The regulator uses the “gat.anonymizeIp” application for web analysis through Google Analytics. Through this request, Google will shorten the IP address of the data subject’s Internet connection and anonymize it when accessing our website from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the traffic to our website. Among other things, Google uses the collected data and information to evaluate the use of our websites and to provide online reports that show activities on our websites and provide us with other services related to the use of our website.
Google Analytics places the cookie file on the data subject’s information technology system. Generally, cookies can be defined as text files that are stored on your computer via an internet browser. The cookie setting allows Google to analyse the use of our websites. Each time one of the pages of this website provided by the operator that has been integrated with Google Analytics is launched, the data subject’s IT system web browser automatically submits data through the Google Analytics component for online advertising and settlement of commission to Google. Throughout the course of this procedure, Google obtains information about personal data, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and then to create commissions.
Cookies are used to store personal data, such as time of access, the location from which access was made, and the frequency of visits of data subjects to our websites. Every time a person visits our website, personal information, including the IP address of the concerned person’s internet access, is sent to Google in the United States of America. Google stores these data in the United States of America. Google may hand over the personal data collected by said technological procedure to third parties
The data subject may prevent the cookies setting on our website at any time by appropriately modifying the web browser in use, thereby permanently denying the cookie setting. Such modification of the used internet browser would also prevent Google Analytics from setting a cookie on the data subject’s information technology system. In addition, cookies already used by Google Analytics may be removed at any time through a web browser or other software.
Except for that, the data subject has the opportunity to raise objections against the collection of data generated by Google Analytics related to the use of these websites as well as the processing of this data by Google. For this reason, the data subject must download the browser add-on from the following the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on informs Google Analytics via JavaScript that all data and information about the website visits may not be transferred to Google Analytics. Installing browser add-ons is considered as an objection to the company Google. If the data subject´s information system is later deleted, formatted or newly installed, the data subject must install the browser add-ons to disable Google Analytics once again. If the data subject or any other person uninstalls the browser add-on attributable to their competence or if the add-on is turned off, the browser add-ons can be reinstalled or reactivated. Additional information and applicable provisions on data protection of Google may be obtained on the website https://www.google.com/intl/sk/policies/privacy/ and http://www.google.com/analytics/terms/us.html. Google Analytics is further explained on the following address https://www.google.com/analytics/.
Legal basis for processing
Art. 6 Sec. 1 letter a) of the GDPR regulation serves as the legal basis for processing operations, for which we obtain approval for a specific processing purpose. If processing of personal data is necessary for performance of a contract, of which the concerned person is a part, e.g. the case where processing operations necessary for provision of any service, the processing shall be on the basis of Article 6 Sec. 1 letter b) of the GDPR regulation. The same applies for said processing operations, which are necessary for performing pre-contractual measures, such as in case of matters related to services. Sandberg Capital, správ. spol., a.s. is subject to legal obligations, which is the personal data processing, e.g. for fulfilment of tax obligations, processing is based on Art. 6 Sec. 1 letter c) of the GDPR regulation. At last, the processing operations might be based on Article 6 Sec. 1 letter f) of GDPR. This legal basis is used for processing operations, to which none of the above stated legal bases applies, if the processing is necessary for purposes of legitimate interests of the company or a third party, except for the case, when such interests exceed interests or general rights and freedom of the concerned person required by the personal data protection.
Period for which the personal data will be stored
The relevant legal period for storing of data is the criterion for determining the storing period of personal data. After the period ends, the relevant data shall normally be deleted if they are no longer necessary for performance of a contract or for commencement of a contract. Personal usage data shall be kept for a maximum of 10 years.