• We respect and protect the personal data[1] of data subjects with whom we come into contact.
• Protecting your privacy when processing your personal data is important to us. For this reason, we have prepared this document, which sets out information on the processing of your personal data, including the basic principles of data protection. In this document, we provide you with all the information you need to be familiar with what personal data we collect, for what purposes we process it, with whom we share it, what your rights are, and how you can contact us if you have further questions about the processing of your personal data.
• We encourage you to read this document, which we believe will reassure you that your personal data will only be processed to the extent necessary, securely and professionally.
• If there is any change regarding personal data processing, we will inform you by updating this document published on our website. For this reason, we recommend that you visit our website regularly and familiarise yourself with the current version of “Information on Personal Data Processing”.
• The basis for our protection of personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and the relevant provisions of Act No. 18/2018 Coll. on the protection of personal data, as amended (hereinafter referred to as “Act”).
• We only process personal data to the extent necessary and to achieve a specific purpose of processing. This purpose is always defined prior to the actual collection of personal data, and without the processing of personal data this legitimate purpose could not be achieved.

 

(hereinafter referred to as “Controller”)

• The processing of personal data by us as the Controller occurs in connection with the provision of our services, i.e. the provision of consulting, brokerage and representation of clients in the purchase, sale and lease of commercial properties and premises (hereinafter referred to as “Services”). We specialise in selling commercial properties on a unit-by-unit basis for smaller companies and investors.

• We collect personal data from you in the following ways:
  • Directly from you as our clients when concluding contracts;
  • From persons who have voluntarily provided us with their personal data and have given us consent to process it (by e-mail, by special consent, via the website, in a viewing record, etc.)

• The following categories of personal data may be processed in the provision of our services:
  • Identification details such as your title, name, surname, date of birth, birth certificate number, ID card number;
  • Contact details such as permanent address, email and telephone/mobile number;
  • If you are a self-employed natural person, we may also process your data such as your company ID, tax ID, VAT ID, business name and place of business;
  • Data of persons acting on behalf of legal persons, such as personal data of managing directors, members of the board of directors, authorised persons;
  • Data relating to your employment – for example, the job title of the employee;
  • Data related to the use of our website, such as cookies, provided that they are linked to a specific natural person and that they can be used to identify that person;
  • IP address assignment data;
  • Information about you from other users – we may collect information about you from other users, for example, when they contact us about you, such as when they alert us to any of your actions or recommend you as a potential user of our services.

• We always collect personal data from you for a specific, predetermined purpose. As our range of services is broad, we collect personal data for a variety of purposes. These purposes are:
  • The provision of our services – the data we collect from you in order to be able to provide you with our services, i.e. we conclude various types of contracts with you, such as property sale and lease contracts, property management contracts, etc;
  • Invoicing – personal data is processed for the purpose of issuing invoices and for the purpose of receiving and recording payments or receivables;
  • Communication with you;
  • Direct marketing if your consent is obtained;
  • Promotional activity / presentation – your personal data is collected if you participate in a promotional activity / presentation;
  • Recruitment campaign – we process your personal data if you are interested in a job and in connection with approaching you as a potential employee;
  • Quantitative and qualitative market research;
  • We also use your data to try to innovate our services – for example, when we identify a need for service improvement based on your suggestions, or when we see a demand for a new service or assess the need for greater user protection, etc. The data we collect from existing services helps us to develop new services;
  • To secure and manage participation in competitions we organise.

• We process your personal data on the following legal bases:
  • Article 6(1)(a) of GDPR – Consent – your consent is required for the fulfilment of any purpose. Consent is given as a clear expression of will, which is a free, specific, informed and unambiguous expression of your consent to the processing of personal data concerning you.
  • Article 6(1)(b) of GDPR – Contract Performance – personal data processing is necessary for the performance of a contract to which you, as the data subject, are a party or for the performance of pre-contractual steps at your request. It is also possible that we process your data in order to comply with our obligations under a contract with our contractual partner who processes your personal data and who is the controller of your personal data under GDPR.
  • Article 6(1)(c) of GDPR – processing is necessary for compliance with our legal obligation. We may also process and archive your personal data because we are obliged to do so directly under generally binding legal regulations.
  • Article 6(1)(f) of GDPR – personal data processing is necessary for the purposes of our legitimate interests. Before processing personal data on this legal basis, we will always consider whether such processing would constitute a disproportionate interference with your rights.

• In some cases, we may need to transfer the personal data you have provided to us to other entities. We assure you that we will only transfer personal data to these entities where and to the extent necessary. Such entities are bound by confidentiality, even after the end of cooperation with them, and we ensure that they are familiar with and respect the Information on Personal Data Processing. Please note that the categories of recipients may change depending on the specific purpose of personal data processing.
• Categories of personal data recipients:
  • Authorised persons within our company, parent companies and subsidiaries who have access to personal data and are bound by confidentiality obligations, which continue even after their cooperation with us has ended;
  • Our contractual partners – based on our instructions, your personal data is processed by our contractual partners to the extent necessary for the stated purpose. We assure you that when selecting our contractual partners we acted in accordance with GDPR and the Act, and we have entrusted personal data processing to a contractual partner who provides sufficient security, technical, organisational and personnel measures to ensure the protection of the rights of data subjects;
  • In order to comply with our obligations under the law and the requirements of public or other authorities, we also disclose your personal data to law enforcement authorities, courts, bailiffs, etc.

• In general, personal data will be processed by our company only for the necessary period and always for the period specified by applicable law. Further, the length of personal data retention depends on the purpose for which we process personal data.
• We retain the personal data provided to us for the purposes of the performance of the contract with you as the data subject for the entire duration of the contract and after the end of the contractual relationship until the expiry of all limitation periods relating to the rights and obligations related to the contract, otherwise always for a period of 10 years from the end of the contractual relationship. If a data subject makes any claim against us, or in the event of the initiation of judicial, administrative or other proceedings relating to a contract or a service provided on the basis thereof, we will process the necessary personal data of the data subject in order to protect our legitimate interests until the full and final settlement of all disputed claims, or until the final decision terminating the relevant proceedings and the expiry of the limitation period for the enforcement of the relevant final decision reached in the proceedings.
• If personal data processing is based on your consent, we process your personal data until you withdraw your consent, e.g. we process personal data collected for marketing purposes or via cookies for the duration of the consent for marketing purposes / consent to the use of cookies.

• We do not transfer your data to third countries. Our contractual partners with whom we work and to whom we provide personal data (as set out above) do not transfer personal data to third countries either.

• We care about the security of your personal data and only handle it in accordance with applicable law, including GDPR and the Act. We focus on the technical, organisational and personnel security of processed data.
• We store personal data in electronic form in databases and systems that we protect against any damage, destruction, loss or other misuse. They are only accessible to persons who, when handling personal data, need to take into account the purpose of personal data processing.
• We require all processors we use to comply with the same strict measures to ensure the security of personal data processing, based on concluded contracts for the processing of personal data in accordance with Article 28 of GDPR.
• The security measures adopted are subject to regular monitoring and are continuously adapted to the state of the art. Should a breach of your personal data protection occur, we will inform you without undue delay within 72 hours if such a breach of your personal data protection could lead to a high risk to your rights.

• As a data subject, you have the following rights in relation to personal data protection:

Right to withdraw consent: if the processing of your personal data is based on your consent as a data subject, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on the consent given prior to its withdrawal.

Right of access to personal data: you have the right to request confirmation as to whether personal data relating to you is processed and, if so, to obtain access to that personal data. You will be provided with a copy of the personal data processed. Any additional copies you request may be subject to a reasonable charge corresponding to the administrative costs.

If you make a request by electronic means, the information will be provided to you in a commonly used electronic format, unless you request a different method of provision.

Right to rectification: you have the right to have us correct incorrect personal data concerning you without undue delay. With regard to the purposes of processing, you as the data subject have the right to have incomplete personal data completed, including by providing a supplementary declaration.

Right to erasure (right “to be forgotten”): you have the right to have your personal data erased and no longer processed:

• If you have contested the accuracy of your personal data, during a period allowing the controller to verify the accuracy of your personal data;
• If the processing is unlawful and you object to the erasure of your personal data and request instead a restriction on its use;
• If we no longer need your personal data for the purposes of processing, but you as the data subject need them to establish, exercise or defend legal claims; or
• if you have objected to the processing of your personal data pursuant to Article 21(1) of GDPR, pending verification whether the legitimate grounds on the part of the controller outweigh your legitimate grounds as a data subject.

If you have obtained a restriction on the processing of personal data, the controller will inform you before the restriction on processing is lifted.

Right to transfer: if personal data processing is based on consent pursuant to Article 6(1)(a) of GDPR or Article 9(2)(a) of GDPR, or on a contract pursuant to Article 6(1)(b) of GDPR and by automated means, you have the option to obtain the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable and interoperable format. You also have the right to ask us to transfer your personal data to a controller of your choice.

In this regard, note that in this case we are not responsible for how you will process the personal data or how it will be processed by the company that receives the personal data. Data portability does not automatically lead to the deletion of data from our systems, nor does it affect the original retention period applicable to the transferred data.

Right to object: if you, as a data subject, believe that the processing of personal data is carried out in breach of the protection of your private and personal life or in breach of the law, you have the right to object to the processing of your personal data.

Right to lodge a complaint with a supervisory authority: if you believe that we process your personal data in breach of applicable law, you have the right to lodge a complaint with the public authority supervising the protection of personal data. This authority is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic, telephone: +421 /2/ 3231 3214; email: statny.dozor@pdp.gov.sk, website: https://dataprotection.gov.sk/.

• You can exercise the above rights by sending us an email to info@amigalgroup.sk and stating “Personal Data Protection” in the subject line.

• If you have any questions or comments regarding the processing of your personal data, please send us an email to info@amigalgroup.sk or call us on 0948 029 888.