At TatraLab s. r. o., we respect the privacy of all data subjects with whom we are in contact, regardless of whether we process personal data ourselves or through other entities. It is important to us that you know which personal data we process about you, why we do so, and what your rights are. We therefore invite you to read this Statement, which will provide you with further information about the processing of your personal data.
| Area | Activity | Types of Personal Data |
| Pre-archive Management | Pre-archive – document retention | Data such as title, first name, surname, address, telephone number, email address, business partner data, and similar. |
| Archive Management | Archive – document retention | Data such as title, first name, surname, address, telephone number, email address, business partner data, and similar. |
| Accounting Management System | Maintenance of accounting records | Data such as title, first name, surname, address, telephone number, email address, business partner data, billing data, delivery data, and similar. |
| Legal Affairs | Legal disputes | Data such as title, first name, surname, address, telephone number, email address, business partner data, billing data, delivery data, amount of claim, and similar. |
| Correspondence Management System | Correspondence | General personal data such as title, first name, surname, date of birth, address, email address, telephone number, business partner data and contact persons. |
| GDPR Administration | GDPR administration | Title, first name, surname, email address, telephone number, address, company, position. |
| Business Relationships | Contract conclusion | Business partner data, title, first name, surname, position, contact details, subject matter of contract and cooperation, signatures of statutory representatives. |
| Social Networks | Operation of social network profiles | First name, surname, username (nickname), activity on social networks such as messages, comments, and similar. |
TatraLab s. r. o. will process your personal data for the following purposes:
| Activity | Purpose | Legal Basis |
| Pre-archive – document retention | Pre-archive – compliance with statutory obligations | - Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract. - Processing is necessary for compliance with a legal obligation to which the controller is subject. |
| Archive – document retention | Archive – compliance with statutory obligations | - Processing is necessary for compliance with a legal obligation to which the controller is subject. |
| Maintenance of accounting records | Processing of accounting agenda in accordance with specific statutory instruments | - Processing is necessary for compliance with a legal obligation to which the controller is subject. |
| Legal disputes | Establishment, exercise or defence of legal claims (legal affairs) | - Processing is necessary for compliance with a legal obligation to which the controller is subject. - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. |
| Correspondence | Sending and receiving postal and electronic documentation | - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. - Processing is necessary for compliance with a legal obligation to which the controller is subject. |
| GDPR administration | Ensuring compliance of processes and settings involving the processing of personal data with applicable legislation, regular employee training and supervisory activities | - Processing is necessary for compliance with a legal obligation to which the controller is subject. |
| Contract conclusion | Conclusion of contracts with business and other partners | - Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract. - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. |
| Operation of social network profiles | Social networks – raising awareness of our company in the online environment | - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. |
Where we process your personal data on the legal basis of compliance with a legal obligation, the relevant statutory instruments may include the following:
| Name of Legal Instrument |
| Act No. 18/2018 Coll. – Act on Personal Data Protection and on amendment of certain acts |
| Act No. 161/2015 Coll. – Non-Contentious Civil Procedure Code |
| EU Regulation No. 2016/679 – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) |
| Act No. 297/2008 Coll. – Act on the Prevention of Legalisation of Proceeds of Criminal Activity and Terrorist Financing and on amendment of certain acts |
| Act No. 563/2009 Coll. – Act on Tax Administration (Tax Code) and on amendment of certain acts |
| Act No. 222/2004 Coll. – Act on Value Added Tax |
| Act No. 483/2001 Coll. – Act on Banks and on amendment of certain acts |
| Act No. 513/1991 Coll. – Commercial Code |
| Act No. 431/2002 Coll. – Act on Accounting |
| Act No. 233/1995 Coll. – Act of the National Council of the Slovak Republic on Judicial Enforcement Officers and Enforcement Activity (Enforcement Code) and on amendment of further acts |
| Act No. 71/1967 Coll. – Act on Administrative Proceedings (Administrative Procedure Code) |
| Act No. 595/2003 Coll. – Act on Income Tax |
| Act No. 162/2015 Coll. – Administrative Court Procedure Code |
| Act No. 301/2005 Coll. – Code of Criminal Procedure |
| Act No. 423/2015 Coll. – Act on Statutory Audit and on amendment of Act No. 431/2002 Coll. on Accounting, as amended |
| Act No. 160/2015 Coll. – Code of Civil Procedure |
TatraLab s. r. o., acting as controller, may share your personal data with third parties in the following cases:
| Activity | Purpose | Recipients |
| Pre-archive – document retention | Pre-archive – compliance with statutory obligations | - Tax Authority - Slovenská pošta (Slovak Post) - Health Insurance Company - Social Insurance Agency - Other state administration bodies |
| Archive – document retention | Archive – compliance with statutory obligations | - Tax Authority - Pension Insurance Company - Enforcement Officer's Office - Slovenská pošta (Slovak Post) - Social Insurance Agency - Courts of the Slovak Republic - Health Insurance Company - Slovak Police Force - Websupport s. r. o. |
| Maintenance of accounting records | Processing of accounting agenda in accordance with specific statutory instruments | - Tax Authority - Slovak Police Force - Courts of the Slovak Republic - Office of the Prosecutor General of the Slovak Republic - Seyfor, a. s. |
| Legal disputes | Establishment, exercise or defence of legal claims (legal affairs) | - Law firm - Slovak Police Force - Courts of the Slovak Republic - Office of the Prosecutor General of the Slovak Republic - Websupport s. r. o. |
| Correspondence | Sending and receiving postal and electronic documentation | - Tax Authority - Pension Insurance Company - Enforcement Officer's Office - Social Insurance Agency - Health Insurance Company - Slovenská pošta (Slovak Post) - Statistical Office - Other state administration bodies - Websupport s. r. o. |
| GDPR administration | Ensuring compliance of processes and settings involving the processing of personal data with applicable legislation, regular employee training and supervisory activities | - Office for Personal Data Protection - JUDICIUM s.r.o. |
| Contract conclusion | Conclusion of contracts with business and other partners | - Tax Authority - Websupport s. r. o. |
| Operation of social network profiles | Social networks – raising awareness of our company in the online environment | - Social network platforms |
In such cases, those third parties may process your personal data only for the stated purposes and solely in accordance with our instructions or applicable legislation. Our employees may also have access to your personal data. In such cases, access shall be granted only where necessary for the stated purposes and only to employees bound by a duty of confidentiality.
Your personal data will be accessed by authorised employees of TatraLab s. r. o. in the Slovak Republic, within the European Union and the European Economic Area. No processing of personal data outside the EU takes place.
We retain your personal data only for a limited period of time and will erase it when it is no longer necessary for the processing purposes set out in this Statement.
| Activity | Retention Period |
| Pre-archive – document retention | For a period of 1 year. |
| Archive – document retention | For a period of 10 years unless a specific statutory provision provides otherwise. |
| Maintenance of accounting records | For the current year and thereafter for a period of 10 years. |
| Legal disputes | For the duration of the litigation or out-of-court settlement, but no longer than until the extinction of the relevant claim by prescription or preclusion. |
| Correspondence | For a period of 2 years. |
| GDPR administration | For a minimum of 5 years following termination of the employee's employment contract; in the case of commercial relationships (processors), for the duration of the contractual relationship. |
| Contract conclusion | For the duration of the contract and thereafter for a period of 10 years. |
| Operation of social network profiles | Until the content is removed by the data subject, removed by us, until deletion of our profile, or upon a request by the data subject for erasure of personal data. Messages via social networks are routinely deleted once every 2 years. |
We may process your personal data for a longer period in the event of an ongoing legal dispute, or where you have granted us your consent.
Under data protection legislation, you have certain rights in relation to the processing of your personal data. The following sets out those rights and what they mean for you.
| Right of Access | You may request information about how we process your personal data, including information about:
You may also request a copy of the personal data we process about you. However, additional copies may be subject to a fee. |
| Right to Rectification | It is important that we hold accurate information about you, and we ask that you notify us if any of your personal data is incorrect — for example, if you have changed your name or moved address. |
| Right to Erasure | Where we are processing your personal data unlawfully — for example, where we are retaining it for longer than necessary or without justification — you may request that we erase such data. |
| Right to Restriction | From the moment you have requested rectification of your personal data, or have objected to our processing, and until we are able to investigate the matter or confirm the accuracy of your data (or amend it in accordance with your instructions), you are entitled to restricted processing. This means that we may (subject to the exception of storage) process your personal data only with your consent, where necessary in connection with legal claims, to protect the rights of another person, or where there is a significant public interest in the processing. You may also request restriction of processing where the processing is unlawful but you do not wish us to erase the data. |
| Right to Object | Where you believe that we do not have the right to process your personal data, you may object to our processing. In such cases, we may continue processing only where we are able to demonstrate compelling legitimate grounds which override your interests, rights and freedoms. We may, however, always process your personal data where necessary for the establishment, exercise or defence of legal claims. |
| Right to Data Portability | You may request that personal data which you have provided to us and which we process on the basis of your consent or for the performance of a contract be provided to you in a structured, commonly used and machine-readable format. You also have the right to request that such data be transmitted directly to another controller. |
| Withdrawal of Consent | You have the right to withdraw your consent at any time, whereupon we will cease our processing activities based on that legal ground. |
If you have any further questions regarding the processing of your personal data, you may contact our Data Protection Officer (DPO) by email at info@tatralab.com.