INFORMATION ON PROCESSING OF PERSONAL DATA
1. DEFINITIONS OF BASIC TERMS
- The Website is the website www.backofficeexcellence.com, including all its subdomains. The Controller of the said Website is a business company AL Group Events s.r.o.,
- The Controller / AL EVENTS is a business company AL Group Events s.r.o., registerred seat: Lermontova 3, 811 05 Bratislava, Slovak Republic, Company Number: 52 763 358, registerred in Business Register of District court Bratislava I, No.: 141635/B.
- The Regulation is Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
- Processors are persons who have been entrusted by the Controller with the processing of personal data of the persons concerned. The term Processor has the same meaning as defined in the Regulation.
- Data protection officer is a person, who provides advice to the Controller in the field of personal data protection. The term Data protection officer (hereinafter referred to as the “DPO”) has the same meaning as defined in the Regulation.
- The Representative is a person who provides advice to the Controller in the field of personal data protection. The term Representative has the same meaning as defined in the Regulation.
- The Affected Person is any natural person whose personal data is processed by the Controller and has the same meaning as defined in the Regulation
- The Personal Data Protection Act is Act no. 18/2018 Coll. on the protection of personal data, as amended.
2. INITIAL PROVISIONS
Priority for AL EVENTS is to process your personal data in the correct and legal way, while ensuring the protection of your personal data is one of the standards of AL EVENTS.
That is why we wish to provide you with information about reasons for processing of your personal data and what are the facts on the basis of which your personal data are processed. Moreover, we would like to inform you about the legal rights you can exert in relation to processing of your personal data, and to provide you with further information considered by us as important for you with regard to processing of your personal data.
In this connection, we would like to ask you to read the below information written as questions and answers to enable you easier and clearer understanding.
Should you not be entirely clear about any point after having read this document, we will be glad to explain to you any of the bellow expressions or any part of this document. Please do not hesitate to contact us at the general phone contact of AL EVENTS via e-mail: firstname.lastname@example.org, event. by a letter sent to the address: Trnavská cesta 82, 821 02 Bratislava, Slovak Republic.
3. PROCESSING OF PERSONAL DATA
- The Controller may process the personal data of the Affected Persons in different ways and in different situations depending on whether the Affected Person is a visitor of the Website, is an employee of the Controller or a statutory and / or employee of a business partner. The Controller may also process personal data about visitors to the Website, depending on how the visitor of the Website, ie the Affected Person, decides to communicate with the Controller. Regardless of the above situations, the Controller undertakes not to sell, commercialize or use the personal data of the Affected Persons in violation of the Regulation and other applicable data protection regulations.
- The Controller respects the privacy of the Affected Persons, regardless of whether the personal data of the Affected Persons are processed by the Controller himself or on behalf of other parties. The Controller undertakes to ensure appropriate measures for the protection of identification and other personal data as well as information about the Affected Persons in accordance with the Regulation and applicable legislation.
- The Controller has the right, in accordance with the relevant legal regulations, to entrust the processing of personal data to an Intermediary who will process personal data on behalf of the Controller. The Processor is entitled to process personal data only to the extent and under the conditions agreed with the Controller in a written contract or in a written authorization.
4. THE RIGHTS OF EACH AFFECTED PERSON
- Each Affected Person has the following rights under the Regulation:
- Right to access personal data
- Right of correction
- Right to erasure (right to be forgotten)
- Right to restrict processing
- Right to raise an objection and automatized individual decision-making
- Right to transferability of data
- právo na odvolanie súhlasu so spracúvaním osobných údajov.
- Right to object or to lodge a complaint with the Office For Personal Data Protection
Each of the rights set forth in this section of the PDP Policy is explained in detail in the following sections of this Article 4 of the PDP Policy.
- Right to access personal data. You have got the right to be confirmed whether your personal data are processed or not. If they are processed, you have got the right to access the information and to learn the purpose of their processing, categories of personal data affected, their recipients or categories of recipients, period of personal data retention, information of your rights with regard to processing of personal data, whether or not automatized decision-making and profiling are made, as well as guarantees in the case that personal data are transferred to a third country or to an international organization. You have also got the right to get a copy of personal data processed.
- Right of correction. Should AL EVENTS process your personal data, which are obsolete or incorrect (e.g. due to a change of your residence), kindly let us know and will amend your personal data.
- Right to erasure (right to be forgotten). According to the law, we are obliged in some cases to erase your personal data under your direction. Such request is a subject to an individual assessment, whether or not all conditions for erasure have been fulfilled, as AL EVENTS can have either a duty or an entitled interest of higher importance to retain your personal data.
- Right to restrict processing. If you wish to have your data processed by us due to legal reason, or if you wish us to block your personal data.
- Right to raise an objection and automatized individual decision-making. If you state or if you are of the opinion that our processing of your personal data is contrary to the protection of your private and personal life, or contrary to generally valid legal rules and regulations, contact please our company and ask for its explanation or removal of the undesired status quo. You can also object to automatized decision-making. Where AL EVENTS process your personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
- Right to transferability of data. If you wish to provide another Controller, another company with your personal data, we will give your personal data in the form you have determined to the entity, provided that no legal or any other significant obstacles will not preclude us from doing so.
- Právo na odvolanie súhlasu. V prípadoch, keď Prevádzkovateľ požiada Dotknutú osobu o súhlas na spracovanie osobných údajov, má Dotknutá osoba právo tento súhlas kedykoľvek odvolať.
- Right to object or to lodge a complaint with the Office For Personal Data Protection.
You can lodge your complaint or objection against processing of personal data to the supervisory body, i.e. to the Office For Personal Data Protection of the Slovak Republic (hereinafter referred to as the “OPDP”), HQ Hraničná 4826/12, 820 07 Bratislava 27, Slovak Republic, Tel. No.: +4212 3231 3220, Home Page: https://dataprotection.gov.sk/uPDP/
5. PROCESSING OF PERSONAL DATA OF JOB APPLICANTS.
- After submitting the application to the Controller for employment, resp. after the start of the selection process to fill a job position with the Controller, this point of the PDP Policy will apply to the Affected Person, ie the job applicant (hereinafter referred to as the “candidate”) and his / her personal data. For the purposes of this point, the Controller is considered to be an Controller within the meaning of the Regulation. This section explains how the Controller will use the candidate’s personal data obtained directly from the candidate or from third parties during the selection process to fill a specific job with the Controller. If the tenderer wishes to obtain more detailed information than that set out in this point, he may contact the DPO. This point of the PDP Policy may be updated by the Controller at any time without notice. Therefore, the Controller recommends that candidate be regularly acquainted with its wording.
- In the event that the candidate submits a job application to the Controller, the Controller shall obtain, for example, the following information from the candidate:
- Contact details – for example, name, address, e-mail address, telephone number of the candidate;
- Information from the candidate’s CV – for example, information on the candidate’s previous employment, education, skills, language skills and any other information that the candidate chooses to include in his / her CV;
- Cover letter – any information that the candidate decides to include in his / her cover letter;
- Ability for work – data related to the possible obligation to prove the legal ability to perform the employment in question at the Controller;
- Declaration of integrity – depending on the nature of the job position, the Controller may request the candidate to submit a statement from the competent public authority confirming that he has not been lawfully convicted of any criminal offense, which could for example, an extract from the candidate’s criminal record.
In addition, depending on the position for which the Affected Person is applying, the Controller may also obtain information from third parties as follows::
- Internal applications – If the candidate already works for the Controller and is applying for an internal position, the Controller may use information from the personal file of the candidate – employee to supplement the information provided by the candidate in the job application or provided by the candidate in a personal interview;
- Assessment – The Controller may ask the candidate to undergo an assessment of his abilities, personality or cognitive ability. Such evaluations are usually performed using third party software or through a third party company that shares the results with the Controller. Before carrying out such an assessment, the Controller shall provide the tenderer with further information concerning his specific case;;
- References – The Controller may choose to obtain references from persons who have worked with the candidate in the past. The Controller will contact these persons only if the tenderer provides the Controller with their names and contact details. If the candidate is already an employee of the Controller, the Controller may request references from the manager and / or associates of the candidate, without his knowledge.
- The Controller will process the candidate‘s personal data for the purpose of recruiting employees – the candidate ‘s personal data The Controller processes on the basis of the Controller ‘s legitimate interest, which determines whether the candidate is a qualified candidate for the position of the Controller for which the candidate is applying.
- The Controller may share personal data with third parties in the following circumstances:
- for the purpose of obtaining information from third parties (as mentioned above), the Controller shall provide the name and any other information about the candidate necessary for third parties to provide the Controller with relevant information about the candidate;
- the Controller may share the candidate’s personal data with other third parties acting on behalf of the Controller, for example with suppliers of certain services for the Controller (contractual SBS service, contracted selection agency, etc.). In such cases, these third parties may process the personal data of the candidate only for the purposes described above and only in accordance with the instructions of the Controller;
- The Controller ‘s employees will have access to personal data. In such a case, access shall be granted only if necessary for the above purposes and only if the employee is bound by professional secrecy.
- Authorized employees of the Controller will have access to the personal data of the candidate.
- The Controller retains the candidate’s personal data only for a limited time, and they will be deleted when they are no longer needed for the purposes of processing in this article of the PDP Policy, ie the Controller retains the candidate’s data during the selection procedure and candidate. If the Controller selects a candidate to fill the job position, the Controller will continue to store the personal data of the candidate in his personal file and will conclude an employment contract with the Controller, which will be the legal title for the processing of his personal data. The Controller may process the personal data of the candidate for a longer period of time if the candidate has given him consent to the processing of his personal data and only for the purpose stated in the said consent.
- The Controller processes the personal data of the tenderer, because the processing is necessary for the purposes of the legitimate interest of the Controller. The legitimate interest of the Controller in this case is to accept qualified candidates for the relevant job positions.
- The Candidate, as the Affected Person, has the rights specified in Article 4 of these PDP Policy.
- The Controller processes the personal data of the persons about whom they write, resp. Contributors and advertisers may write their articles and contributions in promotional messages on the Website. Disclosure of this data and information about persons is one of the main activities of the Controller and aims to inform the public about current information, especially in the field of conferences, seminars, etc., which is the focus of the Website itself.
- Personal data of the Affected Person The Controller processes only if he has the legal title to do so. This means that the Controller is entitled to process personal data in accordance with the provisions of § 78 para. 2 of the Personal Data Protection Act without the consent of the data subject, as the legitimate interest of the Controller is to inform the professional public about conferences, seminars, etc., which is the main activity of the Controller arising from its subject of activity. This does not apply if, by processing personal data for such purpose, the Controller violates the data subject’s right to protection of his personality or the right to privacy or such processing of personal data without the data subject’s consent is precluded by a special regulation or international agreement by which the Slovak Republic is lawfully commited.
- The Personal Data of the Affected Person will not be transferred from the Controller’s databases to another country for the purpose of their processing, but it is possible that they will be available in these countries in the online version of the Website.
- Personal data of the Affected Person the Controller retains as long as necessary for the fulfillment of the purpose of processing according to special regulations and the purpose for which they were obtained, within which the Controller should be able to defend against legal claims, especially because this information have archival value.
- The personal data of the Affected Person will not be used in automated decision-making, ie the Controller will not profile them.
- The person concerned has all the rights listed in Article 4 of this PDP Policy.
7. WHAT OTHER ENTITIES CAN ACCESS YOUR PERSONAL DATA?
- AL EVENTS acquires personal data from the following resources:
- directly from you when entering into a contract and in the duration period of the contractual relationship, as well as in the period of fulfilling rights and duties arising from such contract;
- publicly accessible registers, lists, records or websites (e.g. Commercial Registry, Trade Register, publicly available social networks, etc.);
- third persons which are entitled to treat your personal data.
- Your personal data can be accessed by the Controller, its employees, contractual agents, and especially by persons working with the group of ALLAN LLOYDS GROUP located in the Member States of the European Union and in third countries, which are not the Members of the European Union.
- International group of ALLAN LLOYDS GROUP. AL EVENTS is a part of the prestigious international group of companies belonging to ALLAN LLOYDS GROUP, which organises international conferences and seminars, makes market surveys and gives consultancies to companies in the pharmaceutical industry, telecommunication service and energy business. The entitled interest of AL EVENTS is to transfer personal data within the group of ALLAN LLOYDS for the purposes of their administration, as well as to the company providing the technical support and software development for the whole group of ALLAN LLOYDS GROUP. For the purpose of marketing, your personal data are only accessible on the basis of your prior consent.
- The international group of ALLAN LLOYDS GROUP consists of the following companies with headquarters in the Member States of the European Union:
- ALLAN LLOYDS Ltd., ID-Number: 09208031, HQ Third Floor 207, Regent Street, London W1B 3HH, United Kingdom.
- Allan Lloyds Events Shpk., ID-Number: L26526002C, HQ Lagjja ‘Vasil Shanto’, Rr. At Shtjefen Gjecovi, Ndertesa 8 kateshe, kati I, Shkoder – SHQ iperi, Albania;
- Allan Lloyds Events Pvt. Ltd., ID-Number: U74992DL2007PTC167443, HQ Level 2, Elegance, Mathura Road, Jasola, New Delhi – 110025, Delhi, India;
- AllanCom Ltd. (АлланКом TOB), ID-Number: 40 905 640, HQ UA 88000 Transcarpathian Region; Uzhhorod; 18, Transcarpathian Street, Ukraine.
- Even in the case of transfer of your personal data to the above third countries, AL EVENTS provides you with adequate guarantees of your privacy protection, as well as your rights regarding your personal data protection.
- In order to protect your personal data, we use identical standard contractual clauses in their original wording, so as they were adopted by the European Commission., whereby the standard contractual clauses are a constant part of each contract AL EVENTS has entered into with each individual agent residing in any third country.
- Among categories of agents which can have an access to your personal data, there are external companies administrating our systems, providers of IT services, providers of accounting and booking services, providers of tax consultancy, and marketing agencies.
- AL EVENTS has entered into a correct contract on processing of personal data with each agent, whereby our agents, as well as AL EVENTS itself, are obliged to observe strict and rigorous rules of personal data protection in order to keep the possibly highest level of the legal protection of personal data complying so with the requirements of the Personal Data Protection Act and the Regulation.
- In some cases defined by the law, we are obliged to provide some public organs and authorities, as well as some entities authorized by the law in force, with information and private data, in particular courts, Law Enforcement Forces, etc.
- In case that you are in any form participating on a conference or a seminar (as speaker, delegate, sponsor etc.), which organises AL EVENTS, an access to your personal data can have all of the other participants, including speakers, delegates and sponsors, what is necessary to fulfil the contract entered into by our company.
8. PROCESSING OF PERSONAL DATA BASED ON YOUR CONSENT FOR MARKETING PURPOSES
- If you grant your consent to our company, we process your personal data for marketing purposes as well. Marketing covers offers of products and services of AL EVENTS and partners of our company. Based on your consent, we can send you such offers via e-mails and messages sent to your mobile appliances, via possible mobile applications of our company, as well as per post or telephone call. In this regard, we also use automated processing of personal data with the aim to adapt our business offer to your particular needs. Market and satisfaction surveys also belong to our marketing tools.
- In this regard, we wish to inform you that it is your decision whether or not you agree to our processing of personal data for marketing purposes. Please note that we cannot send you individual offers of products and services of AL EVENTS and our business partners without your consent.
- If you enter into a contract with our company, you agree to our processing of your personal data for marketing purposes for the whole duration period of your contractual obligation towards our company and also for the next five (5) years either after the expiration of your contractual obligations, or until the time you cancel your consent.
- You are entitled to fully or partially withdraw your consent to our processing of personal data for marketing purposes. Details on cancellation of the consent to processing of personal data for marketing purposes are given in the clause 8.5. of this PDP Policy.
- Your consent to processing of personal data for marketing purposes is voluntary and you can withdraw your consent anytime by e-mail. If you prefer not to get news of products and services of AL EVENTS and our business partners, we fully accept and respect your decision, although we feel sorry about it.
- Each person who visits the Website (hereinafter referred to as the “Visitor”) registers, resp. creates a small text file – a cookie on the Visitor’s computer (hereinafter referred to as a “cookie”). A cookie is therefore a short text file that the website stores on the visitor’s computer or mobile device (including tablet) while browsing the Website. If the Visitor visits the same page repeatedly in the future, thanks to the cookie, the Visitor will connect faster. In addition to the above, the Website “recognizes” the Visitor and offers him the information he prefers, ensures that the already displayed advertisement is not repeated. activities and services which, as the Controller, assumes that the Visitor could use the Website.
- If the Controller is able to identify the Visitor during the recording, it will be a matter of processing his personal data. For such processing, the Controller must have a legal title, with the consent of the Visitor as the Affected Person, and a second legal title, especially in monitoring activities and their evaluation, the Controller’s interest will be to offer the Visitor the best possible setting of services or support for Visitor activities on the Website. .
- The so-called Session cookies – are temporary cookies stored on the Visitor’s computer, laptop or mobile device until the Visitor leaves the Website. At the moment of leaving the Portal, the cookies will be deleted. Such cookies help the Portal to remember the information when the Visitor moves from the website to another website, so that he does not need to re-enter the information or re-fill in the information.
- The so-called Persistent cookies – remain stored on the Visitor’s computer, laptop or mobile device even if he leaves the Website; such cookies help the Website to remember the Visitor when the Visitor returns. However, it does not identify the Visitor as the Affected Person.
- In general, cookies can be divided into 4 categories according to their function:
Každá Each of the cookie functions listed in this section of the PDP Policyis explained in detail in the following sections of this Article 9 of the PDP Policy.
- Necessary cookies allow the Visitor to navigate the Website and use basic features such as secure areas, shopping carts and online payments. These cookies about the Visitor do not collect any information that could be used in marketing, nor do they remember where the Visitor moved on the Internet. With their help:
- for example, the Website remembers the data that the Visitor entered in the order when he goes through different screens during one visit to the Website,
- the Website remembers the goods and services that the Visitor ordered when he got to the payment screen,
- The Website verifies the identity of the Visitor when logging in to the Website,
- The Website ensures that the Visitor finds the necessary service on the Website even if the services on the Website are reorganized in some way.
By disabling these necessary cookies, the Controller cannot guarantee the full functionality of the Website.
- Operational cookies – collect information on how the Visitor uses the Website, e.g. which pages he visits and whether he encountered any errors, such as in the forms. These cookies do not collect any information that could be used to identify the Visitor – all collected data is anonymous and serves the Website only so that the Controller can optimize the operation of the Website and know what the users of the Website is interested in and thus find out how Controller advertising effective. With their help:
- The Controller obtains statistics on how the Website is used,
- The Controller determines the effectiveness of the advertisement (Attention! This information is NOT USED by the Controller to send an advertisement to the Visitors in case the Visitor visits other sites),
- The Controller can detect possible errors and improve them by improving the Website,
- The Controller tests various concepts of the Website.
By disabling these operational cookies, the Controller cannot guarantee the full functionality of the Website.
- Functional cookies – are used to provide services or remember settings in order to ensure maximum comfort when visiting the Visitor. With their help:
- The Website remembers which settings the Visitor has chosen, such as the graphic layout, text size, preferences, and colors
- the Website remembers whether he has already asked the Visitor whether he wants to fill in the survey (the Website does not have to bother the Visitor with this question a second time)
- The Website may offer support to the Visitor in the form of proactive chat sessions
- The Website determines whether the Visitor is logged in to the Website.
- The above-mentioned activities are not linked to the person of the Visitor as the Affected Person on the Website, and thus the automated processing of personal data does not affect the rights and freedoms of the Visitor. Also, no profiling occurs when processing visitor data.
- The visitor may check the cookies or delete them at his discretion. See aboutcookies.org for details. The visitor can delete all cookies stored on his computer and can set most browsers to prevent them from being stored.
- Cookies are useful as long as website owners do not misuse them for unauthorized data collection. If the Visitor does not trust the cookies, he can regularly delete them from his disk. In some cases, there may be incorrect writing of cookies and thus a problem with logging in, e.g. to the Internet applications of the Website (example www). Instructions for deleting all and incorrectly entered cookies can be found below.
- Instructions for deleting cookies in individual internet browsers:
The Controller transfers the visitor’s data to the members of ALLAN LLOYDS GROUP only.
- In the event that the Controller processes the personal data of the Visitor on the basis of his consent, the Visitor may revoke this consent at any time.
10. HOW LONG ARE YOUR PERSONAL DATA RETAINED BY AL EVENTS?
- Processing personal data, AL EVENTS consequently applies the minimization principle. It means that after the expiration of the period of retention and processing of your personal data we anonymize your personal data in our information databases and in our information systems.
- We retain your personal data in the duration period of your contractual relationship with our company in order to provide you with our services and to fulfil the commitments arising for us from the contract.
- If you entered into a contract with AL EVENTS, you have granted us your consent to our processing of your personal data for marketing purposes. Your consent is valid in the duration period of the contractual relationship with our company and for the next five (5) years after the expiration of the contractual relationship, or until the time you cancel your consent to our processing of your personal data for marketing purposes.
- If you entered into no contract with AL EVENTS but you exclusively granted us your consent to our processing of your personal data for marketing purposes, your consent is valid for the next three (3) years after you have granted it, or until the time you withdraw your consent to our processing of your personal data for marketing purposes.
11. AL EVENTS ANTI-SPAM POLICY
12. POSSIBILITY OF FILING A COMPLAINT / COMPLAINT REGARDING THE USE OF PERSONAL DATA OF THE DATA SUBJECT.
- If the Affected Person would like to contact the Controller, resp. to lodge a complaint / complaint due to the protection of personal data or has comments on the processing of personal data by the Controller, may contact the DPO, which is responsible for the supervision of personal data protection with the Controller. You can directly turn to DPO via e-mail addressed to: email@example.com, event. by a letter sent to Trnavská cesta 82, 821 02 Bratislava, Slovak Republic.
- When can I get the answer from AL EVENTS? We will send to you the statement of our company and some information about measures adopted as soon as possible but not later than up to a month. We are entitled to prolong the period required for our statement by two months due to the complexity and number of requests. We will let you know any prolongation of the period and the reason for doing so.
- If the data subject is not satisfied with the controller’s response or considers that the controller processes his personal data unfairly or illegally, he may complain to the supervisory body, which is the OPDP (Office for Personal Data Protection). You can find more information about OPDP and their complaint procedure at dataprotection.gov.sk.
13. FINAL PROVISIONS
- The Controller is entitled to unilaterally change these PDP Policy at any time.
- All persons using the Website acknowledge that in the event of a change or amendment to these PDP Policy, the Controller will notify such change by publishing the new PDP Policy on the Website.
- If any provision of the PDP Policy becomes invalid, ineffective or unenforceable, the other provisions, without prejudice to this, shall remain in full force and effect. In such a case, the Controller shall replace the challenged provision with a valid, effective and enforceable provision that differs as little as possible from the principles agreed in these Policy, while preserving the legal purpose and meaning of the challenged provision.