Consent to the Processing of
Personal Data

Consent to the Processing of
Personal Data

Consent to the Processing of
Personal Data

Pursuant to Article 6(1)(a) and Article 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”), and/or pursuant to Section 13(1)(a) and Section 14 of Act No. 18/2018 Coll. on the Protection of Personal Data, as amended (hereinafter referred to as the “Act”), for the purpose of completing the contact and information form on the website www.wezeo.com, operated by the company WEZEO, s. r. o., Company ID No.: 46390227, with its registered office at Pribinova 17954/10, 811 09 Bratislava (hereinafter referred to as the “Controller”). When personal data are processed by the Controller, the person completing the respective contact and information form constitutes the data subject, i. e. the person whose personal data are processed by the Controller (hereinafter also referred to as the “Data Subject”). By ticking the box “Consent to the Processing of Personal Data”, the Data Subject confirms that this consent to the processing of personal data is given freely, specifically, informedly, and by an unambiguous expression of will, and that prior to granting such consent, the Data Subject has been acquainted with the information set out below.

  1. Which categories of personal data are processed?

If the Data Subject grants this consent, the Controller may process his/her contact personal data to the extent of first name, surname, e-mail address, telephone/mobile number and the content of the communication.

  1. What is the purpose of processing?

The purpose of processing the Data Subject’s personal data is to send information and general marketing communications regarding the Controller’s products, services, activities, or other information, including newsletters. The Controller may also send marketing communications on behalf of other legal or natural persons, provided that such marketing communications relate to the Controller.

  1. What is the legal basis for processing?

The legal basis for processing these personal data is the freely given consent of the Data Subject. Granting consent to the processing of personal data is voluntary; therefore, if the Data Subject does not wish to have the specified personal data processed, he/she is not obliged to give such consent.

The Data Subject may withdraw this consent to the processing of personal data at any time in accordance with the instructions set out below. The withdrawal of this consent shall not affect the lawfulness of the processing of personal data based on the consent prior to its withdrawal.

  1. Does the processing of personal data involve automated decision-making or profiling?

The processing of personal data does not involve automated decision-making or profiling.

Given the development of the Controller’s technologies and business strategy, the Controller may in the future engage in automated decision-making or profiling. In such a case, the Data Subject will be informed about this step.

  1. Which recipients or categories of recipients will the personal data be provided to?

The Controller may also provide the Data Subject’s personal data to other natural or legal persons, public authorities, or international organizations.

When providing personal data of Data Subjects, the Controller ensures the highest possible level of data protection. In the case of providing personal data to its processors or joint controllers, the Controller has concluded a contractual relationship in accordance with Articles 26 or 28 of the GDPR, or Sections 33 or 34 of the Act.

The Controller provides the personal data of Data Subjects to the following categories of recipients:

  • supervisory or controlled entities and other entities within the horizontal or vertical hierarchy of
    the Controller’s organizational structure;

  • the Controller’s business partners;

  • the Controller’s legal, tax, accounting, and IT advisors.

  1. How does the Controller process and manage personal data?

As the protection and care of the Data Subject’s personal data is important to the Controller, appropriate security measures have been implemented to protect personal data against destruction, loss, unauthorized disclosure, or any other unauthorized processing.

Under no circumstances does the Controller, either directly or through third parties, transfer personal data outside the territory of the European Union or the European Economic Area. The Controller does not transfer personal data to any international organization. 7. What is the retention period of personal data?

  1. What is the retention period of personal data?

The Controller processes the Data Subject’s personal data only for the duration of the validity of this consent
to the processing of personal data.

If the retention of certain personal data is not necessary to achieve the purpose of processing, the Controller
does not retain such personal data and will destroy them once the purpose has been fulfilled.

The Controller may process personal data for a longer period than stated above only if necessary to fulfill the
Controller’s obligations under legal regulations or if required by decisions of public authorities.

  1. What are the rights of the Data Subject regarding the processing of personal data?

Affecting the processing of personal data, you, as the Data Subjects, are entitled to the rights listed below, which you can enforce at any time with the Controller in the form of an application. In such a case, the company is obliged to provide the Data Subjects with information about the measures taken based on his request without undue delay, but within 1 month at the latest. The Controller may extend that period by a further 2 months, in which case it shall inform the Data Subjects of any such extension within 1 month of receipt of the request, together with the reasons for the delay.

  • Right of access (Article 15 GDPR)

    The Data Subject has the right to obtain confirmation as to whether the Controller processes his personal
    data, and if so, he has the right to obtain access to this personal data. At the same time, the Data Subject
    has the right to provide all information within this consent, while the Controller regularly updates this
    consent.


  • Right to rectification (Article 16 GDPR)

    The Data Subjects have the right to correct personal data that the Controller processes about them
    without undue delay. At the same time, the Data Subject has the right to supplement incomplete personal
    data.


  • Right to erasure / to be forgotten (Article 17 GDPR)

    The Data Subject has the right to obtain confirmation as to whether the Controller processes his personal
    data, and if so, he has the right to obtain access to this personal data. At the same time, the Data Subject
    has the right to provide all information within this consent, while the Controller regularly updates this
    consent.


  • Right to restriction of processing (Article 18 GDPR)

    The Data Subject has the right to have the Controller limit the processing of his personal data under the
    conditions specified following Article 18 GDPR


  • Right to data portability (Article 20 GDPR)

    The person concerned has the right to obtain the personal data that he has provided to the Controller in a
    structured, commonly used and machine-readable format and has the right to transfer this personal data
    to another controller if he has provided his personal data based on consent and the Controller processes
    this personal data by automated means.


  • Right to object (Article 21 GDPR)

    The Data Subject has the right to object to the processing of personal data that the Controller processes
    about him if such processing is carried out on the legal basis of fulfilling a task carried out in the public
    interest or for legitimate purposes of the Controller or third parties, including objection to profiling based
    on these legal bases. The Data Subject also has the right to object to the processing of personal data that
    the Controller processes about him for direct marketing, including profiling.


  • The right in connection with automated individual decision-making, including profiling (Article
    22 GDPR)

    The Data Subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and which has effects that concern him or similarly significantly affect him.


  • Right to File a Complaint (§ 100 of the Act)

    The Data Subject has the right to file a proposal to initiate proceedings on the protection of personal data
    with the supervisory authority pursuant to § 100 of the Act if he/she believes that the Controller is
    processing his/her personal data in violation of the GDPR or the Act.

    The Data Subject may submit a proposal to initiate proceedings to the Office for Personal Data Protection
    of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava. More information is available on the
    official website of the Office for Personal Data Protection of the Slovak Republic.

  1. How can the Data Subject withdraw this consent?

The Data Subject has the right to withdraw their consent to the processing of personal data at any time during
its validity by sending a written notice to the contact address provided on the Controller’s website.

The withdrawal of this consent shall not affect the lawfulness of the processing of personal data based on the
consent prior to its withdrawal.

The Data Subject’s personal data are kept secure by the Controller, who has implemented appropriate
technical and organizational measures to prevent unauthorized access and misuse of the Data Subject’s
personal data.

The Controller prioritizes the protection of the Data Subject’s personal data. Therefore, the Controller regularly
monitors the security of personal data and continuously improves their protection by applying security
measures that, taking into account the current state of technology, provide adequate protection. The
implemented security measures are regularly reviewed and updated accordingly.