Privacy policy
This privacy policy (hereinafter as “Privacy policy“) contains information on processing of personal data by the civic association Leo’s Friends, based in Švabinského 3682/15, 851 01 Bratislava-Petržalka, ID number: 54818923, registered in the Register of Civic Associations under registration number VVS/1-900/90-64432 (hereinafter referred to as the “Controller”), which takes place via the website www.leushko.sk (hereinafter referred to as the “website”) or related profiles of the Controller on social networks.
Through this Privacy policy, the Controller provides you with information on why your personal data are processed, how they are processed, how long the Controller keeps it, what your rights are in connection with the processing of your personal data and other relevant information on the processing of your personal data.
Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “Regulation“), Act No. 18/2018 Coll. on protection of personal data as (hereinafter as “Act“) and other respective legislation in relation to personal data protection (Regulation, Act and other personal data protection legislation hereinafter as “Personal data protection legislation“).
In matters related to personal data processing and protection, you may contact the Controller at the address Švabinského 3682/15, 851 01 Bratislava-Petržalka or via e-mail address info@leushko.sk. The Controller has not appointed an officer in the area of personal data processing and protection.
Your personal data is obtained by the Controller through a website or a profile on a social network directly from you, if you provide them yourself (through a message or in another automated way). The provision of personal data for all processing purposes listed below is voluntary and not a legal and/or contractual requirement.
INFORMATION ON PROCESSING OPERATIONS (categories of personal data, purposes of processing, legal bases and retention periods)
The Controller processes your personal data exclusively in accordance with the principle of minimization, which means that the Controller does not require personal data from you that is not necessary for the specific and justified purpose of the processing. The Controller processes personal data only if there is a legal basis for their processing, and thus they are processed in accordance with the principle of legality. The specific purposes, including the established legal basis and retention period, for which the Controller processes your personal data, can be found in the table below.
| Purpose | Providing a response to the messages and handling questions / requests from the messages delivered via contact form on the website, profiles of the Controller on social networks (Facebook, Instagram), e- mail communication or by phone to the published contact details on the website |
| Legal Basis | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller, which lays in the interest of the Controller in responding to the messages for proper business communication |
| Categories of personal data | Name, surname, e-mail address, phone number, other data specified in the message, in the case of a natural person acting on behalf of a legal entity, also the identification data of the specific legal entity and the function or job position in that legal entity |
| Retention period | 60 days following the delivery of the request or until processing the request (fulfilment of the purpose), whichever occurs first |
| Purpose | Taking of photographs of the data subjects and their publication (together with other personal data) on the website of the Controller and other promotional materials and online communication channels during the presentation activity of the Controller |
| Legal Basis | Art. 6 (1) letter a) of the Regulation – the data subject has given consent to the processing of personal data |
| Categories of personal data | Photography |
| Retention period | 5 years following consent granting or until its withdrawal, whichever occurs first |
| Purpose | Publication of articles on the Controller’s website or online communication channels related to the Controller’s activities, the content of which are interviews and statements of data subjects |
| Legal Basis | Art. 6 par. 1 letter a) Regulations – processing of personal data is carried out based on the consent of the data subjects |
| Categories of personal data | Common personal data mentioned in the articles |
| Retention period | 5 years following consent granting or until its withdrawal, whichever occurs first |
| Purpose | Processing and evidence of accounting documents related to the transfer of funds to the transparent and/or business bank account of the Controller |
| Legal basis | Art. 6 par. 1 letter c) Regulations – processing of personal data is carried out in execution of legal obligations |
| Categories of personal data | Name, surname, IBAN and other personal data required for a payment order using a QR code |
| Retention period | Accounting documents must be archived for 10 years following the year to which they relate |
| Purpose | Processing and evidence of tax documents – donation of 2% of the tax in the case of employees (natural persons) and/or legal entities |
| Legal basis | Art. 6 par. 1 letter c) Regulations – processing of personal data is carried out in execution of legal obligations |
| Categories of personal data | Personal data specified in the declaration, which are necessary to remit 2% of the employee’s and/or legal entity’s paid taxes |
| Retention period | Accounting documents must be archived for 10 years following the year to which they relate |
| Purpose | Handling with the rights of data subjects |
| Legal basis | Art. 6 par. 1 letter c) Regulations – processing of personal data is carried out in execution of legal obligations |
| Categories of personal data | Ordinary personal data that are part of the request of the affected data subjects and are necessary for processing it in compliance with the relevant legal obligations |
| Retention period | Until the rights exercised in accordance with the relevant provisions of the Regulation (maximum 120 days) |
| Purpose | Keeping records of exercised rights of affected data subject |
| Legal basis | Art. 6 par. 1 letter f) Regulations – processing of personal data is carried out on the basis of the legitimate interest of the Controller, which lays in keeping records of the exercised rights of the affected data subjects for the purpose of proving the fulfillment of obligations arising from legal regulations |
| Categories of personal data | Ordinary personal data that are part of the request of the affected data subjects and are necessary for processing it in compliance with the relevant legal regulations |
| Retention period | 5 years following the day when the right was exercised or the request of the affected data subjects was submitted |
In order to ensure the protection the personal data, the Controller has adopted adequate security measures that are further specified and documented organizationally and technically.
To whom the Controller provides your personal data?
Your personal data may be in some cases provided to public authorities or to other recipients, which are entitled to process your personal data e.g. by courts, law enforcement authorities or supervisory authorities (e.g. Office for the Protection of Personal Data in the case of an inspection) (third parties).
The Controller also provides your personal data to its processors, i.e. external entities that process your personal data on behalf of the Controller. Processors process personal data on the basis of a contract concluded with the Controller, in which they undertake to take appropriate technical and security measures in order to securely process your personal data. The Controller’s processors include:
- a company providing hosting services (including mail hosting services) and
- a company providing website management services
Among the recipients of your personal data is also the relevant bank in which the Controller has a transparent and/or business bank account, if you support the activity of the Controller with funds that will be transferred to this transparent and/or business bank account.
In the case of remittance (donation) of 2% of your paid tax for the purpose of supporting the activities of the Controller, the recipient of your personal data is also the relevant tax office (according to your residence).
Other recipients of your personal data also include companies operating social networks Facebook and Instagram (the company Meta Platforms Ireland), if you contact the Controller via a message on social networks, share the website or its content on social networks or if you grant the Controller consent to publish your photo on the Controller’s profile on social networks.
In the processing of personal data, the above mentioned company acts as a joint controller with the Controller, and the processing of personal data in this case is governed by the agreement of the joint controllers in accordance with Art. 26 of the Regulations, according to which the contact point for processing your requests regarding the processing of personal data is the Controller.
TRANSFER to third countries and international organizations
If you contact the Controller through a message on the Controller’s social networks, share the website or its content on social networks, or if you grant the Controller consent to publish your photo on social networks, your personal data may be transferred to the USA, to the company Meta Platforms, Inc. .
The transfer of your personal data is secured using adequate security measures of transfer of personal data to third countries in accordance with the Regulations on the Protection of Personal Data, in particular through the use of standard contractual clauses that are part of the terms of use of the above mentioned services, and also through additional transfer guarantees that the providers of listed services receive. The transfer may only occur in exceptional cases, based on the relevant legislation in force in the related third country (USA) applicable to related service providers (FISA).
When processing your personal data, the Controller does not use profiling and does not process personal data in any form of automated individual decision-making, in which your personal aspects would be evaluated.
What are your rights in relation to personal data processing?
As the data subject, your rights regarding the processing of your personal data are as follows:
| Right of access – You have the right to obtain confirmation from the Controller as to whether it processes your personal data and, if so, you have the right to obtain access to this personal data and information in accordance with Article 15 of the Regulation. The Controller will provide you with a copy of the personal data being processed. If you submit a request by electronic means, the Controller will provide you with the information in a commonly used electronic means of communication, unless otherwise requested by you.
|
Right to rectification – The Controller has taken appropriate measures to ensure the accuracy, completeness and up-to-date form of your personal data. As a data subject, you have the right to have the Controller correct your incorrect personal data or modify your incomplete personal data without delay |
| RIGHT TO OBJECT
You have the right to object to processing of your personal data, for example if the Controller processes your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, Controller will not process your personal data further unless he demonstrates compelling legitimate grounds for such processing.
|
|
| Right to erasure (right “to be forgotten”) – Under certain circumstances, you have the right to ask the Controller to erase your personal data without delay, for example, if the personal data are no longer necessary to fulfil the original purpose of processing for which the Controller obtained them. However, your right has to be assessed in the light of all relevant circumstances. For example, there may be certain circumstances or cases arising for the Controller from applicable legislation when your personal data cannot be erased. In such case, the Controller will not be able to accept your request. | Right to data portability – Under certain circumstances, you have right to transmit the personal data to another subject according to your choice. However, the right to portability applies only to personal data that the Controller processes on the basis of the consent which you have granted, on the basis of the contract to which you are one of the parties or in the case that the Controller processes personal data by automated means. |
| RIGHT TO WITHDRAW CONSENT
If we process your personal data on the basis of your consent, you have the right to withdraw such consent for further processing of your personal data at any time in the same way as you granted it. The withdrawal of consent does not affect the legality of the processing carried out before the withdrawal of consent. |
|
| Right to restriction of processing – You also have the right to ask the Controller to restrict the process your personal data. This will be the case, for example, you believe that the personal data we process about you are not accurate or if the processing is unlawful and you request the restriction of processing, or if the Controller no longer needs your personal data for processing purposes, but you need them to demonstrate, exercise or defend legal claims. The Controller will limit the processing of your personal data on the basis of your request. | Right to file a complaint or request – If you believe that your personal data is being processed in violation with such legislation, you can file a complaint with the supervisory authority, which is the Office for the Protection of Personal Data of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava 27; website: dataprotection.gov.sk, tel. number: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk
|
You may exercise your rights specified in the table above at the contact addresses of the Controller listed at the beginning of this document.
The Controller will provide you with the answer to the exercise of your rights free of charge. In the event of a repeated, unreasonable or inappropriate request for the exercise of your rights, the Controller is entitled to charge a reasonable fee for the provision of information. The Controller will provide you with an answer within 1 month from the day when you exercised your rights. In certain cases, the Controller is entitled to extend this period, in the case of a high number and complexity of applications of the data subjects, maximally by 2 months. The Controller will always inform you about the extension of the deadline in advance.
SOCIAL MEDIA AND LINKS TO OTHER WEBSITES
As a part of the support of marketing and advertising you can find on the Controller´s website links to various social networks, such as Facebook or Instagram. The Controller hereby wishes to inform you that after clicking on the plug-in on the website and visiting the social network, the personal data protection rules of the social network operator will apply, except if you contact the Controller via a message on the social network or if you consent to the publication of your photo on a social network (in which case the processing of your personal data is also governed by this Privacy Policy and your personal data shall be processed by the Controller in accordance with the information provided above).
For more information on the processing of your personal data by social media operators, please visit the following links: (i) Facebook and (ii) Instagram.
Validity
This Privacy policy is valid and effective from 1st November 2022. As it is possible that an update of the information on personal data processing contained in this Privacy policy may be necessary in the future, the Controller is entitled to update this Privacy policy at any time. In such case, the Controller will inform you about it in an adequate manner in advance.