The company Profesia, spol. s r.o., is an organisation with a long tradition of providing services to entities operating on the labour market. It is the strategic objective of Profesia, spol. s r.o., to ensure financial and economic stability, improve the quality of the services provided, develop good relationships with its partners, and enhance the company's reputation.
Implementing these objectives depends on the constant improvement of the management level, as well as the quality and efficiency of the services provided that apply the latest IT-assisted procedures. We realise that the security and protection of personal data is an integral part of the use of information technologies.
The Security Policy of Profesia, spol. s r.o., stipulates the necessary and economically appropriate measures to protect the assets of the filing system, individuals, and property, and to implement security mechanisms into the system of technologies used.
The management of Profesia, spol. s r.o., is responsible for proper risk assessment and its efficient management with respect to the protection of assets that are essential for ensuring the proper functioning of the organisation. The primary objective of managing such risks is to prevent, manage, and recover from security incidents.
To protect vital assets falling within internal security, we have, in cooperation with experts, applied security measures that are adapted to the latest knowledge and needs of the organisation. In designing them, we implemented technical and organisational measures that aim to:
- ensure the availability, integrity, and reliability of management systems by deploying state-of-the-art information technologies,
- protect sensitive commercial and personal data from being lost, damaged, stolen, modified, or destroyed, and to maintain the confidentiality of the processed data,
- identify potential problems and sources of disruption and to prevent them.
Pursuant to Section 20 of Act No. 122/2013 Coll. on Personal Data Protection, Profesia, spol. s r.o., has prepared a Security Project which is regularly updated. It defines the scope and form of security measures needed to eliminate and minimise the threats and risks affecting the filing system.
Therefore, Profesia, spol. s r.o., has issued this document, which includes the basic rules for the processing of personal data in providing services through the website www.paylab.ro (hereinafter only as the "Website"). Profesia, spol. s r. o. reserves the right to amend and supplement this document, while informing its business partners immediately by posting any changes on the Website and specifying the date from which such changes take effect. All rights which are not explicitly provided for herein shall be governed by the General Terms and Conditions of Profesia, spol. s r.o., for the website paylab.ro, and by the applicable Slovak legal regulations.
This document is in accordance with the applicable provisions of:
- Act No. 122/2013 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts, as amended,
- Act No. 351/2011 Coll. on Electronic Communications, as amended
- Act No. 22/2004 Coll. on Electronic Commerce and on Amendments and Supplements to Act No. 128/2002 Coll. on State Control of the Internal Market in Consumer Protection Matters and on Amendments and Supplements to Certain Acts, as amended by Act No. 284/2002 Coll., as amended.
- Decree of the Office for Personal Data Protection of the Slovak Republic No.164/2013 on the Scope and Documentation of Security Measures
- Employees are bound to protect the clients' personal data they come across in accordance with Act. No. 122/2013 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts, as amended, as well as in accordance with any other laws applicable in the Slovak Republic.
The Personal Data Processing Policy is constantly available at www.paylab.ro.
Personal data means any information relating to an identified or identifiable natural person, while such person is one who can be identified, directly or indirectly, in particular by reference to an identifier of general application or by reference to one or more characteristics or features specific to their physical, physiological, psychic, mental, economic, cultural, or social identity.
Data subject means the person to whom the personal data relate.
Controller means a person who alone or jointly with others determines the purpose of the personal data processing, stipulates the conditions of their processing, and processes personal data on its own behalf; for the purposes of this document, the Controller means Profesia, spol. s r.o., and the Business Partner of Profesia, spol. s r.o., who also processes personal data based on the express consent of the Data Subject.
Client means a natural person or legal entity that uses the Controller's services and/or visits its Website in accordance with the Controller's General Terms and Conditions.
What personal data do we request from you and why do we process them?
In order to handle your order properly and to provide good services, we need to know the Data Subject's e-mail address, as our services are rendered through electronic communication.
The Controller is particularly obliged:
- to determine, prior to the commencement of personal data processing, the purpose of personal data processing, which needs to be clear and defined unequivocally and specifically, and must be in compliance with the Constitution of the Slovak Republic, the constitutional laws, as well as the laws and international treaties by which the Slovak Republic is bound,
- to determine the conditions of personal data processing so as not to limit the Data Subject's right stipulated by the law to obtain personal data exclusively for the designated or specified purpose; it is inadmissible to obtain personal data under the pretext of another purpose of processing or another activity,
- to ensure that only personal data the scope and content of which match the said purpose of processing and are required to achieve said purpose are processed,
- to ensure that personal data are processed and used solely in the manner corresponding to the purpose for which they were collected; the combining of personal data obtained for various purposes is inadmissible,
- to process only accurate, complete, and where necessary, updated personal data in respect to the purpose of their processing; the Controller is obliged to block inaccurate and incomplete personal data and rectify or complete them without undue delay; inaccurate or incomplete personal data that cannot be rectified or completed in order to make them accurate and complete shall be clearly marked by the Controller and destroyed without undue delay,
- to ensure that the collected personal data are processed in a manner enabling the identification of the data subjects only during a period no longer than necessary to achieve the purpose of processing,
- to destroy personal data whose purpose of processing ceased to exist; once the purpose of processing ceases to exist, personal data may only be processed to the extent necessary for historical research, scientific research and development, or for statistical purposes. When processing personal data for the purposes set forth in the previous sentence, the Controller is obliged to mark and anonymise such data.
The Controller may process personal data only with the consent of the Data Subject, whose consent the Controller may not extort or condition by the threat of refusing a contractual relationship, service or goods. The Controller may disclose the Data Subject's personal data stored in the filing system to another legal entity or natural person only together with written proof of the grant of consent.
The consent to personal data processing (hereinafter only as "Consent") shall be proven by an audio or audio-visual recording or by an affidavit of the person who provided the personal data stored in the filing system, or in another reliable manner. The proof of Consent shall in particular contain information on the person granting the Consent, the entity to which the Consent was granted, the purpose, list, or scope of the personal data provided, and the term of validity of the Consent.
Rights of Data Subjects
Based on a written request, the Data Subject may request the following from the Controller:
- confirmation of whether his/her personal data are processed,
- information in a generally comprehensible form on the processing of personal data in the filing system within the scope of the Controller's identification data, the purpose of Personal Data processing, the list of Personal Data, and any necessary additional information,
- information on the source from which his/her Personal Data have been obtained for processing,
- list of the Personal Data which are subject to processing,
- correction or deletion of his/her incorrect, incomplete, or outdated personal data that are the subject of processing,
- deletion of his/her personal data for which the purpose of processing has ceased to exist,
- deletion of his/her personal data that are the subject of processing if there has been a breach of law,
- blocking of his/her personal data due to the withdrawal of Consent before the expiry of its validity.
Based on a written request, the Data Subject may file with the Controller an objection to:
- The processing of his/her personal data which he/she assumes are or will be processed for direct marketing purposes without his/her consent, and request the deletion of such data.
The Data Subject may enforce his/her rights specified above in writing by sending a request by post, e-mail, or fax; if the matter brooks no delay, the Data Subject may also make an oral request directly to the Controller and the request will be recorded in the form of report. It must be clear from the record who exercised the right, what he/she requests, and when and by whom the record was made; it must be signed by the Controller and the Data Subject, and the Controller shall provide a copy of the record to the Data Subject.
If the Data Subject does not have full legal capacity, his/her rights may be exercised by his/her legal guardian. If the Data Subject is not living, his/her rights may be exercised by his/her close person.
Any request or complaint made by the Data Subject shall be handled by the Controller free of charge within 30 days of its receipt by the Controller at the latest.
If the Data Subject suspects that his/her personal data have been processed without authorisation, he/she may file with the Office a request to commence personal data protection proceedings.