{ Privacy policy

Everything you need to know.

Privacy policy

NOTICE ON PROCESSING PERSONAL DATA

This Notice provides information on how personal data are obtained, processed, and protected by ESTEN s. r. o. (ESTEN), what your rights are in connection with the processing of your personal data, and how you can exercise these rights.

Processing of personal data is carried out following Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Act No. 18/2018 Coll. on the protection of personal data and on amendments to certain laws (Act).

1. FOR WHOM IS THIS NOTICE INTENDED

The information provided in this Notice pertains to:

- Visitors of the website;

- Clients to whom ESTEN provides IT services;

- Job applicants or other forms of professional cooperation;

- Suppliers of goods or services;

- Contact persons or others authorized to act on behalf of the above-mentioned entities.

2. WHO WE ARE AND HOW TO CONTACT US

ESTEN s.r.o.

Registered office: Južná trieda 8, Košice 040 01, Slovak Republic

Company ID: 36 706 540

If you have any questions regarding the processing of your personal data, you can contact us at:

- E-mail: hellou@esten.sk

- Phone number: +421 908 303 783

3. PURPOSE, LEGAL BASIS, CATEGORIES OF PERSONAL DATA, AND RETENTION PERIOD

ESTEN processes personal data for the following specified purposes, complying with applicable legal regulations.

A) Provision of IT services:

- Purpose: Provision of IT services

- Legal basis: Performance of a contract according to Article 6(1)(b) GDPR

- Categories of personal data: All personal data provided or obtained during the conclusion and performance of the contractual relationship

- Retention period: 4 years from the termination of the contractual relationship

B) Provision of academy services (i.e., training, education):

- Purpose: Provision of academy services

- Legal basis: Performance of a contract according to Article 6(1)(b) GDPR

- Categories of personal data: Basic personal data necessary for invoicing (name, surname, country, residence, delivery address, IBAN, phone number, e-mail address)

- Retention period: 4 years from the termination of the contractual relationship

C) Recruitment for vacant job positions/pre-contractual negotiations with job applicants:

- Purpose: Recruitment for vacant job positions

- Legal basis: Performance of a contract or taking steps at the request of the data subject prior to entering into a contract according to Article 6(1)(b) GDPR

- Categories of personal data: Basic personal data provided to ESTEN during the selection process (name, surname, e-mail, phone number, CV, cover letter)

- Retention period: Until the conclusion of the contract or the termination of the selection process

D) Maintenance of a database of job applicants or service providers:

- Purpose: Maintenance of a database of job applicants

- Legal basis: Consent according to Article 6(1)(a) GDPR

- Categories of personal data: Basic personal data provided to ESTEN during the selection process (name, surname, e-mail, CV, cover letter)

- Retention period: For the duration of the granted consent (i.e., 2 years) or until the withdrawal of consent

E) Sending marketing communication:

- Purpose: Sending marketing communication

- Legal basis: Consent according to Article 6(1)(a) GDPR and legitimate interest according to Article 6(1)(f) GDPR in the case of existing customers and marketing similar goods and services

- Categories of personal data: E-mail, name, and surname

- Retention period: For the duration of the granted consent or until the withdrawal of consent

F) Management of corporate documents:

- Purpose: Management of corporate documents

- Legal basis: Compliance with a legal obligation according to Article 6(1)(c) GDPR

- Categories of personal data: Basic personal data included in corporate documents (i.e., personal data of statutory bodies, persons authorized to act on behalf of the company)

- Retention period: During the existence of the company

G) Communication with individuals who filled out the contact form:

- Purpose: Communication with individuals who filled out the contact form

- Legal basis: Taking steps at the request of the data subject prior to entering into a contract according to Article 6(1)(b) GDPR

- Categories of personal data: Name, e-mail, personal data provided in the message

- Retention period: Until the resolution of the message or the conclusion of the contract

H) Accounting and tax management:

- Purpose: Accounting and tax management

- Legal basis: Compliance with a legal obligation according to Article 6(1)(c) GDPR

- Categories of personal data: All personal data included in accounting and tax documents

- Retention period: 10 years following the year to which the accounting and tax documents relate

I) Conclusion and administration of contractual relationships (customers, service providers):

- Purpose: Conclusion and administration of contractual relationships (customers, service providers)

- Legal basis: Performance of a contract according to Article 6(1)(b) GDPR. Legitimate interest according to Article 6(1)(f) GDPR.

- Categories of personal data: Basic personal data necessary for the conclusion and performance of contracts (personal data of contact persons, statutory representatives, etc.)

- Retention period: 4 years from the termination of the contractual relationship

J) Exercise of data subject rights (requests):

- Purpose: Exercise of data subject rights (requests)

- Legal basis: Compliance with a legal obligation according to Article 6(1)(c) GDPR

- Categories of personal data: Name, surname, address, date of birth, or other data for proper identification of the data subject

- Retention period: 2 years after the request is processed

K) Record of personal data breaches:

- Purpose: Record of personal data breaches

- Legal basis: Compliance with a legal obligation according to Article 6(1)(c) GDPR

- Categories of personal data: Personal data affected by the breach of personal data protection

- Retention period: During the existence of the company

L) Company presentations (i.e., social networks, conferences, photography, and videography):

- Purpose: Company presentations (i.e., social networks, conferences, photography, and videography)

- Legal basis: Legitimate interest according to Article 6(1)(f) GDPR. Consent of the data subject according to Article 6(1)(a) GDPR.

- Categories of personal data: Basic personal data and photograph, video recording, name, surname, position, e-mail, phone number

- Retention period: For the duration of the granted consent or until the withdrawal of consent or the exercise of the objection to data processing

M) Asserting, exercising, and defending legal claims of the company:

- Purpose: Asserting, exercising, and defending legal claims of the company

- Legal basis: Legitimate interest according to Article 6(1)(f) GDPR

- Categories of personal data: Basic personal data

- Retention period: Until the legal claim is lawfully terminated

N) Use of cookies for statistical purposes:

- Purpose: Use of cookies for statistical purposes

- Legal basis: Consent of the data subject according to Article 6(1)(a) GDPR

- Categories of personal data: Basic personal data

- Retention period: Depends on the category of cookies

4. WHAT LEGITIMATE INTERESTS DOES ESTEN UTILIZE?

ESTEN relies on legitimate interests in cases of judicial or extrajudicial disputes or proceedings with public authorities, where ESTEN asserts and proves its legal claims, and in the processing of personal data of contact persons or other persons authorized to act on behalf of legal entities with which ESTEN cooperates.

ESTEN also utilizes legitimate interests to send marketing communications, where consent is not required according to applicable legal regulations, especially to ESTEN's clients or other persons with whom ESTEN has a relevant relationship.

ESTEN also relies on legitimate interests for processing the personal data of data subjects in the conclusion and performance of contractual relationships, where the data subjects are not contracting parties, as well as for external company presentations.

5. DISCLOSURE OF PERSONAL DATA

Processing of personal data by areas:

A) Domain and web hosting

- Service provider: Domain registrar and web hosting provider

- Transfer outside EEA: No

B) Accounting and taxes

- Service provider: Provider of accounting and tax services (Finconsult, s. r. o.)

- Transfer outside EEA: No

C) Marketing

- Service providers: Providers of marketing tools and platforms (LinkedIn, MailJet, Facebook, Google)

- Transfer outside EEA: Yes (USA)

D) Safety and health protection, fire protection, and occupational health services:

- Service provider: Provider of occupational safety and health protection, fire protection, occupational health services

- Transfer outside EEA: No

E) Office (e-mail, cloud):

- Service provider: Microsoft Ireland Operations Limited

- Transfer outside EEA: Yes (USA)

F) Insurance:

- Service provider: Provider of insurance services

- Transfer outside EEA: No

G) Fulfillment of legal obligations:

- Service provider: Public authorities

- Transfer outside EEA: No

6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

In processing personal data at ESTEN, efforts are made to minimize any transfer of personal data outside the European Economic Area (EEA). However, in the course of business activities, ESTEN also uses global service providers who may transfer personal data outside the EEA (as listed in Article 5). In such cases, ESTEN ensures that the conditions of the GDPR for such processing are met and transfers are carried out only based on the existence of a European Commission adequacy decision according to Article 45 GDPR (including the EU-US Data Privacy Framework) or based on standard data protection clauses according to Article 46(2) GDPR.

7. AUTOMATED INDIVIDUAL DECISION-MAKING

In the normal course of business activities, ESTEN does not engage in automated individual decision-making within the meaning of Article 22 GDPR.

8. ACQUISITION OF PERSONAL DATA

ESTEN mainly processes personal data obtained directly from data subjects. However, personal data may also be obtained by ESTEN from publicly available sources or from individuals with whom it collaborates in the course of its business activities.

9. DATA SUBJECT RIGHTS

If ESTEN processes personal data based on your consent, you have the right to withdraw your consent at any time by sending an e-mail to hellou@esten.sk. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Regardless, you have the right to object to processing personal data based on legitimate or public interest, as well as for direct marketing purposes, including profiling.

In addition to the above rights, under conditions set out in the GDPR, you have the right to:

- Request access to personal data concerning you;

- Request correction of incorrect personal data concerning you;

- Request erasure of your personal data;

- Request restriction of processing of your personal data;

- Request data portability;

- Lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, Bratislava, e-mail: dozor@pdp.gov.sk.

10. COOKIES

Cookies are small text files stored on your mobile device or web browser when you browse our website. They allow us to improve website functionality and understand user behavior. We use these basic types of cookies on our website: www.esten.solutions/cookies.

11. CHANGES TO THE PRIVACY POLICY

ESTEN reserves the right to modify and change the Privacy policy.