Privacy Policy
This Privacy Notice explains how Malizblank s. r. o. (referred to as “the Company,” “we,” “us,” or “our”) collects, processes, and protects your personal data. We are committed to transparency, accountability, and upholding your rights under applicable data protection laws.
Who We Are (Data Controller)
The issuer of this Privacy Notice and the Data Controller is:
Malizblank s. r. o.
Registered Seat: Nám. Sv. Imricha 923/21, 943 01 Štúrovo, Slovakia
Company Registration Number: 56728336
Tax Number: SK2122410444
How We Process Your Data
We process personal data for specific, well-defined purposes, always ensuring we have a valid legal basis for doing so. This means we process your data based on:
Your Consent: When you give us clear, affirmative permission for a specific purpose. This can include ticking a box, actively interacting with our website, or continuing a phone call after being informed. Silence, pre-ticked boxes, or inaction do not constitute consent. You can withdraw your consent at any time.
Legal Obligations: When we need to process your data to comply with laws, such as tax and accounting regulations. In these cases, your consent is not required, but we will inform you about the processing.
Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided your fundamental rights and freedoms are not overridden. We conduct a balancing test to ensure your privacy is protected.
Contractual Necessity: When processing is essential to fulfill a contract with you or to take steps at your request before entering into a contract.
Protection of Vital Interests: In rare cases, when processing is necessary to protect someone’s life.
Who Else Processes Your Data (Data Processors and Recipients)
While we handle much of the data processing ourselves, we sometimes rely on external partners who process personal data on our behalf. These data processors act under our instructions. We also share data with certain recipients for specific purposes.
Hosting Provider:
Company Name: Hosting.com
Registered Seat: Europe
Contact: Hosting.com
Website Development:
IT and marketing service provider company. (Specific details depend on the nature and requirements of the activity.)
Invoicing and Payroll Tasks:
Company Name: Shark kzm s.r.o.
Registered Seat: Senný trh 3116/7, 945 01 Komárno, Slovakia
Company Registration Number: 52 363 813
Contact: https://shark-kzm.sk/hu/
Recipients (may also act as data processors depending on the service):
Google LLC: Mountain View, California, USA (Contact: https://mail.google.com/)
Facebook, Inc.: Menlo Park, California, USA (Contact: https://www.facebook.com/)
Stripe, Inc.: 1 Grand Canal Street Lower, Dublin, County Dublin, IE (Contact: https://stripe.com/en-hu)
Zendesk, Inc.: 1019 Market Street, San Francisco, CA 94103, US (Contact: https://www.zendesk.com/)
Tatra banka, a.s.: Hodžovo námestie 3, 811 06 Bratislava 1 (Contact: https://moja.tatrabanka.sk/html-tb/)
PayPal (Európa) S.à r.l. et Cie, S.C.A.: 283, route d’Arlon, L-1150 Luxembourg. (Contact: https://www.paypal.com/)
Specific Data Processing Activities
Below is a detailed overview of how we process personal data in different areas of our operations:
Customer Data Processing
We process various personal data of individuals in contractual relationships with us.
Types of Data: Name, name at birth, date of birth, mother’s name, address, tax identification number, company registration details (for entrepreneurs), identity card numbers, phone number, email address, website address, bank account number, customer number, order number, online identifier, and medical fitness documents (if applicable).
Purposes: Preparing, concluding, performing, or terminating contracts; granting contractual benefits; supporting economic processes; and fulfilling legal obligations.
Legal Basis: Performance of a contract, fulfillment of legal obligations (e.g., accounting, taxation), and legitimate interests.
Retention Period: Generally 8 years after contract termination, considering our long-term business relationships.
Recipients: Company employees involved in customer service, accounting, tax, business, and appointed data processors (e.g., accounting offices, postal/courier services, security agents).
Note: We ensure transparency by informing all parties involved in offers about data processing.
Sending Messages on the Company’s Website
When you send us messages through our website, we process your data based on your explicit consent.
Types of Data: Name (surname, first name), email address, phone number.
Purpose: To enable personalized and optimal functioning of the website and respond to your messages.
Legal Basis: Explicit consent (obtained by actively ticking a consent box, which is never pre-ticked).
Retention Period: 5 years or until you withdraw your consent (request erasure).
Recipients: Our IT data controllers and data processors.
Note: Providing this data is voluntary and not a prerequisite for concluding a contract.
Data Management in the Company’s Webshop
Purchases made in our webshop constitute a contract, and data processing is based on this contractual relationship.
Types of Data: Personal identification data, address, phone number, email address, bank account number, online identifier, delivery address, and details of service usage.
Purposes: Creating, defining content, amending, and monitoring the performance of the contract; invoicing fees; enforcing claims; and billing for service usage.
Legal Basis: Performance of a contract.
Retention Period: Until registration/service is completed or consent is withdrawn. For purchases, data is retained until the end of the 5th year following the year of purchase.
Recipients: Employees involved in customer service, money management, transport, marketing, tax and accounting, and IT service providers for hosting.
Note: Our Privacy Policy is always available via a link in the webshop, and your explicit acceptance is required for purchases.
Data Management on Social Media (Facebook, Instagram)
We maintain a presence on social media platforms like Facebook and Instagram. While our influence on the platform’s overall data processing is limited, we aim to align with data protection principles.
Types of Data: Information related to your interaction with our pages (e.g., likes, follows, comments).
Purposes: Providing updates and news, advertising, and promoting our services.
Legal Basis: Your voluntary consent (implied when you like, follow, or comment on our page/posts).
Retention Period: Subject to your preferences and settings on the social media platform. You can “dislike” or “unfollow” our pages to stop receiving updates.
Recipients: Our employees involved in customer service and marketing, as well as our IT service provider.
Note: You must be over 16 years old to interact with our pages; if younger, consent from a legal representative is required. Providing data is voluntary but may affect your ability to receive news from us. For detailed privacy policies, refer to Facebook’s (https://www.facebook.com/privacy/explanation/) and Instagram’s (https://help.instagram.com/519522125107875).
Recruitment Data, Applications, CVs
When you apply for a position with us, we process your personal data for recruitment purposes.
Types of Data: Name, date and place of birth, mother’s name, address, qualifications, photograph, telephone number, email address, and any employer’s records (if applicable).
Purposes: Managing applications, assessing suitability, and potentially concluding an employment contract.
Legal Basis: Your consent, given when you send your application. Withdrawing consent means we cannot consider you for the position.
Retention Period: Until the application is assessed, with a maximum duration of 2 years. Data of unsuccessful applicants, or those who withdraw their applications, will be deleted.
Recipients: Managers and employees responsible for labor-related tasks and exercising employer rights.
Tax and Accounting Obligations
We process personal data to fulfill our legal obligations related to tax and accounting.
Types of Data: Name, address, transaction details (e.g., ordering person, certifier, recipient/payer signatures), tax identification number. For driver’s logbooks: driver’s name, vehicle type, registration number, journey details (date, purpose, route, business partner). For payer authentication: natural person identification data (including previous name and title), gender, nationality, tax identification number, social security number. Data related to health and trade union membership may be processed if tax laws impose a legal consequence.
Purposes: Bookkeeping, taxation, cost accounting, supporting documents, tax assessment, fuel saving, and fulfilling legal obligations as a paying agent (e.g., tax, contributions, payroll, social security, pension administration).
Legal Basis: Fulfillment of legal obligations (e.g., Act of 2000 on Accounting, Act CXVII of 1995 on Personal Income Tax, Act 2017: on the Order of Taxation (Art.)).
Retention Period: Generally 8 years after the termination of the legal relationship giving rise to the obligation.
Recipients: Employees and data processors involved in tax, accounting, payroll, and social security.
Processing Documents of Lasting Value (Archives Act)
We process documents of permanent value to comply with the Archives Act.
Purpose: To preserve the integrity and usability of our archival material for the future.
Legal Basis: Fulfillment of legal obligations (Act LXVI of 1995 on public records, public archives, and the protection of private archival material – Archives Act).
Retention Period: Until transfer to public archives.
Recipients: The head of the Company, employees responsible for records management and archiving, and employees of public archives.
Cookie Policy on the Company’s Website
Our website uses cookies to enhance your online experience.
What are Cookies? Small text files stored on your computer or phone that contain data about your website visits and preferences. They do not contain personal user data.
Purpose: To improve your internet experience and store personal preferences.
Legal Basis: Your freely given consent. If you do not consent, access to the website may be interrupted.
Types of Data: Analytical information (devoid of names or other personal identifiers).
Retention Period: You can delete cookies from your device at any time.
Your Rights as a Data Subject
Under the General Data Protection Regulation (GDPR), you have significant rights regarding your personal data:
Right to Information and Access (Articles 13 & 14): You have the right to be informed about the collection and use of your personal data.
Right of Access (Article 15): You can request a copy of the personal data we hold about you.
Right to Rectification (Article 16): You can ask us to correct inaccurate or incomplete personal data.
Right to Erasure (‘Right to be Forgotten’ – Article 17): You can request the deletion of your personal data in certain circumstances.
Right to Restriction of Processing (Article 18): You can request that we limit the way we use your personal data.
Right to Data Portability (Article 20): You can receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit it to another controller.
Right to Object (Article 21): You can object to the processing of your personal data in certain situations.
Right to Not Be Subject to Automated Individual Decision-Making, Including Profiling (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to Remedies (Articles 77-82): You have the right to lodge a complaint with a supervisory authority and seek judicial remedies.
To exercise any of these rights, please send an email to the address specified in the relevant section (likely in Chapter IV, but not explicitly stated in the provided text).
Right to Lodge a Complaint with a Supervisory Authority
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. This can be done in the Member State of your habitual residence, place of work, or the place of the alleged infringement.
Contact of the Supervisory Authority in Slovakia:
Office for Personal Data Protection of the Slovak Republic
(Úrad Na Ochranu Osobných Údajov)
Hraničná 12
820 07 Bratislava 27
Slovakia
Tel: + 421 2 32 31 32 14
Fax: + 421 2 32 31 32 34
Email: statny.dozor@pdp.gov.sk
Website: http://www.dataprotection.gov.sk/
This Privacy Notice was last updated on November 10th, 2024, in Slovakia.