DECLARATION OF THE DATA CONTROLLER ON THE PROCESSING OF PERSONAL DATA
The Controller, the company CROTRADING s.r.o., seated at Levočská 109, Prešov, 080 01, C. REG ID: 46386777 (hereinafter the „Data Controller“), in order to ensure the protection of the rights of data subjects, has adopted appropriate technical and organizational measures which declare the lawful processing of personal data. Furthermore, the Controller has implemented a transparent system for recording security incidents and any questions from the data subject as well as from other persons.
The Data Subject may also obtain individual information by telephone at: +421 918 808 889, email: info@heyus.com, or in person at the address: Levočská 109, Prešov, 080 01, or at the Controller’s website: https://heyus.com/personal-data-protection/
Below we provide information on the processing and protection of personal data in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) and Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplements to certain acts (hereinafter referred to as the “Personal Data Protection Act”).
1. Controller
CROTRADING s.r.o.
Levočská 109 Prešov, 080 01
C. Reg. ID: 46386777
We process your data for our own purposes as the Data Controller. This means that we determine the purposes for which we collect your personal data, determine the means of processing, and we are responsible for their proper execution.
2. List of our processors and recipients who process your personal data
In certain cases, the Data Controller may also process the personal data of Data Subjects through processors who are authorized to process personal data in accordance with Article 28 of the GDPR.
Data Processors process the personal data of Data Subjects on behalf of the Data Controller. The processing of personal data by a Data Processor shall not adversely affect the exercise and enforcement of the Data Subject’s rights. The Data Controller shall only use Data Processors which have adequate technical, organizational and other measures in place to ensure that the processing complies with the requirements of the GDPR and that the protection of the Data Subject’s rights is fully ensured.
The Data Controller uses the following categories of Data Processors when processing the personal data of Data Subjects:
The Data Controller uses the following categories of recipients when processing the personal data of the Data Subjects:
3. Purpose of Personal Data Processing
On behalf of the company CROTRADING s.r.o. as the Data Controller, we only collect the data from you that we actually need to provide you with a comprehensive service in the field of car service, purchase and sale of motor vehicles. The purposes of the processing of personal data for each procedural step are:
4. List of Personal Data Processed
– Name
– E-mail address
– Phone number
– E-mail address
– Name and surname
– E-mail address
– Phone number
5. Period of processing and storage of your personal data
Your personal data that we have processed or are processing within the meaning of Article 6 par. 1, letter b) of the GDPR Regulation – in order to fulfill the obligations of the Data Controller, the company CROTRADING s.r.o., towards customers and clients, we further process in order to fulfill our legal obligations in the field of taxes and accounting, which are based on generally binding legal regulations (e.g. We must keep individual accounting records of your confirmed orders and invoicing for the purpose of delivering goods selected to your contact address in accordance with Act No. 431/2002 Coll. on Accounting as amended, for the purpose of proving compliance with tax obligations in accordance with tax legislation Act No. 595/2003 Coll. on Income Tax, Act No. 563/2009 Coll. on Tax Administration, etc.), for the period of time stipulated by the relevant legislation. However, in any case, we are guided by the principle of minimizing the retention of personal data within the meaning of Article 5 par. 1, letter e) of the GDPR Regulation and therefore your personal data that is not subject to archiving under specific legislation will be deleted or anonymised.
Personal data processed in accordance with Article 6 par. 1), letter a) of the GDPR Regulation – based on your consent to the processing of personal data for the purpose of creating and maintaining a user account or for the purpose of mailing current marketing newsletters, we process the data for a period of 3 years or until the consent is withdrawn. In case of expiration of the data processing period, we will contact you in writing or by an e-mail, where it is possible to renew and extend the consent to the processing of your personal data for the defined purpose for the next processing period. If you do not consent to the renewal and extension of the processing period or do not respond to the contact, we will no longer process your personal data – i.e. we will automatically remove the data from the records, delete the electronic data technically from the systems and physically shred the data.
Personal data processed in accordance with Article 6 par. 1), letter f) of the GDPR Regulation – based on legitimate interest, which was obtained in response to an inquiry/suggestion or question submitted by you regarding the services provided and products delivered, where it was necessary to verify the relevance of the request or to carry out any subsequent contact of the client/Data Subject, after which it was not subsequently forwarded to the pre-contractual or contractual relationship, is immediately deleted.
As the Data Controller, we will ensure the erasure of personal data without undue delay after:
In any case, we do not systematically process further any personal data collected incidentally for any purpose defined by us. Where possible, we shall inform the Data Subject to whom the accidentally obtained personal data belong of their accidental acquisition and, depending on the nature of the case, we shall provide him or her with the necessary cooperation to regain control over his or her personal data. Immediately after these necessary actions to resolve the situation, we shall immediately dispose of all accidentally obtained personal data in a secure manner.
Should you desire further information about the specific retention period of your personal data, please contact us using the contact details provided.
6. Disclosure of data
In any case, our company does not disclose the collected data.
7. Cross-border transfer of personal data
Cross-border transfer of personal data does not take place.
8. Rights and obligations of the Data Subject
We will endeavor to reply as soon as possible, but shall always reply to you within 30 days of receipt of your request at the latest. The applicable legislation and the GDPR Regulation or the Act provides you with in particular the following:
Right of Access – You have the right to request confirmation from us as to whether your personal data is being processed and, if so, to obtain a copy of that data and additional information pursuant to Article 15 of the Regulation or Article 21 of the Act. Where we collect a large amount of data about you, we may require you to specify the range of specific data we process about you.
Right to Correction – In order to ensure that we only process personal data about you that is up-to-date at all times, we need you to notify us of any changes as soon as they occur. If we process incorrect data about you, you have the right to request its correction.
Right to Erasure – If the conditions of Article 14 of the Regulation or Article 23 of the Act are met, you may request the erasure of your personal data. Therefore, you can request erasure if, for example, you have withdrawn your consent to the processing of your personal data and there is no other legal basis for the processing, or if we are processing your personal data unlawfully, or if the purpose for which we processed your personal data has ceased to exist and we are not processing it for another compatible purpose. However, we will not delete your data if it is necessary for proving, exercising or defending legal claims.
Right to Restriction of Processing – If the conditions of Article 18 of the Regulation or Article 24 of the Act are met, you can request us to restrict the processing of your personal data. Therefore, you can request a restriction, for example, while you object to the accuracy of the data processed or if the processing is unlawful and you do not want us to delete the data but need the processing to be restricted while you exercise your rights. We will continue to process your data if there are grounds for proving, exercising or defending legal claims.
Right to Portability – If the processing is based on your consent or carried out for the fulfillment of a contract concluded with you and at the same time carried out by automated means, you have the right to receive from us your personal data that we have collected from you in a commonly used machine-readable format. If you so wish and it is technically feasible, we will transfer your personal data directly to another Data Controller. This right will not apply to processing carried out for the fulfillment of a task carried out in the public interest or in the exercise of official authority
Right to Object to Processing – If we process your personal data for the fulfillment of a task carried out in the public interest or in the exercise of official authority vested in us, or if the processing is carried out pursuant to our legitimate interests or the legitimate interests of a third party, you have the right to object to such processing. Upon your objection, we will restrict the processing of your personal data and, unless we can demonstrate compelling legitimate grounds for processing which prevail over your interests, rights and freedoms or for the establishment, exercise or defense of legal claims, we will no longer process your personal data and will delete your personal data. You have the right to object at any time to the processing of personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. Once you have lodged an objection, we will no longer process your personal data for this purpose.
Right to Lodge a Complaint – If you consider that the processing of your personal data is in breach of the Regulation or the Act, you have the right to lodge a complaint with one of the competent supervisory authorities, in particular in the Member State of your habitual residence, place of work or place of the alleged breach. For the territory of the Slovak Republic, the supervisory authority is the Office for Personal Data Protection, with registered office at Hraničná 4826/12, 820 07 Bratislava, Slovak Republic, website: www.dataprotection.gov.sk, tel.: +421 /2/ 3231 3220.
Right to Withdraw Consent – If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the processing already completed. If at any later time you decide that you wish from us to resume receiving sales and marketing offers about our products and services, you may renew your withdrawn consent (or lodged objection) at any time by using any of the contact methods set out above.
9. Contact details of the Office and of the person responsible
Office for Personal Data Protection of the Slovak Republic
Address:
Hraničná 12
820 07, Bratislava 27
Slovak Republic
C. Reg. ID: 36 064 220
Registry:
Monday – Thursday: 8:00 – 15:00
Friday: 8:00 – 14:00
Phone consultations on data protection:
Monday – Thursday: from 8:00 to 12:00 +421 2 323 132 20
Office of the President’s Secretariat +421 2 323 132 11
Secretariat of the Office: +421 2 323 132 14
Fax: +421 2 323 132 34
Spokesperson:
Cell phone: 0910 985 794
e-mail: hovorca@pdp.gov.sk
E-mail:
a) general affairs: dozor@pdp.gov.sk
b) for the provision of information pursuant to Act No. 211/2000 Coll.: info@pdp.gov.sk
c) website: webmaster@pdp.gov.sk
d) Use the online form for submitting requests for information pursuant to Act No. 211/2000 Coll. on free access to information.
e) the email address through which the Office will provide you with advice on personal data protection. It is intended for children, young people, students, teachers, parents who suspect that their personal data has been misused: ochrana@pdp.gov.sk
You can find a template for opening a personal data protection procedure on the website of the Office (https://dataprotection.gov.sk/uoou/sk/content/konanie-o-ochrane-osobnych-udajov).
10. Website security
The website www.heyus.com uses an encrypted SSL connection for any user connection and transmission of any data, which prevents third parties from accessing the transmitted data while it is being transmitted across the Internet and preventing third parties from altering such data. The Data Controller’s databases containing personal data are protected by encryption and non-public access data in accordance with state-of-the-art technical standards.
CROTRADING s.r.o.
Levočská 109, Prešov
Slovakia
VAT no: SK 202 335 1385
ID: 46 386 777
Phone: +421 918 808 889
E-mail: info@heyus.com
Subscribe to our newsletter and stay in touch with us.
You have successfully joined our subscriber list.
CROTRADING s.r.o.
Levočská 109, Prešov
Slovakia
VAT no: SK 202 335 1385
ID: 46 386 777
Phone: +421 918 808 889
E-mail: info@heyus.com
Subscribe to our newsletter and stay in touch with us.
You have successfully joined our subscriber list.
Ⓒ Copyright HEYUS, All rights reserved. Personal data protection.
Cookie | Duration | Description |
---|---|---|
_gat | 1 minute | This cookie is installed by Google Universal Analytics to limit the number of requests and thus collect data on high-traffic sites. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie installed by Google Analytics counts visitor, session, and campaign data and also tracks page usage for site analytics. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors. |
_gcl_au | 3 months | Provides Google Tag Manager to experiment with the advertising performance of websites that use their services. |
_gid | 1 day | The _gid cookie installed by Google Analytics stores information about how visitors use the website, while generating an analytics report on the website's performance. Some of the data collected includes the number of visitors, their source, and the sites they visit anonymously. |
Cookie | Duration | Description |
---|---|---|
_fbp | 3 months | This cookie sets Facebook to display ads on Facebook or on a digital platform based on advertising on Facebook after a visit to the website. |
_ir | session | This is a Pinterest cookie that collects information about visitor behavior on multiple websites. This information is used on the website to optimize the relevance of the ad. |
fr | 3 months | Facebook sets this cookie to show users relevant ads by tracking user behavior on the web, on pages that have a Facebook pixel or a Facebook social plug-i |
test_cookie | 15 minutes | Test_cookie is set by doubleclick.net and is used to determine if a user's browser supports cookies. |