What is the GDPR Regulation? It is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46 / EC ("regulation"). The regulation introduces a number of new principles in order to strengthen and unify the protection of personal data within the European Union. The implementation of the Regulation in the Slovak legal system is represented by Act no. 18/2018 Coll. On personal data protection. This Information applies to Edenred Slovakia, sro and to Ticket Service, sro (collectively referred to as "Edenred")
What has Edenred done to prepare for the application of the GDPR Regulation? The Edenred Group carried out a project to ensure compliance with the GDPR Regulation, the results of which were approved at board level. On this basis, we conducted a business-to-business review to identify all areas where changes to our current policies and practices are needed to ensure compliance with the GDPR Regulation. He works with legal experts on data protection to ensure the correct interpretation of the new legislation and its application throughout the company. This project leads to the establishment and enshrinement of the principles of liability under the GDPR Regulation in order to fully support our commitment to the protection of all personal information held by Edenred.
• Our parent company Edenred Group SA has appointed a responsible person (Data Protection Officer), who performs supervision with global operations, and locally for the Slovak Republic he is Martin Riegel - contact GDPR.email@example.com.
• The Edenred Group's project to ensure compliance with the GDPR Regulation has been approved by the Board of Directors and is managed by our Information Security and Compliance Officer.
• The Edenred Group identified staff responsible for key areas of expertise regarding the GDPR Regulation.
• The Edenred Group carries out information audits in accordance with the recommendations. In particular, this activity will enable the Edenred Group to ensure that only personal information necessary for the delivery of the service is obtained and that this information is properly processed. • If required, Edenred Group conducts privacy impact assessments.
• The Edenred Group performs updated due diligence in relation to third party suppliers in order to adapt to the standards under the GDPR Regulation.
• If required, Edenred will make changes to software applications and technical changes to support the fulfillment of its obligations under the GDPR Regulation.
• The Edenred Group retrained all employees to familiarize them with the new operating standards and to support the key principles of the GDPR Regulation.
Frequently asked questions Due to the growing number of requests for more detailed information regarding GDPR compliance within our products and services, we are preparing a list of frequently asked questions, which will be published shortly. In the meantime, send your questions electronically to GDPR.firstname.lastname@example.org.
operator The operators are:
Legitimate interests of the operator Edenred's authorized personal data processing groups usually consist of ensuring the security and protection of Edenred's rights, property and premises (including the security of networks and information in IT systems), the use of personal data for direct marketing and promotion of Edenred, and the exercise, enforcement or defense of rights. , legitimate interests and claims of Edenred.
Recipients of personal data Edenred provides or makes available personal data in particular to the following recipients or categories of recipients: • courts, state and local authorities, public institutions, law enforcement agencies, tax authorities, customs and financial authorities, notaries, executors; • Social insurance, health insurance companies, supplementary pension companies; • control and supervisory bodies; • banks, insurance companies, postal companies; • companies within Edenred Group SA • intermediaries who process personal data for Edenred Slovakia, or companies for which Edenred Slovakia processes personal data as an intermediary; • Edenred's contractual partners in connection with the performance of the relevant contract (including the exercise or defense of rights, legitimate interests and claims under the contract); • other persons, bodies or institutions, where the provision of personal data is required by law, or is necessary for the performance of the contract, or is necessary for the legitimate interests of Edenred, or is necessary to protect the vital interests of the data subject or other natural person, or if expressly agreed between Edenred and the person concerned or with the consent of the person concerned.
Transfer of personal data to third countries As part of the processing of personal data, they are not transferred to third countries outside the territory of the European Union or to international organizations.
Rights of the data subject related to the processing of personal data Right of access to data The data subject shall have the right to obtain from the controller a confirmation as to whether personal data concerning him are being processed and, if so, shall have the right to obtain access to such personal data and the additional information resulting from Art. 15 Regulations.
Right to correct data The data subject shall have the right to request that the controller correct his or her incorrect personal data without undue delay and / or that his or her personal data be supplemented.
The right to delete personal data The data subject has the right to request that the controller delete his personal data without undue delay, if the conditions of Art. 14 Regulations (eg the purpose for which the personal data were processed has expired; consent to the processing of personal data has been revoked and there is no other legal basis for the processing of personal data; the data subject objects to the processing of personal data and no legitimate interests in processing prevail; personal data must be deleted in order to comply with a legal obligation; the data were obtained in connection with the offer of information society services addressed directly to the child).
The right to restrict the processing of personal data The data subject has the right to demand restrictions on the processing of his personal data if the conditions of Art. 18 Regulations (eg the data subject challenges the accuracy of personal data; the processing of personal data would be illegal; the controller no longer needs the personal data for processing purposes but needs the data subject to prove, assert or defend legal claims; the data subject objected to the processing of personal data) .
Right to data portability The data subject shall have the right to obtain from the controller personal data which he has provided to the controller, in a structured, commonly used and machine-readable format. The data subject has the right to transfer the personal data thus obtained to another operator without being prevented from doing so by the Edenred Group. Such portability of personal data is possible if the personal data of the data subject have been processed on the basis of consent or under contract and if the processing has been carried out by automated means. Where technically possible, the person concerned shall have the right of direct transmission from one operator to another.
The right to object to the processing of personal data The data subject shall have the right at any time to object to the processing of personal data carried out by the controller for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller or if the processing is carried out in the legitimate interest of the controller or a third party. including objections to related profiling. The data subject also has the right to object to the processing of personal data for the purposes of direct marketing, including profiling, to the extent that it relates to such direct marketing.
The right to withdraw consent to processing If personal data are processed with the consent of the data subject, the data subject shall be entitled to revoke that consent at any time. Revocation of consent shall not affect the lawfulness of the processing of the personal data of the data subject before revocation of such consent.
Exercising rights against Edenred If the data subject decides to exercise any of the above rights against the controller in connection with the processing of his personal data, he may do so in writing at Edenred Slovakia, Tickert Service or electronically at the email address: GDPR.email@example.com.
The right to lodge a complaint to the supervisory authority The data subject has the right to lodge a complaint with the supervisory authority responsible for supervising the processing of personal data. In the territory of the Slovak Republic, this body is the Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 4826/12, 820 07 Bratislava.
Obligation / voluntary provision of personal data If the provision of personal data is a legal requirement, the person concerned is obliged to provide such data to the controller. Where the provision of personal data is a contractual requirement or a requirement necessary for the conclusion of a contract between the data subject and the controller, the provision of personal data shall be voluntary. If the data subject refuses to provide the controller with personal data required by law or personal data necessary for the conclusion and performance of the contract, the controller shall refuse to enter into a contractual relationship with the data subject or provide the data subject with his performance or perform another act, activity or operation. requested by the data subject.
Existence of automated decision making, including profiling The operator does not use decision-making based on automated processing of personal data, including profiling.
Data sources The Operator obtains personal data primarily from the persons concerned, and may also obtain personal data from publicly available sources and registers, or from third parties, in particular in connection with the conclusion or performance of a contract with Edenred or in connection with the exercise of their powers, authorizations or obligations arising from the relevant legislation, decision or contract.
Information on the processing of personal data for business partners:
|Purpose of processing personal data||Legal basis for the processing of personal data||Processing time, resp. retention|
|Evidence of business partners (supplier-customer relations)||The Operator processes your personal data for the purposes of the Operator's legitimate interests. In justified cases, personal data is processed on the basis of performance of the contract.||During the contractual relationship and 5 years after its termination.|
|accounting||Fulfillment of the legal obligation of the Operator arising from legal regulations in the field of bookkeeping of the company, in particular Act no. 431/2002 Coll. On accounting, as amended.||10 years|
|Marketing||The Operator processes your personal data on the basis of a legitimate interest, which consists in the promotion of the Operator and in the interest of informing its clients and the public about its activities.||For the duration of the legitimate interest and for the period during which it is possible to exercise, prove or defend rights and claims of legitimate interest or related to a legitimate interest.|