We value your trust in providing us with your personal data. We are committed to protecting your personal data. In this document, we explain how we process your personal data, how you can contact us, and provide you with important information regarding such processing. When processing your personal data, we comply with applicable laws, in particular Act No. 18/2018 Coll. on the protection of personal data, as amended (hereinafter referred to as the "Act") and Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter referred to as the "GDPR").
Controller
We are the controller for the processing of your personal data:
Technická univerzita v Košiciach
Letná 1/9, 042 00 Košice-Sever, SR
company ID: 00 397 610
Email: dev.ekf@tuke.sk
Data Protection Officer
The Controller has appointed a Data Protection Officer. The Data Protection Officer may be contacted regarding any questions concerning the processing of personal data and the exercise of data subject rights at:
Email: zodpovedna.osoba@tuke.sk
tel.: +421 55 602 2137
Categories of personal data
We process the following categories of personal data about you:
| Category of data | Examples |
|---|---|
| Identification data | name, surname, user ID |
| Contact data | email address |
| Technical data | IP address, login logs, device/browser information, time stamps |
| Communication data | content of user support requests and related correspondence |
Purpose and legal basis for the processing of personal data
Mutual communication: If you contact us through any communication channel, we process your personal data for the purpose of handling and responding to your inquiry. The legal basis is Article 6(1)(f) GDPR where we rely on our legitimate interest in responding to inquiries, documenting communication and ensuring the quality and security of our services.
Proper functioning of the website: We process technical data, such as IP address, server logs, browser/device information and time stamps, to ensure the proper functioning, security and availability of the website. The legal basis is our legitimate interest under Article 6(1)(f) GDPR, consisting in ensuring the secure and reliable operation of our services.
Data retention period
Technical logs processed for security and operational purposes are retained for 6 months, unless a longer retention period is necessary to investigate a security incident or protect legal claims.
Communication data are retained for 12 months after the communication is completed, unless further retention is necessary for the establishment, exercise or defence of legal claims.
Where personal data are processed based on consent, they are retained for the period specified in the consent or until the consent is withdrawn, unless another legal basis for further processing applies.
Necessity of providing personal data
If the provision of personal data is a legal or contractual requirement, or necessary to enter into a contract, the data subject is required to provide it. Otherwise, the purpose of processing that the controller intended to carry out in the event of the provision of personal data cannot be fulfilled.
Provision and disclosure of your personal data
We may also generally disclose and/or provide your personal data to other entities such as state administration and public authorities for the purposes of control and supervision (e.g., labor inspectorate), courts, law enforcement authorities, accountants, auditors, lawyers, IT system and support providers, private security services, other external expert advisors, and other entities (legal entities/natural persons) that provide us with products and services. We are responsible for the proper protection of your personal data that is provided and/or made available to other entities acting as processors. The current list of specific recipients of personal data can be provided upon request via our email address.
The transfer of personal data to third countries or to an international organization
The Controller does not transfer and does not intend to transfer personal data to third countries or international organisations.
Automated individual decision-making
No automated decision-making is performed when processing personal data for the purposes specified above.
Profiling
No profiling is carried out when processing personal data for the purposes set out above.
Rights of the data subject in relation to the processing of personal data
As a data subject, you have the following rights:
Right of access by the data subject
In particular, you have the right to know what data we process about you, for what purpose, for how long, where we obtain your personal data, to whom we provide it, who else processes it besides us, and what other rights you have in relation to the processing of your personal data. However, if you are unsure what personal data we process about you, you can ask us to confirm whether or not we process personal data relating to you, and if so, you have the right to access this personal data and additional information under Article 15 of the GDPR or Section 21 of the Act. As part of your right of access, you may request a copy of the personal data being processed, with the first copy provided free of charge and subsequent copies subject to a fee. However, the rights of third parties may not be restricted by this.
Right to rectification
Personal data must be accurate and up-to-date. If you find that the personal data we process about you is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay. By exercising this right, you help us keep your personal data accurate and up to date.
Right to erasure (right to be forgotten)
In some cases, you have the right to have your personal data erased if the conditions of Article 17 of the GDPR or Section 23 of the Act are met. We will erase your personal data without undue delay if one of the following reasons applies:
- We no longer need your personal data for the purposes for which we processed it;
- you withdraw your consent to the processing of personal data, where your consent is necessary for the processing of such data, and we have no other basis or reason for further processing;
- you exercise your right to object to the processing of personal data that we process on the basis of our legitimate interests, and we find that there are no longer any such legitimate reasons on our part that outweigh your legitimate reasons;
- we find that we have processed your personal data unlawfully.
Right to restriction of processing
In some cases, in addition to the right to erasure, you may exercise the right to restrict the processing of personal data if the conditions of Article 18 of the GDPR or Section 24 of the Act are met. This right allows you, in certain cases, to request that your personal data be marked and that this data not be subject to any further processing operations - in this case, however, not forever (as in the case of the right to erasure), but only for a limited period. We must restrict the processing of personal data when:
- you contest the accuracy of your personal data, during a period enabling us to verify the accuracy of your personal data;
- we process your personal data unlawfully, but you prefer to restrict such data rather than erase it;
- We no longer need your personal data for the aforementioned processing purposes, but you require it to establish, exercise, or defend your legal claims, or
- you object to the processing, for a period during which we determine whether your objection is justified.
Right to data portability
You have the right to obtain from us the personal data you have provided to us in a structured, commonly used, and machine-readable format. You have the right to transmit the personal data obtained in this way to another controller without our hindering you from doing so. Such portability of personal data is possible if your personal data has been processed based on consent or a contract and if the processing has been carried out by automated means. If technically feasible, you have the right to direct transfer from one controller (us) to another controller.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data that we carry out for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, or where the processing is based on our legitimate interest or that of a third party, including profiling related to it. You also have the right to object to the processing of personal data for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing.
Right to withdraw consent
If your personal data is processed based on consent, you, as the data subject, are entitled to withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of this consent.
Exercise of rights
You may exercise your rights by contacting us at zodpovedna.osoba@tuke.sk or in writing at the Controller’s registered office.
We will respond to your request regarding the processing of personal data without undue delay, in any case within one month of its receipt. In special cases, the deadline may be extended by a further two months, but in any case, we will inform you of the reasons for the extension within one month of receiving your request. The information is provided free of charge. However, if your requests are unreasonable or repetitive, we may charge a reasonable administrative fee for processing them.
The right to lodge a complaint with the competent supervisory authority
You have the right to lodge a complaint with the competent supervisory authority for the supervision of personal data processing. In the Slovak Republic, this authority is the Office for Personal Data Protection, https://dataprotection.gov.sk/en/, Námestie 1. mája 18, 811 06 Bratislava; phone number: +421 2 32 31 32 14; E-mail: statny.dozor@pdp.gov.sk
Security of personal data
To secure your personal data, we have taken appropriate measures to protect it in light of current technical developments, in particular to prevent its leakage, misuse, or destruction.
These measures are detailed and defined in the company's internal regulations, and every employee who comes into contact with personal data is required to familiarize themselves with and comply with them.
If we provide and/or make personal data available to a third party that provides services necessary to fulfill any of the purposes of personal data processing, such third party, in its capacity as a processor, shall also have taken appropriate measures to protect the confidentiality, integrity, and security of personal data.
Contact
For general questions, please contact us at dev.ekf@tuke.sk. For questions concerning personal data protection, please contact the Data Protection Officer at zodpovedna.osoba@tuke.sk.