Privacy policy
1. Who processes your personal data in connection with provision of Huglo, Foaf, Verejnedata.sk and Softygon application services?
Personal data is processed by Foaf, s.r.o., with registered office at Pribinova 30, 821 09 Bratislava – Ružinov city borough, company ID No: 36 774 421, registered in the Commercial Register of the Municipal Court Bratislava III, Section Sro, File No. 45838/B, which is a provider of information society services via the Trovi and Huglo applications (hereinafter also referred to as „Huglo“ or „Trovi“ or „Foaf“ or „Softygon“ or „Verejnedata.sk“ depending on which application it is, or also „we“).
2. What is our position under the GDPR when processing your personal data?
We process personal data uploaded to Trovi, Huglo, Foaf, or Softygon application as the Controller for our own personal data processing purposes, but also as the Processor for our corporate customers who use some of the functionalities and services of these applications as controllers in pursuit of their own personal data processing purposes, while our Trovi and Huglo applications also work on the basis of technical integration with publicly available data and the reports generated therefrom, which are also generated by www.verejnedata.sk with help of our integration and synchronisation tool Softygon. If our customers use directly the services provided via the Softygon platform (www.softygon.com) to connect and synchronise data of their own systems with external systems, we will process personal data as the Processor.
Where Trovi, Huglo, Softygon or Foaf processes data on behalf of our customers, we are obliged to comply with the data processing contract concluded pursuant to Article 28 (3) of the GDPR, which determines the scope and conditions of such processing, and as the Processor we are not obliged to inform the data subjects of processing of their personal data. This should be done by our customers as controllers, and we want to help them to do this with the content of this document.
In fulfilling our information obligations, we therefore clearly distinguish between these situations and place emphasis on the proper fulfilment of our own information obligations to data subjects under Articles 13 and 14 of the GDPR whose personal data we process as the Controller.
V prípade, keď v Trovi, Huglo, Softygon alebo Foaf spracúvame dáta v mene našich zákazníkov sme zaviazaní dodržiavať zmluvu o spracúvaní osobných údajov uzatvorenú podľa čl. 28 ods. 3 GDPR, ktorá nám určuje rozsah a podmienky takéhoto spracúvania, pričom ako sprostredkovateľ nie sme povinný informovať dotknuté osoby o spracúvaní ich osobných údajov. Toto by mali vykonať naši zákazníci ako prevádzkovatelia, pričom my im k tomu obsahom tohto dokumentu chceme pomáhať.
Pri plnení našich informačných povinností preto zreteľne odlišujeme tieto situácie a kladieme dôraz na riadne splnenie našich vlastných informačných povinností, ktoré nám vznikajú voči dotknutým osobám podľa čl. 13 a čl. 14 GDPR, ktorých osobné údaje spracúvame ako prevádzkovateľ.
3. When do we process personal data as the Processor?
If you, as our customer, use the following services and functionalities when using our applications, we will be in the position of the Processor. Specifically, these are the following services:
use of invoicing tools to analyse documents, issue and manage invoices
displaying accounting documents and reports in Huglo reports that have been imported from source accounting systems;
integrating and facilitating data transfers between various invoicing and accounting systems used by third parties (e.g. personal accountants) and our applications;
use of the Softygon platform for data integration and synchronisation between customer and external systems;
provision of analytical and consulting BI (Business Intelligence) services due to creation of various reports, dashboards, relationship diagrams, links between persons and companies, economic results of entrepreneurs, debts, profit and loss statements, data conversions from public sources (open data) for needs and support of decision-making and planning processes of our customers in various areas of their business management, including use of AI technology, mainly through paid services provided through Foaf and Verejnedata.sk;
use of the “Payroll” module for payroll and HR services or consultancy;
use of the “Personalization of Documents” module allowing you to create your company documents in the selected design and with a personalized logo and signature;
filling out and submitting forms for qualified electronic signature service providers, which will allow you to easily request and obtain the necessary certified means of the highest level of trust for creation of electronic signatures for your company’s needs;
filling out and submitting forms to reach specific professional business advisors, consultants, attorneys, tax advisors and accountants based on their profiles and services displayed in the application;
use of the “Accounting” module for provision of accounting services;
use of the “Invoicing” module, which enables the issuance of invoices with QR codes for payment;
use of the “Register of Companies” module, which enables automatic completion of data relating to companies on the basis of entering their business name or company ID number;
use of the “Orders and Quotations” module, which enables registration and overview of incoming orders and prepared quotations;
use of the “Costs” module, which allows you to keep track of your company’s costs;
use the “Projects and Hours Reporting” module to track the hours worked by your team members on specific tasks and projects.
In cases where Huglo or Trovi enables you to obtain a discounted financial product (e.g. insurance, leasing, etc.) and possibly other services (accounting, legal) by being able to offer it to you as a bound financial agent of a financial institution with which we will cooperate, we will also act as the Processor within the meaning of the GDPR of such financial institution for the related processing of personal data, providing you with more detailed information on the personal data protection that has been adopted in the terms and conditions of the respective financial institution.
4. When do we process personal data as the Controller?
If you use the following services and functionalities of our applications as a registered user, we will process your personal data as the Controller:
filling out and submitting forms for financial intermediation service providers, or independent financial agents, factoring, leasing, and banking service providers to provide their providers with a qualified tip that you are seriously interested in the specific financial services you need for your company;
filling out and submitting forms for qualified electronic signature service providers, which will allow you to easily request and obtain the necessary certified means of the highest level of trust for creation of electronic signatures for your company’s needs;
filling out and submitting forms to reach out to specific professional business advisors, consultants, attorneys, tax advisors and accountants based on their profiles and service overviews displayed in Huglo application;
when using the crowdfunding platform integrated into the Huglo application;
use of the “Open Banking” module, which allows you to connect your corporate account held at the bank Tatra banka with the Trovi application via Tatrabanka’s API, through which you can subsequently perform payment services and have an overview of transactions on your corporate account also in Trovi, while we provide you with payment services as a TPP (Third Party Payment Provider), also as an Account Information Service Provider (AISP) and as a Payment Initiation Service Provider (PISP);
use of other banking API integrations that allow our applications to provide payment services in cooperation with other commercial banks;
by providing completed registration forms sent from Trovi application,use of the “Legal Services” module which allows you to request cooperating law firms to provide a targeted and fixed-price legal service or to prepare a quotation for more complex cases;
use of the “Financing the Purchase of Equipment” module will allow you to apply for advantageous financing of your business needs through provision of filled-in registration forms sent to the leasing service provider.
5. For what purposes and on what legal basis do we process personal data in our applications as the Controller ?
Purpose of the personal data processing | Legal Basis | | |
1. | | Legitimate interest under Article 6(1)(f) of the GDPR and, in support | The Controller will provide its paying customers using the information In particular, personal data will be processed, for example, in 1) Provision of payment services within the framework of open banking API 2) Provision of analytical and statistical business intelligence (BI) 3) Provision of crowdfunding funding for specific projects and business 4) Provision of quick and convenient links to various third parties, which |
2. | Fulfilment of Legal Obligations | Compliance with the legal obligations under Article 6(1)(c) of the GDPR | As the Controller, we often have to process personal data also in connection |
3. | | Compliance with the legal obligations under Article 6(1)(c) of the GDPR | As the Controller, we have an obligation under the GDPR to ensure an |
4. | | Legitimate interest pursuant to Article 6(1)(b) of the GDPR | As the Controller, we may also process personal data in the context of |
5. | | Legitimate interest pursuant to Article 6(1)(b) of the GDPR | When we provide service and technical support to customers by phone, email |
6. | Marketing and PR Purposes | Consent pursuant to Article 6(1)(a) of the GDPR or legitimate interest | As the Controller, we will process personal data for this purpose if we Personal data will also be processed if we send you our marketing |
7. | Legal and Contractual Purposes | Legitimate interest pursuant to Article 6(1)(b) of the GDPR | Depending on nature of the transaction and the terms of the business As the Controller, we also process personal data that is necessary for |
8. | Statistical Purposes | Legal bases for the above compatible purposes based on Recital 50 and | In accordance with the terms of Article 89 of the GDPR, we process personal |
6. What legitimate interests do we pursue in processing your personal data?
In order to achieve the above purposes of processing personal data, we as the Controller rely on the following legitimate interests in terms of the legal basis:
provision of information society services through Huglo, Trovi and Foaf application, consisting mainly of:
Provision of payment services within the open banking API integration built into Trovi or Huglo application;
Provision of analytical and statistical business intelligence (BI) services that are able to prepare reports on social links and other important statistical indicators related to specific entrepreneurs in Huglo, Trovi and Foaf applications, which we make available and create on the basis of publicly available data (so called open data);
Provision of crowdfunding funding for specific projects and business plans, enabling our customers to get involved through Trovi or Huglo applications;
Provision of quick and convenient links to various third parties, which is directly related to providing tips to our business partners for establishing new business relationships between the third party and the user of Huglo, Trovi and Foaf, or more efficient data exchange with the customer’s accountants;
obtaining, calculating, proving and claiming commissions for providing tips to business partners;
proving, exercising and defending the rights and legal claims of the Controller;
conclusion and performance of a variety of contractual relationships where the data subject is not a party to the contract, but his/her personal data is necessary for proper conclusion, adjustment or performance of such contract;
direct marketing communication of similar goods and services to existing customers;
raising awareness of Huglo, Trovi, Softygon and Foaf applications on social networks in the public space;
development, improvement and testing of applications;
provision of technical support and customer care.
7. Do you have a Data Protection Officer (DPO) and how can we contact him/her?
Yes, for Trovi and Huglo applications we have a designated responsible person, or DPO, whose current contact details are always communicated to the Office for Protection of Personal Data. Data subjects or any person can contact our DPO directly using these contact details:
E-mail: dpo@foaf.sk
Correspondence address: Responsible person (DPO), Pribinova 30 Bratislava – Ružinov 821 09 Bratislava.
8. Who do we provide your personal data to?
We take the confidentiality of your personal data very seriously and have put policies in place to ensure that your data is only shared with authorized individuals working with Trovi and Huglo or with a verified third party. Our employees and internal users may have access to your personal data on a need-to-know basis, which is usually limited by function, role and user role. We also use subcontractors to help us provide our services and these subcontractors may process your personal data for us. We ensure that selection of our subcontractors and the processing of personal data by our subcontractors comply with the GDPR. Depending on the purpose of processing, recipients of your personal data are divided in the following categories:
providers of accounting and invoicing services;
shipping, courier and postage companies;
professional business advisors;
factoring companies;
leasing companies;
collection companies;
public registers of creditors;
qualified trusted electronic signature service providers;
auditors and tax advisers;
independent and bound financial agents or financial intermediaries;
distrainors, notaries public, courts, lawyers, translators;
providers of standard software;
providers of technical support, development and administration of IT systems and applications;
providers of data analysis, processing and storage tools;
cloud or web hosting providers;
web analytics providers, including preparation of statistical data, fraud detection, advertising targeting, segmentation and profiling of web visitors;
IT security service providers;
entities to whom you consent to the storage of cookies by using a cookie bar when you visit our website, which may result in tracking of your behaviour and personalised advertising targeting;
marketing and PR agencies;
health insurance companies, pension management companies and social insurance companies in case of our employees, including those working under agreements on performance of work outside the employment relationship;
service providers for sending the newsletter;
social network operators;
banks and recipients of payments made through our applications;
text message payment service providers;
external contractors of Foaf, Huglo and Trovi applications.
9. To which third countries (outside the EU) do we transfer your personal data?
As a standard, we try to limit any cross-border transfers of personal data to third countries outside the EU or the European Economic Area, so if it is not necessary for us to do so, we do not do it. However, some of our sub-suppliers or recipients of personal data listed above may be established or may be under the jurisdiction of the authorities and laws of a third country which does not provide an adequate level of protection or their servers may be located in such third country.
As a result of using the services of certain recipients of personal data, cross-border transfers of personal data may be carried out to the United States of America (U.S.), which is not considered by the European Commission to be a third country that ensures an adequate level of personal data protection.
Specifically, we have a cross-border transfer of personal data to the United States of America (U.S.) in the context of use of the services of various recipients of personal data, mainly from the category of: i) social network operators (Meta Platforms.), ii) security services (Cloudflare), iv) web analytics and SDK implementation in websites (Meta, Google), v) statistical analysis providers (Google), vi) cloud service and software (SaaS) providers (e.g., AWS, Attlassian, Dropbox, Slack ), vii) platform providers for development and testing of our applications (Gitlab).
The European Commission adopted a new implementing decision, on 10 July 2023 approving the „EU-US Data Privacy Framework“, which constitutes an adequacy decision under Article 45 of the GDPR. It allows transfers of personal data to certified organisations (data importers) in the U.S. without the need for further authorisation or the need to take additional safeguards and measures. If we cannot rely on the European Commission’s decision on the adequacy of a third country pursuant to Article 45 of the GDPR, we require adoption of specific safeguards pursuant to Article 46 of the GDPR (most often so-called standard contractual clauses) or Article 47 (so-called binding corporate rules) and, if necessary, the adoption of other additional measures to protect the rights and freedoms of data subjects.
For an overview of such importers and safeguards operating on transfers of personal data to the U.S., please see the overview table below:
Supplier | Privacy policy adopted by importers of personal data | Appropriate specific legal safeguards within the meaning of Article | Decision on proportionality pursuant to Article 45 of the |
Amazon Web Services | https://aws.amazon.com/privacy/?nc1=f_pr | New type of the
| Yes, it applies to Amazon Web Services. The data importer’s registration in the EU-U.S. Data Privacy Framework can |
Atlassian Inc. | https://www.atlassian.com/legal/privacy-policy | New type of standard contractual clauses approved by European Commission These safeguards also apply to data transfers not only to the U.S. but also | Yes, it refers to Attlassian, Inc. The data importer’s registration in the EU-U.S. Data Privacy Framework can European |
Cloudflare, Inc. | https://www.cloudflare.com/privacypolicy/ | New type of the
After 10 July 2023: Adequacy | Yes refers to Cloudflare, Inc. The data importer’s registration in the EU-U.S. Data Privacy Framework can European |
Dropbox, Inc. | https://www.dropbox.com/privacy | New type of standard contractual clauses (Module 3) approved by European contract | Yes, it applies to Dropbox, Inc. The data importer’s registration in the EU-U.S. Data Privacy Framework can https://www.dataprivacyframework.gov/list European |
Google LLC (Google Analytics) | https://policies.google.com/privacy?hl=en-US | New type of the | Yes, it applies to Google, LLC and all of its U.S. subsidiaries. The data importer’s registration in the EU-U.S. Data Privacy Framework can European |
Gitlab, Inc. | New type of the | N/A – not listed in the Data Privacy Framework list. | |
Meta Platforms , Inc. | https://www.facebook.com/policy.php | Standard contractual clauses approved by European Commission Decision | Yes, it refers to Meta Platforms, Inc. The data importer’s registration in the EU-U.S. Data Privacy Framework can European |
Slack Technologies LLC (Slack) | https://slack.com/trust/privacy/privacy-policy | New type of standard contractual clauses (Module 2 and 3) approved by | Yes, it applies to Saleforce, Inc. including its subsidiary Slack The data importer’s registration in the EU-U.S. Data Privacy Framework can https://www.dataprivacyframework.gov/list European |
10. How long do we retain your personal data?
We retain personal data for no longer than is necessary for the purposes for which the personal data is processed. In general, the retention period follows from the legislation. Unless otherwise required by law, the retention period of your personal data is always determined by us in relation to specific purposes through an internal policy where we seek to minimise the retention period.
The general retention periods of personal data for the purposes of processing personal data as defined by us are as follows:
Purpose | General retention period of personal data |
| Until subscription to the paid services in the Huglo, Foaf, Softygon or Trovi application is terminated or until the data subject’s objection to the processing of personal data is resolved, which in the particular case would outweigh our legitimate interest during the subscription period of the paid services in our applications. |
| Until expiry of the relevant statutory period, if explicitly provided for by law (e.g. 10 years for the retention of accounts), or until the expiry of 4 years from occurrence of the relevant legal fact, if no such period is provided for by law. |
| Maximum 1 year. |
| In general, until the related activity has been completed, or until the data subject’s objection to the related processing has been dealt with, if it would prevail over our legitimate interest in a particular case. |
| During use of our applications, or until the data subject’s objection to the related processing has been dealt with, if it would prevail over our legitimate interest in a particular case. |
| Until the consent is withdrawn in case of cookies or until an objection to direct marketing is lodged. |
| Until the legal case has been concluded on the merits, which is associated with limitation of claims or exhaustion of all available remedies, or until processing of the data subject’s objection to the related processing has been dealt with, if it would prevail over our legitimate interest in a particular case. |
| For duration of the aforementioned retention periods for other purposes. Unnecessary data is deleted continuously after the statistical outputs are compiled, unless we use the automatic settings of the service provider. In such cases, we retain the data processed within “Google Analytics” for a maximum of 26 months and the data processed within “Facebook Page Insights” for a maximum of 90 days. The data may also be erased earlier in case of an objection by the data subject. |
The above retention periods only set out the general periods during which personal data are processed for the purposes in question. However, we do in fact proceed to the destruction or anonymisation of personal data before the expiry of these general periods if we consider the personal data concerned to be no longer necessary for the above-mentioned processing purposes. On the contrary, in some specific situations, we may retain your personal data for longer than the above if required to do so by law or in our legitimate interest, or if your personal data is also processed for another compatible processing purpose for which the retention period has not yet expired. If you would like information regarding the specific retention period for storage of your personal data, please do not hesitate to contact us through our authorised person.
11. From what sources do we obtain personal data about you?
Under Article 14 of the GDPR, we are obliged to inform you about the sources and categories of data we obtain indirectly. Given the fact that we use diverse and very extensive data from public sources, in order to be able to provide advanced analytical and statistical value-added services to our clients, we consider it objectively impossible to inform all data subjects that we collect their personal data in this way. If we were forced to inform every data subject whose personal data we obtain and process from public sources by address, it is quite certain that we would not be able to objectively provide our information society services to paying customers, which would make it impossible for us to conduct our business. We believe that this is the reason for application of the exemption from the information obligation under Article 14(5)(b) of the GDPR, but this still requires us to take appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, including making the following information available to the public:
|
|
|
Trade Journal | Exclusively common categories of personal data | Individuals whose personal data are involved in bankruptcy, restructuring, liquidation, auctions – e.g. bankrupts, debtors, trustees, creditors |
Register of Financial Statements | Common categories of personal data included in the accounts, in particular the | Self-employed persons and natural persons exercising the functions of a statutory body in legal persons. |
Register of Legal Entities / Statistical Office of the Slovak Republic and | Exclusively common categories of personal data within the scope of their processing in the Register of Legal Entities, e.g. business name, company ID number, registered office, date of establishment, date of termination, registered office address, main activity SK NACE Rev. 2, institutional sector ESA 2010, type of ownership, category of size of the organisation according to number of employees, legal form, region, district, municipality | Although the data relates exclusively to legal entities, we consider that in case of single-person LLCs, it could theoretically be of a personal data nature in specific cases, and therefore we mention this source and category of data out of legal caution. |
Commercial Register | Exclusively common categories of personal data to the extent to which they are entered in the public part of the Commercial Register with a focus on monitoring changes in the entered data (e.g. changes in the registered office, changes in occupation of statutory bodies), typically e.g. academic degree, first name, surname, address of permanent residence of the member and executive officer in limited liability companies, etc. | Natural persons acting in relation to a legal person, in particular partners, executive officer, proxy holders, shareholders in name |
Register of Bankrupts | Exclusively common categories of personal data e.g. first name, surname, permanent address and date of birth of bankrupts who are natural persons. Exclusively common categories of personal data identifying the bankruptcy trustee – e.g. academic degree, first name, surname, office address, contact details Data relating to claims, the bankrupt’s assets, creditors’ meetings, documents with the list of claims and other documents published in the Register of Bankrupts – e.g. the bankruptcy petition, the file number of the bankruptcy, date and time of publication of the prescribed acts of the bankruptcy proceedings, together with a brief description of them (e.g. the end of the survey of claims, the end of filing of claims). | Individuals whose personal data are included in bankruptcy, restructuring in the Register of Bankrupts. Bankruptcy trustees in case of natural persons and judges ruling on bankruptcy. |
Insolvency Register of the Czech Republic | Exclusively common categories of personal data e.g. first name, surname, address of permanent residency and date of birth, birth ID number for bankrupts who are natural persons Information concerning a status of the proceedings, file reference number, Senate reference number, reference number of the proceedings in the case. Data relating to the history of the insolvency proceedings – e.g. date of the last published event, end of the deadline for filing claims, date of the end of the insolvency proceedings, international jurisdiction of the court. | Individuals whose personal data are included in bankruptcy or restructuring in |
Trade Licensing Register | Exclusively common categories of personal data within the scope published in the Trade Licensing Register – e.g. business name, company ID number, place of business, addresses of establishments, subject of business. | Self-employed natural persons who are registered in the Trade Licensing Register |
Register of Public Sector Partners | Exclusively common categories of personal data, in particular business name, legal form, company ID number, address of registered office or place of business, date of registration, date of deletion, insertion number in relation to the public sector partner. Exclusively common categories of personal data, in particular business name, company ID number, address of the registered office / place of business or residence in relation to the authorised person. Exclusively common categories of personal data, in particular academic degree, first name, surname, date of birth, nationality, address of permanent residence, data on exercise of a public function in relation to the beneficial owners. Exclusively common categories of personal data included in the verification document – e.g. identification of the exponents of the management, supervisory and ownership structure of the public sector partner, how profits are | Natural persons in their capacity as beneficial owners. Natural persons in their capacity as public sector partner. Natural persons in their capacity as authorised person (e.g. lawyers, |
Financial Administration | Exclusively common categories of personal data, financial information, and tax information. | Natural persons who exercise their rights in performance of the tasks of the financial administration, natural persons who are obliged to the financial administration by special legal regulations |
Social Insurance Company | Common categories of personal data, information relating to debts and arrears of social contributions of a particular entrepreneur. | Entrepreneurs who are in arrears with their contributions to the Social Insurance Company. |
Health Insurance Company – Všeobecná zdravotná poisťovňa, a.s. | Common categories of personal data, information relating to debts and arrears of health insurance of a particular entrepreneur. | Entrepreneurs who are in arrears with their health insurance. |
Health Insurance Company – Union zdravotná poisťovňa, a.s. | Common categories of personal data, information relating to debts and arrears of health insurance of a particular entrepreneur. | Entrepreneurs who are in arrears with their health insurance. |
Health Insurance Company – Dôvera zdravotná poisťovňa, a.s. | Common categories of personal data, information relating to debts and arrears of health insurance of a particular entrepreneur. | Entrepreneurs who are in arrears with their health insurance. |
Court decisions | It is envisaged that final and published court decisions will be anonymised in terms of personal data. Exclusively common categories of personal data included in final and published court decisions to a minimum extent (data of judges, legal representatives) and contextual data on the content of litigation. | Natural persons whose personal data was not anonymised in the decision due to an administrative error on the part of the courts. Natural persons who heard the case as judges. Legal representatives. |
Contact database of companies | Contact details (phone number, email) and the entrepreneur’s website. | Natural persons acting in relation to a legal person as authorised representatives or designated as contact persons. |
Central Register of State Claims | Exclusively common categories of personal data relating to claims for which the creditors are public authorities and from which the identification of the debtor and the amount of the debt is always | Natural persons on the list of debtors to the State |
COFACE (Creditors’ Register) | Exclusively common categories of personal data relating to commercial debts arising out of a commercial relationship, from which the identification of a debtor and the amount of a debt is always apparent. | Natural persons appearing on the list of debtors |
Business Lease Slovakia (Creditors’ Register) | Exclusively common categories of personal data relating to commercial debts arising out of a commercial relationship, from which the identification of a debtor and the amount of a debt is always apparent. | Natural persons appearing on the list of debtors |
Central Register of Distraint Proceedings | Exclusively common categories of personal data relating to distraint proceedings pending against entrepreneurs to the extent of a statement or certificate of distraint proceedings. | Natural persons whose personal data appear in the Register of Distraint Proceedings, in particular debtors, creditors and bailiffs. |
Register of Mandates for Distraint Proceedings | Exclusively common categories of personal data relating to the distraint proceedings file ECLI, company ID number of the debtor, fist name, surname and date of birth of the debtor in the distraint proceedings, if he/she is a natural person. | The natural persons whose personal data appear in the Register of Distraint Orders, in particular the debtors, creditors, executors and the statutory judge. |
However, we may also obtain your personal data from the company in connection with which we process your personal data. This is most often the case when we enter into or negotiate a contractual relationship or its terms with a company. If you are a member of the statutory body of an organisation that is a party to our contract or with which we are negotiating a contractual relationship. From such sources, we obtain only common (basic) identification and contact categories of personal data.
We do not further systematically process any personal data collected incidentally for any personal data processing purpose defined by us.
12. Is provision of your personal data a legal or contractual requirement in specific cases?
If you provide us with your personal data for purposes which are legally based on performance of legal obligations, the provision of such data is generally directly related to the need to perform our legal obligations and therefore we require it from you to the extent necessary. Depending on the specific situation, failure to provide the requested personal data may have various negative consequences for you as a data subject (e.g. you will not be registered as an employee paying taxes or health insurance, we will not be able to process your data subject request, we will not be able to establish access rights to internal systems, etc.).
If you provide us with your personal data for purposes for which consent is the legal basis, this is always a voluntary provision of personal data, which is not a legal or contractual requirement and any failure to provide personal data should not have any material consequences for you.
13. Does the processing of your personal data involve automated individual decision-making, including profiling, with legal effect or other substantial impact on you?
Yeah, based on the explicit consent of a person authorised to act on behalf of a specific company or the consent of a self-employed person, an automated individual decision-making function may be initiated in the Huglo or Trovi application in relation to the assessment of creditworthiness, trustworthiness and business reliability in such cases where such business entity would choose to apply for “crowdfunding” investments for its business through our applications. Our application could automatically generate an index of the entrepreneur’s business reliability based on an analysis of the publicly available data about the entrepreneur, which would be displayed to potential investors. The consequence of such processing could be that, if an investment candidate is poorly evaluated, it could lead to the opportunity to obtain investment for their business being lost.
14. Under the General Data Protection Regulation (GDPR), what are the rights of a data subject whose personal data we process as the Controller?
„If we process personal data about you on the basis of your consent to the processing of your personal data, you have the right to withdraw your consent at any time. You have the right to object effectively at any time to the processing of personal data for direct marketing purposes, including profiling.“
„You also have the right to object to the processing of your personal data on the basis of the legitimate interests pursued by us as explained above. You also have this right against the processing of personal data on a legal basis of public interest, which we do not carry out.“
If you exercise this right, we will be happy to demonstrate the manner in which we have assessed the following legitimate interests as overriding the rights and freedoms of the data subjects
The GDPR sets out the general conditions for exercising your individual rights. However, their existence does not automatically mean that they will be granted in application of individual rights, as exceptions may apply in a particular case, or some rights are linked to specific conditions that may not be met in every case. We will always deal with your request concerning a specific right and examine it in the light of the legal provisions and applicable exceptions.
In particular, as a data subject, you have:
The right to request access to personal data under Article 15 of the GDPR that we process about you. This right includes the right to confirm whether we are processing personal data about you, the right to obtain access to that data and the right to obtain a copy of the personal data we are processing about you, where technically feasible;
The right to rectification and completion of personal data pursuant to Article 16 of the GDPR if we process incorrect or incomplete personal data about you;
The right to erasure of your personal data pursuant to Article 17 of the GDPR;
The right to restriction of processing of personal data pursuant to Article 18 of the GDPR;
The right to data portability pursuant to Article 20 of the GDPR if the processing of personal data is based on the legal basis of consent pursuant to performance of a contract;
The right to object under Article 21 of the GDPR if the processing is based on a legitimate interest, public interest or for direct marketing purposes, including profiling;
The right to object to automated individual decision-making under Article 22 of the GDPR.
You also have the right to file a complaint at any time with the Office for Protection of the Personal Data of the Slovak Republic (URL: www.dataprotection.gov.sk) or to file a lawsuit with the competent court. In any case, we recommend that any disputes, questions or objections be resolved primarily by communicating with us.
15. How do you use cookies when I visit your website?
The law says that we may store cookies on your device if they are strictly necessary for operation and proper functioning of our website that you request to view. For all other types of cookies, we need your consent, which you can freely give or just as easily withdraw at any time via the cookie dialogue window, which should appear whenever you first visit our website or whenever you use the “Cookie settings” function, which you can also activate via a single click on the Cookieyes widget (the blue ball in the bottom right-hand corner of the screen). Our website uses different types of cookies. For more information on how we process cookies in accordance with GDPR and e-Privacy regulations, please view the Cookie Policy.
16. How do I know that the information you give me about the processing of personal data is up to date?
Data protection is not a one-off issue for us. The information that we are required to provide you with with respect to our processing of your personal data may change over time or may no longer be up-to-date. For this reason, we reserve the right to change or amend the text of the answers to the above questions or the questions themselves at any time. We also reserve the right to change the full version of the Privacy Policy and replace it with a new, more up-to-date version.
If we change the Privacy Policy in a material way, we will bring the change to your attention, for example, by a general notice on this website or by a separate notice via email or other similarly effective means. In case that a specific notification of a change to the Privacy Policy is not necessary for the proper observance of the principle of lawful, fair and transparent processing of personal data (e.g. in case of minor content changes and language corrections), we do not proceed in this way. The text of the Privacy Policy published on the website is always considered up-to-date www.trovi.sk, www.foaf.sk, www.huglo.sk, www.softygon.com , www.verejnedata.sk
