Your personal data is processed by the Controller, which is Kempelen Institute of Intelligent Technologies, association of legal entities, abbreviation: KInIT, with registered office: Mlynské nivy 18890/5, 811 09 Bratislava, ID number: 53290046, (hereinafter referred to as the “Institute” or “us” or “our”), represented by Mária Bieliková, Statutory and Ing. Marián Šimko, statutory.
When processing your personal data, we take the utmost care to protect them. We respect the principles of legality, minimisation, transparency, confidentiality and integrity in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 / 46 / EC (hereinafter referred to as “GDPR”) and Act 18/2018 on the protection of personal data of the Slovak Republic.
Please read what specific data we proceed, why and for how long, and how we protect them. In this document you will learn:
- how and which personal data we process;
- what are purposes and lawful basis for the processing;
- what is duration of processing of your data;
- when and to who we may transfer your data;
- how we use cookies;
- what are your rights as an data subject;
- how you can contact us.
1. How we collect your personal data
We most often obtain your personal data directly from you by contacting us via the contact form, the social network LinkedIn, Facebook, Instagram or Twitter, or by phone call that you make or by e-mail which you send to us.
2. Personal data processing purposes and legal basis
a) Information, contact and communication with you
The personal data that we may process are: your e-mail, name, surname, name of the employer and job position if you contact us on behalf of an organisation where you work, and other contact data.
- Purpose: arranging a meeting, answering questions, exchanging and providing information during and about projects, sending and receiving invoices and other common, predictable activities related to the activities of the Institute.
- Legal basis: GDPR Article 6 (1)(b), processing of personal data necessary for the performance of a contract to which the data subject is a party or for measures to be taken before the conclusion of the contract at the request of the data subject.
- Deletion periods: 6 months if no cooperation takes place, otherwise during the duration of the cooperation and longer if required by legislation e.g. tax and accounting regulations
b)Promoting our work online
We have legitimate interests as per GDPR article 6 (1)(f) to process your personal data when promoting our services and work online. When posting content on our social networks (LinkedIn, Facebook, Instagram, Twitter) and on our website, personal data, including profiling, personal data may be processed based on our legitimate interest in raising awareness of our work.
- Deletion periods: are defined based on your decision to follow or stop following our accounts on social networks.
- Transfer to third countries: yes
When publishing content on our website and / or in newsletters, your personal data may be published in the scope of name, surname, photo, employer / place of work and job title based on your consent as per GDPR Article 6 (1) (a).
Deletion periods: until your withdrawal of consent
c) Proving and defending legal claims
We have legitimate interests as per GDPR article 6 (1)(f) to process your personal data when pursuing a demonstration, assertion and defending our legal claims. In the event of legal or extrajudicial disputes, debt collection, notification of facts to public authorities and similar activities, where we prove and enforce our legal claims, we may process your personal data.
d) Newsletter
On our website you can subscribe to the newsletter, in which we send information about our news, information about our company or other business information.
If you subscribe to the newsletter, we will receive your e-mail address, which you provide. Signing up for the newsletter is fully voluntary. You can withdraw your consent any time, using the link provided in the footer of each newsletter.
- Legal basis for this processing is GDPR Article 6 (1)(a), consent to the processing of personal data for stated purpose
- Deletion periods: until withdrawal of consent
- Transfer to third countries: yes
e) Offer of employment and / or internship, doctoral studies, volunteering and other similar cooperations
We also use our website to inform you about vacancies at KInIT. If you are interested in any of the posted job positions, after pressing a button or link, you will find an application form that will take you to the page of the system we use for recruitment activities. On the site, you will be able to fill in information about yourself, answer a questionnaire and send your CV.
- Purpose: selection of a candidate for a vacancy, internship, doctoral studies, postgraduate activities and other similar cooperation
- Legal basis: GDPR Article 6 (1)(a), ie consent to the processing of personal data for that purpose
- Deletion periods: max. 5 years or less in case of withdrawal of consent
f) Events
If you register for any of our events, such as lectures, seminars, conferences and others, we will process your contact personal data (Purpose 1). We might take a photo or create audio / video records (Purspose 2), according to the type of event.
Purpose 1: contact and application for the event, providing organisational and other information for the event
- Legal basis: GDPR Article 6 (1)(b) and (c), ie processing of personal data necessary for the performance of a contract to which the data subject is a party or for measures to be taken before the conclusion of the contract at the request of the data subject and processing of personal data necessary for compliance with a legal obligation to which the controller is subject.
- Deletion periods: 10 years
Purpose 2: recording video, audio or take photos during the event to share information about the event via our marketing channels (see part 2b) Promoting our work online).
- Legal basis: GDPR Article 6 (1)(f), processing of personal data processing necessary for the purposes of legitimate interests pursued by the controller
- Deletion periods: 10 years
g) Using our tools and models
In some cases, our research activities result in tools that we make available to the general public. Using the tools and models is voluntary. The tools we develop can use or be supported by services from vendors, which we thoroughly verify before deploying the tool, assessing their compliance with the GDPR as well as the technical and organizational security measures they have taken.
Annotations tool: We have chosen the provider hypothes.is for the operation of the tool, which we make available via the website www.oznacuj-dezinfo.kinit.sk. When hypothes.is is used, personal data is processed by this provider. Please read the Privacy Policy for this tool. The privacy policy is in the Slovak language only, as the tool is intended for the Slovak language environment. Should this change, the English version will be added.
Other tools: We only mention tools and modes available in English language in this section. If you would like to find out more about tools for Slovak speaking audience, please visit Slovak version of this Privacy policy.
We will be updating this part of our Privacy Policy irregularly, as the tools and models will be deployed and made available to the public.
h) Cookies
Cookies are small text files that servers store on your computer or mobile device when you access websites.
There are four reasons why a cookie may be stored on your device while you visit our website:
- Necessary: cookies that enable the website to function properly and allow you to use the secure online services we provide; the use of these cookies is necessary for the functioning of the site;
Optional by consent:
- Statistical: Cookies that statistically collect data about the use of websites that are fully anonymized and used to improve our services. They collect standard Internet log information and details about visitors’ activity on the site.
- Preferences: cookies that remember your preferences and make it easier to use the site (so-called preferences).
- Advertising: cookies that are placed through third party services; we do not use these cookies.
The third-party tool we use is Google Analytics. Anonymous data about your visit is collected and combined with data from other visitors to better understand how visitors use our site. Google Analytics is a web analytics service provided by Google, Inc. These cookies can track, for example, the time spent on sites you visit. The data is then used to analyze how often visitors return, how they found our site, which pages on the site they view the most or the longest. We analyse this anonymised information in order to create an overall picture of the use of the website, but the user is never identified individually or personally.
You are free not to consent to this data processing and your experience using our website will not be affected. If you choose to opt-in, you can withdraw your consent any time on the lower Cookie bar.
- Legal basis: necessary cookies on the basis of Article 6 par. 1 letter f) o GDPR, it is our legitimate interest to process your personal data while running the website. Non-necessary cookies based on paragraph 6 1 letter a) consent.
- Deletion periods: essential cookies 30 days. Non-necessary cookies until withdrawal of consent.
- Transfer to third countries: yes
3. Disclosing your personal data
Based on the requested cooperation or on the basis of activities necessary for the operation of the website and the provision of our services, your personal data may be provided to the Recipient and / or Third Parties.
3.1. Processors
As a Controller, we use the services of external companies in the field of accounting, law, IT, facility management and other services. These entities may, within a precisely defined scope, process your personal data for contractual purposes on the basis of a Data Processing Agreement.
3.2. Recipients
Other recipients may include courts, law enforcement agencies, banks, executors or notaries, public authorities, municipalities, self-governing regions, natural persons who are parties to proceedings before the relevant entity. These recipients are provided with personal data, for example, when inspecting the file, etc.
3.3. Third parties
Third parties are considered to be, in particular, public authorities and institutions to which the controller is obliged to provide personal data on the basis of a legal provision in the performance of its legal obligations.
4. Joint Controllers
I. KInIT and Innovatrics, seated at Pri vinohradoch 82, 831 06 Bratislava, ID: 36 280 712, are Joint Controllers as per article 26 GDPR and for purpose of a joint activity, which is organizing an irregular event “Better AI meetup”, which connects AI experts and enthusiasts in live and online conferences. The website of the event is www.betteraimeetup.com.
Your personal data has been proceeded based on:
- your previous consent as per GDPR Article 6 (1)(a), if you subscribed to our newsletters,
- or our legitimate interest as per GDPR Article 6 (1)(f) if you participated in the previous Better AI meetup event, in which case, we believe you might be interested to know about another opportunity to meet.
Data we proceed is your name, surename and e-mail address. Should you wish to withdraw your consent or stop receiving newsletters about further events we organize together, please feel free to unsubscribe.
II. KInIT and UNICO.ai CZ, s.r.o., ID no: 06118313, registered office at Krakovská 1256/24, Nové Město, 110 00 Praha 1, Czech Republic, are Joint Controllers as per article 26 GDPR and for purpose of a joint activity, which is a project named Network 4 Growth. Goal of the project is to create a network of scientists across the V4 region (Czech Republic, Hungary, Poland, Slovakia), Armenia, and Georgia. Through the network, the Joint Controllers facilitate communication and improve cooperation between universities and business, cultivate and expand the scientific community and share knowledge amongst the members and the scientific community in general. The website of the project is www.v4transfer.com.
Data we will proceed is your name and surname, links to databases and repositories of which you would provide to link to you profile and institutions where you work.
Your personal data has been proceeded based on:
- your previous consent as per GDPR Article 6 (1)(a)
5. Transfer of your data to the 3rd countries
Our website and e-mail repository and their backups are on Slovak and / or EU servers. We use the services of a Slovak provider with appropriate contractual and technical guarantees.
Although we try to set up the processing of personal data so that personal data is not transferred to third countries outside the European Economic Area, in order to promote our services online, the transfer takes place to third countries. This mainly concerns the management of online profiles on social networks (LinkedIn, Facebook, Instagram), analytical, statistical and marketing services of Google, which we use for online activities such as sharing blogs, current offers and marketing.
We use Google Analytics. Your user behavior is important feedback to us. We then adjust the content of the website accordingly so that it is as interesting as possible for you in terms of content. We have a legitimate interest as per GDPR Article 6 (1) (f) to ensure your maximum satisfaction. The personal information we process is the IP address, location, device from which you access, the length of time you spend on the website, the favorite times of site visitors, the interests and hobbies of site visitors. The data is processed by Google in an anonymized form and it is not possible to identify individual users using normal means.
For distribution of newsletter we use Mailchimp service.
These suppliers and equipment are located in the United States and are considered a third country that does not provide an adequate level of protection. Any transfer of personal data outside the EU and / or the European Economic Area takes place only in strict compliance with the protection of personal data in accordance with the requirements of the GDPR. Following the judgment of the Court of Justice of the EU in the Schrems II case of 16 July 2020, the EU-US Privacy Shield mechanism was abolished. As an operator, we have also accepted additional guarantees by not storing tracking codes, cookies or pixels on your devices through our website that could be connected to networks that monitor user behavior on the Internet.
6. Your rights
As a data subject defined by GDPR and Act 18/2018 (Slovakia), you have the right to request from us:
- access to you personal data (in particular, request confirmation of whether or not the data are processed, the categories of data processed, the purpose of the processing, the source of their acquisition, the retention period);
- correcting or completing incorrect data;
- restricting data processing according to Art. 18 GDPR (e.g. if data are incorrect or processed illegally);
- objecting in the cases referred to in Art. 21 GDPR;
- erasure of data whose purpose of processing has ended or, in the cases provided for in Art. 17 GDPR.
- withdrawing your consent anytime you wish
You may exercise your rights regarding personal data by e-mail to dpo@kinit.sk or in writing using our postal address. All legitimate requests of the data subject will be responded to and you will be informed in writing within 30 days of receipt.
The Controller appointed Data Protection Officer: Dimensions Consulting Services s.r.o., Zámocká 18, 81101 Bratislava, ID 47119144, e-mail dpo@kinit.sk.
If you believe that your personal data processing rights have been violated or that the Personal Data Protection Act 18/ 2018 or the GDPR has been violated, you can file a request to initiate personal data protection proceedings with the national DPA – Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27 , Slovak republic; www.dataprotection.gov.sk.
7. How we protect your data
Your data is stored in a secure PC unit with the need for authorised access, which we protect against damage, destruction, loss or misuse. We have adopted a set of technical and organizational security measures. All of our staff and support service providers who come into contact with your data have been properly instructed in their safe handling.
8. What processes we have in case of leakage of personal data
In the event of a personal data breach, we will notify you immediately if such a breach could lead to a high risk to your rights. Questions related to the protection of your personal data can be addressed to e-mail: dpo@kinit.sk or in writing to our postal address.
9. Final provisions
We may change his Privacy Policy at any time, in particular with regard to legislative changes in the field of personal data protection that may be adopted in the future. If we do so, we will inform you in a suitable manner.