Kempelen Institute of Intelligent Technologies, association of legal entities, abbreviation: KInIT, with registered office: Mlynské nivy 18890/5, 811 09 Bratislava, ID number: 53290046, (hereinafter referred to as the “Institute” or “us” or “our”), represented by Mária Bieliková, Statutory and Ing. Marián Šimko, statutory.
When processing your personal data, we take the utmost care to protect them. We respect the principles of legality, minimisation, transparency, confidentiality and integrity in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 / 46 / EC (hereinafter referred to as “GDPR”) and Act 18/2018 on the protection of personal data of the Slovak Republic.
Please read what specific data we proceed, why and for how long, and how we protect them. In this document you will learn:
- how and which personal data we process;
- what are purposes and lawful basis for the processing;
- what is duration of processing of your data;
- when and to who we may transfer your data;
- what are your rights as an data subject;
- how you can contact us.
1. How we collect your personal data
We most often obtain your personal data directly from you by contacting us via the contact form, the social network LinkedIn or Facebook, or by phone you make or by e-mail which you send us.
2. Personal data processing purposes and legal basis
Information, contact and communication with you
The personal data that we may process are: your e-mail, name, surname, name of the employer and job position if you contact us on behalf of an organisation where you work, and other contact data.
- Purpose: arranging a meeting, answering questions, exchanging information during implemented projects, sending and receiving invoices and other common, foreseeable, activities related to the provision of our services.
- Legal basis: GDPR Article 6 (1)(b), processing of personal data, processing necessary for the performance of a contract to which the data subject is a party or for measures to be taken before the conclusion of the contract at the request of the data subject.
- Duration of processing: 6 months if no cooperation takes place, otherwise during the duration of the cooperation and longer if required by legislation e.g. tax and accounting regulations
Promoting our services and work online
We have legitimate interests as per GDPR article 6 (1)(f) to process your personal data when promoting our services and work online. When posting content on our social networks (LinkedIn, Facebook) and on our website, personal data, including profiling, personal data may be processed based on our legitimate interest in raising awareness of our work.
Other legitimate intestes
We have legitimate interests as per GDPR article 6 (1)(f) to process your personal data when pursuing a demonstration, assertion and defending our legal claims. In the event of legal or extrajudicial disputes, debt collection, notification of facts to public authorities and similar activities, where we prove and enforce our legal claims, we may process your personal data.
On our website you can subscribe to the newsletter, in which we send information about our news, information about our company or other business information.
If you subscribe to the newsletter, we will receive your e-mail address, which you provide. Signing up for the newsletter is fully voluntary. You can withdraw your consent any time, using the link provided in the footer of each newsletter.
Legal basis for this processing is GDPR Article 6 (1)(a), consent to the processing of personal data for stated purpose
Duration of processing: until withdrawal of consent
Transfer to 3rd country: Mailchimp
Offer of employment and / or internship, doctoral studies, volunteering and other similar cooperations
We also use our website to inform you about vacancies at KinIT. If you are interested in any advertised position, after pressing the button or link, you will find an application form, which we use to collect information about applicants.
Purpose: selection of a candidate for a vacancy, internship, doctoral studies, postgraduate activities and other similar cooperation
Legal basis: GDPR Article 6 (1)(a), ie consent to the processing of personal data for that purpose
Duration of processing: max. 5 years or less in case of withdrawal of consent
If you register for any of our events, such as lectures, seminars, conferences and others, we will process your contact personal data (Purpose 1). We might take a photo or create audio / video records (Purspose 2), according to the type of event.
Purpose 1: contact and application for the event, providing organisational and other information for the event
Legal basis: GDPR Article 6 (1)(b) and (c), ie processing of personal data, processing necessary for the performance of a contract to which the data subject is a party or for measures to be taken before the conclusion of the contract at the request of the data subject and processing of personal data necessary for compliance with a legal obligation to which the controller is subject.
Duration of processing: 10 years
Purpose 2: record video, audio or take photos during the event
Legal basis: GDPR Article 6 (1)(f), processing of personal data processing necessary for the purposes of legitimate interests pursued by the controller
Duration of processing: 10 years
Cookies are small text files that servers store on your computer or mobile device when you access websites.
There are four reasons why a cookie may be stored on your device while you visit our website:
- Necessary: cookies that enable the website to function properly and allow you to use the secure online services we provide; the use of these cookies is necessary for the functioning of the site;
Optional by consent:
- Statistical: Cookies that statistically collect data about the use of websites that are fully anonymized and used to improve our services. They collect standard Internet log information and details about visitors’ activity on the site.
- Preferences: cookies that remember your preferences and make it easier to use the site (so-called preferences).
- Advertising: cookies that are placed through third party services; we do not use these cookies.
The third-party tool we use is Google Analytics. Anonymous data about your visit is collected and combined with data from other visitors to better understand how visitors use our site. Google Analytics is a web analytics service provided by Google, Inc. These cookies can track, for example, the time spent on sites you visit. The data is then used to analyze how often visitors return, how they found our site, which pages on the site they view the most or the longest. We analyse this anonymised information in order to create an overall picture of the use of the website, but the user is never identified individually or personally.
You are free not to consent to this data processing and your experience using our website will not be affected. If you choose to opt-in, you can withdraw your consent any time on the lower Cookie bar.
3. Disclosing your personal data
Based on the requested cooperation or on the basis of activities necessary for the operation of the website and the provision of our services, your personal data may be provided to the Recipient and / or Third Parties.
As a Controller, we use the services of external companies in the field of accounting, law, IT and other services. These entities may, within a precisely defined scope, process your personal data for contractual purposes on the basis of a Data Processing Agreement.
Other recipients may include courts, law enforcement agencies, banks, executors or notaries, public authorities, municipalities, self-governing regions, natural persons who are parties to proceedings before the relevant entity. These recipients are provided with personal data, for example, when inspecting the file, etc.
3.3. Third parties
Third parties are considered to be, in particular, public authorities and institutions to which the controller is obliged to provide personal data on the basis of a legal provision in the performance of its legal obligations.
4. Transfer of your data to the 3rd countries
Our website and e-mail repository and their backups are on Slovak and / or EU servers. We use the services of a Slovak provider with appropriate contractual and technical guarantees.
Although we try to set up the processing of personal data so that personal data is not transferred to third countries outside the European Economic Area, in order to promote our services online, the transfer takes place to third countries. This mainly concerns the management of online profiles on social networks (LinkedIn, Facebook, Instagram), analytical, statistical and marketing services of Google, which we use for online activities such as sharing blogs, current offers and marketing.
We use Google Analytics. Your user behavior is important feedback to us. We then adjust the content of the website accordingly so that it is as interesting as possible for you in terms of content. We have a legitimate interest as per GDPR Article 6 (1) (f) to ensure your maximum satisfaction. The personal information we process is the IP address, location, device from which you access, the length of time you spend on the website, the favorite times of site visitors, the interests and hobbies of site visitors. The data is processed by Google in an anonymized form and it is not possible to identify individual users using normal means.
For distribution of newsletter we use Mailchimp service.
These suppliers and equipment are located in the United States and are considered a third country that does not provide an adequate level of protection. Any transfer of personal data outside the EU and / or the European Economic Area takes place only in strict compliance with the protection of personal data in accordance with the requirements of the GDPR. Following the judgment of the Court of Justice of the EU in the Schrems II case of 16 July 2020, the EU-US Privacy Shield mechanism was abolished. As an operator, we have also accepted additional guarantees by not storing tracking codes, cookies or pixels on your devices through our website that could be connected to networks that monitor user behavior on the Internet.
5. Your rights
As a data subject defined by GDPR and Act 18/2018 (Slovakia), you have the right to request from us, the Controller:
- access to you personal data (in particular, request confirmation of whether or not the data are processed, the categories of data processed, the purpose of the processing, the source of their acquisition, the retention period);
- correcting or complete incorrect data;
- restricting data processing according to Art. 18 GDPR (e.g. if data are incorrect or processed illegally);
- receive personal data concerning you and which you have provided to the operator, in a structured, commonly used and machine-readable format and the right to transfer this data to another operator under the conditions specified in Art. 20 GDPR;
- objecting in the cases referred to in Art. 21 GDPR;
- erasure of data whose purpose of processing has ended or, in the cases provided for in Art. 17 GDPR.
You may exercise your rights regarding personal data by e-mail to firstname.lastname@example.org or in writing using our postal address. All legitimate requests of the data subject will be responded to and you will be informed in writing within 30 days of receipt.
The Controller appointed Data Protection Officer: Dimensions Consulting Services s.r.o., Zámocká 18, 81101 Bratislava, ID 47119144, e-mail email@example.com.
If you believe that your personal data processing rights have been violated or that the Personal Data Protection Act 18/ 2018 or the GDPR has been violated, you can file a request to initiate personal data protection proceedings with the national DPA – Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27 , Slovak republic; www.dataprotection.gov.sk.
6. How we protect your data
Your data is stored in a secure PC unit with the need for authorised access, which we protect against damage, destruction, loss or misuse. We have adopted a set of technical and organizational security measures. All of our staff and support service providers who come into contact with your data have been properly instructed in their safe handling.
7. What processes we have in case of leakage of personal data
In the event of a personal data breach, we will notify you immediately if such a breach could lead to a high risk to your rights. Questions related to the protection of your personal data can be addressed to e-mail: firstname.lastname@example.org or in writing to our postal address.
8. Final provisions