This document provides an overview of how the Controller processes the personal data of natural persons in accordance with the GDPR and the Personal Data Protection Act.
1. Identification of the Controller
Controller:
CBS spol, s.r.o.
Kynceľovská cesta 54
974 01 Kynceľová
Company ID: 36 754 749
Contact:
Authorised person: Mgr. Monika Miadoková
E-mail: info@cbs.sk
2. Principles of Personal Data Processing
The Controller processes personal data lawfully, transparently and securely. Personal data are protected by technical and organisational measures ensuring:
- risk minimisation and prevention of security incidents.
- confidentiality, integrity and availability of the data,
- protection against loss, damage, unauthorised access or destruction,
3. Purposes and Legal Bases for Processing
3.1 Performance of a Contract (Article 6(1)(b) GDPR)
Processing of customer data for the purposes of concluding and performing a contract.
Scope: title, first name, surname, address, signature, telephone number, email.
3.2 Record of Enquiries (Contact Forms)
Based on the data subject’s consent
Scope: first name, surname, address, telephone number, email.
3.3 Accounting Documents (Article 6(1)(c) GDPR)
Processing based on a legal obligation.
Scope: title, first name, surname, address, telephone number, bank account number, email, signature, or other data necessary to fulfil the purpose.
3.4 Complaints, Claims, Debt Recovery and Enforcement Proceedings
Processing based on a legal obligation.
Scope: first name, surname, address, telephone number, email, signature, national identification number (if necessary).
3.5 Job Applicants
Based on the applicant’s consent.
Retention period: 12 months.
3.6 Newsletter
Based on consent.
Scope: email address.
3.7 Marketing
Based on consent or legitimate interest (in direct marketing).
Scope: first name, surname, address, telephone number, email.
3.8 Records of Representatives of Suppliers and Customers
Based on a legitimate interest.
Scope: work-related details, contact details, job position.
4. CCTV System
The Controller monitors selected indoor and outdoor areas for the purpose of protecting property and ensuring the safety of individuals.
Legal basis: legitimate interest of the Controller.
Scope of data: image recordings of individuals.
Access: only authorised persons and IT technicians performing maintenance.
Retention period: 5 days, unless the recording is required as evidence.
5. Data Retention Period
Personal data are retained only for the period necessary to fulfil the purpose or in accordance with statutory retention periods (e.g. the Archives and Registries Act).
6. Recipients of Personal Data
- public authorities (where required by law),
- contractors and processors,
- IT service providers,
- accounting and legal service providers.
7. Transfers to Third Countries
No transfers of personal data to third countries take place.
8. Automated Decision-Making and Profiling
Not carried out.
9. Rights of the Data Subject
The data subject has the right:
- to withdraw consent,
- to access their personal data,
- to rectification,
- to erasure,
- to restriction of processing,
- to data portability,
- to object to processing.
10. How to Exercise Your Rights
By email to the contact person: info@cbs.sk
Or in writing to the Controller’s address.
11. Supervisory Authority
Office for Personal Data Protection of the Slovak Republic
Námestie 1. mája 18, 811 06 Bratislava
Email: statny.dozor@pdp.gov.sk
Website: https://dataprotection.gov.sk
12. Effective Date
Revised on: 1 April 2026