This privacy policy (hereinafter as “Policy“) contains information about processing of your personal data by the company BPS Tax, s.r.o., with its registered office at Plynárenská 1, 821 09 Bratislava – mestskáčasť Ružinov, Identification No. (IČO): 51 983 397, registered with the Commercial Register of the District Court Bratislava I, Section: Sro, Insert No. 132135/B (hereinafter as “Controller“ or as “we“ in a respective grammatic form).
Your personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “Regulation“), relevant Slovak legal regulations, in particular with Act No. 18/2018 Coll. on Personal Data Protection and amending and supplementing certain acts (hereinafter as “Act”) and other legislation in relation to personal data protection (together hereinafter as “Personal data protection legislation”). In addition to the above-mentioned legal regulations, your personal data are processed also in accordance with the relevant provisions of Act No. 78/1992 Zb. on Tax Advisors and the Slovak Chamber of Tax Advisors as amended and other professional legal regulations.
The purpose of this Policy is to provide you with a clear answer as to why your personal data are processed, how they are processed, what your rights in connection with the processing of your personal data are and to provide you with other relevant information about the processing of your personal data.
In matters related to personal data processing and protection, you can contact the Controller at the address BPS Tax, s.r.o., Plynárenská 1, 821 09 Bratislavaor via e-mail to the e-mail address dpo@bpsgroup.upvision.site.
The Controller always processess your personal data in accordance with the principle of minimisation so that the Controller fulfils respective contractual and statutory requirements, so that the Controller processes personal data for which it has a legitimate interest or to process your personal data for which you have given your consent always, to the extent that the intended purpose of the processing is met. This means that the Controller does not request any personal data from you which are not necessary for the specific purpose.
The categories of personal data which the Controller processes about you for individual purposes of processing are specified in the Records of Processing Activities, which form an annex to this Policy.
The Controller obtains your personal data mainly from the source other than directly from you, especially from a business company or other business entity to which the Controller provides tax advisory services or other similar services. In such case, the source of your personal data is such entity (if you are a member of the bodies, an employee or a contact person of such entity).
In some cases, the Controller also obtains the personal data directly from you as a data subject, if you provide them yourself (e.g.if you are a client as a natural person – entrepreneur, if you contact the Controller via the contact form on the website or a message on the social network or if you subscribe to the newsletter as a natural person). This Policy provides information on the processing of the personal data to all data subjects in accordance with Art. 13 of the Regulation (in case the Controller obtained your personal data directly from you), as well as in accordance with Art. 14 of the Regulation (in case the Controller obtained your personal data from a source other than directly from you).
The Controller processes your personal data solely for the justified purposes, during limited period and by using the maximum possible level of security measures. The Controller processes the personal data only when relevant legal basis for the processing exists and therefore, they are processed in accordance with the principle of legality if the processing of your personal data is necessary for:
You can find the specific purposes for which the Controller processes your personal data and legal bases for their processing in the Records of Processing Activities, which form an annex to this Policy.
In relation to securing the personal data, the Controller has adopted internal documentation, in which adequate security measures, adopted by the Controller in order to secure your personal data, are further specified.
In certain cases, the Controller is obliged to provide your personal data to public authorities that are authorized to process your personal data, e.g. courts or law enforcement authorities. In some cases, the Controller is obliged to provide your personal data to the relevant supervising authorities in the area of performance of tax advisory services, which include the Slovak Chamber of Tax Advisors.
The Controller provides your personal data also to its processors, i.e. external subjects which process your personal data on behalf of the Controller. Processors process personal data based on the agreement concluded with the Controller, in which they committed to adopt adequate technical or organisational measures in order to secure the processing of your personal data. The Controller uses the following processors: the company providing website management (including social network management and internal software management), the company providing bookkeeping services and the company providing hosting services.
Other recipients of your personal data include the company Facebook, Inc., if you contact the Controller via message on the social networks Facebook or Instagram (hereinafter as “social networks“) or if you visit the profile of the Controller on social networks named “BPS Group“ (hereinafter as “Controller’s profile“).
The recipients of your personal data include also the company BPS Audit, s.r.o., Together with the Controller as joint controllers, they determine certain purposes of the processing of your personal data. You can find further information on the processing of your personal data by the joint controllers here.
Your personal data may be transferred to the USA, to the company Facebook, Inc. in case you contact the Controller via message on the social networks or when you share website or its content on the social network, or if you put like to the website. The transfer of your personal data is secured by means of standard tools in accordance with the Personal data protection legislation.
The Controller always stores the personal data in accordance with the principle of storage limitation. It means that it processes the personal data solely for a period during which it is necessary to store the personal data. After such period elapses, the Controller erases the personal data, if not otherwise regulated by the law (e.g.in accordance with Act No. 431/2002 Coll. on Accounting as amended, the Controller is obliged to store the accounting documents for a period of 10 years).
The retention period of your personal data has been set by the Controller in accordance with the relevant legal regulations as specified in the Records of Processing Activities.
The Controller will also provide you with more detailed information on the retention period of your personal data if you request so.
The Controller does not process your personal data by profiling or any form of automated individual decision-making, by which evaluation of your personal aspects would take place.
As a data subject, your rights regarding the processing of your personal data are as follows:
|
Your right |
Description |
| Right of access | As a data subject, you have the right to obtain a confirmation on whether the Controller processes your personal data and if so, you have the right to obtain access to such personal data and information pursuant to Article 15 of the Regulation. The Controller will provide you with a copy of the personal data being processed. If you file the request via electronic means, the Controller will provide you with the information by commonly used electronic means, unless otherwise requested by you. |
| Right to rectification | The Controller has taken adequate measures to ensurethat your personal data are accurate, complete and up-to-date. As a data subject, you have the right that the Controller corrects your incorrect personal data or completes your incomplete personal data without undue delay. |
| Right to erasure (“right to be forgotten“) | You have also the right that the Controller deletes your personal data without undue delay if certain conditions are met, for example if the personal data are no longer necessary for the purposes for which the Controller obtained or processed them. However, this right needs to be assessed individually, as there may be a situation when the Controller is prevented from the erasure of the personal data by other circumstances (for example, by legal obligation of the Controller). This means that in such a case, the Controller will not be able to comply with your request to delete the personal data. |
| Right to restriction of processing | You have also the right that the Controller limits the processing of your personal data, for example if you object the accuracy of the personal data or if the processing is illegal and you request restriction of the processing or if the Controller no longer needs your personal data for the purpose of processing, but you need them to prove, assert or defend legal claims. The Controller will restrict the processing of your personal data, if you request so. |
| Right to data portability | Under certain circumstances, you have the right to transmit the personal data to another controller which you determine. However, the right to portability applies only to personal data which the Controller processes on the basis of the consent you have given to the Controller, on the basis of the contract to which you are one of the contractual parties or in case the Controller processes the personal data by automated means. |
| RIGHT TO OBJECT | You have the right to object to processing of your personal data, for example if the Controller processes your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, the Controller will not further process your personal data unless it demonstrates necessary legitimate grounds for the further processing of your personal data. |
| RIGHT TO WITHDRAW CONSENT | If the Controller processes your personal data on the basis of your consent, you have the right to withdraw such consent for further processing of your personal data at any time. You may withdraw your consent in the same way as you granted it, i.e. in writing or via e-mail. |
| Right to lodge a complaint or request | If you believe that your personal data are being processed in breach of applicable legal regulations, you can lodge a complaint with the supervisory authority which is Office for Personal Data Protection of the Slovak Republic, with its office atHraničná 12, 820 07 Bratislava 27; website: dataprotection.gov.sk, telephone number: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk. |
You can exercise your rights stated in the previous point of this Policy:
The Controller will provide you with a response to a request regarding exercise of your rights free-of-charge. In case of repeated, unreasonable or disproportionate request to exercise your rights, the Controller is entitled to charge a reasonable fee for providing the information.
The Controller will provide you with a response within 1 month from the day of exercise of your rights. In certain cases, the Controller is entitled to prolong the period for providing the response, i.e. in case of high number and complexity of the requests submitted by the data subjects, maximum by 2 months. The Controller will always inform you in advance about prolongation of the period.
This Policy is valid and effective as of 24 August 2020.
As it is possible that an update of the information on personal data processing contained in this Policy may be necessary in the future, the Controller is entitled to update this Policy at any time. However, in such case, the Controller will inform you about it in an adequate manner in advance, at least 14 days in advance.
Plynárenská 1
821 09 Bratislava
– mestská časť Ružinov
audit@bpsgroup.sk
+421 948 583 899
Auditing Oversight Authority licence: 406
Plynárenská 1
821 09 Bratislava
– mestská časť Ružinov
tax@bpsgroup.sk
+421 948 217 411
Licence number: 190/2019
Komenského 361
908 77 Borský Mikuláš
Adresa pobočky:
Plynárenská 1
821 09 Bratislava
- mestská časť Ružinov