Privacy Policy

We take a responsible approach to the protection of your personal data and strive to ensure your right to information. When processing personal data, we also adhere to the principles of lawfulness, purpose limitation of personal data, minimisation of scope and storage, accuracy, integrity, confidentiality and accountability, with particular emphasis on the security and protection of personal data.

With effect from 25. May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) ("Regulation" or "GDPR") and Act No. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain laws ("Personal Data Protection Act").

In accordance with Articles 13 and 14 of the GDPR and Section 19 of the Data Protection Act, the company is EPF Group, a.s. is obliged to provide you with the following information:

1. Contact details of the operator

The controller (Article 4(6) GDPR and Section 5(o) of the Data Protection Act) is a commercial company EPF Group, a.s., with registered office at Mlynské Nivy 70, Bratislava 821 05, ID No.: 52 326 039, registered in the Commercial Register of the District Court Bratislava I, Section: Sa, Insert No. 6924/B, contact details: tel.: 02/43412279, e-mail: https://www.e-personal.eu (the "Company").

2. Purpose of the processing of personal data

The company processes your personal data in order to provide its services in a quality manner, it knows some personal data of the data subjects and needs to provide them to other recipients in order to fulfil its legal obligations.

The company processes the personal data provided for several purposes:

  • processing of contractual and pre-contractual obligations
  • processing of the personnel and payroll agenda
  • processing of the accounting agenda

3. Legal basis for the processing of personal data

The company processes your personal data in accordance with the current and valid law. The legal basis for the processing of personal data is:

  • specific legislation, in particular:
    • the Social Insurance Act, the Labour Code, applicable payroll and accounting regulations, the Commercial Code, the Civil Code, the Trade Licensing Act, the Occupational Health and Safety Act
  • the data subject's consent to the processing of personal data, depending on the purpose of the personal data processing
  • the performance of a contract to which the person concerned is a party
  • processing of personal data to protect the life, health or property of the data subject
  • the legitimate interest of the company.

The company also processes personal data without the data subject's consent if:

(a) the purpose of the processing of personal data, the range of data subjects and the list of personal data or the scope thereof is laid down by a directly enforceable legally binding act of the European Union, an international treaty to which the Slovak Republic is bound or this Act. If the list or scope of personal data is not set out, the company may only process personal data to the extent and in the manner necessary to achieve the stated purpose of the processing, while complying with the basic obligations pursuant to § 13 para. 3 lit. (a) to (e)(i) of the Data Protection Act.

b) The Company shall further process personal data without the consent of the data subject if the purpose of the processing of personal data, the range of data subjects and the list of personal data is provided for by a special law and only to the extent and in the manner provided for by the special law. Processed personal data may be disclosed, made available or published only if a special law provides for the purpose of disclosure, disclosure or publication, the list of personal data that may be disclosed, disclosed or published, as well as the third parties to whom the personal data are disclosed or the range of recipients to whom the personal data are disclosed, unless otherwise provided for in the Personal Data Protection Act.

(c) the processing of personal data is necessary to protect the life, health or property of the data subject,

(d) personal data are processed which have already been disclosed in accordance with the law and have been duly identified by the controller as having been disclosed; the person who claims to be processing disclosed personal data shall, on request, demonstrate to the Authority that the personal data being processed have already been lawfully disclosed,

(e) the company processes personal data which is necessary to protect the rights and legitimate interests of the controller or of a third party for those purposes:

  • ensuring pre-contractual/contractual relations

4. Beneficiaries, respectively. categories of beneficiaries

The recipients are employees of the company who are authorised to process personal data related to the agenda of job seekers with regard to their job and on the basis of the company's authorization.

5. Transfer of personal data to a third country or to an international organisation

The Company does not and will not transfer your personal data to a third country or to any international organisation.

6. Retention period of personal data

The retention period of personal data is determined according to the purpose of processing personal data and according to the requirements of specific regulations.

Specific retention periods are prescribed by the company's internal regulation, the Registers Plan, drawn up in accordance with the Archives and Registers Act.

The Company shall dispose of personal data in the prescribed manner where the purpose of processing and the retention period have expired. After the end of the defined purpose, the company is entitled to process the personal data to the extent necessary for research or statistical purposes in their anonymised form.

The Company shall ensure that the personal data of the data subjects are processed in a form which permits the identification of individual data subjects for no longer than is necessary to achieve the purpose of the processing.

7. Your rights as a data subject

The data subject shall have the right, upon written request from the company, to request:

  • You have the right to request at any time access to your personal data - upon your request, the company will provide you with information on what personal data it processes about you, for what purpose, from what source the personal data was obtained, to whom the personal data was provided and what is the expected retention period of the personal data.
  • You have the right to request at any time correction your inaccurate, incomplete or outdated personal data that is the subject of processing.
  • You also have the right to request to delete personal data that are no longer necessary for the purpose for which they were originally collected or processed.
  • You have the right to request restriction of processing personal data - you can ask the company not to delete your personal data that it would otherwise be obliged to delete and you can also ask the company not to process your personal data further until it is clear whether the data processed is accurate or whether your objection to the processing of personal data has been justified.
  • You have the right at any time object to object to the processing of your personal data (only for personal data for which the legal basis for processing is the legitimate interest of the company). If you do so, the company will continue to process your personal data only if it can be shown that there are compelling legitimate grounds for doing so.
  • You have the right prevent processing personal data that you believe are or will be processed for direct marketing purposes without its consent and to request their destruction,
  • You have the right to download personal data to another controller

If you believe that your rights have been violated in connection with the processing of your personal data, you have the right to file a complain to to the supervisory authority - the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, tel. 02 323 132 14, e-mail: contact the Authority via its website https://dataprotection.gov.sk/uoou/sk.

If the data subject lacks full legal capacity, his or her rights may be exercised by a legal representative. If the person concerned is deceased, his or her rights under this Act may be exercised by a person close to him or her.

The request of the data subject pursuant to the Personal Data Protection Act shall be processed by the company free of charge, except for the payment of an amount which may not exceed the amount of the reasonably incurred material costs associated with the making of copies, the procurement of technical media and the sending of information to the data subject, unless a special law provides otherwise.

The company shall be obliged to deal with the data subject's request in writing no later than 30 days from the date of receipt of the request.

8. How can you exercise your rights?

You can exercise your rights (including the right to withdraw consent) with the controller - the company in one of the following ways: in writing or by e-mail (contact details are provided in point 1 above).

9. What personal data will be processed

The company will process the following personal data:

  • first and last name;
  • date of birth;
  • home address or contact address;
  • educational qualifications (including relevant documents)
  • information on previous work experience;
  • e-mail address;
  • telephone contact.

The company has hereby informed you as the data subject about the protection of your personal data and has informed you of your rights in relation to the protection of personal data within the scope of this written information obligation.

In Bratislava on 01.05.2019

EPF Group, a.s.
JUDr. Jozef Petrík, Chairman of the Board