Information memorandum of personal data protection

The objective of this Information Memorandum of Personal Data Protection is to provide information related to processing of personal data pursuant to provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC

n this Information Memorandum of Personal Data Protection you will find information about the purposes we process your personal data for, whom they may be provided to, what your rights are, as well as information where you can contact us in case you have a question related with processing of your personal data.

The controller is PSEnergia s.r.o., Organization ID.: 44 887 710, registered office at Na bielenisku 4, 902 01 Pezinok 1, registered in the Bratislava I District Court Companies, Section: Sro, Insert No.: 59520/B, (hereinafter referred to as "Company").

In case of any questions related to processing of your personal data please contact date protection officer who ensures relevant answer or cooperation. You may contact data protection officer by e-mail on dpo@psenergia.sk, or in writing at: bielenisku 4, 902 01 Pezinok

Client - Person with whom Company entered into transaction, where a transaction means formation, change or termination of contractual relationships between the Client and Company.

Commercial Code- - Act No. 513/1991 Coll.

Controller- The company who determines the purposes and means of personal data processing.

Data subject - Natural person whose personal data are processed. It is a person who can be identified directly or indirectly, especially with reference to the identifier such as name, identification number, online identifier or one or several elements specific for physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.

GDPR- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Information system- Organized set of personal data processed by Company for the following purpose: to identify the Clients, Company´s contract partners, customers, facilitators; to inform about services provided by Company; to provide services; to protect interests of Company; to fulfill obligations arising from legal provisions; to fulfill tax and accounting obligation of the Company; to lodge the claims of the Company.

Personal data- Data about natural person who was identified or who can be identified directly or indirectly, especially with reference to the identifier such as name, identification number, online identifier or one or several elements specific for physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.

Processing- -- Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor- Any person who processes personal data on behalf of the controller on basis of authorization in compliance with Article 28 GDPR.

A. Causes of processing personal data by Company

Company processes the personal data on legal grounds and processes only those personal data which are required for achieving the particular processing purposes. Personal data are processed always for the predetermined and legitimate purpose while it would not be possible to achieve such purpose without processing of the respective data according to Commercial Code and the Other legal acts.

Company processes personal data on the purpose:

  • a) Identification of clients,
  • b) Provide services,
  • c) Maintenance of contract relationships including changes and termination of contract relationships,
  • d) Acceptance and processing of suggestions and complaints of Clients,
  • e) Relationship management,
  • f) Protection and seeking the rights of Company,
  • g) To fulfill obligations arising from legal provisions,
  • h) Maintenance of separate records of Clients who do not meet their obligations ensuing from the contract relationships with the Company duly and on time, Clients who have committed action considered as unusual business transaction and Clients the international sanctions relate to,
  • i) To fulfill tax and accounting obligation of the Company,
  • j) To lodge the claims of the Company,
  • k) Activities related with meeting the archive duties,
  • l) Marketing.

Company may proceed to processing of your personal data in cases not mentioned above under the following legal grounds:

  • a) if it is necessary for performance of the contract concluded between Client and Company including precontract relationships pursuant to Article 6 par. 1 b) GDPR,
  • b) data subject have granted consent to processing of personal data for the particular purpose/purposes pursuant to Article 6 par. 1 a) GDPR,
  • c) data subject have granted consent to processing of personal data for the particular purpose/purposes pursuant to Article 9 par. 2 a) GDPR,
  • d) if it is necessary for purposes of legitimate interests followed by Company or a third party pursuant to Article 6 par. 1 f) GDPR,
  • e) if processing is necessary for proving, claiming or justification of legal claims pursuant to Article 9 par. 2 f) GDPR.

Company proceeds personal data also on purpose to prevent against criminal activity or other illegal action.

In relation to inform Clients about products and services provided by Company, personal data are processed the legitimate interests of the Company and only exceptionally without your prior consent.

Company has legitimate interest in taking care for its Clients and developing business relations with its Clients, and hence informing them about its products and services.

In relation thereto Company can contact Client yet without his prior consent while it will inform Client of such processing of his personal data and instructs Client about his rights, especially about the right to object to processing of his personal data.

B. Processing of personal data

Company process these personal data:

  • a) Identification data (for instance name, surname, date of birth, birth identification number, data from the identification document, nationality, identification document photography, client number, product number),
  • b) Contact data (for instance permanent/temporary residence address, e-mail address, telephone number),
  • c) Data about the utilized products and services (e.g. data about the utilized products and services, data related with processing of your suggestions),
  • d) Data about representatives or employees of the Client with whom Company communicates,
  • e) Economic data (for instance data about ownership of movable and immovable objects),
  • f) Data required for monitoring of secure utilization of products and services,
  • g) Data related with utilization of websites and applications of Company (for instance cookies),
  • h) Other relevant data (for instance data about execution proceedings, bankruptcy proceedings, personal bankruptcy, data related with meeting your contract duties and obligations, data about your payment discipline, data from credit registers, data about inclusion in the list of clients the international sanctions relate to),
  • i) Data arising from activity on social networking sites.

C. Entities, to which Company provides personal data

Company shall not provide your personal data to other entities, except for the cases in which data subject have granted it´s consent or written instruction or if other legal ground for provision of personal data to other entities exists, for instance in case of performance of the legal obligation of Company.

Company in meeting legal obligations provides personal data to other entities in these cases:

  • a) in the area of providing and securing obligation of the employer,
  • b) protection against legalization of incomes from criminal activities and financing of terrorism,
  • c) in connection with reporting to the law enforcement authorities about suspicion that a crime is being prepared, being committed or was committed,
  • d) in connection with the reporting duty to the respective authority of the Slovak Republic for the purpose of automatic exchange of information about financial accounts for purposes of tax administration pursuant to a separate regulation (FATCA, CRS).

Company may process your personal data in certain cases also by means of its processors. Authorization for processing personal data of data subject by an processor does not require it´s consent or other legal ground such as in case of provision of data to other controllers. In such case the processor processes personal data of data subject on behalf of Company as the controller.

Processing of personal data by means of an processor has no negative impact on performance and application of data subject´s rights while the Client can apply the respective rights with Company or also directly with the particular processor.

Company uses the processors providing appropriate technical, organizational and other measures so that processing meets the GDPR requirements and protection of rights of the data subject is provided in full extent.

Company uses the following processors, whose provide:

  • a) marketing activities,
  • b) economical, accounting and tax services,
  • c) print services and services of mass correspondence,
  • d) administrative services connected with delivery,
  • e) legal services,
  • f) recovery and maintenance of receivables,
  • g) financial and related services,
  • h) maintenance of registry records pursuant to separate regulations.

Personal data are not the subject of cross-border transfer to third countries.

D. Retention period of personal data

Company shall retain personal data in a form enabling the identification for the period necessary to achieve the purpose of personal data processing.

If the personal data are being processed with the consent of data subject, Company will store personal data after the consent is revoked or its validity expires only for the period required to demonstrate, apply or defend legal claims of Company. This also applies in case of processing under the contract.

If the personal data are being processed in terms of performance of the legal obligation of Company, the respective legal regulations specify the period during which Company is obligated to store the personal data and related documents. Such legal regulations include especially:

  • a) Act No. 431/2002 Coll. Accounting Act,
  • b) Act No. 199/2004 Coll. Customs Law,
  • c) Legal acts governing tax obligations of the Company,
  • d) Legal acts governing obligations of the Company as employer,
  • e) Act No. 297/2008 Coll. on the Prevention of Legalization of Proceeds of Criminal Activity and Terrorist Financing,
  • f) Act No. 395/2002 Coll. The Registry and archives.

E. Personal rights and Company obligations in relation to personal data processing

The Company is mandatory to provide the personal data to the data subject whose the personal data is processed.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed.

The Company shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
  • b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing,
  • c) the data subject objects to the processing the personal data and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing the personal data,
  • d) the personal data have been unlawfully processed,
  • e) the personal data have to be erased for compliance with a legal obligation in GDPR, special law or international contract to which Slovak republic is subject.

Where the Company has made the personal data public under GDPR and is obliged to erase the personal data, the Company, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • a) the accuracy of the personal data is contested by the data subject, for a period enabling the Company to verify the accuracy of the personal data,
  • b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
  • c) the Company no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims,
  • d) the data subject has objected to processing the personal data pending the verification whether the legitimate grounds of the Company override those of the data subject.

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company to which the personal data have been provided, where the data subject has given consent to the processing of his or her personal data for one or more specific purposes, or where processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

We adopt technical and organizational measures with the aim to protect your personal data against intentional or neglectful deletion, loss or change and unauthorized accession of your personal data

We adopt technical and organizational measures with the aim to protect your personal data against intentional or neglectful deletion, loss or change and unauthorized accession of your personal data

In connection with processing of personal data you have the right to file a compliant to the Office for Peronal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, Slovak Republic.

If your personal data are being processed based on the consent pursuant to Article 6 par. 1 GDPR or pursuant to Article 9 par. 2 GDPR, you are entitled to withdraw this consent at any time. However, withdrawal of consent has no impact on lawfulness of processing resulting from consent before its withdrawal.

back-icon next-icon