Rožňava.sk
Vitajte v Rožňave - Welcome in Rožňava - Üdvözöljük Rozsnyón -    
 

Personal data protection

Personal data protection statement

The content management system does not use or provide website visitor data to third parties. Nor will it sell or offer them for other commercial data.

The personal data of website visitors are recorded in the following cases:

Users registration for the purposes of subscribing to newsletters sent from the system city broad cast by the portal’s administrator

Users registration for the purposes of contributing to registered discussions

In both cases, the system does not forcibly request or deem personal data mandatory (unless set in certain cases by the actual software administrator - city/municipality). If the portal administrator requires the filling in of mandatory data, which may be in disagreement with the Personal Data Protection Act, our company Webex media, s.r.o. dissociates itself from the information thus collected.

All collected data is filled in voluntarily by the visitor during registration. We do not provide the data of registered users in any way and they are a part of the security program.

 

Municipality and new legal regulations in the field of personal data protection from 25.5.2018

The EP regulation (GDPR General Data Protection Regulation) as well as the Act no. 18/2018 Coll. on personal data protection and on amendments to certain acts come into force on 25.5.2018, Act no. 122/2013 Coll. and its two decrees will become ineffective.

In accordance with the relevant article of the Constitution of the Slovak Republic, every natural person shall have the right to the protection of personal data, even if the personal data are processed by the municipality in the performance of its activities, i.e. the town of Rožňava (delegated performance of state administration or exercise of original competencies).

The GPDR Regulation sets out the basic principles for the processing of personal data. The GDPR requires that at any time both the operator and the intermediary be able to demonstrate the compliance of the processing of personal data with these principles or with the GDPR regulation.

The basic principles of personal data processing within the GDPR Regulation include:

  • legality, fairness and transparency
  • restriction of the purpose of processing
  •  data minimization
  • accuracy of personal data
  • minimization of storage (disposal)
  •  integrity and confidentiality
  • responsibility of the operator

 

Legality, fairness and transparency

The personal data may be processed by the operator only if he or she has an appropriate legal basis, such as consent or on the basis of a special legal regulation or for the purpose of performing the contract. The transparent processing of personal data requires that the person concerned be informed of the scope and ways of his or her data processing.

 

Restriction of the purpose of processing

The collection of personal data of the persons concerned is only permitted for explicitly stated and legitimate purposes and may be further processed only for the purpose for which they were obtained. The personal data obtained may not be further processed in a way that is incompatible with the purpose for which the personal data were obtained (besides the exceptions provided by the GDPR Regulation itself, e.g. in the case of a compatible purpose). It is inadmissible to collect the personal data under the pretext of different purpose of processing or other activity.

 

Data minimization (necessity)

The scope of personal data processed by the persons concerned should be adequate (limited) considering the purpose for which they are processed. I.e. for the intended purpose, only the personal data which are necessary for the execution of that purpose should be processed.

 

Accuracy of personal data

The operator has the obligation to ensure that the personal data of the persons concerned which are incorrect in terms of the purpose for which they are processed are deleted or corrected without delay.

 

Minimization of personal data storage (disposal)

The personal data of the persons concerned shall be kept in a form which enables the identification of the persons concerned for no longer than is necessary for the execution of purposes for which the data are processed. The holding of personal data for a period longer than stated above is only possible in the cases explicitly specified in the GDPR Regulation itself.

 

Integrity and confidentiality (security)

The personal data should be processed exclusively in such a way as to ensure adequate security during their processing as well as against their unlawful processing, accidental loss, destruction or damage. Ensuring the protection of personal data should be implemented through appropriate technical or organizational measures.

 

Responsibility

The organizer as well as the intermediary must be able to demonstrate that he or she has complied with the requirements of the GDPR throughout the processing of personal data.

 

The aim of the GDPR is to protect the digital rights of all citizens.

The definition of what personal data is can also be found in the new GDPR regulation. According to Article 4 (1) of the GDPR Regulation, personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "the person concerned "); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or by reference to one or more elements specific to physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The GDPR Regulation completes the definition of personal data according to the Slovak Act no. 122/2013 Coll. on the protection of personal data, which is already repealed. Thus, personal data is also an email address, according to the new GDPR regulation also cookies are personal data.

In general, we can say that the operator must have written consent to the processing of personal data for the processing of personal data or other legitimate basis, which is appointed by legislation.

The GDPR Regulation provides us with the definition of consent as well as its requirements. According to the GDPR Regulation, consent should be given as a clear expression of will, which is a free, concrete, informed and unambiguous expression of the consent of person concerned to the processing of personal data concerning him or her, for example by a written statement including a statement via electronic means or an oral statement. This could include ticking a box when visiting a website, choosing the technical settings of information society services, or any other statement or action that clearly means in this context that the person concerned consents to the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should therefore not be considered as consent. Consent should cover all processing operations carried out for the same purpose or purposes.

If processing is performed for more than one purpose, consent should be given for all those purposes. If the person concerned is to give consent on request by electronic means, the request must be clear and concise and should not unnecessarily interfere with the use of the service for which it is provided. The written consent form must therefore have its requirements. Among other things, explicit consent to the processing of your personal data as well. According to Article 4 (11) of the GDPR Regulation, the consent of person concerned is any freely given, specific, informed and unambiguous expression of the will of persons concerned by which he or she expresses consent to the processing of personal data concerning him or her by means of a statement or an unambiguous certifying act. Of course, there must also be a revocation of consent to the processing of personal data, i.e. method and form. Therefore, if the processing of personal data is based on the consent of persons concerned, the operator must be able to prove that the person concerned has consented to such processing. Particularly in the context of a written statement, commitments should ensure that the person concerned is aware that he or she is giving consent and to what extent he or she is giving it.

The town of Rožňava has:

assigned responsible person, which is the business company SOMI Systems a.s., Lazovová 69, 974 01 Banská Bystrica, Ing. Ján Fraňo, mail: zodpovnaosoba@roznava.sk

relevant internal documentation under the new legislation.

 

A statement on the processing of personal data

The town of Rožňava company(hereinafter "the operator") collects, processes and uses personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the law. no. 18/2018 Coll. on the protection of personal data and does everything necessary to ensure compliance with this legislation.

The operator will process personal data only for the purpose for which they were obtained. The operator declares that he or she will process personal data only in accordance with good morals and will act in a manner that does not contravene the Personal Data Protection Act or other generally binding legal regulations, nor will he or she circumvent these regulations. After fulfilling the purpose of processing personal data, the operator shall ensure the liquidation of personal data without undue delay, unless otherwise required by a special law.

The operator shall ensure an adequate level of personal data protection, shall also protect the processed personal data against damage, destruction, loss, alteration, unauthorized access and disclosure, provision or publication, as well as any other unacceptable methods of processing and has taken and is taking appropriate security measures for this purpose corresponding to the way personal data are processed.

The operator will process personal data in accordance with the rights of the person concerned. The person concerned shall have the right to obtain confirmation from the operator as to whether the personal data concerning him or her are being processed. If the operator processes such personal data, the person concerned shall have the right to gain access to such personal data and information on:

  • the purposes of processing personal data,
  • the category of personal data processed,
  • the identification of recipient or of the category of recipient to whom the personal data have been or are to be provided, in particular the recipient in a third country or an international organization, if possible,
  • the retention period of personal data; if this is not possible, information on the criteria for its determination,
  • the right to request from the operator the correction of personal data relating to the person concerned, their deletion or restriction of their processing, or the right to object to the processing of personal data,
  • the right to apply for proceedings under,
  • the source of personal data, if the personal data were not obtained from the person concerned,
  • the existence of automated individual decision-making, including profiling.


 

The person concerned shall have the right to have the operator correct incorrect personal data concerning him or her without undue delay. With regard to the purpose of the processing of personal data, the person concerned shall have the right to supplement incomplete personal data.

The person concerned shall have the right to have the operator delete personal data concerning him or her without undue delay if:

  • personal data are no longer needed for the purpose for which they were obtained or otherwise processed,
  • the person concerned withdraws the consent on the basis of which the processing of personal data is carried out and there is no other legal basis for the processing of personal data,
  • the person concerned objects to the processing of personal data and no legitimate grounds for processing personal data are overriding,
  • personal data are processed illegally.


 

The person concerned shall have the right to have the operator restrict the processing of personal data if:

  • the person concerned objects to the accuracy of personal data during a period allowing the operator to verify the accuracy of personal data,
  • the processing of personal data is illegal and the person concerned objects to the deletion of personal data and calls instead for restriction on their use,
  • the operator no longer needs personal data for the purpose of processing personal data, but
  • they are needed by the person concerned to assert a legal claim, or
  • the person concerned objects to the processing of personal data.


 

The person concerned shall have the right to obtain personal data concerning him or her which he or she has provided to the operator, in a structured, commonly used and machine-readable format, and shall have the right to transfer such personal data to another operator if technically possible. The right to portability does not apply to the processing of personal data necessary for the completion of a task carried out in the public interest or in the exercise of official authority conferred on the operator.

The person concerned shall have the right to object to the processing of his or her personal data on the grounds of his or her specific situation carried out in the legitimate interest of the operator, including profiling based on these provisions. The operator may not further process personal data unless he or she demonstrates the necessary legitimate interests for the processing of personal data which prevail over the rights or interests of the person concerned or the reasons for asserting a legal claim.

The person concerned shall have the right to object to the processing of personal data concerning him or her for the purpose of direct marketing, including profiling, to the extent that it relates to direct marketing. If the person concerned objects to the processing of personal data for the purpose of direct marketing, the operator may not further process personal data for the purpose of direct marketing.

The person concerned shall have the right not to be subject to a decision which is based exclusively on the automated processing of personal data, including profiling, and which has legal effects concerning or similarly significantly affecting him or her, unless it concerns personal data necessary for the conclusion of a contract or the performance of a contract between the person concerned and the operator.

The person concerned shall have the right to file a complaint for an investigation pursuant to Section 100 of Act No.: 18/2018 Coll. on the protection of personal data if he or she suspects that his or her personal data are being handled illegally or if the processing of his or her personal data or breach of security of processing has violated his or her rights.

The operator or the intermediary may, under the conditions laid down in a special regulation or an international agreement by which the Slovak Republic is bound, limit the scope of obligations and rights if such a restriction is established in order to ensure:

  • security of the Slovak Republic,
  • defense of the Slovak Republic,
  • public order,
  • performing tasks for the purposes of criminal proceedings,
  • other important objectives of general public interest of the European Union or the Slovak Republic, in particular the subject of an important economic interest or an important financial interest of the European Union or the Slovak Republic, including monetary, budgetary and tax matters, public health or social security,
  • protection of the independence of the judiciary and court proceedings,
  • prevention of breaches of ethics in regulated professions or regulated professional activities,
  • a monitoring function, a control function or a regulatory function connected with the exercise of official authority,
  • protection of the rights of person concerned or other persons,
  • assertion of a legal claim,
  • economic mobilization.

 

The person concerned shall have the right to defend his or her rights through a responsible person or by filing a request for an investigation, complaint, supervisory body, in Slovakia the Office for Personal Data Protection in accordance with §100 of Act No.: 18/2018 Coll.

 

Contact for the responsible person: RNDr. Daniel Schikor zodpovednaosoba@somi.sk