Privacy Policy

PRIVACY POLICY (WEB) – Mindset International s. r. o.

 

Mindset International s. r. o., with its seat at: Košická 49, Bratislava – mestská časť Ružinov 821 08, Slovakia, company ID No.: 47 931 591, registered in the business registry of the District Court Bratislava I, Section: Sro, Insert No. 100777/B (hereinafter the „controller“) guarantees, as a controller and provider of its services, the security and protection of any personal data received, in compliance with the Regulation (EU) No. 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation and hereinafter „GDPR“), as well as Act No. 18/2018 Coll. on Personal Data Protection (Slovakia), as amended.

In order to inform its clients (hereinafter the „data subjects“ or „clients“) on the circumstances of processing of their personal data, the controller issues this Privacy Policy and Conditions of Personal Data Processing (hereinafter the „Policy“). The data subject is required to familiarize himself/herself with this Policy, whereas the controller will make a copy of this Policy available to the data subject before provision of any services and will make other copies available to the data subject on request.

 

  1. CONTROLLER’S SERVICES AND PERSONAL DATA. The controller is a provider of services pertaining to international relocation of business activities, obtaining registration of residence of foreign nationals and founding business entities in Slovakia and other countries, as well as services of a travel agency. For the purposes of provision of the controller’s services, the controller must necessarily have access to personal data of any data subjects to whom services are provided.

 

  • LAWFULNESS. For the purposes of provision of its services, the controller must and is entitled to process personal data of its clients. The legal basis of processing is therefore the necessity for performance of contracts based on agreements concluded between the controller and the data subject (Art. 6 par. 1 lett. b) GDPR), and legitimate interests of the controller (Art. 6 par. 1 lett. f) GDPR).

 

  • PURPOSE. The purposes of processing of data subjects‘ personal data to fulfil contractual obligations are mainly, but not limited to: correct and timely provision of services, including communication with state and local authorities in the name of the data subject, keeping records of clients and communication with them, potentially enforcement of the controller’s legal claims. The purposes of processing of data subjects‘ personal data based on the controller’s legitimate interests are mainly, but not limited to: the potential enforcement of the controller’s legal claims, monitoring customer satisfaction, direct marketing and offering other services to data subjects.

 

  • NECESSITY. The provision of personal data by the data subject to the controller is voluntary, it is, however, a necessary requirement for processing personal data for the purposes stated in par. 1.2 of this Policy. In case of conclusion of an agreement between the controller and/or provision of a service to the data subject, the controller must necessarily retain data provided pursuant to this Policy for the purposes of performance of contractual obligations and the relevant data subject will ordinarily no longer be entitled to erasure of such data until termination of all contractual obligations.

 

The controller is legally entitled to processing the data subject’s personal data for the whole duration of agreements concluded between the controller and the data subject, until the termination of such agreements. In case the controller loses lawful access to the data subject’s personal data (except for the purposes of direct marketing), the controller will no longer be able to fulfil its obligations towards the data subject.

 

In case of submission of the data subject’s personal data (title, name, surname, phone number, e-mail address) by means of a contact form available at the controller’s website https://mindset.sk, the controller has no legal entitlement to process the data subject’s data and such data will exclusively be used for the purposes of providing feedback (return contact).

 

  • CATEGORIES OF DATA. The personal data of the data subject processed by the controller are mainly the following:
    • Standard personal data, for example title, name and surname, address of permanent and temporary residence, date of birth, Birth No. (or other unique personal ID number), passport number and numbers of other ID documents, bank data and data on the data subject’s bank account statements, contact data: e-mail address, phone number, correspondence address. The controller is legally entitled to processing of such data for the duration of contractual obligations arising from agreements concluded between it and the data subject.
    • Personal data relating to criminal convictions and offences, in the form of excerpts or full extracts from Slovak and foreign criminal registries (special category of personal data). The controller is legally entitled to processing of such data for the duration of contractual obligations arising from agreements concluded between it and the data subject, as long as such data is necessary for the performance of the controller’s contractual obligations.

 

  • LEGITIMATE INTERESTS. The legitimate interests of the controller relating to processing of data subjects’ personal data are mainly, but not limited to: improving the quality of services and customer satisfaction surveys, communication with clients (by phone, mail and/or e-mail) and offering further services to clients; potential enforcement of legal claims.

 

Based on personal data submitted to the controller, the controller will not take any decisions important to data subjects in an automated fashion.

 

  • ACCURACY. By voluntarily submitting personal data to the controller, the data subject declares that any and all such data is accurate, correct and up to date and follows from true and uncompromised underlying documents. Otherwise the data subject shall be responsible for any damage incurred by the controller based on the submission of false, untrue and/or obsolete personal data. The data subject is obligated to notify the controller of any changes or amendments of his/her processed personal data.

 

  • DATA RETENTION. The controller shall process personal data pertaining to a data subject:
    • where the purpose is the conclusion of agreements and fulfilment of contractual obligations, before the conclusion of an agreement (while determining if services may be rendered) and for the whole duration of any agreements concluded, until their termination,
    • where the purpose is the recordkeeping pertaining to clients and services rendered, for a maximum of 5 years after termination of all obligations based on agreements concluded,
    • where the purpose is contacting the data subject with reminders and offers, for a maximum of 5 years after termination of all obligations based on agreements concluded, however, only until delivery of an objection made by the data subject.

 

  • DATA TRANSFERS. Personal data pertaining to data subjects may be:
    • transferred to third parties and state and local authorities to a necessary extent, if required by contractual obligations between the data subject and the controller, or if required by applicable law; data may especially be transferred to lawfully appointed processors acting on behalf of the controller, state and local authorities, including courts of the Slovak Republic,
    • transferred to third parties and state and local authorities in countries outside the EEA (third countries) to the extent absolutely necessary, if required by contractual obligations between the data subject and the controller, while respecting at all times appropriate safeguards based on decisions of the European Commission on the adequacy of data protection in the destination country, or based on standard contractual data protection clauses or other safeguards.

Personal data submitted by means of a contact form available at the controller’s website https://mindset.sk will not be transferred to any third parties with the exception of lawfully appointed processors of the controller.

  • DATA PROTECTION OFFICER. The controller declares that it has not appointed a data protection officer pursuant to Art. 37 GDPR.

 

  1. COOKIES. While using the websites https://mindset.sk, storage of cookies (small files that track the user’s session and activity on the websites) may occur in the device used by the user to access the websites. The conditions of storage and processing of cookies are as follows:
    • The user may express his/her consent with, or object to storage of cookies by means of settings of his/her web browser – by means of accepting or blocking cookies.
    • In case consent is given (cookies are accepted), temporary cookies, which will automatically be deleted or invalidated after closing of the web browser, may be stored on the user’s device.
    • By means of his/her consent (acceptance of cookies) the user simultaneously accepts that cookies may be used by the controller for its own recordkeeping and statistical purposes, and for the purposes of targeted advertising by partners based on separate agreements on such advertising with the controller. This consent lapses with a change of the user’s cookies settings or by blocking cookies at a later time.
    • The controller shall not be responsible for storage of cookies by websites other than the controller’s websites, or for the use of cookies stored in the user’s device by other parties.
    • In case the user objects to storage of cookies (blocks cookies), the controller does not guarantee full functionality of its websites towards the user.

 

  1. RIGHTS OF THE DATA SUBJECT. The rights of data subjects pertaining to protection of personal data are governed mainly by provisions of Articles 12 to 22 GDPR, as amended.

 

As a data subject, you have the right particularly to the following, applicable by means of written communication to the address of the controller or to the e-mail address Inquiries@MindSet.services):

  • the right to obtain from the controller confirmation as to whether or not personal data
    concerning you is being processed, and, where that is the case, access to such personal data, as well as rectification of such data without undue delay,
  • the right to restriction of processing of your data, particularly if the accuracy of such data is contested or if processing is unlawful and you request restriction of processing,
  • the right to erasure of your data, particularly if the data has been processed unlawfully, where erasure is required by law or where the data is no longer necessary in relation to the purposes for which it was collected, unless the controller has compelling legitimate interests to retain such data,
  • the right to receive personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller, where technically feasible and lawful,
  • as the processing is not based on your consent, the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, after which your data may no longer be processed unless the controller demonstrates compelling legitimate interests to retain such data.

You have the right to object to processing of your personal data for the purposes of direct marketing and unsolicited communication that is not required for the performance of contracts, applicable by means of written communication to the address of the controller or to the e-mail address Inquiries@MindSet.services). You may also voice your objection to communication that is not required for the provision of the controller’s services, by using an unsubscribe link in an e-mail message sent by the controller.

You also have the the right to lodge a complaint or inquiry at the Office for Data Protection of the Slovak Republic, as the competent supervisory authority for Slovakia, should you have suspicions as to the lawfulness of processing of your data.

Your above rights may be restricted, if such a restriction is mandated by applicable law, or if the exercise thereof would result in violation of your rights or rights and legitimate interests of other data subjects.

 

  1. This Policy is effective as of May 25th, 2018. The controller reserves the right to modify and amend this Policy, without prejudice to specific rights and obligations already extant based on previous privacy policies.