NOTICE TO DATA SUBJECT ON INFORMATION AND RIGHTS

concerning the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “Regulation”), and in accordance with provisions of Sections 19 to 28 of the Act No. 18/2018 Coll. on personal data protection (the “Act”)

In pursuing its business activities recorded in the Companies Register and in connection with the performance of its contractual obligations, our company LICITOR group, a.s., IČO: 36 421 561, Sládkovičova 6, 010 01 Žilina, handles personal data of its clients or contracting partners. Security and protection of your personal data is important to us and, therefore, we follow and comply with applicable legislation. The Regulation and the Act effective from 25 May 2018 changed the personal data protection rules and, for that reason, we would like to inform you about the processing of personal data and about your rights with regard to the protection of personal data:


As regards rules for using cookies, we would like to inform you that the rules are available at www.licity.sk, section “Conditions for the Use of Cookies”.

Controller: 

The controller of information systems in which your personal data are processed is our company www.licity.sk, email: 

-  apartmany@licity.sk,

-  parkovanie@licity.sk,

-  reklama@licity.sk.


When processing personal data, the Controller shall act in compliance with the following legal regulations which also provide a legal basis for the processing of personal data:

-  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of          personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “Regulation”),

-   Act No.18/2018 Coll. on personal data protection (the “Act”).

Data subject: 

a natural or legal person whose personal data are processed / Controller’s clients / contracting partners of the Controller’s clients and intermediaries of the Controller´s clients. The data subject is responsible for providing true and complete data.

The personal data of the data subjects are not transmitted to a third country or international organization, excluding the sending of marketing offers, the so-called newsletters.


Automated individual decision-making, including profiling, is not used in the processing of personal data. 

The obtained personal data will be disclosed to the following category of recipients: 

Cooperating law firm/attorney, accountant, auditor, companies with personal and capital relations to the Controller, if necessary for mutual cooperation, financial administration, land registry, Controller’s staff or agents/real estate brokers, booking companies, marketing workers carrying out their tasks for the Controller.

Purpose of processing, legal basis for processing, storage period:

  • 1. Processing is necessary for negotiating, concluding, and performing a Contract or for taking pre-contractual measures upon request of the data subject:
  •     • Identification of the client/data subject or its representative for the purpose of negotiating terms of the Contract through a contact form; the scope of                  personal data subject to processing:  
  • - contact details of natural persons, such as: name, surname, business name, telephone number, e-mail address. The personal data are processed                          for the duration of contractual negotiations.
  • - contact details of natural persons acting on behalf of legal persons, such as: name, surname, business name, telephone number, e-mail address.                           The personal data are processed for the duration of contractual negotiations.
  •     • For the purposes of direct marketing; the scope of personal data subject to processing: name, surname, IP address, e-mail:
  • - widespread distribution of up-to-date information on renting apartments, renting parking spaces and renting advertising space, sending information                    on  current offer, general advertising announcements, providing information on new services related to the project and related projects, as well as                        upcoming projects offered/rented by the Controller. The personal data are processed for a period of 2 years after their collection by the data subject.                  The personal data are processed for a period of 2 years after their collection by the data subject.
  • - individual sending of current offers, distribution of information about leasing possibilities where there are indications of interest in leasing, general                         advertising notices, provision of information about news, innovations, new services associated with apartments, parking, advertising and the related as                 well as upcoming projects whose offer/lease is ensured by the Controller, following the evaluation of individual aspects related to the specific data                     subject (“profiling”). The personal data are processed for a period of 2 years after their collection by the data subject. 

      For the purposes of individual direct marketing, the Controller makes use of profiling. Profiling is used for the purpose of improving the quality of marketing campaigns of the Controller in order to send you the offers which are interesting and advantageous to you. When profiling, we collect information from social sites: Facebook, Instagram, YouTube, Vimeo, LinkedIn and web tools: Google Analytics, Google Ads, Google Console (Controller’s note: it is not information based on which the Controller or anybody else would be able to identify a person). When using your personal data for direct marketing purposes, we use Cookies.

      When sending the marketing offers, the Controller makes use of Microsoft Outlook application, whose operator is based in the USA, to send up-to-date information via e-mail messages. Based on a decision of the European Commission, the USA is a country which has an adequate level of personal data protection. The operator of Microsoft Outlook application provided adequate personal data protection safeguards and, therefore, security of the personal data is ensured, and the processing is carried out within the meaning of principles of the Regulation. The Controller does not use automated decision-making but provides for personal and manual evaluation and processing of the offers.


  • 2. Processing is necessary for compliance with legal obligations of the Controller: for the needs of an intermediary providing mediation of apartment rental.            The personal data will be processed and stored for a period determined in a separate regulation.

  • 3. Processing is necessary for compliance with legal obligations of the Controller in connection with the Contract, provision of assistance to administrative              authorities, public authorities, police, court, financial administration, etc. The personal data will be processed and stored for a period determined in a                    separate regulation. 

  • 4. Processing is necessary for compliance with a legal obligation of the Controller: for the needs of accounting, compliance with tax and archiving                             obligations. The personal data appearing on a tax document, units of account, will be processed and stored for a period determined in a separate legal               regulation.

  • Disclosure of the personal data by the data subject is a legal requirement and a requirement necessary for the conclusion and performance of the Contract between the Controller and the data subject.

  • The data subject shall provide the personal data to the extent indicated and, in case the data subject refuses to provide the personal data to the extent indicated, no Contract would be concluded with the Controller and the parties would have no rights and obligations under the Contract or other legal relation. 

Information on rights of the data subject with regard to the processing of personal data

The data subject shall have the following rights with regard to the processing of its personal data by the Controller:

•  The right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case,       access to the personal data and the following information:

    a) the purpose of the processing of personal data

    b) the categories of personal data subject to processing

    c) identification of the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third                             countries or international organizations, where possible

    d) the period for which the personal data will be stored; if not possible, the criteria used to determine that period

    e) the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject                  or to object to such processing

     f) the right to file a motion to commence proceedings under Section 100

    g) the source of the personal data, if not obtained from the data subject

    h) the existence of automated individual decision-making including profiling under Section 28(1) and (4); in these cases the Controller shall inform the data                     subject in particular about the logic involved as well as about the significance and the envisaged consequences of such processing for the data subject


•  The right to be informed of the appropriate safeguards in relation to the transfer of personal data concerning him or her, where personal data are transferred to a      third country or to an international organization.


•  The right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her or to have incomplete personal          data completed.


•  The right to obtain from the Controller without undue delay the erasure of all personal data concerning him or her, whether processed through automated or            non-automated means:

    a) if they are no longer necessary in relation to the purposes for which they were processed,

    b) if the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing,

    c) if the data subject objects to the processing of personal data and there are no overriding legitimate grounds for the processing, or the data subject                             objects to the processing of personal data for direct marketing purposes,

    d) if the personal data have been unlawfully processed,

    e) for compliance with a legal obligation,

     f) if the personal data have been collected in relation to the offer of information society services.  


•  The right to obtain from the Controller restriction of processing of personal data where:

    a) the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data,

    b) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,

    c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the exercise of legal                       claims, or

    d) the data subject has objected to processing for reasons of legitimate interest of the Controller or for the performance of tasks in the public interest                            pending the verification whether the legitimate grounds of the Controller override those of the data subject.


•  The right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-              readable format, and the right to transmit those data to another controller, where technically feasible, and where:

    a) the personal data are processed on the basis of the consent of the data subject or where the processing is necessary for the performance of a contract to which the data subject is party, and

    b) the processing of personal data is carried out by automated means.


•  The right to be notified by the Controller without undue delay of the personal data breach, if it may lead to a high risk to his/her rights.


•  The right not to be subject to a decision which produces legal effects concerning him or her or significantly affects him or her and which is based solely on              automated processing, including profiling.

 

•  If the Controller processes the personal data of the data subject only on the basis of his/her consent, the data subject shall have the right to withdraw his or her     consent at any time, however, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.


•  The right to object to processing of personal data concerning him or her, if the personal data concerning him or her are processed on the legal basis of                     “processing being necessary for the purposes of the legitimate interests pursued by the Controller or by a third party” including profiling. The Controller shall no      longer process the personal data, unless the Controller demonstrates compelling legitimate grounds for the processing which override the rights or interests of      the data subject, or grounds for the exercise of legal claims.


•  The right to object to processing of personal data concerning him or her for the purposes of direct marketing, including profiling. Where the data subject objects      to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.


The data subject may exercise his or her rights referred to above with the Controller at the above contacts or directly with the responsible officer.


If the data subject maintains that his or her rights to personal data protection are prejudiced, he or she shall have the right to file a motion to commence proceedings with the Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR) under Section 100 of the Act No. 18/2018 Coll., Hraničná 12, 820 07 Bratislava 27; tel.: +421 /2/ 3231 3214; e-mail: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk..


The Controller shall provide a data subject with the above information and communication and measures free of charge, in a concise, transparent, intelligible, and easily accessible form, using clear language.