Data Privacy Information

We take the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in accordance with the applicable legal data protection requirements for the purposes listed below. Personal data in the sense of this data privacy information is all information that is related to your person.


Responsible authority

I.S.D.B. s.r.o.

Štefana Kukuru 12

Michalovce 071 01



Phone: +421 56/640 37 31




Data protection officer

If you have any questions or comments on data protection, you can also contact our data protection officer directly:



– ’personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

– ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

– ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

– ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

– ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

– ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

– ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;


Purposes and legal basis of the processed data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and other applicable data protection regulations.


Purposes for the performance of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR)

The processing of personal data takes place for the execution of our contracts with you and the execution of your orders as well as for the execution of measures and activities in the context of pre-contractual relations, e.g. with interested parties. This essentially includes: contract-related communication with you, the corresponding billing and associated payment transactions, the verifiability of orders and other agreements.


Purposes in the context of a legitimate interest of us or third parties (Art. 6 para. 1 lit. f GDPR)

We may also use your data on the basis of a balance of interests to protect the legitimate, usually economic interests of us or of third parties, in particular for the following purposes

– the provision of services and delivery of products;

– the processing and control of business transactions;

– the further development and quality assurance of services and products;

– management and optimization of business processes;

– advertising or market and opinion research;

– the initiation and maintenance of business relations;

– the assertion of legal claims and defence in legal disputes;

– the detection, prevention and investigation of criminal offences;

– the analysis and optimization of our online offerings;

– Ensuring information security and the operability of our IT systems


Purposes within the scope of your consent (Art. 6 para. 1 lit. a GDPR)

Your personal data may also be processed for certain purposes with your consent. You can revoke your consent at any time with effect for the future.


Purposes for fulfilling legal requirements (Art. 6 para. 1 lit. c GDPR)

We are subject to a large number of legal obligations, such as the legal retention obligations of business documents, and may process your personal data for these purposes. Furthermore, the disclosure of personal data within the framework of official/judicial measures may become necessary, if necessary, for the purpose of securing evidence or prosecution.


Data categories for indirect collection

We process personal data that we have received directly from you or from third parties. In addition, we process personal data that we have legitimately collected or received from publicly accessible sources (e.g. press, Internet and other media) and may process. These include in particular the following data categories:

– master data

– communications data

– contract data

– business processing


Transfer within the EU

Within our company, those internal departments or organisational units that need your data to fulfil our contractual and legal obligations or within the framework of the processing and implementation of our legitimate interest receive it.


Your data will only be passed on to external bodies

– in connection with the initiation or processing of the contract with you;

– in connection with the initiation or execution of a contract with your employer;

– for the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data;

– if external service companies process data on our behalf as processor or function holders;

– on the basis of our legitimate interest or the legitimate interest of the third party for the purposes mentioned (e.g. to authorities, credit agencies, lawyers, courts, official experts, customers, suppliers);

– if you have given us your consent to transfer your data to third parties.

Beyond that, we will not pass your data on to third parties. As far as we commission service providers within the scope of a data processing agreement, your data are subject there to the same security standards as with us. In all other cases, recipients may only use the data for the purposes for which they were transferred to them.


Transfer outside the EU

A transfer of data to offices in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) takes place if it should be necessary for the execution of an order/contract from or with you, if it is legally required (e.g. tax reporting obligations), if it is within the scope of a legitimate interest of us or a third party or if you have given us a consent.

The processing of your data in a third country can also take place in connection with the involvement of service providers in the context of data processing. If the EU Commission does not decide on an appropriate level of data protection for the country concerned, we guarantee that its rights and freedoms are adequately protected and guaranteed in accordance with EU data protection regulations. We will provide you with detailed information on request. Information on the appropriate or appropriate guarantees and the possibility of obtaining a copy of you may be requested from the company’s data protection officer.


Consequences of failure to provide data

In the context of the business relationship you must provide those personal data which are necessary for the establishment, execution and termination of the legal transaction and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data we will not be able to execute the legal transaction with you.


Automated decision making and profiling

We do not use purely automated decision-making procedures in accordance with Article 22 GDPR. If we should nevertheless use such a procedure in individual cases in the future, we will inform you of this separately, insofar as this is prescribed by law.


Duration of storage

We only store your data for the period of time necessary to achieve the storage purposes, or if this has been provided for by the European issuer of directives and ordinances or another legislator in laws or regulations to which the data controller is subject. In all other cases we delete your personal data after completion of the purpose, with the exception of such data which we must continue to store in order to fulfil legal obligations arising from legal proof and storage obligations.


Rights of data subjects

You may exercise the following rights under applicable data protection laws:

– Right of access by the data subject in accordance with Art. 15 GDPR

– Right to rectification in accordance with Art. 16 GDPR

– Right to erasure in accordance with Art. 17 GDPR

– Right to restriction of processing in accordance with Art. 18 GDPR

– Right to data portability in accordance with Art. 20 GDPR

– Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR


Right to revoke

You have the right to revoke consents granted in accordance with Art. 7 para. 3 GDPR with effect for the future.


Right to object

In accordance with Art. 21 GDPR, you have the right to object. The objection can be made form-free. Our contact details can be found in the “Responsible Authority” section.


Changes to this data privacy information

We keep this data privacy information up to date. We therefore reserve the right to change them from time to time and to update changes in the collection, processing or use of your data.