Protection of personal data GDPR
Protection of the Customer’s personal data, provided to INFOCAR a.s. is governed by Act NR SR no. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws as amended (hereinafter referred to as: “The Personal Data Protection Act”). The Personal Data Protection Act must be interpreted, among other things, in accordance with Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in the processing of personal data by competent authorities for the purposes of preventing, investigating, detecting or prosecuting crimes or for the purposes of enforcing criminal sanctions and on the free movement of such data and on the repeal of Council Framework Decision 2008/977/SVV (hereinafter referred to as: “Regulation”).
The Controller is the company INFOCAR a.s.
In addition to the company INFOCAR a.s. the company ANDIS s.r.o. participate in the processing of Contract fulfilment data in the bikeAngel System. The company INFOCAR a.s. will disclose the identity of other data processors in the Personal Data Protection Policy or will be made available to him using Customer Support.
INFOCAR a.s., as the Controller, is entitled to require the Customer to provide personal data to the extent necessary for the purpose of concluding the Contract and to process and collect this data for the necessary period. The Controller hereby informs the affected persons about the acquisition and processing of their personal data.
The provision of personal data is voluntary but required when registering and using the bikeAngel System. Failure or failure to provide personal data will prevent successful registration and use of the bikeAngel System.
INFOCAR a.s. is not authorized to transfer the Customer’s mobile phone number or private login data (login name and password).
INFOCAR a.s. processes personal data only based on legal conditions, which are specified in the cited Regulation or in the Personal Data Protection Act. As a Controller, we are responsible for the protection of the personal data of our Customers, which we have obtained about the Customer or which we obtain in accordance with the Regulation and the Act on the Protection of Personal Data in the scope and manner according to this information. In case of questions regarding the processing of personal data, the Customer may contact the Controller in person or by mail at the registered address.
The Contract to be concluded between the parties is considered a written contract concluded by electronic means. The Contract is drawn up in the Slovak language. The company INFOCAR a.s. records and manages Contracts in its electronic filing systems, subject to the proper application of data protection rules. The parties will endeavour to settle all disputes between them regarding the interpretation, performance, or termination of this Contract by mutual agreement. The parties hereby submit to the exclusive jurisdiction of the Slovak courts and the Personal Data Protection Office of the Slovak Republic in relation to any disputes arising from their relationship with the bikeAngel Service.
Collection of personal data
We primarily collect personal data directly from the Customer, when he registers for the purpose of concluding a Contract via the website, the Application, by telephone, by post, or by e-mail.
Categories of collected personal data
INFOCAR a.s. obtains and processes only the usual personal data of the Customer to the extent necessary within the scope of activities in connection with the provision of our services, namely:
Identification data: data shown in the identity card
Registration data: login name, password, and mobile phone number
Contact data: address of permanent residence, delivery address, e-mail address and telephone number
Banking, financial, and transactional data: credit card number, bank account data and payment data.
Data related to Vehicle Contracts: client identification number, contract number, Equipment identification number.
Data related to insurance claims: history of insurance claims, including paid benefits and expert opinions, information about victims.
Location data: location monitoring via satellite tracking (GPS), which enables tracking during their use or after their theft.
Recipients of personal data
All the Customer’s personal data will be processed and stored in our internal systems and will be by us further provided to other recipients only if it is necessary to achieve the purpose of processing or on the basis of a legal obligation arising from special legal regulations.
- control, supervisory and other state authorities in the performance of their activities in accordance with a special legal regulation (e.g. Slovak Trade Inspection, Personal Data Protection Office, Tax Office, etc.),
- courts and law enforcement authorities based on their request, or within the legitimate interests of the Controller in proving, exercising, and defending legal claims,
- insurance companies with whom the Controller has concluded insurance contract related to the rented bikeAngel Equipment,
- contractually authorized service providers, such as providers of IT services, postal and forwarding services, financial and insurance services,
- to other recipients to whom the Controller is obliged to provide personal data in accordance with a special law or legitimate interest, such as auditors, legal advisors, tax and accounting advisors, insurance companies, banks, credit registers, third parties evaluating the use of the services of our contractual partners, persons who have an labour-legal or other similar relationship with us, to the extent that is absolutely necessary for the performance of their work or rights, and which at the same time in relation to the personal data provided or made available, they will have the obligation to maintain the confidentiality of such information to the extent and under the conditions agreed in the written contract we conclude with them or established by generally binding legal regulations.
Purpose of personal data processing
The Controller will obtain and further process the Customer’s personal data for the following purposes:
- registration and for the conclusion and performance of the Contract; To fulfil contractual obligations or take measures at your request before we conclude a Contract with you, especially for the purposes of processing and sending quotations, reservations, preparing and concluding Contracts, recording Contracts including all their changes in our internal system, checking the fulfilment of Contracts and obligations of contractual parties, especially within the framework of rental agreements, lease agreements and framework agreements, as well as other obligations related to the administration of Contracts, processing claims and complaints, invoicing, recovery of damages and claims arising in connection with the supply of goods and services, settlement of insurance claims, storage related documentation and records, mutual communication between contractual parties, etc. The legal basis for processing your personal data for this purpose is Art. 6 par. 1 letter b) and c) Regulations, i.e. fulfilment of the Contract and fulfilment of the legal obligations of the Controller arising mainly from Act NR SR no. 513/1991 Coll. Commercial Code as amended. In this case, the provision of personal data by the person concerned is a contractual requirement. In case of failure to provide personal data, it will not be possible with the person concerned, i.e. to enter a contractual relationship with a potential Customer.
- marketing; In the case of your consent, we will send you business information about products and various promotions by post, e-mail, SMS, or in another form. We will only send commercial information to the extent and frequency that it is not annoying for you. The legal basis for processing your personal data for this purpose is the provision of Art. 6 par. 1 letter a) Regulations, i.e. consent of the person concerned. You can withdraw your consent at any time, and we will inform you of the specific way of withdrawing consent (depending on the way it was granted) in the request for your consent. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. Processing for marketing purposes can be considered as processing based on the legitimate interests of the Controller if you are our Customer, and the Controller considers it to be his legitimate interest to inform the Customer about news and offers in the field of the Controller’s services. The customer has the right to object at any time to the processing of his personal data for marketing purposes or to stop sending our marketing messages at any time through a link directly in these messages.
- identification of persons; In order to clearly identify and verify the identity of persons – Customers, or authorized persons by the Customer (in the case of a Customer who is a legal entity or a sole trader) and for the purpose of verifying the authenticity of official documents as well as the possible necessity of providing cooperation to law enforcement authorities in the event of theft or damage to the property of the Controller – a leased item, the Controller may also make photocopies of official documents, or request the provision of these data electronically (citizen’s and driver’s licenses and passports). The legal basis for processing personal data for this purpose is the provision of Art. 6 par. 1 letter f) Regulations, i.e. the Controller ‘s legitimate interest, which in this case is the protection of the Controller’s property and financial interests with the aim of preventing crime and other anti-social activity in the area of property crime, committed primarily in the form of theft and damage to the Controller’s property.
- protection of the Controller ‘s property and financial interests; To protect the property and financial interests of the Controller, selected rental vehicles are secured by monitoring their location via satellite tracking (GPS), which enables tracking of the Equipment during use and after theft. The legal basis for processing your personal data for this purpose is the provision of Art. 6 par. 1 letter f) Regulations, i.e. the Controller ‘s legitimate interest, which in this case is the protection of the Controller ‘s property and financial interests with the aim of preventing crime and other anti-social activity in the area of property crime, committed primarily in the form of theft and damage to the Controller ‘s property.
- bookkeeping and preparation of accounting documents; in particular management and invoicing of prices for the supply of goods and services, processing of accounting, tax documents and invoices. The legal basis for processing your personal data for this purpose is the provision of Art. 6 par. 1 letter c) Regulations, i.e. fulfilment of our legal obligations arising mainly from Act no. 431/2002 Coll. on accounting, as amended (hereinafter referred to as the “Accounting Act”), Act No. 222/2004 Coll. on value added tax, as amended, etc.
- post office records and registry management; registration and management of postal shipments, mail delivered and sent from and to electronic mailboxes, and registration and archiving of contracts, accounting, tax and related documents in our internal systems. The legal basis for processing your personal data for this purpose is the provision of Art. 6 par. 1 letter c) Regulations, i.e. fulfilment of the legal obligation of the Controller according to special regulations, in particular according to the Accounting Act and Act no. 395/2002 Coll. on archives and registries and on amendments to certain laws.
Period of storage of personal data
We will process the Customer’s personal data for the period necessary to achieve the purposes of their processing, but at the longest for the duration of the contractual relationship.
In the event that we assert legal claims against the Customer and conduct judicial or administrative proceedings or if the Customer asserts legal claims against the Controller and conduct judicial or administrative proceedings against him, personal data will be processed to demonstrate, exercise or defend legal claims until the legal termination of such proceedings. After the termination of the contractual relationship, or after the legal end of the procedure according to the previous sentence, the Customer’s personal data will only be stored (archived) for a period of 10 years from the end of the Contract, due to the obligation to store the Contract and accounting and tax documents related to the Contract, which contain personal data in within the meaning of generally binding regulations, especially from the Accounting Act. After this period, the data will be deleted or devalued / shredded.
In the event that the Customer at any time objects to the processing of personal data for direct marketing, the Controller will stop processing personal data for this purpose.
Personal data obtained from vehicle monitoring are stored for 2 years after the end of the contractual relationship.
Photocopies of official documents, if created, are kept for the duration of the contractual relationship and are disposed of within 1 year at the latest, if the Controller does not use them on the basis of legitimate interests (e.g. as part of the settlement of damages, insurance claims and thefts) or for proving, exercising or defending legal claims.
Withdrawal of consent to the processing of personal data
The customer has the right to withdraw consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of personal data processing based on consent prior to its withdrawal. The granted consent can be revoked in the same way as it was granted.
Automated decision-making, including profiling
There is no automated decision-making or profiling during the processing of personal data by the Controller.
The rights of the person concerned in connection with the protection of personal data
In connection with the processing of personal data, in addition to the above-mentioned rights, the Customer has the following rights in particular:
- the right to access personal data (Article 15 of the Regulation); The customer has the right to obtain from the Controller a confirmation as to whether we are processing his personal data, and if so, he has the right to obtain access to this personal data (copies thereof), as well as to additional information to the extent specified in Article 15 of the Regulation. In most cases, these copies of personal data and additional information are provided in electronic form, unless the Customer requests another way of providing them.
- the right to correct personal data (Article 16 of the Regulation); The Controller takes reasonable measures to ensure the accuracy, completeness and up-to-datedness of the information it has about the Customer. However, this right enables the Customer to ask the Controller to correct his incorrect personal data without undue delay or to complete his personal data if they are inaccurate, incomplete or out of date. The Customer acknowledges that he is obliged to provide only such personal data that is complete and correct, while he is responsible for the falsity of the personal data he has provided to us.
- the right to delete personal data (right “to be forgotten”) (Article 17 of the Regulation), without undue delay after exercising this right, for example, if the Customer’s personal data are no longer necessary for the purpose for which they were obtained or processed, if The Customer has withdrawn his consent to the processing of personal data, on the basis of which the Controller processes them, and there is no other legal basis for processing (for example, a Contract), if the Customer objects to the processing of personal data according to Art. 21 par. 1 of the Regulations or if we process them in violation of the Regulations and the Personal Data Protection Act. However, this right of the Customer must be assessed from the perspective of all relevant circumstances. For example, the Controller may have certain legal and regulatory obligations, which means that it will not be possible to comply with such a request.
- the right to limit the processing of personal data (Article 18 of the Regulation), in specified cases, the Customer has the right to request that the Controller stop processing his personal data, e.g. if he objects to the correctness of personal data, but only during the period allowing the Controller to verify the correctness of personal data.
- the right to portability of personal data (Article 20 of the Regulation), that is, the right to obtain from the Controller personal data that the Customer previously provided to us in a structured, commonly used and machine-readable format, and has the right to demand that the Controller transfer this personal data to another Controller for fulfilment of legal conditions; exercising this right does not affect the Customer’s right to delete personal data. However, the right to portability only applies to personal data obtained from the Customer based on his consent or based on the Contract to which the Customer is a party.
- the right to object to the processing of personal data (Article 21 of the Regulation), if the processing of personal data is based on the legitimate interest of the Controller or if the Controller processes personal data for the purpose of direct marketing, including profiling during such processing. In the event that the Customer files an objection and the Controller does not prove a convincing legitimate reason for the processing of personal data, or if the Customer files an objection to the processing of his personal data for the purpose of direct marketing, the Controller will not further process the personal data for these purposes.
- the right for the Customer not to be subject to a decision that is based solely on the automated processing of personal data, including profiling, if such automated decision-making and profiling would have legal effects in relation to the Customer or significantly affect him (Article 22 of the Regulation); When processing personal data, however, the Controller does not make automated decisions or profile.
- the right to file a complaint with the supervisory authority (Article 77 of the Regulation); if the Customer believes that the processing of his personal data is contrary to the Regulation or to the Personal Data Protection Act, he can file a complaint (proposal for initiation of personal data protection proceedings pursuant to § 100 of the Personal Data Protection Act) to the Personal Data Protection Office of the Slovak Republic.
Contact details of the Office:
Úrad na ochranu osobných údajov SR
820 07 Bratislava 27
tel. number: 421 /2/ 3231 3214
The customer can exercise his rights:
- in person by submitting an application at the headquarters of INFOCAR a.s.
- by sending a written request by mail to the address of INFOCAR a.s.
- electronically to e-mail: email@example.com
Contact details of the Controller:
831 02 Bratislava 32
IČO: 35 773 090
IČ for VAT: SK 2020 244 380
registered in the Commercial Register of the District Court BA I, section Sa, vl. no. 2206/A
This document (PROTECTION OF PERSONAL DATA – GDPR) is an unofficial translation of the valid Slovak version (OCHRANA OSOBNÝCH ÚDAJOV GDPR). In the event of any differences between this translated document in English and underlying document in Slovak, the text of the Slovak original takes precedence.