Privacy policy

Privacy policy – michaelgavrieli.com

 

  1. IDENTIFICATION OF CONTROLLER AND GENERAL INFORMATION

 

This privacy policy (hereinafter as “Privacy policy“) regulate conditions for personal data processing by the company M.G. brand, s. r. o., with its registered office at Karpatské námestie 7770/10A, 831 06 Bratislava – borough Rača, company number:  52 298 744, registered with the commercial register of the District Court Bratislava I, section: Sro, insert no. 136191/B (hereinafter as “Controller“ od “we” in a respective grammatic form), which occurs in the operation of Controller’s website www.michaelgavrieli.com (hereinafter referred to as the “website”) and via the follow-up profiles on social networks and communication channels of the Controller.

 

The Controller is hereby (via this Privacy policy) informing you why your personal data are processed, how they are processed, for how long they are processed, what your rights regarding the processing of your personal data are and other relevant information on the processing of your personal data. Via this Privacy policy, the Controller is fulfilling his information obligation to all data subjects, whether the personal data are obtained directly from you as data subjects or from other source.

 

The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “Regulation“), with Act No. 502 of 23 May 2018  on supplementary provisions to the regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Data Protection Act) (hereinafter as “Act“) and other legislation in relation to personal data protection (hereinafter as “Personal data protection legislation“).

 

In matters related to personal data processing and protection, you may contact the Controller at the address M.G. brand, s. r. o., Karpatské námestie 7770/10A, 831 06 Bratislava – borough Rača, Slovak Republic or via e-mail to e-mail address michael@michaelgavrieli.com. The Controller has not designated a data protection officer in the area of personal data processing and protection.

 

  1. PURPOSES, LEGAL BASIS, STORAGE PERIOD AND CATEGORIES OF PERSONAL DATA

 

The Controller processes your personal data only for justified purposes, for a limited time and with the use of the maximum possible level of security. The Controller processes personal data only if there is a legal basis for their processing (in accordance with the principle of legality). The Controller always keeps personal data in accordance with the principle of minimization only during the period during which it is necessary to keep personal data. After this period, the Controller will delete the personal data, unless otherwise provided by law. The Controller also processes your personal data in accordance with the principle of minimization, so always only to the extent that the intended purpose of the processing is fulfilled. This means that the Controller does not request personal data from you that are not necessary for the specific purpose of processing.

 

Specific information on the purposes of the processing, the legal bases for their processing, the categories of personal data processed and the specified retention period can be found in the table below.

 

 

Purpose of the processing

 

Legal basis

 

Personal data or categories of personal data

 

 

Retention period

 

Categories of data subjects

Processing the exercised rights of the data subjects Art. 6 (1) letter c) of the Regulation – the processing of personal data is carried out in fulfillment of legal obligations Current personal data that is part of the application Until the exercise of the exercised rights Natural persons who have applied or exercised the rights of the persons concerned with the Controller
Records of the exercised rights of the persons concerned Art. 6 (1) letter f) of the Regulation – processing of personal data is performed on the basis of the legitimate interest of the Controller, which is the registration of the exercised rights of the persons concerned due to proving the fulfillment of obligations arising from legal regulations Current personal data that is part of the application 5 years from the date of exercise of rights Natural persons who have applied or exercised the rights of the persons concerned with the Controller
Responding to messages and handling inquiries / requests from messages delivered via the contact form on the website, the Controller’s profiles on the social networks and via e-mail communication or by telephone Art. 6 (1) letter f) of the Regulation – processing of personal data is performed on the basis of the legitimate interest of the Controller, which is the response to received messages and requests for proper management of business communication and the provision of information on the activities of the Controller Name, surname, e-mail, tel. No., other data stated in the report 60 days from the date of receipt of the request or until the request is processed (fulfillment of purpose), whichever occurs first Natural persons sending the message / inquiry
Sending information about the Controller’s activities and its current offer (newsletter) Article 6 (1) letter a) of the Regulations – the processing of personal data is carried out with the consent of the data subject E-mail address, name, surname 3 years from the date of the consent or until its revocation, whichever occurs first Natural persons who have subscribed to the newsletter and have given their consent
Publication photographs and audio-visual recordings of the data subjects together with their name (surname) on the Controller´s website and online communication channels during the Controller´s presentation and business activities. Article 6 (1) letter a) of the Regulations – the processing of personal data is carried out with the consent of the data subject Photo, audio-visual recordings, title, name, surname 5 years from the date of the consent or until its revocation, whichever occurs first Natural persons who granted the consent
Website traffic measurements, website activity and targeting of the Controller’s online advertising (via an online tool – cookies) Article 6 (1) letter a) of the Regulation – the processing of personal data is carried out with the consent of the data subject IP address and other information about the activity on the Controller’s website and its preferences in the online environment For a maximum of 2 years from the date of the consent or until its withdrawal, whichever is the earlier Natural persons who have visited the website and given their consent

 

  1. Source of the personal data

 

The Controller obtains your personal data directly from you as a data subject, in case you provide the Controller with your personal data (when you subscribe to the newsletter, when you contact us via message sent through contact form on the websites, social network, when you visit one of the websites of the Controller or when you enter into contract with the Controller as a natural person). In some cases, especially if a service is ordered from the Controller by a business company or other entity of which you are a representative or contact person, the source of your personal data is this entity.

 

If you do not provide the Controller with your personal data in some cases, the Controller would not be able to respond to your message or to provide you with newsletter.

 

  1. TO WHOM THE CONTROLLER PROVIDES YOUR PERSONAL DATA?

 

Your personal data may be in some cases provided to public authorities, which are entitled to process your personal data, e.g. to courts, law enforcement authorities or other inspection authorities.

 

The Controller provides your personal data also to its processors, i.e. external subjects which process your personal data on behalf of the Controller. Processors process personal data based on the agreement with the Controller, in which they committed to adopt adequate technical and organisational measures in order to secure the processing of your personal data. The Controller currently uses as a processor:

 

  • a company providing hosting services (including mail hosting services) (ACTIVE 24, s.r.o.),
  • a company providing newsletter services (MailChimp service) and
  • a company providing services in the field of website management (upvision. s.r.o.).

 

Recipients of your personal data also include companies (especially Google, LLC and Facebook, Inc.,) that provide analytical and marketing services through cookies that the website stores on your device if you give the Controller consent to the storage of these files. You can find more information about the use of cookies on the website in the “Cookies policy” section.

 

  1. TRANSFER TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS AND PROFILING

 

If you contact the Controller via a message on the Controller’s social networks, subscribe to newsletter or when Controller using analytics and marketing cookies on the Controller´s website (online marketing services in case of a granted consent), your personal data may be transferred to the USA, to Google, LLC, Facebook, Inc. and The Rocket Science Group, LLC. The transfer of your personal data is ensured by appropriate means of securing the transfer of personal data to third countries in accordance with the Regulations on protection of personal data, in particular through the use of standard contractual clauses which form part of the terms of use of the above service.

 

  1. PROFILING AND AUTOMATED DECISION MAKING

 

The Controller does not use profiling when processing your personal data and does not process personal data in any form of automated individual decision-making, in which your personal aspects would be evaluated.

 

  1. WHAT ARE OUR RIGHTS IN RELATION TO PERSONAL DATA PROCESSING?

 

As the data subject, your rights regarding the processing of your personal data are as follows:

 

Right of access – You have the right to obtain a copy of the personal data which we hold about you, as well as the information on how we use your personal data. In most cases, your personal data will be provided to you by electronic means of communication, unless otherwise requested by you.

 

Right to rectification – We take reasonable measures in order to ensure that the data which we hold about you are accurate, complete and up-to-date. In case the personal data we hold are inaccurate, incomplete or outdated, we will modify, update or complete such personal data on basis of your request.

 

Right to erasure – Under certain circumstances, you have the right to ask us to erase your personal data, for example, if the personal data we have obtained about you, are no longer necessary to fulfil the original purpose of processing or if you withdraw your consent to the personal data processing. We assess exercising your right to erasure (right to be forgotten) on the basis of individual circumstances of each particular case of processing.

 

However, your right has to be assessed in the light of all relevant circumstances. For example, there may be certain circumstances or cases arising for us from applicable legislation when your personal data cannot be erased. In such case, we will not be able to accept your request.

 

Right to restriction of processing – You have also the right to ask us not to process your personal data. If you believe that the personal data we process about you are not accurate, that the processing is unlawful and you request the restriction of their processing, that we no longer need your personal data, but they are required by you as the Data subject for the exercise of legal claims or if you believe that we as the controller are not entitled to further process your personal data, we will not further process your personal data on the basis of your request.

 

 

Right to data portability – Under certain circumstances, you have right to transmit the personal data to another subject according to your choice. However, the right to portability applies only to personal data that we process under the contract to which you are one of the parties or on the basis of the consent which you have granted us. Right to lodge a complaint or request – If you believe that we breach Personal data protection legislation when processing your personal data or that we have not handled your request in accordance with such legislation, you can lodge a complaint with the supervisory authority which is Úrad na ochranu osobných údajov SR, Hraničná 12, 820 07 Bratislava 27, Slovak republic, website: dataprotection.gov.sk, tel. No.: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk.

 

RIGHT TO OBJECT

You have the right to object to processing of your personal data, for example if we process your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, we will not further process your personal data unless we demonstrate compelling legitimate grounds for such processing.

 

RIGHT TO WITHDRAW CONSENT

If we process your personal data on the basis of your consent, you have the right to withdraw such consent for further processing of your personal data. You may withdraw your consent at any time in writing, by e-mail or orally (in person).

 

 

You may exercise your rights specified in the table above at the contact addresses of the Controller listed at the beginning of this document. The Controller will provide you with the answer to the exercise of your rights free of charge.

 

In the event of a repeated, unreasonable or inappropriate request for the exercise of your rights, the Controller is entitled to charge a reasonable fee for the provision of information. The Controller will provide you with an answer within 1 month from the day when you exercised your rights. In certain cases, the Controller is entitled to extend this period, in the case of a high number and complexity of applications of the data subjects, maximally by 2 months. The Controller will always inform you about the extension of the deadline in advance.

 

  1. SOCIAL MEDIA AND LINKS TO OTHER WEBSITES

 

As part of marketing and advertising support, you will find links to various social networks on the Controller’s website, such as Facebook. The Controller hereby informs you that after clicking on the add-on on the website and going to the social network, the rules of personal data protection of the social network controller will apply, except in cases where you contact the Controller via a message on the social network (in which case the processing of your personal data also governs this policy and your personal data processed by the Controller in accordance with the information provided above).

 

You can find more information about the processing of your personal data by social network controllers at the following links: (i) Instagram: https://www.facebook.com/help/instagram/155833707900388, (ii) YouTube: https://policies.google.com/technologies/product-privacy?hl=sk and (iii) LinkedIn: https://cz.linkedin.com/legal/privacy-policy?

 

  1. VALIDITY

 

An updated version of this Privacy policy is valid and effective as of 01. April 2022. As it is possible that an update of the information on personal data processing contained in this Privacy policy may be necessary in the future, the Controller is entitled to update this Privacy policy at any time. In such case, the Controller will inform you about it in an adequate manner in advance.

0