In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”) and with Act No. 18/2018 Coll., on personal data protection and amendments to certain other acts, and with the aim of protecting the rights of data subjects (hereinafter also referred to as the “DS”) and preventing possible misuse or leakage of personal data (hereinafter also referred to as the “PD”), the data subjects rights arising from the GDPR can be exercised in the following ways:
By mail to the address
Štúrova 925/27
018 41 Dubnica n/Váhom
Slovak Republic
By email to the address of the joint responsible person (hereinafter also referred to as the joint “DPO”)
osobneudaje@msmholding.sk
By telephone at
+421 903 440 747
The procedure for handling the requests from data subjects (DSs)
The procedure below for handling the requests from DSs is binding for all persons who
in any way participate in the processing of the PD by joint controllers.
1. Receipt of a request
The joint DPO is the contact point for joint controllers with regard to receiving requests from the DSs – see contacts above.
2. Request details
The request from the DS shall at least:
– Contain data of the DS making the request, including his or her contact details.
– Describe what the DS is seeking with his or her request, such as: the provision of information on the processing of his or her PD; exercising one of the rights of the DS in the area of PD protection; the time limit by which the DS asks to handle his or her request (if this data is missing the request will be processed as urgent, i.e. without undue delay); any other DS’s requirements.
– Identify the joint controller concerned or information that the request is addressed to all joint controllers.
– Specify the scope of the PD which is the subject-matter of the request or information that the request concerns all PD that the joint controllers concerned process in connection with the given DS.
If the request does not contain the above details, the joint DPO shall contact the DS who submitted the request in an attempt to find out these details so that the request can be handled meaningfully. This does not apply if the request does not contain the contact details of the DS who submitted the request – in that case, the joint DPO shall record that the request was evaluated as incomplete and it was not possible to eliminate its shortcomings after which the request shall be postponed.
3. Making requests
The DS may make a request in any manner, but typically by email to the joint DPO’s contact address. However, there is no prescribed form for making the request, therefore it cannot be postponed or rejected due to its insufficient form.
In order to allow the DS to make the request informally, i.e. especially in his or her own words, there is no need to make the request on any prescribed form.
With the making of the request to the joint DPO, time limits for handling the request, if they are established, begin to pass.
4. Handling request
The joint DPO shall handle the request that was properly made in one of the following ways:
– Comply with the request; or
– Comply with the request in part; or
– Reject the request (dismiss the request).
If the joint DPO complies with the request, he or she ensures that the DS’s requirements are met in such a way as to achieve the status requested by the DS. This may include, for example, the arrangements for the processing, amendment of organisational or other measures or erasure of the PD concerning the DS – once the measures are taken, the DPO shall inform, without delay, the DS of measures taken, or specify in the statement, the deadline by with the desired status will be achieved.
Where the joint DPO shall comply with the request only in part, the joint DPO shall inform the DS in which part the request was complied with and in which part the request was rejected, justifying his or her decision. In the part that the joint DPO has upheld the request, he or she shall follow the procedure above.
Where the request has been rejected by the joint DPO, the DS who has made the request shall be informed thereof. The notice of the rejection shall be properly justified.
Requests have to be handled in accordance with relevant legal regulations. Any information/notice of handling the request shall also include instructions to the DS on the possibility of lodging a complaint with a supervisory authority (Personal Data Protection Authority).