Personal data processing information


Statement on the processing of personal data under Regulation (EU) 2016/679 of the European
Parliament and of the Council on the protection of individuals with regard to the processing of personal
data and the instruction of data subjects (hereinafter as „GDPR“)

I. Personal data controller
In accordance with Article 12 of the GDPR, company GoodCall Slovakia s.r.o. with registered office at Plynárenská 1, Bratislava, 821 09 Bratislava, ID: 47 999 616, VAT ID: 2120008539, IČ DPH : SK2120008539 registered in the Commercial Register kept by the Municipal Court in Bratislava 1, dep. Sro, file no. 102118/B], informs you about the processing of your personal data and your rights.

II. Scope of processing of personal data
Personal data is processed to the extent that the data subject has provided the personal data to the
controller in connection with the conclusion of a contractual relationship or other legal relationship with
the controller; or the controller processes personal data which the controller has collected otherwise
and which are processed by the controller in accordance with the applicable legal regulations or to
fulfill the statutory obligations of the controller.

III. Sources of personal data

  • directly from the data subjects (registrations, emails, phone calls or messages, web site, contact form on the web, social networks, business cards, etc.)
  • publicly accessible registers, lists and records
IV. Categories of processed personal data
  • data of address and identification used for the unambiguous identification of the data subject (e.g. name, surname, title, eventually birth identification number, date of birth, permanent address, ID, VAT ID) and contact details of the data subject (for example contact address, telephone number, fax number, e-mail address and other similar information)
  • descriptive data
  • other necessary data for performance of the contract
  • data provided in excess of the applicable laws processed within the framework of the consent given by the data subject (processing of photo, use of personal data for personnel management, etc.)
V. Categories of personal data subjects
  • candidate - job seeker
  • employee of the controller
  • service provider
  • another person who is in a contractual relationship with the controller

VI. Categories of recipients of personal data
  • processor
  • potential employers
  • public authorities in the course of fulfilling the legal obligations laid down by the relevant legislation
  • other recipients

VII. Purpose of processing of personal data
  • purposes contained in the consent of data subject
  • negotiations on a contractual relationship
  • performance of the contract
  • the statutory obligations on the part of the controller

VIII. Method of processing and protection of personal data
The processing of personal data is carried out by the controller and the processor - Datacruit s.r.o.,
with registered office at Václavské náměstí 846/1, Nové Město, 110 00 Praha 1, ID No .: 035 45 652.
The processing is carried out at its premises, branch offices and registered office of the controller and
processors by individual authorized employees of the controller, resp. processor. The processing of
personal data takes place through computer technology, or manually to personal data in paper form,

with all the security policies for managing and processing personal data. For this purpose, the
controller has adopted technical and organizational measures to ensure the protection of personal
data, in particular measures to prevent unauthorized or accidental access to personal data, alteration,
destruction or loss, unauthorized disclosure, unauthorized processing, and other misuse of personal
data. All entities to which personal data may be made available respect the privacy rights of data
protection of personal data subjects and these entities are required to comply with applicable privacy

IX. Time of processing of personal data
In accordance with the deadlines for the purpose of management, or as stated in the data subject's consent, the relevant contracts or the relevant legislation, it is the time necessary to ensure the rights and obligations flowing from both the obligation relationship and the applicable legal regulations.

X. Instruction
The controller processes the personal data with the consent of the data subject, except in cases where the processing of personal data does not require the consent of the data subject.

In accordance with Article 6 (1) of the GDPR, the controller may process the following data without the consent of the data subject:

  • if the data subject has given consent for one or more specific purposes of processing,
  • processing is necessary for the performance of the contract to which the data subject is subject or for the implementation of measures taken prior to the conclusion of the contract at the request of that data subject,
  • processing is necessary to fulfill the legal obligation to which the controller is subject,
  • processing is necessary to protect the vital interests of the data subject or other natural person,
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the controller,
  • processing is necessary for the purposes of the legitimate interests of the relevant controller or third party, except in cases where the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail over those interests
XI. Rights of data subjects
(1) In accordance with Article 12 of the GDPR, at the request of the data subject the data controller shall inform the data subject of the right of access to personal data and the following information,:
  • the purpose of processing,
  • the category of personal data,
  • the recipients or categories of recipients whose personal data have been or will be made available,
  • the planned time for which personal data will be stored,
  • all available information about the personal data source,
  • the fact that automated decision making, including profiling, occurs, if the personal data are not obtained from the data subject.
(2) Any data subject who discovers or considers that the controller or processor processes his personal data contrary to the protection of private and personal life of the data subject, in particular if the personal data are inaccurate with respect to the purpose of their processing, may:
  • Ask the controller for an explanation.
  • Require the controller to correct the situation. In particular, it may be blocking, repairing, adding or deleting personal data.
  • If the data subject's request under article 1 is found to be justified, the data controller shall immediately remove the malfunction.
  • If the data controller does not satisfy the data subject's request under article 1, the data subject has the right to contact the supervisory authority, the Office for Personal Data Protection.
  • The procedure provided for in article 1 shall not preclude the data subject from referring the matter directly to the supervisory authority.
  • The controller is entitled to require reasonable compensation for the provision of the information; the compensation shall not exceed the costs necessary to provide the information.
This statement is publicly accessible on the controller's website.