Contact us +421 917 773 412

GDPR statement

On this page you will find all the necessary information regarding the protection of personal data, which we implement in our company according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC and Act 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain laws.

Designation of the controller of personal data information systems:

NANOTEC s. r. o.
Semenárska 1760
Vrbové 922 03
ID: 36 783 579
VAT: SK2022383902 Commercial Register of the District Court of Trnava, section: sro, insert no. 20134/T

In connection with the processing of personal data, the controller shall inform the data subjects that they have:

  • the right to request from the controller access to personal data concerning him or her and the right to rectification or erasure or restriction of processing,
  • the right to object to processing,
  • the right to data portability,
  • the right to withdraw consent at any time without affecting the lawfulness of processing based on consent given prior to its withdrawal,
  • the right to lodge a complaint with a supervisory authority,
  • the right to be informed whether the provision of personal data is a legal or contractual requirement or a requirement necessary for entering into a contract, whether the data subject is obliged to provide personal data, as well as the possible consequences of not providing such data,
  • the right to be informed of the source of his or her personal data, if they have not been obtained from the data subject, or whether the data come from publicly available sources
  • the right to obtain confirmation from the controller as to whether personal data relating to him or her are being processed and, if so, the right to obtain access to those personal data and that information:
  1. the purpose of the processing
  2. the categories of personal data concerned
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  4. where possible, the envisaged period of retention of the personal data or, if that is not possible, the criteria for determining it
  5. the existence of a right to require the controller to rectify personal data concerning the data subject or to erase or restrict processing, or to object to such processing
  6. the right to lodge a complaint with a supervisory authority
  7. where the personal data have not been obtained from the data subject, any available information as to their source

Requests for the provision of personal data, withdrawal of consent to the processing of personal data and requests for the deletion of personal data can be submitted at the NANOTEC s. r. o., Šteruská 792/3, Vrbové 922 03, on working days from 9.30 a.m. to 3.00 p.m., where it is also possible to retrieve the forms for requests and withdrawals. The completed forms should be sent by post to NANOTEC s.r.o., Šteruská 792/3, Vrbové 922 03 or by e‐mail to the following address: info@nanotec.sk.

Contact persons for providing information in relation to the protection of personal data

Contact person e‐mail phone contact
Marián Bartulák info@nanotec.sk +421 905 635 788

Contact of the supervisory authority

Office for Personal Data Protection of the Slovak Republic
Address:
Hraničná 12
820 07, Bratislava 27
Slovak Republic
ID: 36 064 220

tel. no.: +421 /2/ 3231 3214
e‐mail: statny.dozor@pdp.gov.sk
website: https://dataprotection.gov.sk

The right of the data subject to initiate proceedings within the meaning of Section 100 of the Personal Data Protection Act
A data subject who believes that his or her personal data has been unlawfully processed or that his or her personal data has been misused may file a petition with the Office for Personal Data Protection of the Slovak Republic (hereinafter referred to as "the Office") to initiate personal data protection proceedings. The application may be submitted in writing, in person or orally in the minutes, by electronic means and must be signed by a guaranteed electronic signature, by telegraph or by telefax, but must be completed in writing or orally in the minutes within 3 days at the latest.

In accordance with the provisions of Section 63(2) of the Data Protection Act, the proposal in question must include:

the name, surname, permanent address and signature of the claimant; the name of the person against whom the claim is directed; the name or the name and surname, registered office or permanent residence, or legal form and identification number; the subject matter of the claim with an indication of which rights the claimant claims have been infringed in the processing of personal data; evidence in support of the claims made in the claim; a copy of the document proving the exercise of the right under Section 28, if such right could have been exercised, or an indication of the grounds for special consideration.

The Office shall then decide on the petitioner's application within 60 days from the date of initiation of the proceedings. In justified cases, the Office may extend this period accordingly, but not for more than 6 months. The Authority shall inform the parties in writing of the extension of the time limit.

Template for initiating a data protection procedure

Information on the processing of personal data within the meaning of Articles 13 and 14 GDPR of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR"). This privacy policy is addressed to all data subjects about whom we process personal data, including employees, suppliers, contractors and persons on our public premises.


Reason for processing personal data

We process the personal data of data subjects in order to fulfil our obligations under general law, the legitimate interests pursued by us and contractual relationships.


As a controller of information systems processing personal data, we process personal data for the purpose of maintaining a database of job applicants. The legal basis for the processing of personal data is the consent granted by the applicant. The personal data of job applicants with whom an employment contract will be concluded is processed for the performance of pre‐contractual relations.


Categories of personal data:
  • name
  • last name
  • date of birth
  • course of education
  • photo
  • data from CV, cover letter

Retention period of personal data: 1 year from the date of inclusion in the database of job applicants

The source of the personal data are the applicants themselves.

Purpose of processing personal data
We process personal data for the purpose of Legal basis
HR and payroll Performance of legal obligations (Article 6(1)(c) GDPR)
Processing of accounting documents and taxes Performance of legal obligations (Article 6(1)(c) GDPR)
Compliance with legal obligations Performance of legal obligations (Art. 6(1)(c) GDPR) and tasks carried out in the public interest (Art. 6(1)(e) GDPR)
Ensuring Information Security Performance of legal obligations (Article 6(1)(c) GDPR)
Contractual relations with natural persons Performance of a contract, including pre‐contractual relationships (Art. 6(1)(b) GDPR)
Handling of complaints Performance of legal obligations (Article 6(1)(c) GDPR)
Statistical purposes Article 89 GDPR
Archiving Article 89 GDPR and the Law on Archives and Registers
Control mechanisms Legitimate interest (Article 6(1)(f) GDPR), Informed consent
Cross‐border transfer

We do not, as a standard practice, carry out cross‐border transfers of data subjects' personal data to third countries outside the European Union. In some cases, the personal data of data subjects may be transferred to third countries in the context of employee mobilities that allow for working stays abroad. The transfer of personal data of data subjects to third countries may also take place if the data subject requests a confirmation of the employer.

Personal data may be transferred without restriction within the European Economic Area and to countries which provide an adequate level of protection of personal data.

We do not carry out automated individual decision‐making.

The controller declares that it processes personal data through the following processors:
  • DACTYL s. r. o., gen. M. R. Štefánika 208/3, Vrbové 922 03, IČO: 44 847 718 (occupational safety and fire protection)
  • Asseco Solutions, a. s., GBC IV, Galvaniho 17/B, 821 04 Bratislava 2, Slovensko, IČO: 00 602 311 (accounting, management of company processes)
  • Commander Services, s. r. o., Žitná 23, 831 06 Bratislava, IČO: 51 183 455 (GPS monitoring of company vehicles)
  • EXO TECHNOLOGIES, s. r. o., Košická 6, 821 09 Bratislava, IČO: 36 485 161 (webhosting services)
  • iFocus, s. r. o., Moyzesova 3, 921 01 Piešťany, IČO: 46 314 938 (marketing)
  • Postal carrier Slovenská pošta, a.s., Partizánska cesta 9, 975 99 Banská Bystrica 1 (in limited scope: name, surname, title, address/home address)

We keep the personal data of data subjects for as long as necessary to fulfil the purpose for which we process the personal data. The retention period is determined by certain legal regulations and rules. Where the retention period cannot be determined from laws and regulations, we determine the retention period through our internal regulations or embed the retention period in contracts.
We do not further process the personal data of data subjects stored on the basis of Consent once it has been withdrawn. However, the personal data of the data subjects remain in some information systems for the fulfilment of legal obligations.

Cookie policy

Our website uses cookies for the proper functioning of our website.

Cookies are small text files that are stored on your device when you visit our website. By browsing our website, each user agrees to their use and storage on their device. The visitor to the website is notified of this fact each time they visit and signifies their consent by continuing to browse our website.

Cookies help e.g.:

  • the correct functionality of the website
  • remembering the information you search for,
  • to find out which pages and functions visitors use most often,
The cookies we use are divided: By validity period

We use so‐called "session cookies" which are only temporary and remain stored on your device only until you close the browser, and long‐term "persistent cookies" which remain stored on your device for several days or months, or until you manually delete them.

By Purpose:
  • key (functional) cookies ‐ without them our website cannot function
  • analytical cookies ‐ they allow us to track traffic to the site and the use of various functions. They allow us to better tailor our website to the needs of our visitors.

The use or restriction of cookies can be set in your internet browser. You can find information about browsers and how to set your cookie preferences on your browser's support website