LYNX Personal Data Protection Policy
The protection of personal data in LYNX – spoločnosť s ručením obmedzeným Košice (here in after referred to as “LYNX”) is ensured in accordance with the requirements of EU Regulation no. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to data (hereinafter referred to as the “Regulation”) and Act No.18 / 2018 Coll. on the protection of personal data and on amendments to certain laws.
In order to preserve the transparent, fair and lawful processing of personal data, it is necessary for the data subject to be provided with information related to the processing of his personal data. In relation to the provision of the LYNX operator's information obligation in relation to the data subject under Art. 13 and 14, we hereby provide the following information.
Information provided to concerned data subjects according to Articles 13 and 14 of the Regulation by personal data controller LYNX:
1. Personal data controller:
LYNX - spoločnosť s ručením obmedzeným Košice
Registered office: Gavlovičova 9, 040 17 Košice
The company is registered in the Commercial Register of the District Court Košice 1, Section: LLC. File 117 / V
2. Responsible official and contact details:
gdpr.lynx@lynx.sk; tel. no. 055/727 17
3. Purpose of personal data processing:
- Registration of initiatives pursuant to Act no. 307/2014 Coll.
- Protection of the operator's property by CCTV
- Single entry to the operator's premises
- Intervention recordings
4. Legal bases for the processing of personal data:
Legal basis of personal data processing for the purposes of filing complaints pursuant to Act No. 307/2014 Coll.
- Act no. 307/2014 Coll. on certain measures related to the reporting of anti-social activities and on amendments to certain acts.
Legal basis for the personal data processing for the purpose of protecting company assets by CCTV
- Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data,
- Act no. 395/2002 Coll. on Archives and Registries and on Amendments to Certain Acts, as amended
Legal basis for the personal data processing for the purpose of one-off access to the premises of the controller
- Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data,
- Act No.18 / 2018 Coll. on the protection of personal data and on amendments to certain laws.
Legal basis for the personal data processing for the purpose of recording interventions
- Act no. 473/2005 Coll. on private security
- Decree of the Ministry of Interior of the Slovak Republic No. 634/2005 Coll. implementing certain provisions of Act No. 473/2005 Coll. on the provision of services in the field of private security and on amendments to certain laws (the Private Security Act).
5. Personal data processing for the legitimate interests of the controller:
- camera surveillance system to protect the operator's assets and ensure the security of the company premises
- One-time entry to the premises of the operator to identify an individual (external persons) when entering the premises of the company.
6. Categories of beneficiaries: public authorities for the purpose of fulfilling a legal obligation.
7. Transfers to third countries: do not take place.
8. Retention period:
- The retention period is determined by special laws and by the company's registry ordinance and registry plan (initiative record - 3 years, records from CCTV - 5 days, record of entry - 1 year, record of interventions - 3 years).
9. Rights of the data subject in relation to the purposes of processing:
- The data subject has the right to access and correct the personal data.
- The right of erasure cannot be exercised if processing is necessary to fulfil a legal obligation.
- The right to restrict processing and the right to object to processing may be restricted in accordance to specific laws.
- The right to data portability cannot be exercised.
10. The data subject shall have the right to withdraw his consent at any time, without prejudice to the lawfulness of the processing based on the consent granted prior to his withdrawal, provided that the legal basis for the processing of personal data is the data subject's consent.
11. The data subject has the right to file a complaint with the Office for Personal Data Protection of the Slovak Republic.
12. Requirements for the provision of personal data and possible consequences of their non-disclosure.
Processing of personal data for the purposes of filing complaints pursuant to Act No. 307/2014 Coll. is a legal requirement; eventual failure to disclose personal data results in a restriction on the purpose of the processing.
The processing of personal data for the purpose of monitoring space by a camera system is justified by the interest of the operator; the operator carries out data processing in order to protect the property and ensure the security of the company's premises. In the event of an objection by the data subject against the processing of personal data, the controller shall not further process the personal data unless it demonstrates the necessary legitimate reasons for the processing which outweigh the interests, rights and freedoms of the data subject or reasons.
The processing of personal data for the purpose of one-time access to the premises of the operator is justified by the interest of the operator for keeping records of data subjects (external persons) when entering the premises of the company to ensure physical and object security.
The processing of personal data for the purpose of recording interventions is a legal requirement; the person concerned is obliged to prove his / her identity.
13. Automated decision making, including profiling: not implemented.