GDPR – General data protection

Data subject´s rights

Legislation:

Regulation of the European Parliament and of the Council 2016/679- on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as the "GDPR")

Act No. 18/2018 Z.z. Protection of Personal Data (hereinafter referred to as the "Act")

Validity from 25.05.2018

           

Business company:      Colliers International, spol. s r.o.                  

Premises:                     Suché Mýto 1, 811 03  Bratislava

ID No.                         36 618 322

Company incorporated in Commercial register at District Court Bratislava I, Section: Sro, Insert No.: 30622/B

Statutory body:             Ermanno Boeris, executive

Contact person:            Katarína Dudáková

Email address:              katarina.dudakova@colliers.com

Phone call No:              +421 2 59 980 980

Data subject:

Every natural person whose personal information is processed by the Controller is a Data subject.

Controller's business activity:

The Controller is a leading consulting company that focuses on the field of commercial real estate. Therefore, the Controller has in his databases legal entities, namely business companies or entrepreneurs using his services.

In addition to legal entities and business entities, there are personal data of natural persons, especially statutory representatives, proxies or employees of such legal entities, in the Controller's databases.

The Controller is also a financial adviser in accordance with the Act of the National Council of the Slovak Republic No. 186/2009 Coll. on Financial Intermediation and Financial Advisory, as amended, in the field of loans and consumer credits and has a license from the National Bank of Slovakia for the given activity.

Data subject's personal data processing purposes:

The purpose of the personal data processing of the affected persons is a direct marketing due to the provision of the latest information and activities of the Controller, including within the company Colliers Group as well as affiliated organizations.

The purpose of the personal data processing is a legitimate interest of the Controller, if he/she addresses and informs about the results of the activity the third and / or cooperating person within the scope of his / her business activity.

Transfers to third countries beyond the EU:

The Controller does not transfer personal data to third countries that do not provide protection of personal data.

The processed personal data categories:

The personal data are provided in the following scope - name and surname, home address or correspondence address, telephone contact, e-mail address - for marketing purposes.

The legal basis for the personal data processing of the Data subject for marketing purposes is a consent and / or legitimate interest of the Controller.

The Controller is authorized to contact the Data subject by post, phone, E-mail, fax, SMS or other electronic means about marketing events, products and services within the business activity.

Time of personal data processing:

The Controller shall process personal data for marketing purposes as long as he has a legitimate interest in the subject matter of activity or until the consent of the Data subject is revoked.

If direct marketing is a result of a contractual relationship of the Controller and contract execution is a legal basis of the processing of personal data, the personal data processing takes place during the contract's validity and after its expiration due to the obligation to register until the expiration of the 10 year term in accordance with § 36, section 2 of the Act of the National Council of the Slovak Republic No. 186/2009 Coll. on Financial Intermediation and Financial Advisory, as amended, on the grounds that the Controller is in the position of an independent financial adviser in the sector of loans and consumer credits and has a license granted by the National Bank of Slovakia for the given activity.

Fundamental Rights of Data subject:

1. Right of access to personal data:

The Data subject is entitled to be informed prior to the processing of personal data as well as any time during the processing of his / her personal data whether his / her personal data is processed, if so, the extent and categories of his/her personal data, purpose of the processing, identification of the recipient as well as other rights, such as mentioned below (such as the right to erasure and liquidate, the right to rectification).

The Data subject is entitled to request a confirmation of the above mentioned fact. The confirmation is not charged and it will be provided to the Data subject in the manner and form according to his/her requirements. The confirmation will be provided to the Controller only if it does not have unfavourable consequences for the rights of other natural persons.

2. Right to information of the Data subject, if this person had not provided them:

The Data subject has the right to be informed before the processing of personal data by the Controller if he has not obtained the personal data directly from the Data subject, about the Controller as a person, scope and categories of his/her personal data, purpose of processing, identification of the recipient, identification of the source from which he had received the personal data of the affected person, the period of their storage as well as other rights, such as those listed below (right to erasure and liquidation, right to rectification).

Information will be provided within one month from the receipt of personal data at the latest or during first communication with the Data subject if personal data could be used to communicate with this person.

If the Controller intends to use personal data for purposes other than for the one they had been obtained, he is obliged to inform the Data subject about it and to ask him/her for consent with this new purpose of processing of his/ her personal data.

3. Right to rectification and modification:

The Controller shall, without undue delay, rectify and / or modify incorrect personal information of the affected person or add any incomplete personal data. Therefore, the Controller needs to identify the Data subject. The Controller shall provide rectification within one month from the moment the Data subject has exercised the right to rectification and modification.

4. Right to erasure:

The Data subject is entitled that the Controller erases his/her personal data without undue delay. The Controller has this obligation under the condition, if

- personal data is no longer needed for the purpose for which they had been acquired or processed

- Data subject revokes the consent given to the Controller

- Data subject objects to processing and does not have any legitimate reason to process the personal data

- personal data are processed illegally.

This does not apply if the processing of personal data is necessary for the exercise of a legal right of the Controller.

5. Right to restrict the processing:

The Data subject has the right to ask the Controller to restrict the processing of personal data if:

- Data subject complains about the correctness of the personal data during the period that allows the Controller to verify the accuracy of the personal data,

- The processing of personal data is illegal and the Data subject objects to the erasure of personal data and asks, instead, to limit their use,

- The Controller no longer requires personal data in order to process them but the Data subject needs them in order to exercise a legal claim, or

- Data subject objects to the processing of personal data in accordance with, up until the verification whether legitimate reasons on the part of the Controller surpass the legitimate reasons of the affected person.

If there is a restriction, with an exception of storing, the Controller may process personal data only with the consent of the Data subject or for the purpose of exercising a legal claim. The Controller must inform the Data subject that the restriction to the personal data processing has been cancelled.

6. Right to object to the processing:

The Data subject has the right to object to the processing of his or her personal data due to his / her particular situation if he/she is not certain of the lawfulness of processing under § 13, section 1, letter f) (relating to the Controller's legitimate interests), including profiling based on that provision. The Controller must not further process personal data unless he demonstrates the necessary legitimate interests in the processing of personal data that outweigh the rights or interests of the Data subject or the grounds for exercising a legal claim.

The Data subject has the right to object to the processing of personal data relating to him/her for a direct marketing purpose, including profiling to the extent it relates to direct marketing. If the Data subject objects to the processing of personal data for direct marketing purposes, the Controller may not process personal data for these purposes.

7. The right of the Data subject to file a motion to initiate proceedings under § 100 of Act No. 18/2018 Coll. on Personal Data Protection

The Data subject has the right to file a motion to initiate a procedure to verify whether his/her personal data are being processed legally and safely. The proceedings shall be initiated upon a proposal from the Data subject or a person claiming to be directly affected in terms of his/her rights.

8. Right to portability of personal data

If the Data subject requests his/her personal data to be provided to another company, the Controller shall without undue delay resolve the request and hand these data about the Data subject over to the given subject in an appropriate format , unless the given obligation would be hindered by any legal or otherwise significant impediment.

The Data subject directs any information or requests to the Controller, his contact details are enlisted in the header of the document.