Users and visitors of this website, as well as our contractual partners, are required to read this Policy carefully before providing any personal data and/or completing any electronic form available on this website.

The personal data controller, SPIE INVIZO s.r.o., is committed to protecting personal data and wishes to ensure that data subjects understand how their personal data is processed and protected.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 18/2018 Coll. on Personal Data Protection, we hereby provide information regarding the processing of personal data under the following conditions.

Personal Data Controller

SPIE INVIZO s.r.o.
Sekurisova 16
841 02 Bratislava
Slovak Republic

Company ID No.: 35 706 503
VAT ID No.: SK2020217595

Registered in the Commercial Register of the Municipal Court Bratislava III, Section: Sro, File No.: 12882/B

Phone: +421 2 65 311 915
E-mail: info@invizo.sk

Processing of Personal Data Based on a Contractual Relationship

In connection with our business relationship, we are entitled to process the following categories of personal data relating to our contractual partners, including customers, suppliers, purchasers and other business partners:

Contact Information

• first name and surname;
• address;
• telephone, mobile and fax numbers;
• e-mail address;
• where necessary for identification purposes, date of birth, personal identification number and identification documents.

Payment Information

• information required for processing payments;
• credit/debit card details;
• security codes;
• related accounting information.

Other Information

• information necessary for contractual cooperation;
• information voluntarily provided by the contractual partner;
• data relating to orders, payments and requests.

Publicly Available Information

• personal data obtained from publicly available sources.

Purposes of Processing

The Controller processes personal data for the following purposes:

• informing existing and potential contractual partners about products and services;
• preparing quotations and business proposals;
• performance of contractual obligations;
• processing transactions and orders;
• payment processing;
• bookkeeping and accounting;
• invoicing and receipt of payments;
• warranty administration;
• marketing campaigns and promotional activities;
• dispute resolution;
• enforcement of contractual rights and legal claims.

Legal Bases for Processing

Personal data is processed on the basis of:

Contract Performance

Article 6(1)(b) GDPR – processing necessary for the performance of a contract concluded between the Controller and the data subject.

Legal Obligations

Article 6(1)(c) GDPR – processing necessary for compliance with legal obligations arising from the contractual relationship, including:

• accounting records;
• debt collection;
• litigation and dispute resolution;
• archiving obligations.

Legitimate Interests

Article 6(1)(f) GDPR – processing necessary for the legitimate interests of the Controller, including:

• marketing activities;
• invitations;
• promotional materials;
• business communications.

Consent

Article 6(1)(a) GDPR – processing based on the consent of the data subject for a specific purpose, such as:

• handling requests;
• complaints;
• other activities requiring consent.

Collection of Personal Data

Personal data is collected directly from the data subject or their legal representative through:

• authorized persons acting on behalf of the Controller;
• processors engaged by the Controller under a data processing agreement;
• the Controller’s website;
• personal delivery;
• postal delivery to the Controller’s address.

Categories of Recipients

The Controller processes personal data for the performance of contractual obligations and compliance with legal obligations.

Personal data may be disclosed to:

• public authorities;
• tax authorities;
• accounting service providers;
• legal advisers and attorneys;
• experts and court-appointed specialists;
• enforcement officers;
• law enforcement authorities;
• courts;
• other entities involved in the operation of the Controller’s business and the exercise of its legal rights.

The Controller does not intend to transfer personal data outside the European Union.

Processing of JABLOTRON Customer Data

INVIZO s.r.o. processes personal data of customers using JABLOTRON products on the basis of a Data Processing Agreement concluded with the Controller:

Jablotron Slovakia, s.r.o.
Sasinkova 14
010 01 Žilina
Slovak Republic

Company ID No.: 31 645 976

INVIZO s.r.o. processes personal data for the purpose of facilitating services provided by Jablotron Slovakia, s.r.o. and supporting services provided through the Jablotron Cloud platform (including MyCompany, F-Link software and related services).

Customers using JABLOTRON products are separately informed about the personal data processing principles of Jablotron Slovakia, s.r.o.

Other Recipients

• BVA, Žilina, spol. s r.o.
• Ing. Roman Jírovec IT – PARTNER

Security

Personal data is processed in a manner that ensures an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

Security measures include, in particular:

• firewalls;
• secured premises;
• access control systems;
• careful selection of data processors;
• technical safeguards against unauthorized access, alteration or loss of data;
• backup systems and other appropriate security measures.

These measures ensure a level of security appropriate to the risks associated with processing activities and the nature of the personal data concerned.

Retention Period

The Controller is entitled to process personal data for the duration of the contractual relationship with the data subject.

Following termination of the contractual relationship, personal data shall be retained for the period required by applicable legal regulations.

Retention periods include:

• records relating to contractual relationships: 10 years after termination;
• consent-based processing: for the duration of the consent or until consent is withdrawn;
• other records: in accordance with the Controller’s records management and retention policy.

Rights of Data Subjects

Data subjects have the right to:

• request access to their personal data;
• request rectification or completion of personal data;
• request erasure of personal data;
• request restriction of processing;
• data portability;
• object to processing;
• withdraw consent where consent is the legal basis for processing;
• lodge a complaint with the supervisory authority.

Supervisory Authority

Office for Personal Data Protection of the Slovak Republic

Hraničná 12
820 07 Bratislava 27
Slovak Republic

Website: https://www.dataprotection.gov.sk

Exercising Your Rights

Data subjects may exercise their rights:

• in person at the Controller’s registered office;
• in writing to the Controller’s address;
• by e-mail sent to the Controller’s e-mail address.

The Controller will generally respond using the same communication channel through which the request was submitted.

For identification purposes, the Controller may contact the applicant using the telephone number available in its records.

Requests shall be handled within one (1) month from receipt.

Where the data subject lacks full legal capacity, rights may be exercised by a legal representative.

Rights relating to a deceased person may be exercised by a close relative where permitted by applicable law.

The Controller may charge a reasonable administrative fee or refuse to act upon a request where requests are manifestly unfounded, excessive or repetitive.

The Controller may also refuse to comply with a request where it is unable to reliably identify the data subject.