INFORMATION ON PERSONAL DATA PROCESSING

The protection of the personal data you entrust to us is very important. We take all necessary steps to ensure your safety with us. These Personal Data Processing Principles (hereinafter referred to as the “Principles”) are intended to explain how your personal data provided when using our website www.pmstahl.com (hereinafter referred to as the “Website”) will be processed and protected. We also inform you about your rights in connection with the processing of your personal data.

These Principles provide information on the general rules for processing personal data when using our Website. Please note that specific conditions for processing your personal data depend on the purpose of processing. As the Data Controller, we process your personal data strictly in accordance with the principle of minimization, which means we do not require personal data from you that is unnecessary for a specific and justified purpose. Your personal data is processed only when there is a legal basis for such processing and always in compliance with the principle of lawfulness.

1. Who are we and how can you contact us?

Our company, PM Stahl s.r.o., with its registered office at 203 Beňadovo 029 63, Company ID (IČO): 48 099 813, registered in the Commercial Register of the District Court in Žilina, Section Sro, Insert No. 63512/L (hereinafter referred to as the “Controller”), operates the Website.

In processing personal data, we comply with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as “GDPR”), and Act No. 18/2018 Coll. on Personal Data Protection and on the amendment of certain laws, as amended (hereinafter referred to as the “Personal Data Protection Act”).

Contact details of the Controller:

Telephone number: +421 908 525 054
Email address: www.pmstahl.com
Address: 203 Beňadovo 029 63

2. For what purposes do we process your personal data?

Detailed information on the purposes of processing your personal data, including legal bases and retention periods, is provided in the table below:

Purpose of Processing	Responding to messages and handling queries/requests from messages received by the controller via the contact form on the website, email communication or by telephone
Legal Basis	Article 6(1)(f) GDPR
Categories of Personal Data	Name, surname, email, phone number, other data mentioned in the message
Retention Period	60 days from the date of receipt or until the request is resolved, whichever occurs first

Purpose of Processing	Conducting recruitment processes
Legal Basis	Article 6(1)(b) GDPR
Categories of Personal Data	Name, surname, email, details about work experience, other personal data mentioned in the CV and/or cover letter
Retention Period	During the recruitment process (no later than 90 days from the date of receipt of the CV/cover letter if no employment relationship arises)

Purpose of Processing	Processing rights requests of data subjects
Legal Basis	Article 6(1)(c) GDPR – Compliance with legal obligations
Categories of Personal Data	General personal data necessary for processing the request under relevant legal regulations
Retention Period	Until the rights request is resolved (maximum 120 days)

Purpose of Processing	Maintaining records of exercised rights of data subjects
Legal Basis	Article 6(1)(f) GDPR – Legitimate interest of the Controller
Categories of Personal Data	General personal data necessary for processing the request under relevant legal regulations
Retention Period	5 years after the rights request is resolved
Purpose of Processing	Website analytics and targeted advertising (via cookies)
Legal Basis	Article 6(1)(a) GDPR – Consent
Categories of Personal Data	IP address, activity on the Website, browser/device details, preferences
Retention Period	Up to 2 years from consent or until withdrawn, whichever occurs first

3. To whom does the Controller provide your personal data?

As the Controller, we are in certain cases obligated to provide your personal data to public authorities authorized to process your personal data, such as courts, law enforcement agencies, as well as supervisory and regulatory authorities (e.g., the Office for Personal Data Protection in the case of inspections) (“third parties”).

We also provide your personal data to our processors, i.e., external entities that process your personal data on our behalf. Processors process personal data based on a contract with us as the Controller, in which they have committed to adopt adequate technical and security measures for the secure processing of your personal data. Our processors include:

Companies providing accounting, payroll, and personnel management services;
Entities providing occupational health and safety services;
Entities or companies providing web development, programming, website design, IT services, and online marketing services;
Companies providing hosting services (including mail hosting services).

Recipients of your personal data also include Google Ireland Limited, which provides analytical and marketing services through cookies stored on your device by the Website if you grant the Controller consent to store these files. Information on cookies can be found in the Cookies section.

The above-mentioned company acts as a joint controller with the Controller regarding personal data processing. Processing in this case is governed by a joint controller agreement under Article 26 GDPR, under which the Controller is the primary contact point for addressing your personal data-related requests.

Transfer to third countries and international organizations

If you grant us consent to store analytical and marketing cookies, your personal data may be transferred to the USA, specifically to Google LLC. Transfers of your personal data are secured using appropriate safeguards for transferring personal data to third countries in compliance with data protection regulations, particularly through the use of standard contractual clauses included in the terms of service of the above-mentioned services, as well as through additional transfer guarantees adopted by service providers. Transfers may occur only exceptionally and solely under applicable laws of the given third country (USA), which apply to the specified service providers (e.g., FISA).
In all such cases, the transfer of your personal data is secured via standard contractual clauses, which are part of data processing agreements concluded with the aforementioned entities.

4. Links to other websites

The Website may contain links to our partners’ websites and other websites not operated by us. If you click on a third-party website link, you will be redirected to that website. We strongly recommend that you review the privacy policies of every website you visit.

5. How long do we retain your data?

The processing of your personal data complies with legal requirements, which means that personal data is not retained longer than necessary for the purpose of processing.

If your personal data is processed based on your consent, it is processed for the duration specified in your consent or for the time necessary for the specific purpose.
If your personal data is processed based on the performance of a contract, it is processed throughout the duration of the contractual relationship or for the time necessary for the purpose. Upon contract termination, personal data is typically deleted unless it can be processed on another legal basis.
If your personal data is processed based on legal obligations, it is processed for the duration specified by law.
If your personal data is processed based on a legitimate interest, it is processed for the duration of that interest.

6. Your rights regarding personal data processing

In relation to the personal data we process about you, you are entitled to several rights that you may exercise:

Right of access to personal data
You have the right to access your personal data and obtain a copy thereof. If we process your personal data, we will provide you with information on what data we process about you, for what purpose, to whom your data has been disclosed, whether it has been transferred to a third country, and how long we will retain it. If you request a copy electronically, we will provide the information in a commonly used electronic format, unless you request otherwise.
Right to rectification of personal data
If your personal data is incorrect, you have the right to have it corrected. If it is incomplete, you have the right to have it supplemented. You may update or supplement your personal data in the Profile settings or request us to rectify it.
Right to restriction of personal data processing
You have the right to request the restriction of processing in cases specified by the Data Protection Act, for instance, until the data is corrected (or its accuracy is verified), if the processing is unlawful and you request restriction instead of deletion, or if we no longer need the data for processing purposes, but you require it for establishing, exercising, or defending legal claims.
Right to erasure of personal data (right to be forgotten)
You have the right to have your data erased in cases specified by the Data Protection Act, provided that this right is not limited by legal regulations. The right to erasure applies, for example, if your personal data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent for its processing and there is no other legal basis for processing.
Right to data portability
If we process your data based on your consent or a contract and the processing is carried out by automated means, you have the right to data portability (the right to receive your data in a structured, commonly used, and machine-readable format and the right to transfer it to another controller).
Right to withdraw consent
If we process your personal data based on your consent, you have the right to withdraw your consent to the processing of personal data at any time.
Right to lodge a complaint
If you believe your rights have been violated, you may file a complaint with the Office for Personal Data Protection of the Slovak Republic pursuant to § 100 et seq. of the Data Protection Act.
Right to object to data processing Right to object to data processing
In accordance with § 27(3) of the Data Protection Act, we explicitly inform you of your right to object to the processing of personal data concerning you (i) on grounds relating to your particular situation, when processing is carried out under § 13(1)(e) (processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller) or § 13(1)(f) (processing necessary for the purposes of legitimate interests pursued by the controller or a third party) of the Data Protection Act, including profiling based on these provisions, and (ii) for the purposes of direct marketing, including profiling to the extent related to direct marketing.

We will provide you with detailed information on your rights related to such processing depending on the purpose of personal data processing.

7. Privacy of children

Our services are not intended for individuals under the age of 16. If you are under 16, please ask your legal guardian (parent) to provide consent for the processing of your personal data. If we discover that we have collected personal data from individuals under the age of 16 without verifying parental consent, we will take steps to delete this information from our servers and databases.

8. How can you contact us?

If you have any questions regarding the processing of your personal data, you can contact us at the above-mentioned email address or via post at Dravce 224, 98532 Panické, Slovak Republic. We respond to requests in written or electronic form, typically in the same format in which the request was submitted.

Information about the measures taken based on your request under Sections 21 to 28 of the Personal Data Protection Act will be provided to you within one month of receiving your request. However, in justified cases, considering the complexity and number of requests, we may extend this period by an additional two months, repeatedly if necessary. We will inform you of any such extension within one month of receiving your request, along with the reasons for the extension.

Information under Sections 19 and 20 of the Personal Data Protection Act and notifications and measures taken under Sections 21 to 28 and 41 of the Act are generally provided free of charge. However, if your request is manifestly unfounded or excessive, particularly due to its repetitive nature, we may:

Charge a reasonable fee reflecting the administrative costs of providing the information, notification, or requested action; or
Refuse to act on the request.

9. Changes to the Terms of Personal Data Processing

We may change these Terms from time to time (particularly in the case of technological changes, if we have added new website features or modified existing ones, or in the event of legislative changes). The latest and current version of the Terms will always be published on the Website, including the effective date.

By using the Website after the effective date of such changes, you acknowledge the changes to the Terms and the current version valid at the time of your use of the Website.

10. Validity

These Principles are valid and effective as of January 1, 2025. Given that future updates to the information on personal data processing contained in these Principles may be required, we reserve the right to update these Principles at any time. In such cases, we will appropriately inform you of the changes.