Data Controller of www.gratex.com (website) is Gratex International, a.s., Galvaniho 17/C, 821 04 Bratislava, Slovakia (Gratex). Gratex is sensitive to the private nature of information you provide us with. We comply with privacy and data protection laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the „GDPR“). We are committed to protecting your privacy. This Privacy Policy applies to website published by Gratex and explains how we collect, use, share and transfer your personal data.
1. PERSONAL DATA WE COLLECT AND HOW WE USE SUCH DATA
We collect and store your personal data in a variety of situations. For example, when you communicate with us via e-mail and provide us with your name and contact information, when you apply for a job in Gratex, when you order a product or when we provide you a service, when you do business with us as our business partner, or when you browse our website, etc. Personal data is any information about you by which you can be identified or on the grounds of which you can be identifiable.
Communication
We may collect personal data you provide us when you communicate with us via e-mail. This may include your name and surname, e-mail address and content of your message. We need to process this personal data in order to answer your e-mail. By sending us an e-mail, you agree with processing of your personal data in accordance with this Privacy Policy. Lawful basis for such processing is Article 6(1)(a) of GDPR. Personal data provided for this purpose are processed no more than 1 year from your communication, unless you agree to further processing.
Job application
You may provide us with information about yourself in connection with your job application. In such cases we may process your personal data, (i.e. your resume, etc.) in order to consider you for employment purposes. Lawful basis for such processing is Article 6(1)(a) of GDPR. Personal data provided for this purpose are processed no more than 1 year from your job application, unless you agree to further processing.
Providing services and/or delivering products
If you order services or products, we will use your personal data that you have provided us (usually name, surname, e-mail address, telephone number, company name nad address, your job title, bank details) only to process your order or to provide requested services and/or products. This may include taking the necessary steps prior to conclude the contract, responding to your inquiries, ship the products or deliver the services. Furthermore, it may include personal data provided during our mutual conversations via telephone or e-mails. Should you not provide us with your personal data in certain situations, we will not be able to provide you with our services or deliver you products. Lawful basis for this processing is Article 6(1)(b) of GDPR. We keep and process your personal data for this purpose 5 years after the last part of the performance of the contract has been fulfilled unless the obligation to keep the contractual documentation for a longer period of time arises from a generally binding legal regulation.
Providing support
When you use Gratex’s secure Web sites (for example Help Desk), we may require you to provide us with personally identifiable information, which may include your name, password, company or e-mail address.For the purpose of dealing with third parties in solving Help Desk incidents we may also collect information on your suppliers involved in supplying IT services to you. We process this data in accordance with Article 6(1)(b) of GDPR. We keep and process your personal data for this purpose 5 years after the last part of the performance of the contract has been fulfilled unless the obligation to keep the contractual documentation for a longer period of time arises from a generally binding legal regulation.
Cookies and similar technology
Our web servers may automatically collect website usage information about you while you are visiting our websites. This information helps Gratex to identify how visitors and subscribers use and navigate the websites, including the number and frequency of users to each web page, their IP address, and the length of their stays.As well as most websites, Gratex automatically collects information and data through the use of cookies or similar technology. A cookie is a small file that is placed on your hard disk by a web page server. It enables a website to recognize repeated users, facilitate the user’s ongoing access to the website and use of it. This Privacy Policy includes our Cookie Policy.
Fulfillment of legal obligations
In some cases we need to process your personal data for fulfillment of legal obligations (i.e. Act on Accounting, Act on VAT, Act on Income Tax, etc.). Lawful basis for such processing is Article 6(1)(c) of GDPR. Personal data are processed for time period set out in particular generally binding legal regulation.
2. LAWFUL BASIS FOR PROCESSING
We may process your personal data for the purposes described in this Privacy Policy. The lawful basis for processing your personal data may be:
Consent of the data subject
(Article 6(1)(a) GDPR) – This is where you as a data subject have given us your specific, informed and unambiguous permission to process your personal data for a given purpose.
Contract performance
(Article 6(1)(b) GDPR) – This is where processing of your personal data is necessary to fulfill our contractual obligations. For example you are our business partner and we need to process your delivery.
Legitimate interests
(Article 6(1)(f) GDPR)– This is where processing of your personal data is necessary for the purposes of our legitimite interests, except where such interests are overridden by the interests of your fundamental rights and freedoms as the data subject.
Required by Law
(Article 6(1)(c) GDPR) – This is where processing of your personal data is necessary for compliance with a legal obligation.
3. SECURITY OF YOUR PERSONAL DATA and where we process
Gratex have implemented appropriate technical and organisational measures to protect your personal data against unauthorized processing and against accidental loss, damage or destruction. The personally identifiable information we collect about you is stored in limited access servers. Gratex maintains safeguards to protect the security, integrity, and privacy of these servers and your personally identifiable information.
Your personal data may be stored and processed in Slovakia and in European Union. We do not intend to transfer your data outside European Union. However, if your data will be processed in countries outside European Union, this may be done only if such countries ensure an adequate level of protection (e.g. EU Commission´s adequacy decision or suitable guarantees, Article 45 GDPR).
4. REMOTE ACCESS
It is agreed and understood that when employing the services of Gratex, we may have both remote and/or onsite access to your computer systems. These privileges are used solely for the purposes of maintaining, troubleshooting or configuring systems as required.
Gratex employs strict guidelines to protect its clients’ privacy and data is stored in password-controlled servers with limited access. All employees sign confidentiality agreements at the commencement of their employment (to ensure security for both the clients’ and company’s data). Your personal data is never shared outside the company without your permission, except under conditions explained in this document.
5. HOW LONG WE KEEP YOUR PERSONAL DATA
We keep your personal data for only as long as we need to. This depends on what purpose we collect your personal data as it is set out in this Privacy Policy.
6. DISCLOSING INFORMATION COLLECTED
At times, it may be necessary for us to employ a third party to perform services on our behalf. In these cases, we will request your verbal consent to disclose the information required by the appointed third party to perform their services. We may disclose any information about you to law enforcement agencies, government officials or other authorities, which we, in our sole discretion, believe necessary or appropriate in the given circumstances. Except when required by law, we will only disclose information concerning you under circumstances described above.
7. AUTOMATED DECISION MAKING
You personal data will not subject to automated decision-making nor profiling.
8. LINK TO OTHER WEBSITES
Should you make a use of external links which may be provided for your convenience, you should be aware that those websites are not subject to this Privacy Policy. We are not responsible for the privacy practices or the content of such websites. Therefore, we recommend that you review the privacy policy of each such website to determine how that website protects your privacy.
9. YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA
Under data protection laws you have rights as an individual in relation to the personal data we keep and process about you. These includes following:
• right to obtain information about what personal data we process about you,
• right to request rectification of your personal data that is inaccurate,
• right to ask us to erasure of your personal data or restrict the way how it is used,
• right to object direct marketing,
If you have provided us with consent to use your personal data, you can withdraw your consent at any time.In case you have any doubts as to compliance with the obligations relating to your personal data processing, you have the right to contact us or the supervisory authority, Office for Personal Data Protection of the Slovak Republic.
10. CHANGES TO THE PRIVACY POLICY
Gratex may change and/or amend this Privacy Policy from time to time, and will publish any changes on this page. Notwithstanding the right to amend the Privacy Policy, Gratex will not use your personal information in a manner materially different from this Privacy Policy without your prior consent.
11. COMMENTS AND QUESTIONS
If you have any questions or comments about this Privacy Policy, please contact Gratex by emailing us on info@gratex.com or by calling us on +421 (2) 5341 1441.
Gratex International, a.s.
GBC IV., Galvaniho 17/C
Bratislava 821 04
Slovak Republic
