Information on personal data processing
Version valid from March 1, 2025
Scrollujte
CONTENTS
1.1 Basic information
1.2 Definitions of basic terms
1.3 Position of company Goldmann in personal data processing
1.4 Legal basis for personal data processing
2.1 Information on the processing of personal data for contractual partners
2.2 Information on the processing of personal data for job applicants
2.2 Information on the processing of personal data for job applicants
2.4 Information on the Processing of Personal Data for Social Media and YouTube Users
4.1 Rights of Data Subjects
4.2 Exercise of Data Subject Rights
4.3 Contact Information
5.1 Recipients of Personal Data
5.2 Transfer of Data to Third Countries
5.3 Automated Decision-Making Including Profiling
5.4 Security of Personal Data Processing
5.5 Changes and Updates to the Document
1. INTRODUCTION
1.1 Basic information
This document contains information on the processing of personal data by Goldmann Systems, a. s., Dvořákovo nábrežie 4, Bratislava – mestská časť Staré mesto 811 02, registered in the commercial register of the municipal court Bratislava III, Section.: Sa, file no.: 2531/B, ID: 35 794 950 (hereinafter referred to as „company Goldmann“) in connection with the provision of its products and services.
This document is intended for natural persons, whose personal data is processed by company Goldmann Systems (hereinafter referred to as “data subjects“), namely:
- contractual partners (clients and suppliers) of the company Goldmann (section 2.1 of the document),
- job applicants at company Goldmann (section 2.2 of the document),
- visitors to the website goldmann.sk (section 2.3 of the document),
- social media and YouTube users (section 2.4 of the document),
- patients using remote monitoring services for physiological functions (section 3 of the document).
1.2 Definitions of basic terms
To begin with, we would like to introduce you to the basic terms used in this document, which will help you better understand its content.
Data subject – a natural person to whom the personal data relates.
GDPR Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data in the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
Special categories of personal data – sensitive personal data of a specific nature, such as health data, including data on physiological functions.
Personal data – any information relating to an identified or identifiable natural person, such as name, surname, date of birth, phone number, email address, address, etc.
Legitimate interest – an interest of company Goldmann or another entity that necessitates the processing of personal data, provided it outweighs the interests of the data subject. For example, company Goldmann’ legitimate interest in processing the personal data of clients’ and suppliers’ employees to fulfill mutual contractual obligations.
Controller – a natural or legal person who determines the purpose and means of personal data processing; the controller may appoint a processor to carry out the processing.
Recipient – a natural or legal person, public authority, or other entity to whom personal data is provided, such as a social media provider.
Products – products offered by company Goldmann to its clients as innovative solutions, along with related services.
Profiling – any automated processing of personal data used to evaluate specific personal aspects, such as online behavior.
Processing of personal data – any activity performed by the controller or processor with personal data, such as collection, browsing, provision, storage, copying, etc.
Processor – a natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the controller, e.g., an external accounting firm.
Purpose – the reason why the controller processes personal data.
Personal Data Protection Act – Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Supplements to Certain Acts, as amended
1.3 Position of company Goldmann in personal data processing
If company Goldmann has a direct business relationship with you, it acts as the controller of your personal data, meaning that company Goldmann independently determines the purposes and means of personal data processing.
In some cases, the company Goldmann may process your personal data because it has been provided by a company Goldmann client to deliver the requested product and/or service on their behalf and based on their requirements. In this case, company Goldmann acts as a processor of your personal data and processes it according to the instructions and contractual agreements with the client. Further information about the processing of your personal data is also provided by the company Goldmann client as the controller of your personal data.
1.4 Legal basis for personal data processing
If we process personal data on behalf of the client of the company Goldmann, we adopt the legal basis for personal data processing from this client, which may include, for example, compliance with legal obligations in the provision of healthcare services using telemedicine.
In any case, we process your personal data only if we have a legal basis for doing so. The legal basis for personal data processing may be:
- legal obligation,
- contract performance,
- legitimate interest
Legal obligation
We may process your personal data based on compliance with legal obligations. Laws determine which personal data we must process and to what extent to fulfill our obligations. In this case, providing your accurate and up-to-date personal data is mandatory, as without it, we would not be able to meet our legal obligations, such as accounting and tax laws or public procurement requirements.
Contract conclusion and performance
We process personal data based on a contract, meaning that we need to process the data to enter into a contract with you and fulfill it properly. You are not required to provide personal data. However, a minimum scope of personal data is necessary to conclude a contract so that you can become our client or supplier.
Legitimate interest
When we have our own business or commercial reason for using your data, this is called a legitimate interest. If we process personal data based on legitimate interest, we inform you about it in more detailed information specific to the affected individuals. Even in this case, your rights and interests must not be violated. You may object to the processing of personal data based on legitimate interest at company Goldmann at any time (section 4 of the document).
Consent
In some cases, we process personal data based on the consent you explicitly provide. When we process personal data based on your consent, we inform you at the time of collection. You can withdraw your consent at any time. The withdrawal of consent does not affect the processing of personal data that took place before its withdrawal.
2. PROCESSING OF PERSONAL DATA BY COMPANY GOLDMANN AS A CONTROLLER
Conclusion of contracts with contractual partners | |
Personal data | We obtain personal data when concluding contracts directly from the contractual partner or from publicly available sources (www.orsr.sk).
We process the following data: business name or name of the accounting entity; registered office or residence and place of business for natural persons; company ID, if assigned; title, first name, last name, and signature of the statutory representative or another authorized representative; first name, last name, email address, phone number, job position, and signature of the employees of the contractual partner if necessary for contract fulfillment; transaction data. |
Purpose | We process personal data for the purpose of pre-contractual relations and contract conclusion (e.g., mandate contract, remote monitoring service contract, etc.). The purpose of processing may also include company Goldmann’s obligations within international ISO standards, which are necessary for fulfilling contractual relationships in certain areas (e.g., healthcare, information security). |
Legal Basis | Pre-contractual relations and contract performance |
How long do we retain the data? | We retain contracts and related documents for 10 years after their expiration. |
Processing of contact details of employees of contractual partners | |
Personal data | We obtain personal data from your employers, who are our clients or suppliers. We process personal data such as title, first name, last name, job position, email address, phone number, and affiliation with the client or supplier. |
Purpose | Communication with the client or supplier in the provision of products, services, and fulfillment of contractual obligations. |
Legal Basis | Legitimate interest of the company Goldmann in the proper fulfillment of contractual obligations by clients and suppliers.
Notice: You may object to the processing of your personal data by the company Goldmann at any time. Company Goldmann will assess the necessity of its legitimate reasons in the specific case and handle your request in accordance with the GDPR Regulation. |
How long do we retain the data? | We retain contracts and related documents for a period of 10 years after their expiration. |
Direct Marketing (Clients) – sending promotional emails | |
Personal data | We obtain personal data from the client, as your employer or directly from you. We process personal data in the scope of name, surname, and email address. |
Purpose | We process personal data for the purpose of promoting our products and services. |
Legal Basis | Company Goldmann’s legitimate interest in strengthening relationships with clients and promoting its products and services. Notice: You can unsubscribe from marketing emails at any time. The unsubscribed method will be provided in each email sent. |
How long do we retain the data? | We process personal data for the duration of the contractual relationship with the client unless you unsubscribe from receiving email messages beforehand. If you unsubscribe, you will no longer receive such emails, and your personal data will be deleted from the database for this purpose. |
Fulfillment of legal obligations in the field of taxes and accounting | |
Personal data | We also process personal data when fulfilling our legal obligations in the field of taxes and accounting. This personal data is obtained directly from contractual partners. We require the following data: business name or name of the accounting entity; registered office or residence and place of business for natural persons; company ID, if assigned; contact details and signature of the person who issued the accounting document; transaction data. |
Purpose | We process this data to fulfill legal obligations related to: |
Legal Basis | Fulfillment of legal obligations in the field of taxes and accounting. |
How long do we retain the data? | We retain personal data for the period required by law; accounting and tax records are kept for 10 years. |
Compliance with legal obligations in the field of public procurement. | |
Personal data | We obtain personal data directly from the public contracting authority/contracting entity or directly from our contractual partners (e.g., subcontractors).
We process personal data strictly within the scope defined by the Public Procurement Act or other related laws governing public contracts, which we are obliged to comply with. |
Purpose | We process personal data in compliance with the law to: |
Legal Basis | Compliance with Legal Obligations in the Field of Public Procurement |
How long do we retain the data? | We retain personal data for the period required by law, with records being kept for 10 years. |
Communication | |
Personal data | We collect and process personal data as part of our mutual communication (via email, telephone, or mail). In email communication, we process personal data that you provide to us in your emails. In postal communication, we process identification and contact details. In telephone communication, calls are not recorded, but we may transfer the personal data you provide into other information systems for the purposes for which you have provided them. |
Purpose | The purpose is to ensure communication with contractual partners. |
Legal Basis | Legitimate interest of the company Goldmann in ensuring effective communication with contractual partners.
Notice: You may object to the processing of your personal data by the company Goldmann at any time. Company Goldmann will assess the necessity of its legitimate reasons in the specific case and process your request in accordance with the GDPR regulation. |
How long do we retain the data? | We manage and store postal shipments depending on their content and the need for processing, for example, if they contain accounting records.
Email communication is retained for a maximum of 3 years after the relevant communication has been processed. |
Help center | |
Personal data | We process your personal data if you are our customer and use our Help Center. We process personal data to the extent of email address. |
Purpose | Ensuring customer access to the Help Center as part of fulfilling our contractual obligations. |
Legal Basis | Contract and fulfillment of contractual obligations. |
How long do we retain the data? | We retain personal data for the duration of the contractual relationship. |
Assertion, demonstration, and defense of legal claims. | |
Personal data | Some personal data is processed based on our legitimate interest or the interest of a third party.
We process the following data: title, first name, last name, job position, employer identification details, workplace address, telephone, and email contact of the client’s or supplier’s employee, as well as other personal data from company Goldmann’s information systems necessary for the given purpose. |
Purpose | We process personal data in the interest of obtaining and retaining evidence for asserting, proving, and defending legal claims. |
Legal Basis | The legitimate interest of company Goldmann to protect its legal claims or the legal claims of third parties. |
How long do we retain the data? | We retain personal data necessary for asserting, proving, and defending legal claims for a maximum of one year after the expiration of the relevant statute of limitations in a given case. |
Compliance with legal obligations in the field of personal data protection. | |
Personal data | We collect personal data when processing requests for the exercise of rights directly from you.
We require the following personal data: name, surname, email address, phone number, correspondence address, request content, and possibly a signature. |
Purpose | Fulfillment of legal obligations in maintaining records of data subject requests. |
Legal Basis | The Personal Data Protection Act. |
How long do we retain the data? | We retain records of data subject requests for 5 years. |
2.2 Information on the processing of personal data for job applicants
Employee recruitment | |
Personal data | We obtain your personal data through www.profesia.sk, our website, recruitment agencies, LinkedIn, or directly from you during a personal interview or other forms of communication (e.g., email).
During the selection process, we process personal data provided in your resume and cover letter, such as identification details, contact information, date of birth, qualifications, and work experience.
If your resume contains information that is not required for the selection process, we do not process such data. This may include details about marital status or children.
After the selection process is completed, without your consent, we retain only your name, surname, and interest in the job position in our database of unsuccessful candidates. This allows us to manage recruitment processes efficiently, particularly when the same candidate expresses interest in working for our company again. |
Purpose | We process personal data for the purpose of: – the selection process, – maintaining a database of applicants on nalgoo.com, – keeping records of unsuccessful job applicants, – internal record-keeping of resumes. |
Legal Basis | Contract and Pre-Contractual Relations (Selection Process) Consent (Internal Record-Keeping of Resumes, Nalgoo.com) Legitimate Interest (Record-Keeping of Unsuccessful Job Applicants)
Notice: You may object to the processing of your personal data in the record of unsuccessful job applicants at Company Goldmann at any time. Company Goldmann will assess the necessity of its legitimate reasons in the specific case and process your request in accordance with the GDPR regulation. |
How long do we retain the data? | We store your resumes during the selection process. For this processing of personal data, we do not require your consent.
After the selection process is completed, we store your resume only with your written consent, either until you withdraw your consent or for a maximum of 3 years. Otherwise, resumes are not stored and are securely disposed of.
The internal record of unsuccessful applicants is kept for 24 months from the date of the interview. |
Assertion, proof, and defense of legal claims | |
Personal data | We process some personal data based on our legitimate interest or the interest of a third party.
We process the following data: title, first name, last name, phone and email contact, mutual communication, and other personal data from company Goldmann’s information systems necessary for the given purpose. |
Purpose | We process personal data in the interest of obtaining and retaining evidence for the enforcement, demonstration, and defense of legal claims. |
Legal Basis | The legitimate interest of the company Goldmann is to protect its legal claims or the legal claims of third parties.
Note: You may object to the processing of your personal data by the company Goldmann at any time. Company Goldmann will review the necessity of its legitimate reasons in the specific case and handle your request in accordance with the GDPR regulation. |
How long do we retain the data? | Personal data necessary for the enforcement, demonstration, and defense of legal claims is retained for a maximum of 1 year after the expiration of the relevant statute of limitations in the specific case. |
Compliance with legal obligations in the area of personal data protection. | |
Personal data | We collect personal data when submitting requests for the exercise of rights directly from you or by obtaining consent for the processing of personal data.
We require the following personal data: first name, last name, email address, phone number, mailing address, the content of the request, the wording of the consent, and, if applicable, the signature. |
Purpose | Compliance with legal obligations in maintaining records of data subject requests and records of consents. |
Legal Basis | The Personal Data Protection Act |
How long do we retain the data? | We retain records of data subject requests for 5 years, and records of consents for 5 years after their validity expires. |
Communication | |
Personal data | We collect and process personal data as part of our mutual communication (via email, phone, or mail).
In email communication, we process the personal data you provide to us. In postal communication, we process identification and contact details. During telephone communication, we do not record calls, but we may transfer the personal data you provide to other information systems for the purpose for which you provided them to us by phone. |
Purpose | The purpose is to ensure communication with the job applicant. |
Legal Basis | The legitimate interest of the company Goldmann is to ensure effective communication with the job applicant.
Note: You may object to the processing of your personal data by the company Goldmann at any time. Company Goldmann will review the necessity of its legitimate reasons in the specific case and handle your request in accordance with the GDPR regulation. |
How long do we retain the data? | We manage and store postal deliveries depending on the content of the delivery and the need for processing, for example, it may concern a job application.
Email communication is retained for a maximum of 3 years after the completion of the relevant communication. |
2.3 Information on the processing of personal data for website visitors
Information about the cookies used is available in the cookie bar that appeared during your first visit to the website. During subsequent visits to the website from the same device, you can manage the use of cookies via the button located in the lower-left corner.
Other processing activities are carried out as follows:
Contact form | |
Personal data | We collect your personal data through the website contact form.
In the contact form, you provide the following personal data: first name, last name, email address, phone number, and any other personal data if they are part of the message you send through the form. |
Purpose | Handling requests and inquiries through the contact form. |
Legal Basis | Legitimate interest
Note: You may object to the processing of your personal data by the company Goldmann at any time. Company Goldmann will review the necessity of its legitimate reasons in the specific case and handle your request in accordance with the GDPR regulation. |
How long do we retain the data? | We process your personal data until your request is handled for a maximum of 6 months on the website platform. |
Exercise, demonstration, and defense of legal claims | |
Personal data | Some personal data is processed based on our legitimate interest or the interest of a third party.
We process the following data: title, first name, last name, phone and email contact, mutual communication, and other personal data from the information systems of company Goldmann necessary for the given purpose. |
Purpose | Personal data is processed in the interest of obtaining and preserving evidence for the exercise, demonstration, and defense of legal claims. |
Legal Basis | The legitimate interest of the company Goldmann is to protect its legal claims or the legal claims of third parties.
Notice: You have the right to object to the processing of your personal data by company Goldmann at any time. Company Goldmann will assess the necessity of its legitimate reasons in the specific case and handle your request in accordance with the GDPR Regulation. |
How long do we retain the data? | Personal data necessary for the exercise, demonstration, and defense of legal claims is retained for a maximum of 1 year after the expiration of the relevant statutory limitation period in the specific case. |
Compliance with legal obligations in the field of personal data protection | |
Personal data | We collect personal data directly from you when you submit requests to exercise your rights.
We require the following personal data: first name, last name, email address, phone number, mailing address, request content, and possibly a signature. |
Purpose | Compliance with legal obligations in maintaining records of data subject requests. |
Legal Basis | Personal Data Protection Act |
How long do we retain the data? | We retain records of data subject requests for 5 years. |
2.4 Information on the Processing of Personal Data for Social Media and YouTube Users
Profile on social networks and YouTube | |
Personal data | We process your personal data only if you post reactions to our published content on social media.
We only process the personal data that you voluntarily share under our posts (likes, emojis, comments, messages, etc.). |
Purpose | We process personal data for the purpose of promotion on social networks such as Facebook, Instagram, and LinkedIn. |
Legal Basis | Legitimate interest in operating a profile on social media and YouTube.
Notice: You have the right to object to the processing of your personal data by company Goldmann at any time. Please note that you can also delete your data yourself directly from the social network. |
How long do we retain the data? | We process your personal data for as long as our social media profile is active. |
Exercise, Demonstration, and Defense of Legal Claims | |
Personal data | Some personal data is processed based on our legitimate interest or the interest of a third party.
We process the following data: title, first name, last name, phone and email contact, mutual communication, and other personal data from company Goldmann’s information systems necessary for this purpose. |
Purpose | Personal data is processed in the interest of obtaining and preserving evidence for the exercise, demonstration, and defense of legal claims. |
Legal Basis | Legitimate Interest of the company Goldmann to Protect Its Legal Claims or the Legal Claims of Third Parties
Notice: You have the right to object to the processing of your personal data by company Goldmann at any time. Company Goldmann will assess the necessity of its legitimate reasons in the specific case and handle your request in accordance with the GDPR Regulation. |
How long do we retain the data? | Personal data necessary for the exercise, demonstration, and defense of legal claims is retained for a maximum of 1 year after the expiration of the relevant statutory limitation period in the specific case. |
Compliance with Legal Obligations in the Field of Personal Data Protection | |
Personal data | We collect personal data directly from you when you submit requests to exercise your rights.
We require the following personal data: first name, last name, email address, phone number, mailing address, request content, and possibly a signature. |
Purpose | Compliance with Legal Obligations in Maintaining Records of Data Subject Requests. |
Legal Basis | Personal Data Protection Act |
How long do we retain the data? | We retain records of data subject requests for 5 years. |
3. PROCESSING OF PERSONAL DATA BY COMPANY GOLDMANN AS A DATA PROCESSOR
Provision of Remote Monitoring of Physiological Functions | |
Personal data | We collect your personal data when you use our product designed for remote monitoring of physiological functions, which has been provided to you by your healthcare facility as our client.
On behalf of your healthcare facility, we have access to personal data such as title, first name, last name, date of birth, personal identification number, age, home address, phone contact, and email address.
During the remote monitoring process, we process sensitive personal data for your healthcare facility, including information on blood pressure, blood glucose levels, body temperature, blood oxygen levels, body weight, and ECG data. |
Purpose | Fulfillment of the Contract with the Healthcare Facility for Providing Remote Patient Monitoring |
Legal Basis | We derive our legal basis from our contractual partner (the healthcare facility), whose purpose is to provide healthcare services in accordance with Act No. 576/2004 Coll. on Healthcare, Healthcare-Related Services, and Amendments to Certain Acts, as amended. |
How long do we retain the data? | We retain personal data for the duration of the contract with the healthcare facility or as instructed by the healthcare facility. |
Exercise, Demonstration, and Defense of Legal Claims | |
Personal data | Some personal data is processed based on our legitimate interest or the interest of a third party.
We process the following data: title, first name, last name, phone and email contact, mutual communication, and other personal data from company Goldmann’s information systems necessary for this purpose. |
Purpose | We process personal data in order to obtain and preserve evidence for the exercise, demonstration, and defense of legal claims. |
Legal Basis | Legitimate Interest of the company Goldmann to Protect Its Legal Claims or the Legal Claims of Third Parties
Notice: You have the right to object to the processing of your personal data by company Goldmann at any time. Company Goldmann will assess the necessity of its legitimate reasons in the specific case and handle your request in accordance with the GDPR Regulation. |
How long do we retain the data? | Personal data necessary for the exercise, demonstration, and defense of legal claims is retained for a maximum of 1 year after the expiration of the relevant statutory limitation period in the specific case. |
Compliance with Legal Obligations in the Field of Personal Data Protection | |
Personal data | We collect personal data directly from you when you submit requests to exercise your rights.
We require the following personal data: first name, last name, email address, phone number, mailing address, request content, and possibly a signature. |
Purpose | Compliance with Legal Obligations in Maintaining Records of Data Subject Requests |
Legal Basis | Personal Data Protection Act |
How long do we retain the data? | We retain records of data subject requests for 5 years. |
4. EXERCISE OF DATA SUBJECT RIGHTS
4.1 Rights of Data Subjects
Company Goldmann places great emphasis on respecting your rights. As a data subject, you may exercise the following rights with the company Goldmann:
Right to Information
You have the right to receive information about the processing of your personal data. Appropriate measures have been taken to ensure that this information is properly provided to you. Company Goldmann fulfills its information obligation through this document, which will be permanently available at https://www.goldmann.sk/zasady-ochrany-osobnych-udajov/.
Right to Withdraw Consent
If you have voluntarily given us consent to process your personal data, you may withdraw it at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal
Right of Access
Upon request, company Goldmann will provide you with confirmation of whether your personal data is being processed, as well as information about the purposes of processing, categories of processed personal data, categories of recipients, retention period, source of personal data (if not obtained directly from you), and other rights you may exercise. Upon request, company Goldmann will also provide a free copy of your processed personal data. A reasonable fee corresponding to administrative costs may be charged for additional copies. You will be informed of the fee amount in advance.
Right to Rectification
You have the right to ensure that your personal data is accurate and up to date. Company Goldmann updates your data upon request or after verification during communication with you.
Right to Erasure (“Right to be Forgotten”)
Under certain conditions, you have the right to have your personal data erased, particularly if the data is no longer necessary for the purposes for which it was collected or otherwise processed, if you withdraw your consent on which processing is based, if you object to processing based on legitimate interest, or if the data has been unlawfully processed. If your request meets legal conditions, we will comply; otherwise, we will inform you of the reasons why your data cannot be erased.
Right to Restriction of Processing
Under certain conditions, you have the right to restrict the processing of your personal data, particularly if you contest the accuracy of your personal data for a period that allows company Goldmann to verify its accuracy; if the processing is unlawful and you object to the deletion of your personal data, requesting instead a restriction of their processing; if company Goldmann no longer needs your personal data for processing purposes but you require them to establish, exercise, or defend legal claims; or if you have objected to company Goldmann’s legitimate interests, in which case company Goldmann will restrict processing until those legitimate interests are verified. After evaluating the legal conditions of your request, company Goldmann will comply with the restriction or inform you of the reasons why it cannot be fulfilled.
Right to Data Portability
Company Goldmann will transfer your personal data to another controller exclusively at your request in a structured, commonly used, and machine-readable format, provided that the processing is based on your consent or the fulfillment of a contract with company Goldmann and that such processing is carried out by automated means that allow such a transfer.
Right to Object
Under certain conditions, you have the right to object to the processing of your personal data if it is based on company Goldmann’s legitimate interest. In such cases, company Goldmann will cease processing unless it can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or unless the processing is necessary for the establishment, exercise, or defense of legal claims.
Automated Individual Decision-Making, Including Profiling
Company Goldmann does not perform automated individual decision-making or profiling.
Right to Seek Judicial Remedy
As a data subject, you have the right to seek judicial remedy if you believe that your rights have been violated due to the processing of personal data in breach of the GDPR or applicable data protection laws. You may initiate proceedings before the competent court.
Right to Lodge a Complaint with the Data Protection Authority
You have the right to file a complaint regarding the processing of your personal data with the supervisory authority:
Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava 27, Slovak Republic
Company ID: 36 064 220
Phone: +421/2/3231 3220
Website: https://dataprotection.gov.sk/sk/.
4.2 Exercise of Data Subject Rights
You may exercise your rights in writing:
• By mail to company Goldmann’s registered address,
• By email at gdpr@goldmann.sk,
• In person at company Goldmann’s headquarters by submitting your request in writing.
REQUEST TO EXERCISE THE RIGHTS OF DATA SUBJECTS is available HERE.
Each request will be recorded and processed without undue delay, no later than one month from receipt. Within this period, we will inform you of the measures taken based on your request. If necessary, this period may be extended by an additional two months, considering the complexity and number of requests. You will be informed of any extension within one month of submitting your request, along with the reason for the delay.
If your request concerns the processing of personal data by company Goldmann on behalf of a client (e.g., a healthcare facility), your request will also be forwarded to our client as the controller of your personal data. The appropriate procedure for handling your request will be determined in cooperation with them.
The notification regarding the resolution of your request will be provided in the same manner as the request was submitted, unless you request a different method. If the notification contains personal data of a special category, it will be sent exclusively by mail as a registered letter to your own hands.
We process your requests free of charge. However, if a request is manifestly unfounded or repetitive, we may:
- charge a reasonable fee considering administrative costs,
- refuse to act on the request
4.3 Contact Information
Goldmann Systems, a. s.
Dvořákovo nábrežie 4, Bratislava 811 02
Web address: www.goldmann.sk
Email for the designated responsible person: gdpr@goldmann.sk
5. ADDITIONAL INFORMATION ON PERSONAL DATA PROCESSING
5.1 Recipients of Personal Data
Depending on the service provided, the following entities may have access to personal data processed by the company Goldmann:
- External accounting firm
• External HR manager
• External professional staff of company Goldmann
• Job portal providers
• Recruitment agencies
• Provider of the Nalgoo.com platform
• Social media and YouTube providers
• Legal representation of company Goldmann
• Marketing agency
• Public authorities
5.2 Transfer of Data to Third Countries
The transfer of data to third countries (USA) may occur through social media providers such as Facebook and Instagram (Meta), LinkedIn (LinkedIn Corporation), and YouTube (Google Inc.).
All the aforementioned companies provide adequate transfer safeguards through the standards of the Data Privacy Framework (DPF) Program.
More information about the processing of personal data by these providers can be found directly on their platforms.
5.3 Automated Decision-Making Including Profiling
Company Goldmann does not perform automated decision-making, including profiling.
5.4 Security of Personal Data Processing
Company Goldmann ensures the protection of personal data with the utmost diligence. To this end, we have implemented appropriate technical, organizational, and security measures, considering potential risks, the nature of processing, the latest advancements, and the costs associated with these measures.
Company Goldmann holds the following valid certifications:
- ISO 27001:2022 – Information Security
- ISO/IEC 20000-1:2018 – IT Service Management
- ISO 13485:2016 – Quality Management for Medical Device Manufacturers or In Vitro Diagnostics
- ISO 14001:2015 – Environmental Management System
- ISO 9001:2015 – Quality Management System (QMS)
- EU Quality Management System Certificate No. 2024-MDR/QS-028
Company Goldmann protects your personal data using appropriate and available means to prevent misuse. We store personal data in locations, environments, or systems with restricted access, where only a predetermined and continuously monitored group of authorized individuals has access.
Company Goldmann regularly evaluates its procedures for handling and processing personal data. If any procedure is found to be outdated, unnecessary, or ineffective, we take immediate corrective action.
Company Goldmann promptly addresses any security incidents related to personal data. If an incident is likely to pose a high risk to your rights and freedoms, we will always inform you and explain the corrective measures we have taken. A record is made of each incident. In the event of a serious incident, company Goldmann notifies the Slovak Office for Personal Data Protection.
5.5 Changes and Updates to the Document
The owner of this document is the company Goldmann, which reserves the right to modify and update its content. The latest version of the information is always available on company Goldmann’s website at www.goldmann.sk.
