THE CONTROLLER’S DECLARATION ON THE PROCESSING OF PERSONAL DATA

pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) with regard to the processing of personal data and the instruction of data subjects (hereinafter referred to as "GDPR")

I. Personal Data Controller
Data Controller:
GAS Familia, s.r.o. Stará Ľubovňa
with registered office at Prešovská 8, 064 01 Stará Ľubovňa, ID No.: 31 691 552,
registered in the Commercial Register of the District Court Košice I, section Sro, insert number 1766/P
email contact: noreply@gasfamilia.com (hereinafter referred to as the "Administrator"):
in accordance with Art. 12 i. The GDPR informs data subjects about the processing of their personal data and their rights.

II. Scope of processing of personal data
Personal data are processed to the extent that the relevant data subject is provided to the controller in connection with the conclusion of a contractual or other legal relationship with the controller or the controller has lawfully obtained them from a third party or has lawfully collected them otherwise and processes them in accordance with applicable law or to fulfil the controller's legal obligations.

III. Sources of personal data
- directly from data subjects (in particular, in the context of the conclusion of the respective contracts, on the basis of orders, registrations and purchases via e-shop, e-mail, telephone, chat, via the website, the contact form on the web, via social networks, by selling a business card, on the basis of the consent obtained, obtaining audio or video recordings obtained via the technical equipment of the controller, etc.).
- by a third party (in particular, by the contracting parties in the performance of a specific contractual relationship)
- from publicly available records,
- other registers in the relevant labour regulations.

IV. Categories of personal data subject to processing by the controller
The controller processes (itself or through a processor) the following categories of personal data:
- name and address
- commercial company (for natural persons) - address, delivery address,
- date of birth
- birth number
- e-mail address
- phone number - private, services
- telephone - fax number
- ID NUMBER
- identity document number
- passport number
- VAT NUMBER
- VAT NUMBER
- bank connection
- www pages
- Data mailbox IDs
- password, login
- photographs
- video recording
- audio (telephone) recording - IP address
- location data (GPS, CCS) - insurance card number
- the contract number under which the entity is registered with the administrator
- staff number, employee number
- education
- income from employment (wages, pension income
- personal data of children or spouses, respectively. partner
- cookies
- Signature.

V. Category of data subjects
The data subject is the natural person to whom the personal data relate, namely
- employee administrator (on the basis of an employment contract, performance agreement, work activity agreements)
- job seeker with the administrator
- an employee of the administrator's agency,
- contractual partner controller (natural person - entrepreneur, non-business) - client - customer - buyer - - ordering party - customer - supplier - carrier, transporter - contractor - ordering party - lessee - lessor - lessee - beneficiary - obligor - creditor - debtor - user - future contractual state (based on the conclusion of a future contract or measures taken prior to the conclusion of the contract at the request of the data subject) ,
- an entity in a pre-contractual relationship with the administrator (ordering party prior to acceptance of the order, applicant, etc.)
- party to the proceedings - ancillary party to the proceedings - person concerned, interested party - applicant - interviewer - payer - recipient - entitled - obliged - injured.

VI. Categories of processors and recipients of personal data
- an external entity that provides services to the trustee, in particular:
- services in the field of occupational health and safety, fire protection
- carriers, carriers
- sales representatives
- contractors performing for the administrator the so-called. direct delivery of goods to the administrator's customers
- accounting services, services of tax advisors and auditors
- IT services, cloud storage
- advertising and marketing services
- services in the field of training, education
- services consisting in the provision of subsidies and subsidies
- Next:
- public authorities
- local authorities
- banking institutions
- insurance companies

VII. Purpose and reasons for processing personal data
The processing of personal data takes place at the controller:
- on the basis of the data subject's consent
- in the performance of a contract with a data subject
- in implementing measures taken before the conclusion of the contract at the request of the data subject
- for the purpose of complying with the legal obligations applicable to the administrator
- for reasons of legitimate interest of the controller or of a third party (including archiving on the basis of legitimate interest of the controller)
- for reasons of protecting the vital interests of the data subject or other natural persons

VIII. Method of processing and protection of personal data
The processing of personal data is carried out by the controller. The processing is carried out at the premises, branches and headquarters of the controller by individual authorised employees of the controller or by the processor. The processing takes place by means of computer technology or, where appropriate, manually in the form of personal data in paper form, in compliance with all security principles for the management and processing of personal data. In these circumstances, unauthorised or inappropriate access to, alteration, destruction or loss of, unauthorised transmission of, unauthorised processing of, or other misuse of personal data must not be prevented. Public entities to which personal data may be disclosed are properly vetted, contractually assured of their respect for data subjects' data protection and privacy rights, and are required to follow applicable data protection laws.

IX. Period of processing of personal data
In accordance with the time limits set out in the relevant contracts, in the controller's internal rules or in the relevant legislation, in all cases of processing of personal data, this is the period strictly necessary to ensure the rights and obligations arising both from the contracts of legitimate interests and from the relevant legislation.

X. Instruction
The controller shall process the data with the data subject's consent, except in the cases provided for by law, if the processing of personal data does not require the data subject's consent. In accordance with Article 4(1) of the Treaty, the Commission shall 6 para. 1 GDPR, the controller may process the following data without the data subject's consent:
the data subject has given consent to one or more specific purposes, the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of measures taken prior to the conclusion of the contract at the request of the data subject , the processing is necessary for the purposes of safeguarding the legitimate interests of the controller concerned or of a third party, except where the interests or fundamental rights and freedoms of the data subject or of another natural person which require the protection of personal data override those interests.

XI. Rights of data subjects
In accordance with Art. 12 GDPR informs the controller of the data subject's right of access to personal data and to the following information:
- the purpose of the processing,
- the category of personal data concerned,
- the recipient or categories of recipients whose personal data have been or will be disclosed,
- the intended period for which the personal data will be stored,
- all available information on the sources of personal data,
- if no data is collected from the subject, whether automated decision-making, including profiling, takes place.
Any controller or processor carrying out processing of personal data which is contrary to the protection of the private and personal life of the data subject or contrary to the law, in particular where the personal data are inaccurate in relation to the purpose of their processing, may:
- ask the administrator for an explanation.
- request that the administrator remedy the situation. In particular, this may involve blocking, correcting, supplementing or deleting personal data.
If the data subject's request is legitimately detected, the controller shall rectify the defective condition without delay. If the controller does not comply with the data subject's request, the data subject has the right to apply directly to the supervisory authority, which is the Office for Personal Data Protection. The data subject shall have the right to bring his or her complaint directly to the attention of the supervisory authority without prior action.
The controller shall have the right to require reasonable compensation for the provision of the information, which shall not exceed the costs necessary to provide the information.

XII. Final provisions
If you have any questions about the processing of personal data of data subjects, you can contact the controller in writing or electronically using the following contact details:
GAS Familia, s.r.o. Stará Ľubovňa, with registered office at Prešovská 8, 064 01 Stará Ľubovňa, ID No.: 31 691 552
e mail contact: noreply@gasfamilia.com (hereinafter referred to as the "Administrator"):
The declaration is publicly available on the administrator's website www.gas-familia.sk
This statement was last updated on 23.5.2018