PRIVACY POLICY

We hereby inform you about the processing of your personal data on the website www.adamtruhlar.com (hereinafter referred to as the “Website”), carried out in accordance with Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain acts (hereinafter referred to as the “Act”) and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”).

A. Processing of Personal Data on the Website

Identity and contact details of the data controller

The data controller of personal data on the Website is the company Mgr. Adam Truhlar-Theta Mindset, with registered office at Pod Hajkom 1441/3, 909 01, Skalica, ID: 47 838 973 (hereinafter referred to as the “controller”), who processes your personal data in the course of its activities.

For matters regarding the processing of personal data, the controller can be contacted by mail at the address above or via email at: info@adamtruhlar.com

Within individual Consultations conducted by Professionals, personal data of the individuals concerned are also processed by individual Professionals. For the processing of personal data by Professionals, see section B of these principles.

What personal data do we collect?

The company Mgr. Adam Truhlar-Theta Mindset collects, uses, stores, and transfers various types of personal data, depending on the relationship of the individual to the company. Additionally, the company collects and uses personal data necessary to ensure and provide our services to the highest standards and as efficiently as possible. Our company collects and uses the following types of data:

  • Identification – name, surname, title, date of birth, permanent address
  • Contact – permanent address, postal code, email, and telephone numbers
  • Transactional – details of payments, reservations, meeting dates, and other services purchased through our company and other payment-related data
  • Preference data – information about your moods, attitudes, preferences, or ratings of services that are relevant to the provision of our services.

The controller emphasizes that no sensitive personal data, especially health data, is processed.

What are the purposes and legal bases for processing personal data?

The controller collects personal data to provide efficient, quality, and reliable services.

The legal basis and purpose of processing your personal data are as follows:

  • such processing is necessary for the performance of a contract between you and the controller or for taking pre-contractual measures by the controller in accordance with Article 6(1)(b) of the Regulation (identification, contact, and transactional personal data); or
  • processing is necessary for compliance with legal obligations applicable to the controller under Article 6(1)(c) of the Regulation, especially handling complaints under Act No. 40/1964 Coll., the Civil Code, and Act No. 250/2007 Coll. on Consumer Protection, and fulfilling other obligations imposed on the controller by other generally binding legal regulations, in particular Act No. 595/2003 Coll. on income tax and Act No. 431/2002 Coll. on accounting (identification, contact, and transactional personal data);
  • processing is necessary for the legitimate interests pursued by the controller under Article 6(1)(f) of the Regulation, specifically:
    • in handling your questions, complaints, or requests (to the extent of personal data provided), where the legitimate interest in handling your requests and improving our services outweighs the interests of the individuals concerned;
    • in improving the services of the controller for your greater comfort (Identification, contact, transactional, and preference data), where the data provided by you allows us to monitor the functionality, quality, efficiency, and ultimately your satisfaction with our services, with the interest in improving our services outweighing the interests of the individuals concerned;
    • in protecting the rights and legally protected interests of the controller, especially whether the general terms and conditions of the Website (hereinafter referred to as “GT&C”) are complied with or to demonstrate the validity and justification of the controller’s claims in any judicial proceedings (identification, contact, and transactional personal data), with the protection of the rights and legally protected interests of the controller outweighing the interests of the individuals concerned;
    • in supporting the commercial activities of the controller, especially by sending electronic or written commercial information of the controller to its customers, whereby objections can be raised against such processing or unsubscribed from receiving commercial information (for more information, see the section Objection to direct marketing) (identification and contact personal data), with the authorization to carry out direct marketing arising directly from the law (if the data subject does not request refraining from sending), and thus the clearly legitimate interest in promoting the services of the controller outweighs the interests of the individuals concerned;
  • you have given consent to the processing of personal data pursuant to Article 6(1)(a) of the Regulation (identifying and contact details) to process personal data for the purposes of carrying out direct marketing activities or sending commercial communications.

Who we share your personal data with

We do not share your personal data with any third parties (recipients) unless sharing is necessary for providing our services.

The Controller may, in justified cases and only to the extent necessary, transfer personal data to the following categories of recipients:

  • its contractual partners, whom the Controller needs for its normal operation and for the implementation of the contractual relationship with you, such as IT suppliers, business partners of the Controller, external advisors, etc.;
  • Professionals within the meaning of the definition of the Data Subject, whom you have selected as the data subject for the implementation of the Consultation or who have been selected for you for the Group Session;
  • other entities in cases where the provision of such data to the Controller is required by generally binding legal regulations, or if it is necessary to protect the legitimate interests of the Controller (such as courts, Slovak Police, etc.);
  • affiliated persons of the Controller.

In the case of Consultations, the Processor of personal data in the entire scope provided becomes a specific Professional – see section B. of these principles.

B. Special provisions on the processing of personal data in the context of Consultations

Identity and contact details of the Professional

During the Consultations, you as a data subject provide personal data to the Professional to the extent necessary for the proper conduct of the Consultation. The contact details of the Professional as a data subject will be provided to you through the Website, and in case of any doubts, you can request their provision at info@adamtruhlar.com.

Legal basis, scope, and purpose of processing

The Professional processes all provided personal data for the purpose of properly conducting the Consultation. Such processing is necessary for the performance of the contract between you and the Professional as the controller under Article 6(1)(b) of the Regulation, which is also the legal basis for processing personal data.

The Professional also processes identification personal data and basic data about the terms of Consultations for the purpose of fulfilling its legal and contractual obligations and further for the purpose of protecting its legitimate rights and interests, especially to be able to prove the legitimacy of its claims in the future.

With whom does the Professional share your personal data?

The Professional does not provide personal data obtained during Consultations to any third parties. The Professional may provide identification personal data and basic data about the terms of Consultations to its business partners, e.g., accountants. Other rules of the principles in part C. are appropriately applicable to the processing of personal data by Professionals.

C. Common principles for the processing of personal data

This part sets out rules for the processing of personal data of data subjects by the Controller of the Websites as well as by the Professionals.

How long do we retain your personal data?

Your personal data will be processed for the duration of the concluded contract, further during the limitation period of any claim arising from the contract. After this period, the Controller will destroy your personal data unless it is authorized/obliged to process this data on another legal basis. Your personal data will also be processed by the Controller for the duration of any potential legal disputes.

However, if the Controller processes your personal data based on your consent, then such personal data will be stored by the Controller for the longest period during which you granted your consent for such processing, i.e., for a period of 3 years from the granting of consent or until you revoke your consent, if you revoke it before the expiry of this period.

For the purposes of direct marketing carried out on the basis of the legitimate interest of the Controller, your personal data will be stored by the Controller for a maximum period of 3 years from the date of termination of your contractual relationship with the Controller. Documents containing your personal data will be archived by the Controller for the prescribed period in cases where a generally binding regulation requires it.

Your rights under the Law and the Regulation

In connection with your personal data, you have the following rights against the Controller:

Right of access

You may request the Controller to access the personal data processed about you and to provide a copy of the processed personal data (if the rights and freedoms of other persons are not adversely affected).

Right to rectification

You may request the Controller to rectify inaccurate or incomplete data processed about you.

Right to erasure

You may request the Controller to erase your personal data if one of the following situations occurs:

  • personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • you have withdrawn your consent on the basis of which your personal data were processed, and there is no other legal basis for their processing;
  • you have objected to being subject to a decision based solely on automated processing of your personal data, and there are no overriding legitimate reasons for such processing or you have objected to the processing of your personal data for direct marketing purposes;
  • your personal data have been processed unlawfully;
  • your personal data must be erased to comply with a legal obligation laid down by the law of the European Union or a Member State that applies to us as the Controller;
  • your personal data were collected in connection with the offer of information society services.

Right to restriction of processing

You may request the Controller to restrict the processing of your personal data if one of the following situations occurs:

  • you have contested the accuracy of your personal data, for a period enabling the Controller to verify the accuracy of the personal data;
  • the processing of your personal data is unlawful, but you oppose the erasure of these data and instead request the restriction of their use;
  • the Controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims;
  • you have objected to processing your personal data under Article 21(1) of the Regulation until it is verified whether the legitimate grounds of the Controller override your legitimate grounds.

Right to data portability

In cases of processing of personal data based on consent or contract and processed automatically, you have the right to obtain personal data concerning you that you have provided to the Controller, and the right to transmit this data to another controller in a structured, commonly used, and machine-readable format, provided that this right does not adversely affect the rights and freedoms of others.

Right to withdraw consent

If the processing of your personal data is based on consent, you have the right to withdraw your consent to the processing of personal data for the purpose for which you gave consent at any time, with effect for the future. Information on revoking consent in individual cases of processing of your personal data can be found in the Revocation of consent chapter.

Right to object

You may object to the Controller at any time against the processing of your personal data carried out on the basis of the legitimate interest of the Controller (including profiling) and for the purposes of direct marketing carried out on the basis of the legitimate interest of the Controller. For more information on the right to object in individual cases of processing of your personal data, see the Objection to direct marketing chapter.

Right to be informed

You have the right to be informed by the Controller in case of a breach or suspected breach of the security of your personal data, where it is likely to result in a high risk to the rights and freedoms of natural persons, including you.

Right concerning automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to lodge a complaint

If you believe that the processing of your personal data has been or is being violated by the Regulation, you have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic with its registered office at Hraničná 12, 820 07 Bratislava 27, website: https://dataprotection.gov.sk/uoou/sk.

For the purpose of exercising your rights under the Regulation or in case of any questions or complaints, you may contact the Controller via its email address info@adamtruhlar.com or in writing to the address of the Controller’s registered office provided above.

Revocation of consent

You may revoke any consent you have given to the Controller at any time with effect for the future by the methods outlined below.

Consent to receive electronic and paper commercial information from the Controller may be revoked:

  • by clicking on the unsubscribe link in the received commercial email; or
  • by sending a revocation of consent to the email address info@adamtruhlar.com or
  • by sending a revocation of consent in writing to the address of the Controller’s registered office.

Consent to the processing of your personal data in connection with the publication of your personal data in paper documents of the Controller or on the Controller’s website www.adamtruhlar.com or on its profile on social networks may be revoked:

  • by sending a revocation of consent to the email address info@adamtruhlar.com or
  • by sending a revocation of consent in writing to the address of the Controller’s registered office.

However, your possible revocation of consent to the processing of personal data will not affect the processing that has occurred before the revocation of your consent or its legality.

Objection to direct marketing

Against the processing of your personal data for the purpose of direct marketing (including profiling), which is carried out without your consent on the legal basis of the legitimate interest of the Controller, you have the right to object to the Controller at any time without charge, by sending a written electronic message to the email address info@adamtruhlar.com or in writing to the address of the Controller’s registered office.

D. Rules for the appointment of data processing intermediaries

The Controller of the Websites or the Professionals may, in accordance with the above, authorize data processing to specific intermediaries to the extent necessary.

In this regard, the Intermediary undertakes to carry out the processing of personal data in accordance with the relevant legal regulations, especially the Regulation and the Law.

In this context, the Intermediary undertakes, in particular, to process personal data only on the basis of documented instructions from the Controller, ensure that:

  1. any other persons authorized to process personal data are bound by confidentiality obligations,
  2. it will not involve another intermediary without the prior written consent of the Controller,
  3. it will take all measures to ensure the security of processing under Article 32 of the Regulation,
  4. it will assist the Recipient with appropriate technical and organizational measures in fulfilling its obligation to respond to requests for the exercise of data subject rights as well as in fulfilling other obligations arising from the relevant legal regulations,
  5. after the processing of personal data is completed or after the validity of the contractual relationship arising from the Contract, all personal data will be erased or returned to the Recipient, and
  6. if necessary, it will provide any cooperation to the Recipient in proving compliance with the obligations in the processing of personal data.