PROTECTION OF PERSONAL DATA

BECAUSE WE CARE ABOUT THE SECURITY OF YOUR PERSONAL DATA

IN THIS DOCUMENT, REFERRED TO AS “PROTECTION OF PERSONAL DATA", WE WOULD LIKE TO PROVIDE YOU WITH DETAILED INFORMATION ABOUT THE PROCESSING OF YOUR PERSONAL DATA IN CONDITIONS OF OUR COMPANY. THIS DOCUMENT EXPLAINS IN A TRANSPARENT AND CLEAR WAY THE INFORMATION UNDER ARTICLE 13 OF REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ON THE PROTECTION OF NATURAL PERSONS WITH REGARD TO THE PROCESSING OF PERSONAL DATA AND ON THE FREE MOVEMENT OF SUCH DATA (HEREINAFTER REFERRED TO AS "GDPR"). PLEASE READ THE INFORMATION BELOW ABOUT THE PROCESSING OF YOUR PERSONAL DATA. OUR COMPANY IS COMMITTED TO RESPONSIBLY HANDLE THE INFORMATION ABOUT YOU THAT WE COLLECT AND STORE.

WHO WE ARE?



Slovenská informačná a marketingová spoločnosť, a. s. (SIMS, a.s.) established in 1992, is an intelligence agency providing specialized, analytical and structured intelligence service focused on economic, business, and factual intelligence. As an integral part of the information chain, it continually expands its multimedia intelligence services to support the enhancement of security and transparency of the Slovak market environment. The user of its services is primarily the professional public, focused on rationalizing its own decision-making processes. Its products and services include intelligence analyses, sectoral and specialized researches, monitoring, graphics, images, links to websites of businesses and pages with original public registry extracts, as well as API data interfaces. SIMS, a.s. compresses and analyses content from dozens of sources, and then verifies, updates, and publishes, with its own editorial responsibility, the information specializing on active business entities. For its work it uses the available paid and unpaid information sources and its own investigative activities.

WHAT DOES DATA PROTECTION MEAN FOR US?


For us, protection of personal data means one of the main pillars of intelligence, and also a crucial measure that has been building mutual trust for 28 years between us, our customers, and collaborators that are affected by our investigative intelligence. In order to be accepted by the professional public as a trusted provider of structured and specialized intelligence, we only provide intelligence that has been obtained, collected, and processed legally, in a lawful manner (Act No. 167/2008 Coll. On Periodical Press and Agency Intelligence and on amendments to certain Acts - the Press Act). We take personal data protection very seriously, both on national and international level. We fully apply regulatory measures based on national legislation, as well as the European law represented by the EU Regulation (GDPR). We strictly safeguard all processes through a certified information security management system according to ISO/IEC 27001:2013.

WHAT ARE OUR IDENTIFICATION AND CONTACT DETAILS?


The controller of intelligence and information systems is Slovenská informačná a marketingová spoločnosť, a. s., shortened name SIMS, a. s. with registered seat at Nová Bošáca 78, 913 08 Nová Bošáca, registered in the Business Register of Trenčín District Court, Section: Sa, Insert number: 10537/R, ID No.: 31425836, website: www.sims.sk, contact details: 02/3239 3311, email: info@sims.sk.

WHAT ARE THE CONTACT DETAILS OF THE RESPONSIBLE PERSON?


In order to enhance transparency and guarantee the rights of data subjects, we have also appointed a responsible person. If you have any questions about your personal data or if you are exercising your rights as a data subject under Act No. 18/2018 Coll. on Personal Data Protection, please contact our responsible person:

  • electronically at the e-mail address dpo@sims.sk
  • by phone 02/3239 3311
  • personally, at the registered seat of SIMS, a. s.
  • by post to the address of registered seat of SIMS, a. s. (label the envelope with “To the person responsible for information security”)

WHAT IS THE PURPOSE OF PROCESSING OF PERSONAL DATA?


The primary objective of SIMS, a.s. is to process specialized intelligence service with focus on business entities. We treat this service as an integral part of the information chain for the professional public. However, each business entity is controlled by a person who represents and manages it. A person is an integral part of it at various levels and positions. We distinguish the processing of personal data relating solely to the privacy of persons and those associated with the business activities of any business entity and are publicly published and available to anyone in public registers. The purpose of processing of personal data of persons active in the business environment, whether from publicly available sources or form information provided on the basis of investigative intelligence activities carried out on the basis of a journalistic license directly with the representatives of the entities, is to generate intelligence. Our intelligence is intended for immediate access to the provided, available, and public information exactly due to the compression into a single unit of intelligence. The goal is mainly to streamline and rationalize the work with information in decision-making processes, reduce economic losses, increase the transparency of the business environment, create new business opportunities, prevent criminal activities, and fulfil the legal obligations of users of our intelligence service. Every business intelligence analysis therefore includes comprehensive economic information, information about payment discipline towards the state, health insurance companies, and information on property links and structures. The intelligence service is a carrier of information about the entities of all legal forms defined by the applicable legislation in which natural persons are in the ownership structures and/or statutory, management, supervisory, control bodies, and/or are end-users of benefits, as published in public registers. Intelligence activities pursuant to Act No. 167/2008 Coll. are is also accompanied by the processing of personal data of natural persons legally associated with business activities (Act No. 513/1991 Coll. Commercial Code, Act No. 455/1991 Coll. on Trade Licensing and the related legislation of the Slovak Republic), and therefore SIMS, a.s. in the processing of personal data ensures compliance with legislation, respects the rights of data subjects, and approaches the protection of personal data responsibly and with due care.
Intelligence service information is processed for the purpose of:

  • fulfilment of legal obligations of the intelligence service user resulting from special regulations
    • verification of the reliability of VAT payers in accordance with their respective legal obligation and responsibility,
    • prevention and detection of fraudulent behaviour by identifying low creditworthiness and/or ability to repay trade and/or credit obligations and enforcing legal liability,
    • application of measures against legalizing the income from criminal activity and terrorist financing based on risk assessment for the purpose of combating money laundering - to enforce legal liability and prevention,
    • identification of unusual business operations of economic entities - to enforce legal liability and prevention,
  • identification of real owners of companies - the so-called end-users of benefits for the purpose of determining credit exposure in accordance with applicable legislation and regulation,
  • minimizing the risk arising from a business and/or credit relationship, by processing information regarding solvency, compliance with contributory and tax obligations, reliability, and other business and economic information with enforcement of legal liability,
  • maintaining, creating and building new business relationships - determining the competence and reliability of a business partner,
  • own marketing, which SIMS, a. s. uses for its promotional activity during contractual relations (existing users of the intelligence service), pre-contractual relations (potential customers and other target groups of the business environment) - identifying competence,
  • investigative intelligence and interviewing - exercise of the right to information and freedom of expression and enforcing legal liability and identifying competence,
  • fulfilment of obligations of the controller resulting from contractual relations - enforcing legal liability and identifying competence,
  • fulfilment of obligations of the controller resulting from legal regulations, especially in the field of accounting, taxes - enforcement of legal liability and identifying competence,
  • protection of the legitimate interests of the controller in dispute resolution and in evidentiary proceedings - enforcement of legal liability, v erification of creditworthiness, enforceability of claims,
  • protection of the controller's assets and the protection of life, health of the data subject or any other natural person present in the operator's internal premises,
  • carrying out public interest activities arising from the journalistic license and the need for public information,
  • data processing for journalistic and publishing purposes,
  • informing the professional public about an entity’s economic status, credibility, and liabilities to state institutions.

WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA?


We process the personal data of the data subjects in accordance with Act No. 18/2018 Coll. based on the following legal bases:

  • for fulfilment of rights and obligations under contractual and pre-contractual relations pursuant to Section 13 (1)(b) of Act No. 18/2018 Coll.,
  • on the basis of fulfilment of legal obligations arising from special regulations (167/2008 Coll., 297/2008 Coll., etc., the Labour Code, the Commercial Code, etc.),
  • for the purposes of the legitimate interests of SIMS, a.s. or third parties under Section 13 (1)(f) of Act No. 18/2018 Coll. except where those interests are outweighed by the interests of the data subject requiring protection of personal data, in particular if the data subject is a child,
  • pursuant to Section 78 (2) of Act No. 18/2018 Coll. for the purposes of informing the public by mass media.

WHAT ARE THE CATEGORIES OF DATA SUBJECTS?


Within the frame of providing intelligence services, we primarily process data about business entities, whether legal entities or natural persons - entrepreneurs. In addition to such data, we also process the category of regular personal data relating to natural persons (Section 2 of Act No. 18/2018 Coll.) that are linked to business entities that are the primary subject of our intelligence activity. We collect personal data to the extent of lawfully published data from official publicly available sources such as the Statistical Office and state and other public registers. These are primarily regular personal data of the following categories of data subjects - i.e. natural persons acting as and/or performing the position of partners, shareholders, statutory representatives, members of the statutory and/or supervisory and/or control bodies of legal entities, proxies, heads of an organizational unit, heads of business of a foreign entity, heads of an organizational unit of business of a foreign entity, self-employed persons (trade operators), self-employed farmers, natural persons doing business other than trade (freelancers), end-users of benefits, public officers in management and supervisory bodies of companies and organizations, liquidators, administrators of bankruptcies, restructurings, debt reliefs, executives of organizations established by the state or local self-government, pledgers, pledge owners, pledgees, entitled and obliged persons in executions, entitled persons from the execution auction, etc.

The categories of personal data we process:

  • Identifying details (such as titles before/after a name, first and last name, date of birth),
  • Contact details (such as home/business address, business contacts such as email, phone),
  • Information on payment discipline and behaviour (such as the amount of the debt and the period during which the debt existed, the value of the claim, the existence of a lien and the subject of lien).

SIMS, a. s. in the provision of the intelligence service does not process the special category of personal data (Section 16 of the Act), such as data on racial or ethnic origin, political opinions, religion, health, sexual orientation, etc. In the event that such information is accidentally made available to the controller, we will promptly arrange for its erasure.

WHO ARE THE RECIPIENTS OF THE PROCESSED DATA?


The recipients of the processed data are the following categories:

  • financial institutions,
  • state administration and local self-government,
  • business entities,
  • our employees who process personal data on behalf of our company,
  • courts, other public administration authorities and other state authorities, if necessary, to exercise the rights of the controller towards the data subject or to fulfil a legal obligation of the controller,
  • law enforcement authorities, if necessary, to exercise the rights of the controller towards the data subject or to fulfil a legal obligation of the controller,
  • third parties that will on the basis of an authorization from the controller act on its behalf in the provision of services and products or in the performance of other activity related to the provision of services, for the purpose of providing services and in connection with their provision, etc.,

IS THERE A TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES?


SIMS, a. s. does not transfer personal data to third countries that do not guarantee suitable level of protection of personal data. Regardless of location, we will require fulfilment of the same suitable guarantees of protection of personal data as those we apply in the EU/EEC. In the event of transfers outside the EU/EEA we will ensure the adoption of suitable guarantees pursuant to Art. 44 et seq. of the GDPR.

WHAT IS THE RETENTION PERIOD OF PERSONAL DATA?


We will retain your personal data only for the time required to achieve the purpose(s) of processing for which they were obtained, or for any other related and allowed purposes (for example, certain data are kept until the expiry of the limitation period for a claim, or during the retention period resulting from legal regulations). The above means that if your personal data are intended for two purposes, we will retain them until the deadline for implementation of the later one expires, and we will stop using your personal data for the purpose that expired earlier. Only those who need the personal data for the relevant purpose(s) will have access to the personal data.

WHAT IS OUR LEGITIMATE INTEREST OR A THIRD PARTY’S LEGITIMATE INTEREST?


We process the personal data, the processing of which can reasonably be expected in connection with the pursuit of a business activity or an activity for which legal entities have been established. The legitimate interests proportionally outweigh the interests and fundamental rights and freedoms and the interest in the protection of the personal data and privacy of the data subject and provide the legal basis for the processing of personal data.

SIMS, a.s. for the purpose of applying the legal basis of a legitimate interest pursuant to Section 13 (1)(f) of Act 18/2018 Coll. has assessed the legitimate interest. By assessing the relationship with the data subjects, we defined the legitimate interests of the controller and third parties as follows:
supporting the fulfilment of obligations stated in the Act No. 167/2008 Coll. (the Press Act), promoting the transparency of the business environment with the aim to prevent fraud and unfair business practices, enhancing the quality of the business environment through relevant data on the entities of the environment, enhancing business certainty and security in pre-contractual relationships and existing contractual and business relationships, identifying end-users of benefits, identifying tenderers, helping to fight fraud, corruption and financial crime in the business environment and to fight money laundering and terrorist financing, helping to automate modern business processes (automatic completion of orders, contracts and invoices, indication of legal and economic risks, verification of validity of identifiers and VAT related risks), supporting strategic planning and business activities, improving orientation in bankruptcy, restructuring, and debt relief processes, enabling a factual view of an entity, region, industry, managing transparent and efficient communication, and development of relationships with potential and existing clients when selling products and services and customer aftercare.

WHAT ARE THE RIGHTS OF THE DATA SUBJECT?


Data subject has the following rights:

The right to be informed about the processing of your data

You have the right to obtain information, including in particular: identification and contact details of the controller and the responsible person, purposes of processing, categories of personal data, categories of recipients, information on transfers to third countries and guarantees in the event of transfer of personal data to a third country or international organization, retention period, information about your rights, the option to contact the Office for Personal Data Protection of the Slovak Republic, the source of processed personal data, information on whether and how the automated decision-making and profiling takes place.


Right of access to personal data

You have the right to confirm whether or not personal data are processed and, if so, you have the right to access the information pursuant to the previous paragraph. Upon special request, you have the right to receive copies of the personal data processed.


Right of rectification

If you find that we are processing your outdated or inaccurate personal data, please let us know and we will arrange their rectification. With regard to the purpose of processing of personal data the data subject has the right to supplement incomplete personal data.


Right to erasure

Under certain circumstances defined by law, we are obligated to delete your personal data upon your instruction. However, every such request is subject to an individual assessment, as SIMS, a.s. may have an obligation or a legitimate interest to retain personal data.


Right to restrict processing

Under certain situations defined by law, you have the right to request a restriction on the processing of personal data.


Right to object

The data subject shall have the right to object to the processing of his/her personal data on grounds relating to his/her specific situation carried out on the basis of the tasks performed in the public interest, legitimate interest, including profiling, or for direct marketing purposes. The controller may not further process the personal data unless it demonstrates the necessary legitimate interests in the processing of personal data that outweigh the rights or interests of the data subject or the grounds for exercising a legal claim. If the data subject objects to the processing of personal data for the purpose of direct marketing, the controller shall ensure that the personal data are not processed further for that purpose.


Right to data portability

After fulfilling the conditions foreseen by law, you can ask us to provide your personal data to another controller. We will then provide your personal data in the appropriate format to your designated entity, provided that no legal or other significant technical obstacles prevent us from doing so.


The right to revoke your consent at any time

You have the right to withdraw your consent to the processing of personal data relating to it at any time. Revocation of consent will not affect the lawfulness of the processing of personal data based on consent prior to its revocation. The data subject can withdraw the consent in the same manner in which the consent was given.


Right to file for a legal action and to seek a judicial remedy

You may contact the supervisory authority at any time with your motion or complaint regarding the processing of personal data:

Contact details of the Office for Personal Data Protection of the Slovak Republic:

  • Office for Personal Data Protection of the Slovak Republic
    Hraničná 12
    820 07, Bratislava 27
    Slovak Republic
    email: statny.dozor@pdp.gov.sk
    tel.: +421 (2)/ 3231 3214

The above rights can be exercised through our responsible person specified in the section "What are the contact details of the responsible person?".

In the event that we would, in your opinion, fail to handle your request for the exercise of the data subject's right in accordance with the GDPR or Act No. 18/2018 Coll., you have the option to file a judicial remedy directly at the competent court.

WHAT IS THE SOURCE OF PERSONAL DATA?


We process personal data of natural persons in the extent of lawfully published data from official publicly available sources, which are: Business Register of the Slovak Republic, Business Journal, Trade Register, Statistical Office of the Slovak Republic, Financial Administration, Register of Financial Statements, List of Debtors of Health Insurance Companies (Všeobecná zdravotná poisťovňa, Dôvera HIC, Union HIC), List of Debtors of the Social Insurance Company, Central Register of Outstanding Receivables of the State, Register of Public Sector Partners, Notarial Central Register of Pledges, Central Register of Distraints, research of press releases from the media. The source of contact details is conducted interviews (within the scope of intelligence activities) with competent representatives of the entities, as well as web sites of legal entities and entrepreneurs, Yellow Pages, www.zoznam.sk, www.azet.sk. Our processing operations are primarily focused on data on legal entities and business entities, but within the frame of the data on legal entities and entrepreneurs we also process personal data that are listed in the section “What are the categories of processed personal data?”. Based on contracts on the processing of personal data, we provide the data of the controller the Office of Cartography, Geodesy and the Cadastre of the Slovak Republic to authorized controllers (e.g. from the financial sector).

DO WE CARRY OUT AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING?


When processing personal data, we do not make decisions based on automated processing of personal data, including profiling.

HOW DO WE PROTECT PERSONAL DATA?


The valid legislation in the area of personal data protection contains a number of requirements, including proper documentation of data processing processes and the adoption of appropriate technical and organizational measures to ensure the protection of personal data. SIMS, a. s. has introduced and regularly audits the Information Security Management System according to ISO/IEC 27001:2013 standard, which ensures compliance with legal requirements in the area of personal data protection. SIMS, a. s. applies a protected system of drafting of documentation, enabling it to structurally capture the data processing processes, adopted technical and organizational protection measures, and the assessment of risks at a level exceeding the statutory obligation. Our employees are regularly trained both in general and with regard to specific areas of data protection and information system security. We motivate our employees to take careful and sensitive approach during contact with sensitive data. Opening of new data sources or their processing is always subject to a thorough analysis of compliance with the requirements in terms of personal data protection.

FINAL PROVISIONS


We have created this information labelled Personal Data Protection in order to enhance sufficient transparency and to clarify the basic principles our company follows in protecting the privacy and personal data of data subjects.

Our company regularly reviews and updates this information, with the current version always in effect. The current version is always published on the company's website www.sims.sk.

Check this information periodically to be informed of any potential changes. While we reserve the right to amend or supplement this statement, we will notify you through this website of any major change for at least 30 days after the date of implementation.

This information is valid and effective from 25 May 2018.