Personal Data Processing Information
ARISTA TRADING AG
The information describes how the operator ARISTA TRADING AG, with its registered office at Bahnhofstrasse 32 6300 Zug SWITZERLAND (hereinafter referred to as the “operator”) processes personal data. If anything in this Information is unclear or incomprehensible to you, we will be happy to explain any term or part to you. We process personal data in accordance with the requirements of the GDPR, Act No. 18/2018 Coll. on the Protection of Personal Data and on the Amendment and Supplement to Certain Acts, as amended by subsequent regulations, and other generally binding legal regulations.
Article I. Basic Terms
- Personal Data – any information relating to an identified or identifiable natural person, such as name, surname, date of birth, personal identification number, telephone number, email address, IP address, and so on.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
- Data Subject – an individual to whom the personal data relates.
- Processing of Personal Data – any operation or set of operations performed on personal data by the controller or processor.
- Controller – a natural or legal person who determines the purposes and means of processing personal data.
- Purpose of Personal Data Processing – a clearly defined or established intention for the processing of personal data, which is related to a specific activity.
- Legitimate Interest – the interest of the controller or a third party that justifies the need for processing personal data, provided it does not override the interests or fundamental rights and freedoms of the data subject.
- Recipient – a natural or legal person, public authority, agency, or any other entity to whom the personal data is disclosed.
Article II. Personal Data Controller
1. Personal Data Controller
- Beneficiary name: ARISTA TRADING AG
- Beneficiary address: Bahnhofstrasse 32 6300 Zug SWITZERLAND
- Registration number: CHE-369.229.726
- Email: info@arista-trade.com
2. Purposes and Legal Basis of Processing (Purpose – Legal Basis)
- Accounting Art. 6(1)(c) GDPR – Compliance with a legal obligation
- Art. 6(1)(b) GDPR – Performance of a contract
- Personnel and Payroll Art. 6(1)(c) GDPR – Compliance with a legal obligation
- Art. 6(1)(b) GDPR – Performance of a contract
- Attendance Art. 6(1)(b) GDPR – Performance of a contract
- GDPR Compliance Art. 6(1)(c) GDPR – Compliance with a legal obligation
- Supplier and Customer Contracts Art. 6(1)(b) GDPR – Performance of a contract
- Art. 6(1)(f) GDPR – Legitimate interest
- Contact Form Art. 6(1)(f) GDPR – Legitimate interest of the controller
- Email Newsletter Art. 6(1)(a) GDPR – Consent of the data subject
- SMS Newsletter Art. 6(1)(a) GDPR – Consent of the data subject
- CCTV System Art. 6(1)(f) GDPR – Legitimate interest
- Website (Cookies) Art. 6(1)(a) GDPR – Consent of the data subject
- Company Profile on Facebook Art. 6(1)(f) GDPR – Legitimate interest
- Company Profile on LinkedIn Art. 6(1)(f) GDPR – Legitimate interest
- Other Company Profiles on Social Media Art. 6(1)(f) GDPR – Legitimate interest
3. Legitimate Interests of the Controller or Third Party (Legitimate Interest — Characteristics)
- Supplier/Customer Contracts the legitimate interest of the controller to fulfill contractual obligations
- Company Profile on Facebook the legitimate interest of the controller to showcase the provided services on their company profile
- Company Profile on LinkedIn the legitimate interest of the controller to showcase the provided services on their company profile
- CCTV System security and protection of the controller’s property
- Contact Form the legitimate interest of the controller to process personal data voluntarily provided by data subjects in order to facilitate communication
4. Recipients
The recipient is any person to whom the controller discloses personal data, regardless of whether they are a third party. Depending on the specific processing purposes, the data processed by the controller may be disclosed to the following recipients:
- Individuals processing personal data based on the controller’s direct authorization (persons working under agreements outside of an employment relationship, and others)
- Intermediaries (web hosting providers, accounting company)
- State authorities (tax office, Social Insurance Agency, Central Office of Labor, Social Affairs and Family, Office for Personal Data Protection, courts, law enforcement agencies, administrative authorities, and others)
- Health insurance companies, enforcement officers, supplementary pension savings companies, pension fund management companies, employee representatives
- Other authorized entities may also be recipients.
5. Retention Period
Personal data in a form that allows identification is retained for no longer than necessary to fulfill the purpose for which the personal data is processed. Retention periods/deletion deadlines or criteria for determining them are documented in records of processing activities, which will be provided to you upon your request.
6. Rights of the Data Subject
Individuals have the following rights:
Right to information on personal data processing
The information includes the identity and contact details of the data controller, purposes of processing, categories of personal data, recipients or categories of recipients of personal data, information on the transfer of personal data to third countries, retention periods for personal data, the data controller’s rights, the calculation of your rights, the possibility to contact the Office for Personal Data Protection of the Slovak Republic, the source of processed personal data, information on whether and how automated decision-making and profiling take place.
Right to access personal data
You have the right to obtain confirmation whether personal data is being processed and, if so, access to information on the purposes of processing, categories of personal data, recipients or categories of recipients, retention periods for personal data, information on your rights, the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, information on the source of personal data, information on whether automated decision-making and profiling occur, information and safeguards regarding the transfer of personal data to a third country or international organization. You have the right to receive a copy of the processed personal data.
Right to rectification
The data subject has the right to have incorrect personal data rectified. With regard to the purposes of processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement.
Right to erasure (right to be forgotten)
In certain cases provided by law, we are obliged to erase personal data of the data subject. However, each such request is subject to an individual evaluation of whether the conditions are met because as a data controller, we may be bound by a legal obligation or may process personal data based on legitimate interests. If our legitimate interests (or the legitimate interests of a third party) outweigh the interests of the data subject, we are entitled to further process the personal data for the specific purpose.
Right to restriction of processing
The data subject may request the data controller to restrict the processing of personal data if any of the following situations occur:
- The data subject has contested the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data.
- The processing of personal data is unlawful, but the data subject opposes the erasure of the data and instead requests the restriction of their use.
- The data controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal claims
- The data subject has objected to the processing of personal data in specific situations according to the GDPR (task carried out in the public interest or legitimate interests pursued by the data controller or profiling), pending the verification whether the legitimate interests of the data controller override those of the data subject.
Right to data portability
If requested by the data subject, we will transfer their personal data to another data controller in a suitable format, unless prohibited by any legal or significant obstacles, to the designated recipient.
Right to object and automated individual decision-making
The data subject has the right to object, at any time, to the processing of personal data concerning them, which is carried out based on the legal basis of public interest or legitimate interest. The data subject may also object, at any time, to the processing of personal data by the data controller for direct marketing purposes, including profiling, to the extent that it relates to such direct marketing.
Processing based on consent (right to withdraw consent)
If processing is based on the data subject’s consent under Article 6(1)(a) of the GDPR or Article 9(1)(a) of the GDPR, the data subjects have the right to withdraw their consent at any time. Such withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
7. Response Timeframe
We will provide a response and any information regarding the actions taken as soon as possible, but no later than one month. However, if necessary and considering the complexity and number of requests, we may extend the deadline by two months. We will inform the data subject about the extension of the deadline, including the reasons for it.
8. Contact Point
Individuals can exercise their rights with the data controller by email at info@arista-trade.com or in writing to the following address: ARISTA TRADING AG, Bahnhofstrasse 32 6300 Zug SWITZERLAND.
All notifications and statements regarding the exercise of these rights are provided free of charge. However, if a request is clearly unfounded or excessive, especially if it is repetitive, we reserve the right to charge a reasonable fee taking into account administrative costs or refuse to act on the request. In the case of repeated requests for copies of processed personal data, we reserve the right to charge a reasonable fee for administrative costs.
9. Provision of Personal Data
Providing personal data is voluntary, and therefore, as a private entity, we, as the data controller, do not have a legal requirement for data provision. However, if you are interested in entering into a contract with us, providing personal data may be necessary to conclude the contract. In such a case, providing the data is a contractual requirement. The data subject is not obliged to provide their personal data and does so voluntarily. Refusing to provide personal data does not have any negative consequences for the data subject.
10. Automated Decision-Making and Profiling
The data controller does not use automated individual decision-making, including profiling.
11. Processing for Another Purpose
When processing personal data, we respect the principle of purpose limitation, which means that we process data only for specific, explicitly stated, and legitimate purposes, except in cases where it is processed for a compatible purpose. Processing for another purpose may also be based on the consent of the data subject, the law of the European Union, or the law of the Slovak Republic. To determine whether another purpose is compatible with the purpose for which the personal data were originally collected, we will conduct a compatibility test before commencing processing. This test takes into account:
- Any connection between the purposes for which the personal data were obtained and the purposes of the intended further processing.
- The circumstances under which the personal data were obtained, especially regarding the relationship between the data subjects and the data controller.
- The nature of the personal data, particularly whether special categories of personal data under Article 9 of the GDPR or personal data relating to criminal convictions and offenses under Article 10 of the GDPR are processed.
- Potential consequences of the intended further processing for the data subjects.
- The existence of appropriate safeguards, which may include encryption or pseudonymization.
12. Changes to Personal Data Processing Rules
We are entitled to modify the wording of these rules for the processing of personal data, especially if there is a need to incorporate legislative changes or changes in the purpose and means of processing. In the event that changes to the rules for the processing of personal data occur that could affect the rights of the data subjects, we will notify them adequately and with sufficient advance notice.
This document is regularly updated.
Last Updated: 16th June 2023