When processing your personal data, we take the utmost care to protect them. We respect the principles of legality, minimisation, transparency, confidentiality and integrity in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 / 46 / EC (hereinafter referred to as “GDPR”) and Act 18/2018 on the protection of personal data of the Slovak Republic.
Kempelen Institute of Intelligent Technologies, association of legal entities, abbreviation: KInIT, with registered office: Mlynské nivy 18890/5, 811 09 Bratislava, ID number: 53290046, (hereinafter referred to as the “Institute” or “us” or “our”), represented by Mária Bieliková, Statutory and Ing. Marián Šimko, statutory.
KInIT is a Joint Controler with Innovatrics, seated at Pri vinohradoch 82, 831 06 Bratislava, ID: 36 280 712 are Joint Controllers as per article 26 GDPR and for purpose of a joint activity, which is organizing an irregular event “Better AI meetup”.
Please read what specific data we proceed, why and for how long, and how we protect them. In this document you will learn:
- how and which personal data we process;
- what are purposes and lawful basis for the processing;
- what is duration of processing of your data;
- when and to who we may transfer your data;
- what are your rights as an data subject;
- how you can contact us.
1.How we collect your personal data
We most often obtain your personal data directly from you when you contact us via:
- A contact form on this website (joint processing),
- A social network (each Controller processing data on their own social networks accounts),
- A phone call (each Controller processing data on their own social networks accounts),
- An e-mail (each Controller processing data on their own social networks accounts),
- Registration form (joint processing),
- Newsletter signup (joint processing).
2. Personal data processing purposes and legal basis
Providing Information, contacts and other communication with you
The personal data that we may process are: your e-mail, name, surname, name of the employer and job position if you contact us on behalf of an organisation where you work, and other contact data you share with us.
Purpose of the processing is to ensure you can contact us, register for the event, we may provide you organisational and other information for the event, arranging a meeting, answering questions, exchanging information, sending and receiving invoices and other common, foreseeable, activities related to the provision of our services.
Legal basis is GDPR Article 6 (1)(b), processing of personal data, processing necessary for the performance of a contract to which the data subject is a party or for measures to be taken before the conclusion of the contract at the request of the data subject.
Duration of processing is 6 months if no cooperation takes place, otherwise during the duration of the cooperation and longer if required by legislation e.g. tax and accounting regulations
Promoting our services and work online
(Each Controller processing data on their own social networks and websites)
We have legitimate interests as per GDPR article 6 (1)(f) to process some of your personal data when promoting our services and work online. When posting content on our social networks (LinkedIn, Facebook) and on our website, personal data may be processed based on our legitimate interest in raising awareness of our work.
If you register for any of our events, we might take a photo or create audio / video records according to the type of event.
Legal basis is GDPR Article 6 (1)(f), processing of personal data processing necessary for the purposes of legitimate interests pursued by the controller and duration of the processing is10 years.
Other legitimate interests
(Each Controller processing data on their own)
We have legitimate interests as per GDPR article 6 (1)(f) to process your personal data when pursuing a demonstration, assertion and defending our legal claims. In the event of legal or extrajudicial disputes, debt collection, notification of facts to public authorities and similar activities, where we prove and enforce our legal claims, we may process your personal data.
You can subscribe to the newsletter on websites of each of the Controllers. Based on your consent (GDPR article 6 (1) (a), your e-mail address will be added to a mailing list and you will receive information about upcoming events, so that you can register. Signing up for the newsletter is fully voluntary. You can withdraw your consent any time, using the link provided in the footer of each newsletter. Duration of processing is until withdrawal of consent.
We use Mailchimp from Intuit company and during this processing a transfer to the 3rd country (USA) occurs. We have taken addition safety measures to ensure protection of you data.
Cookies are small text files that servers store on your computer or mobile device when you access websites. There are four reasons why a cookie may be stored on your device while you visit our website:
- Necessary (processing based on legitimate interest as per GDPR article 6 (1)(f): cookies that enable the website to function properly and allow you to use the secure online services we provide; the use of these cookies is necessary for the functioning of the site;
- Not necessary and 3rd party cookies: Based on your consent (GDPR article 6 (1) (a), we may store statistical, marketing and advertising cookies on your device. Also based on your consent we might use Facebook Pixels and target ideal audience to share information about upcoming events.
Your user behavior is an important feedback to us. We then adjust the content of the website accordingly so that it is as interesting as possible for you in terms of content. The personal information we process is the IP address, location, device from which you access, the length of time you spend on the website, the favorite times of site visitors, the interests and hobbies of site visitors. The data is processed by Google in an anonymized form and it is not possible to identify individual users using normal means.
We use services of Meta Limited and Google during this processing a transfer to the 3rd country (USA) might occur. We have taken addition safety measures to ensure protection of you data.
3. Transfer to the 3rd countries
Our website and e-mail repository and their backups are on Slovak and / or EU servers. We use the services of a Slovak provider with appropriate contractual and technical guarantees.
Although we try to set up the processing of personal data so that personal data is not transferred to third countries outside the European Economic Area, in order to promote our services online, the transfer takes place to third countries.
This mainly concerns:
- management of online profiles on social networks provided by LinkedIn and Meta Limited,
- analytical, statistical and marketing services of Google,
- newsletter mailing services Mailchimp by Intuit.
These suppliers and equipment are located in the United States and are considered a third country that does not provide an adequate level of protection. Any transfer of personal data outside the EU and / or the European Economic Area takes place only in strict compliance with the protection of personal data in accordance with the requirements of the GDPR.
4. Disclosing your personal data
Based on the requested cooperation or on the basis of activities necessary for the operation of the website and the provision of our services, your personal data may be provided to the Recipient and / or Third Parties.
As a Controller, we use the services of external companies in the field of accounting, law, IT and other services. These entities may, within a precisely defined scope, process your personal data for contractual purposes on the basis of a Data Processing Agreement.
Other recipients may include courts, law enforcement agencies, banks, executors or notaries, public authorities, municipalities, self-governing regions, natural persons who are parties to proceedings before the relevant entity. These recipients are provided with personal data, for example, when inspecting the file, etc.
3.3. Third parties
Third parties are considered to be, in particular, public authorities and institutions to which the controller is obliged to provide personal data on the basis of a legal provision in the performance of its legal obligations.
5. Your rights
As a data subject defined by GDPR and Act 18/2018 (Slovakia), you have the right to request from us, the Joint Controllers:
- access to you personal data (in particular, request confirmation of whether or not the data are processed, the categories of data processed, the purpose of the processing, the source of their acquisition, the retention period);
- correcting or complete incorrect data;
- restricting data processing according to Art. 18 GDPR (e.g. if data are incorrect or processed illegally);
- receive personal data concerning you and which you have provided to the operator, in a structured, commonly used and machine-readable format and the right to transfer this data to another operator under the conditions specified in Art. 20 GDPR;
- objecting in the cases referred to in Art. 21 GDPR;
- erasure of data whose purpose of processing has ended or, in the cases provided for in Art. 17 GDPR.
You may exercise your rights regarding personal data by writing or an e-mail to any of the Controller:
- Kempelen Institute of Intelligent Technologies, Mlynské nivy 18890/5, 811 09 Bratislava, e-mail firstname.lastname@example.org
- Innovatrics, Pri vinohradoch 82, 831 06 Bratislava, e-mail email@example.com
- KInIT appointed a Data Protection Officer: Dimensions Consulting Services s.r.o., Zámocká 18, 81101 Bratislava ID 47119144, e-mail firstname.lastname@example.org.
All legitimate requests of the data subject will be responded to and you will be informed in writing within 30 days of receipt.
If you believe that your personal data processing rights have been violated or that the Personal Data Protection Act 18/ 2018 or the GDPR has been violated, you can file a request to initiate personal data protection proceedings with the national DPA – Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27 , Slovak republic; www.dataprotection.gov.sk.
6. Final provisions