Information on the processing of personal data of the data subject
provided in accordance with the provisions of Art. 12, Art. 13 and Art. 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR").
The company Hyundam Slovakia, sro , with its registered office at: Na stanicu 22, 010 09 Žilina, Company ID: 36 367 028, registered in the Commercial Register of the District Court of Žilina, section Sro , entry no. 17672/L (hereinafter referred to as the " Operator ") is the operator of information systems in which it processes personal data of its business partners, customers, visitors and other persons who contact the Operator.
When processing personal data, the operator proceeds in accordance with the relevant legal regulations of the Slovak Republic and the legislation of the European Union, while taking maximum care to protect the privacy of the data subjects and the protection of their personal data that has been provided to it and that it processes.
The operator processes your data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation"), relevant Slovak legal regulations, in particular Act No. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts (hereinafter referred to as the "Act") and other regulations on the protection of personal data (the Regulation, the Act and other regulations on the protection of personal data hereinafter also referred to as the "Regulations on the protection of personal data").
We most often collect your personal data directly from you – for example, when you contact us by email, visit our website or enter into a contract with us (hereinafter referred to as the “data subject”).
In some cases, your data will also be provided to us by another entity – for example, the company you work for, which orders a service from us or participates in a tender. In such a case, you will be listed as the contact or responsible person for that entity.
The processing of the personal data obtained and provided is part of the Operator's activities. Without the provision of personal data and without their processing, it would not be possible to provide its services to its clients and other data subjects to the required extent. The Operator has adopted appropriate technical, personnel and organizational security measures to ensure the maximum possible protection of personal data.
Information on processing operations – Purpose and legal basis
As part of the Controller's activities, the personal data of the data subject is processed for the purposes specified in the appendix to this Information. To ensure the protection of the processed personal data, the Controller has adopted relevant internal documentation that specifies the security measures taken.
Categories of processed personal data and data subjects and retention period of personal data
The operator always processes your personal data only to the extent necessary for a specific purpose. The processing is carried out in accordance with the law and the principle of minimization, which means that we do not request any data from you that we do not need for a given purpose.
We may process your data on various legal grounds – for example, to enter into or perform an employment contract, to comply with our legal obligations (e.g. in the area of wages, taxes or insurance), or on the basis of our legitimate interest.
In some cases, we are also obliged to process data about your family members – for example, to apply for tax benefits or register for social security. Without this data, we would not be able to fulfil our legal obligations.
Details of what specific data we process are provided in Appendix No. 1.
Your personal data may be provided to recipients, in particular public authorities that are authorized to process your personal data as independent controllers and as third parties - in particular the tax administrator, the Personal Data Protection Office, courts, law enforcement agencies, social insurance companies, health insurance companies or labor supervisory authorities.
In some cases, the operator also provides your personal data to its intermediaries, including:
The operator has concluded personal data processing contracts with its intermediaries and maintains a list of these intermediaries. Other recipients of your personal data include law firms, bailiffs, notaries and auditors, who act as independent operators bound by a professional obligation of confidentiality.
Transfer of personal data to third countries
When processing your personal data, your personal data is not transferred to third countries or international organizations. If such a transfer is necessary, it will take place exclusively in accordance with applicable data protection laws and only in cases where adequate safeguards for the protection of your data are provided.
Automated decision-making and profiling
The operator does not make decisions based on automated processing of personal data, including profiling.
Technical and organizational security measures
To ensure the protection of personal data, the Operator has taken appropriate technical and organizational measures, especially in the area of physical, operational and information security. The measures taken are defined within the Operator's internal regulations.
After the expiry of the period, personal data will not be subject to further processing.
Rights of the data subject
The data subject has the right to request from the Controller access to personal data concerning the Data Subject pursuant to the provisions of Article 15 of the GDPR. The data subject has the right to obtain confirmation as to whether personal data concerning him or her are being processed and, if so, access to such data. He or she also has the right to obtain copies of the personal data which the Controller processes about him or her and information on how the personal data are further processed.
The data subject has the right to have incorrect personal data corrected pursuant to Article 16 of the GDPR. The controller is authorized to process only correct and updated personal data. Upon exercising the right to correct the processed personal data, the controller shall complete or amend the incorrect personal data without undue delay.
The data subject has the right to erasure (the right to be forgotten) of all data processed unlawfully pursuant to Article 17 of the GDPR without undue delay, provided that the conditions under the GDPR are met.
The data subject has the right to restrict the processing of personal data pursuant to the provisions of Art.
18 GDPR in the event of exercising the right to rectification or if he objects to the erasure of his personal data, if their processing is unlawful, or the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to establish, exercise or defend legal claims. The controller will restrict the processing of your personal data if you request this.
The person concerned has the right to the portability of personal data pursuant to the provisions of Article 20 of the GDPR to another controller in a structured, commonly used and machine-readable format, but only if the data is processed on the legal basis of the consent of the data subject or on the basis of a contract to which the data subject is a party.
The data subject has the right to file a complaint or initiative with the supervisory authority, which is the Office for Personal Data Protection, if the person's rights are directly affected pursuant to the provisions of Section 100 of Act No. 18/2018 Coll. on the Protection of Personal Data.
Contact details of the Office for Personal Data Protection. Registered office: Park one Building , Námestie 1.mája 18, 811 06 Bratislava, Slovak Republic, website dataprotection.gov.sk, telephone number 02 3231 3214, e-mail: statny.dozor@pdp.gov.sk .
The data subject has the RIGHT TO WITHDRAW CONSENT pursuant to Article 7(3) of the GDPR, if the controller processes personal data on the legal basis of consent. You may withdraw your consent at any time in the same manner as you gave it. Withdrawal of consent does not affect the lawfulness of the processing of personal data that preceded it.
The data subject has the RIGHT to OBJECT to the processing of personal data if he or she believes that it is unlawful or requests a reassessment of the profiling or the result of automated decision-making. The operator may not further process personal data unless he or she can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
In the event of claiming the rights of the Data Subject, the contact person of the Controller is the HR department, tel. no .: +421 911 017 403, email: privacy@hyundam.sk . The responsible person is Vojčík & Privacy , sro, tel. no.: +421 (55) 6230111, email: privacy@vojcik.eu.
The Operator will provide you with a response to the exercise of your rights free of charge. However, in the event of a repeated, unfounded or disproportionate request to exercise your rights, the Operator is entitled to charge a reasonable fee for the provision of information. The response will be provided to you within 1 month from the date on which you exercised your rights. In certain cases, especially in the case of a high number and complexity of requests from data subjects, the Operator may extend this period, but not more than 2 months. The Operator will always inform you of the extension of the period.
I acknowledge that the Controller is obliged, in accordance with the provisions of Article 34 of the GDPR, to notify me of a personal data breach without undue delay if such a personal data breach is likely to result in a high risk to my rights.
This information on the processing of personal data is valid and effective from June 16, 2025. In the event of a change to the Information on the Protection of Personal Data, the Operator will inform you of the changes in advance in an appropriate manner.
As the Data Subject, I hereby declare that I have been informed of the information regarding the processing of personal data by the Controller.
Annex No. 1
Purpose of processing | Legal obligation / Contractual requirement / Consent / Legitimate interest | Categories of personal data | Deadline for deletion of the personal data | Beneficiary category | Designation of a third country or international organisation |
The purpose of processing personal data is to process and record accounting documents. | the processing of personal data is a legal requirement | title, first name, last name, address, telephone number, e-mail address, date of birth, type and number of identity document, ID number, signature, bank account number or other, if required by a specific legal regulation or other legal basis for processing personal data | invoice books, general ledgers, receivables and payables, financial statements, supplier-customer invoices, accounting statements, cash register, accounting documents, bank statements, tax returns, annual audit, loan documents, warehouse documents, customs records, declarations - all 10 years following the year to which they relate | Social insurance company, health insurance companies, tax office, auditors, courts, law enforcement agencies, other authorized entity | there is no transfer to a third country or international organisation |
The purpose of processing personal data is to manage the registry, record keeping and processing of received and sent mail/email. | the processing of personal data is a legal requirement | title, name, surname, signature, residence, e-mail address, telephone number, account number, signature, guaranteed electronic signature and other data that may be contained in the mail and data according to a special regulation | Post Office - 5 years following the year to which they relate, other records forming the registry pursuant to the relevant provisions of Act No. 395/2002 Coll. on archives and registries and on the amendment of certain acts, as amended. | Ministry of the Interior of the Slovak Republic, Financial Administration of the Slovak Republic (FS portal), Social Insurance Agency (SP portal), health insurance companies (portal), other authorized entity | there is no transfer to a third country or international organisation |
the purpose of processing personal data is to conduct judicial and administrative proceedings | the processing of personal data is a legal requirement | common personal data necessary to fulfill legal obligations | During the duration of the relevant proceedings and until the expiry of the limitation periods (unless otherwise provided for by the relevant legal regulations) | courts, law enforcement agencies, competent administrative authorities, lawyers, other authorized entity | there is no transfer to a third country or international organisation |
The purpose of processing personal data is to investigate complaints pursuant to Act No. 54/2019 Coll. on the protection of whistleblowers and on amendments to certain acts | the processing of personal data is a legal requirement | name, surname, date of birth and residence of the protected whistleblower | 3 years from the date of receipt of the notification | Whistleblower Protection Office, courts, law enforcement agencies, other authorized entity | there is no transfer to a third country or international organisation |
The purpose of processing personal data is to process and record the exercised rights of the data subjects. | the processing of personal data is a legal requirement | common personal data that is part of the application | 5 years from the date of disposal of the exercised right or request | Personal Data Protection Office, courts, law enforcement agencies, other authorized entity | there is no transfer to a third country or international organisation |
The purpose of processing personal data is to manage the contractual agenda (records of contracts) | the processing of personal data is a legal requirement | title, name, surname, place of residence, date of birth, personal identification number, temporary residence, OP number, signature and other personal data necessary for the conclusion and performance of the contract | during the duration of the contractual relationship and after its termination until the full settlement of contractual and other claims arising from the contractual relationship, or until the expiration of the limitation periods specified in the relevant legal regulations | Government Office of the Slovak Republic, courts, criminal prosecution authorities, banks, insurance companies, law firms, relevant district offices - cadastral departments, public, other contracting party, public, other authorized entity | there is no transfer to a third country or international organisation |
The purpose of processing personal data is to fulfill contractual obligations (based on contracts with customers, suppliers of goods and services, other business partners) and implement pre-contractual relationships. | the processing of personal data is carried out in the performance of a contract or in the implementation of pre-contractual relations | name, surname, business name, address of residence / place of business, company ID, contact details (tel. no., e-mail), bank details | during the duration of the contractual relationship and after its termination until the full settlement of contractual and other claims arising from the contractual relationship, or until the expiration of the limitation periods specified in the relevant legal regulations | courts, law enforcement agencies, third parties, other authorized entity | there is no transfer to a third country or international organisation |
The purpose of processing personal data is the security and protection of the Operator's IT system and internal infrastructure. | the processing of personal data is carried out on the basis of the legitimate interest of the Operator for the purpose of protecting its IT system, its integrity and confidentiality of stored information, through user profiles; and also the protection of rights, legally protected interests and property in its own ownership, as well as the protection of rights and legally protected interests and property in the ownership of other persons and to ensure the operation of IT systems, infrastructure and applications, their security and protection against disruption | all categories of personal data processed in the payroll and personnel agenda | during the duration of the employment relationship with the employee, after its termination until the full settlement of contractual and other claims arising from the employment relationship, or until the expiration of the limitation periods specified in the relevant legal regulations | courts, criminal law enforcement authorities, authorities responsible for resolving offenses, an intermediary providing information system services, another authorized entity | Microsoft ( Data Privacy Framework ) |
The purpose of processing personal data is to keep records of persons and vehicles entering the Operator's premises /guest book/ | The processing of personal data is carried out on the basis of the legitimate interest of the operator, which is to ensure the security of the premises, the protection of the life, health and property of persons entering the premises. | name, surname, ID number, information about the time of arrival and departure of the person concerned to and from the premises | 14 days from the date of entry into the premises | courts, criminal justice authorities, authorities responsible for resolving offenses, an intermediary providing security services, another authorized entity | there is no transfer to a third country or international organisation |
The purpose of processing personal data is to monitor with camera systems to improve the protection of the Operator's property, to increase the protection of life and health of persons on the Operator's premises, security, to obtain evidence for the purposes of proving possible legal claims and detecting crime. | The processing of personal data is carried out on the basis of the legitimate interest of the operator in protecting the rights, legally protected interests and property owned by the operator, in protecting the rights and legally protected interests and property owned by other persons and in ensuring the safety, protection of life and health of persons entering and staying on the premises of the operator, as well as in detecting and preventing crime and other antisocial activities. | audio-visual recording | 14 days from the date of the record | courts, law enforcement agencies, authorities responsible for resolving offenses, an intermediary providing security services, another authorized entity | there is no transfer to a third country or international organisation |