In accordance with Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter the “GDPR”), we hereby meet our information obligation with respect to the processing of personal data of data subjects (i.e. persons whose personal data are subject to processing: employee, specialist, supplier, candidate etc.).

TITANS freelancers, s.r.o., with its registered office at: Jégého 16999/8, Bratislava-Ružinov 821 08, Company ID: 47 047 224, registered in the Business Register of District Court Bratislava I, Section: Sro; File No.: 89105/B

Who is the personal data controller?

Contact details of the controller: phone: +421 (0) 908 857 752, e-mail: [email protected]

If you have any questions or if you wish to exercise your rights as a data subject with respect to personal data processing, please contact the controller’s data protection officer by e-mail at: [email protected].

Where do we collect personal data of a data subject?

In most cases, we collect personal data directly from the data subject. If we also collect personal data from other sources, we will inform the data subject where we collected their personal data and about the category of the relevant personal data.

We process personal data on the following legal bases:

  • Based on contractual and pre-contractual relationships (Article 6 (1) (b) of the GDPR);
  • Based on legitimate interests (Article 6 (1) (f) of the GDPR);
  • Based on compliance with a legal obligation (Article 6 (1) (c) of the GDPR); and
  • Based on consent (Article 6 (1) (a) of the GDPR).

The data subject is required to provide their personal data if their processing is necessary for the
controller’s
compliance with a legal obligation.

The data subject is also required to provide personal data if their provision is a contractual requirement resulting from a contract concluded between the controller and the data subject. The provision of personal data under pre-contractual and contractual relationships is necessary; otherwise, failing to do so could prevent the data subject’s participation in a selection procedure,  conclusion, or performance of a contract.

If consent is the legal basis for the processing of personal data, consent is given on a voluntary basis. If we process personal data based on a data subject’s consent, the data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal of consent is neither charged nor sanctioned.

If we process your personal data based on our legitimate interests, the data subject has the right to object, on grounds relating to their particular situation, to the processing of their personal data on this basis, including to the profiling based on those interests (Article 21 of the GDPR).

How long do we store personal data of a data subject?

We store personal data for the period necessary to achieve the purpose for which the personal data are processed. If personal data are processed to comply with the controller’s legal obligations, we will store the personal data and the related documentation for the period required by the applicable law. A data subject will find more information about the storage period below in this document.

What are the purposes and legal basis of processing a data subject’s personal data?

  • Processing of a request for the provision of information by completing a contact form on the website

    We process personal data for this purpose based on a data subject’s voluntary consent. The consent may be withdrawn by the data subject at any time by sending an e-mail to the contact e-mail of the controller or to [email protected]. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

    Storage period: until the request is processed (until the required information is provided), up to a maximum of 1 year.
  • Processing the contact request by completing the “Recommend an IT Specialist” form on the website

    We process personal data for this purpose based on a data subject’s voluntary consent. The consent may be withdrawn by the data subject at any time by sending an e-mail to the contact e-mail of the controller or to [email protected]. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

    Storage period: until the request is processed (until the required information is provided), up to a maximum of 1 year.
  • Processing a data subject’s request to provide a service, including the request entered by completing the contact form on the website

    The processing for this purpose is necessary to make pre-contractual arrangements at the request of the data subject prior to the conclusion of the contract. Personal data are processed on a contractual or pre-contractual legal basis with the controller.

    Storage period: until the conclusion of a contract, up to a maximum of 1 year.
  • live chat communication and customer support

    If the data subject chooses to communicate with us by live chat on our website, we process the personal data that they provide to us during registration and communication based on voluntary consent of the data subject, who has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject may withdraw their consent by sending an e-mail to [email protected] or by delivering a written notice to the address of the controller’s registered office.

    The data recipient is Smartsupp.com, s.r.o. (Czech Republic), a supplier of messaging and live chat software. Personal data are not transferred to third countries.

    Storage period: 120 calendar days
  • Recording the controller’s internal activities aimed at acquiring a client

    This purpose includes the controller’s internal activities associated with the recording of the progress of communication, meetings, negotiations and other activities that must be performed before making a deal with a potential client based on their request/order.

    The processing of a potential client’s data is necessary to make pre-contractual arrangements at the request of the data subject prior to the conclusion of the contract.

    Personal data of natural persons acting on behalf of a potential client who expressed interest in our services/products, or of their employees (in the scope: title, first name, surname, e-mail or phone, relation to a legal entity whose contact person is the data subject, and information about their job title/position). The processing of their data for this purpose is based on our legitimate interest to ensure and monitor the process of contracting (negotiating the contract) with the person interested in the supply of the service/product.

    Storage period: until the conclusion of a contract, up to a maximum of 1 year.
  • Selection procedure (candidates)

    The processing of personal data of a candidate for employment includes activities related to the receipt and assessment of your CV and job application, the selection procedure and informing the candidate about the result (hired or not hired). The processing for this purpose is necessary to make pre-contractual arrangements at the request of the data subject prior to the conclusion of the contract.

    Storage period: until the completion of the selection procedure.
  • Selection procedure (candidates for cooperation by concluding a commercial relationship under a contract for work, mandate contract, cooperation contract or other contract, natural persons – entrepreneurs)

    The processing of personal data (as a candidate for cooperation with us) for this purpose includes activities related to the selection of a business partner on the basis of their participation in the selection procedure. These activities precede the conclusion of a business relationship between the controller and the data subject – a service provider for the controller (e.g. communication, informing whether the candidate succeeded or not). The processing for this purpose is necessary to make pre-contractual arrangements at the request of the data subject prior to the conclusion of the contract.

    Storage period: until the completion of the selection procedure.
  • Performance of the existing contractual relationships with suppliers, including records about suppliers and the existing contractual relationships with them, and timesheets for hours worked by the supplier for the controller

    This purpose includes activities related to the performance of obligations under the contract with the supplier, records of contracts, orders, acceptance protocols and invoices related to suppliers of products and services, and administrative acts associated with the monitoring of the fulfilment of obligations under the concluded business relationship, such as tracking the agreed deadlines, hours worked, product/service delivery methods. The processing for this purpose is necessary to perform the contract to which the data subject (supplier) is a party.

    For this purpose, in the records of suppliers and existing contractual relationships, we also process common personal data of the person authorised to act on behalf of the supplier (legal entity), and common data of the supplier’s employees, based on our legitimate interest to ensure effective performance of contracts by keeping contractual documentation and documentation related to the fulfilment of contractual obligations (contracts, invoices, orders, acceptance and takeover protocols, records of supplies of goods/services, timesheets and travel records with respect to the fulfilment of obligations towards the controller).

    Storage period: until the mutual rights and obligations are settled, but at least 10 years from the termination of the contractual relationship.
  • Performance of the existing contractual relationships with clients, including records of clients and existing contractual relationships with clients

    This purpose includes activities related to the performance of the obligations under the contract concluded with the client, keeping client contracts and administrative acts associated with the concluded contract, such as tracking the agreed deadlines. The processing for this purpose is necessary to perform a contract to which the data subject (client) is a party.

    For this purpose, we also process common personal data of the person authorised to act on behalf of the client (if the client is a legal entity), and common (contact) data of the client’s employees contained in the contract with the client, based on our legitimate interest to ensure effective performance of contracts by keeping contractual documentation and documentation related to the fulfilment of contractual obligations towards clients.

    Storage period: until the mutual rights and obligations are settled, but at least 10 years from the termination of the contractual relationship.
  • Business communication (as part of supplier-customer relationships)

    The legal basis for personal data processing for this purpose is the controller’s legitimate interest to communicate with business partners (with clients and suppliers) as part of business activities.

    Storage period: for the duration of the contractual relationship.
  • Valid conclusion of contractual relationships and ensuring their performance

    For this purpose, we process contact personal data contained in contracts concluded as part of supplier-customer relationships or in drafts of such contracts. We process personal data of natural persons – clients or suppliers, and personal data of persons authorised to act on behalf of the contract partner (supplier, client) and data of employees of contract partners.

    We process data of such data subjects for this purpose on the basis of the controller’s legitimate interest to ensure valid conclusion of contracts and their effective performance.

    Storage period: until the mutual rights and obligations are settled, but at least 10 years from the termination of the contractual relationship.
  • Bookkeeping, processing of accounting and tax documents, billing and cash register records

    The processing for this purpose is necessary to comply with the controller’s legal obligations, in particular pursuant to Act No. 431/2002 Coll. on Accounting, as amended, Act No. 222/2004 Coll. on Value Added Tax, as amended, Act No. 595/2003 Coll. on Income Tax, as amended, and Act No. 283/2002 Coll. on Travel Allowances, as amended.

    Storage period: 10 years (in accordance with the Accounting Act).
  • Inclusion of the data subject in the records/database of specialists with the possibility of offering cooperation on the projects of our clients.

    If the data subject consents to the processing of their personal data, we will process the personal data that they provided to us for this purpose, especially in the CV and its attachments and by completing the form on our website (in the scope mainly name, surname, place of residence, date of birth, e-mail address, phone number, education, qualification, professional and work experience, job title, language skills, including photo).

    The consent also includes the provision of that data subject’s personal data to our clients who wish to undertake a project and are looking for a specialist in the relevant area of the data subject’s qualification or specialisation. Data will only be provided to a client if the data subject wishes to participate in the project, and we will inform the data subject about such provision in advance.

    The consent is voluntary. We will not include the data subject in our records of specialists without the consent. The records are used to find and reach a suitable specialist in the field (candidate for cooperation) for a project for a third party (our client). The records include contact records to prevent the specialist from being contacted repeatedly in connection with the same project.

    The data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject may withdraw their consent by sending an e-mail to [email protected] or by delivering a written notice to the address of the controller’s registered office.

    Storage period: the personal data will be stored for this purpose by the controller until the data subject has withdrawn their consent in a documented manner.
  • Searching for IT specialists – candidates for cooperation in projects undertaken for third parties (clients) and contacting them

    We search for specialists on the Profesia website or on the LinkedIn social network.

    We process personal data published/made available by the data subjects on the Profesia and LinkedIn websites (data in the published CV and its attachments, in particular identification data, contact data, information about education, qualifications, language skills, professional experience, job title) based on our legitimate interest to acquire a suitable specialist for the relevant area for cooperation on a project undertaken for a third party (client of the controller).

    We will temporarily include the data collected in this way in the database of specialists and process them only for the period necessary to contact the data subject in relation to a particular offer to participate in a project, or a request for consent to store the data subject’s professional profile in our database of specialists, for a maximum of 3 months.

    If the data subject does not consent to further processing in the database of specialists or objects to the processing for this purpose, we will not further process their personal data and we will delete them from the temporary records. The data subject may e-mail their objections to [email protected] or send them in writing to the address of the controller’s registered office.

    Storage period: for the period necessary to contact the data subject in relation to an offer to cooperate on a project, or a request for consent to include their professional profile in the database of specialists, for a maximum of 3 months.
  • Contacting a potential supplier in connection with the possibility of future cooperation in the form of participation in a project undertaken for third parties (clients)

    Data processing in the scope of the data provided in the contact form is performed based on the data subject’s consent.

    The personal data processing for the above purpose creates an opportunity/possibility for the data subject to conclude a future commercial contract with the controller for the supply of services to a third party (the controller’s client), depending on the requirements of third parties (the controller’s clients) who express interest in the supply of the services provided by me.

    The data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject may withdraw their consent by sending an e-mail to [email protected] or by delivering a written notice to the address of the controller’s registered office.

    Storage period: 3 years from the date of consent.
  • Profiling in connection with the selection of a suitable specialist for cooperation on a project undertaken for a client

    The processing of specialist CVs, sorting of the CVs and selection of a suitable candidate (specialist) for cooperation on a project undertaken for a third party (client) also involves the profiling of personal data contained in professional profiles in our specialist database.

    The profiling considers various data that may affect the selection. Data on education, qualifications, professional experience, language skills and personality are considered. The profiling results in a professional profile of the data subject and their suitability for the project undertaken for a client.

    The profiling result will not be used for automated individual decision-making. The profiling result is evaluated as necessary by the controller’s relevant employee who decides whether the specialist will be contacted in connection with a specific project.

    This profiling is based on the controller’s legitimate interest to effectively evaluate the suitability of a specialist in the database of specialists for a project undertaken for the controller’s client.

    The data subject has the right to object to profiling based on legitimate interests in accordance with Article 21 of the GDPR. The data subject may e-mail their objections to [email protected] or send them in writing to the address of the controller’s registered office.

    Storage period: for the period of storage of the data subject’s professional profile in the database of specialists kept by the controller.
  • Recording a lack of interest of IT specialists in future/further cooperation with the controller

    The legal basis for processing the data of data subjects (potential and former suppliers of the controller) is the legitimate interest of the controller to prevent repeated contacting of the persons (specialists) who are not interested in cooperation on projects undertaken by the controller for clients.

    Storage period: 10 years.
  • Administration of pending disputes and enforcement proceedings, and collection of receivables and other claims of the controller in judicial, out-of-court, enforcement or bankruptcy proceedings, including legal representation in such proceedings

    If we process personal data of a data subject for this purpose, the legal basis of the processing is the controller’s legitimate interest to exercise or defend legal claims of the controller, prevent damage and ensure fulfilment of receivables and other legal claims of the controller. For this purpose, the controller may provide personal data to an attorney who processes personal data of clients and other natural persons in the scope necessary for the purpose of advocacy.

    Storage period: until the expiry of legal limitation and extinction periods or until the settlement of a legal claim enforced in the relevant judicial, out-of-court or enforcement proceedings. In accordance with the Registry Plan, documentation related to legal disputes is kept for a period of 10 years (registry purposes).
  • Proper identification of a party to a legal dispute and a debtor in an enforcement petition

    If we process personal data of a data subject for these purposes, we do so because it is our legal obligation to properly identify the debtor in an enforcement petition (the Civil Code, the Enforcement Code), and the plaintiff or defendant in court proceedings (especially Code of Contentious Civil Procedure, Code of Administrative Procedure).

    Storage period: until the settlement of a legal claim enforced in the relevant judicial, out-of-court or enforcement proceedings. In accordance with the Registry Plan, documentation related to legal disputes is kept for a period of 10 years (registry purposes).
  • Legal representation, consulting, commenting on draft contracts and texts (outside of proceedings)

    The processing of personal data of a data subject for this purpose involves the use of attorneys’ legal services, such as commenting on contracts and their amendments (including annexes) concluded with data subjects, or participating in meetings and other communication with data subjects. For this purpose, the controller provides personal data of a data subject to an attorney who processes personal data of clients and other natural persons in the scope necessary for the purpose of advocacy in accordance with Act No. 586/2003 Coll. on Advocacy and on Amendments to Act No. 455/1991 Coll. on Trade Licencing (the Trade Licencing Act), as amended, and the GDPR.

    We provide personal data of a data subject to an attorney based on our legitimate interest to prevent damage using professional legal services and to conclude valid contractual relationships in compliance with the legal requirements for concluded contracts.

    Storage period: 5 years (from the end of the calendar year in which the legal representation service was provided), and in justified cases for as long as necessary to safeguard and protect our legitimate interests and legal claims.
  • Ensuring network and information security

    The legal basis for processing a data subject’s personal data for this purpose is the controller’s legitimate interest to prevent unauthorised access to electronic communication networks, to prevent damage to computer and electronic communication systems and to protect data in the controller’s IT technologies and systems.

    Storage period: 5 years following the end of the calendar year in which the log was recorded.
  • Access management and key regime

    This purpose includes activities related to the keeping of access codes and passwords to individual information systems and databases of the controller, and the recording of access to the controller’s premises. We process a data subject’s personal data for this purpose because due to the controller’s legitimate interest to prevent unauthorised access to the controller’s systems, databases and selected premises. Data subjects are employees, statutory representatives and other natural persons who work on the controller’s premises or in the controller’s information systems.

    Storage period: documentation related to access management and the key regime documenting access rights of a specific user to individual information systems must be kept for a period of 5 years from the removal of their access rights. We keep records of the allocation and return of keys/chips for entry to the controller’s premises for 5 years from the handover (return) of the key/chip.
  • Sending marketing e-mails and electronic newsletters

    Based on the data subject’s consent, we will process the data subject’s e-mail address, to which we will send e-mails presenting offered products and services, organised workshops and newsletters. For this purpose, personal data are processed based on consents of the data subject who has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

    If we collect a data subject’s e-mail address in connection with the sale of goods or services, we will process the data subject’s personal data for this purpose based on a legitimate interest to inform clients about news in the area of products and services provided by us. Based on a legitimate interest, we only market our own goods and services similar to those purchased from us by the data subject. In accordance with Article 21 (2) of the GDPR, a data subject has the right to object at any time to the processing of your personal data for the purposes of direct marketing. In that case, we may no longer process personal data for this purpose.

    Every marketing e-mail or newsletter contains an “unsubscribe” link. If the data subject does not wish to receive information about our news and offers, they can opt out the subscription by clicking this link.

    Storage period: 5 years.
  • Obtaining the data subject’s prior consent (e-mail recipient) for marketing purposes (before contacting them)

    If we need a data subject’s consent to process personal data for marketing purposes, Act No. 452/2021 Coll. on Electronic Communications requires us to obtain their consent before we contact them.

    In accordance with legislation, we do not use automatic calling and communication systems without human intervention, telefax, e-mail or short message services for this purpose (to obtain consent).

    We carry out the processing based on a legitimate interest to carry out marketing activities in accordance with the applicable legislation and to be able to document that a valid prior consent for marketing purposes has been obtained.

    Storage period: in accordance with Act No. 452/2021 Coll. on Electronic Communications, we are required to keep a durable medium on which a documented consent of a participant/user is recorded, for a period of at least four years from the withdrawal of consent by the participant/user.
  • Organising consumer competitions

    We process personal data for this purpose based on a data subject’s consent. The processing includes collection of data by registering for a competition and further processing in accordance with the conditions of the competition, which the participant accepts by participating in the competition.

    The provision of personal data for the specified purpose is not a legal or contractual requirement or a requirement necessary to conclude a contract. It is not possible to participate in an organised competition without providing data for this purpose. Participation in the competition (giving consent to the processing of personal data for this purpose) is voluntary. By participating in the competition, the participant of the competition consents to the conditions of the competition published by the controller as the organiser of the competition.

    The data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject may withdraw their consent by sending an e-mail to [email protected] or by delivering a written notice to the address of the controller’s registered office.

    Personal data storage period: until the end of the consumer competition.
  • Sending thank-you letters/e-mails

    We process a data subject’s personal data for this purpose if they are our business partner or a person authorised to act for a business partner, or they cooperated with us in the past. Personal data is processed for this purpose on the legal basis of the controller’s legitimate interest to present the achievements of cooperation in order to keep active contact with a business partner.

    Storage period: for the duration and subsequently 5 years after the termination of the contractual relationship with the business partner.
  • Provision of benefits to suppliers or persons authorised to act on behalf of suppliers

    This purpose includes activities related to the provision of various benefits to contract partners – suppliers (natural persons – entrepreneurs), or for persons authorised to act on behalf of the supplier (legal entity), such as magazine subscriptions or vouchers for purchases from contractual partners. The legal basis for processing a data subject’s personal data for this purpose is the controller’s legitimate interest to provide benefits to motivate data subjects to continue cooperation with the controller.

    Storage period: for the duration of the commercial relationship with the relevant supplier.
  • Records of trips of suppliers or persons authorised to act on behalf of the supplier (legal entity) made by the controller’s company vehicles when performing activities for the controller

    The controller processes personal data of data subjects if they use the controller’s vehicle when carrying out activities for the controller, in the scope according to the mileage log.

    The legal basis for personal data processing is the legitimate interest to protect the controller’s property, establish, exercise and defend the controller’s claims in relation to damage, if any, to the vehicle.

    Documentation of fuel expenses and keeping of the mileage log is also a legal obligation under the Income Tax Act (processing is necessary to meet a legal obligation). In this case, the processing is carried out for the following purposes: bookkeeping, processing of accounting and tax documents, invoicing and cash register records.

    Storage period: we keep the data for 10 years and in justified cases for as long as necessary to defend the controller’s rights and interests.
  • Using a profile with a photo in business e-mails sent from the controller’s domain (as part of activities for the controller)

    We process personal data of data subjects – suppliers (natural persons) or persons authorised to act on behalf of suppliers (legal entities) for this purpose if the data subject gives us their consent. The consent is voluntary. The data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject may withdraw their consent by sending an e-mail to [email protected] or by delivering a written notice to the address of the controller’s registered office.

    Storage period: until the end of the commercial relationship with the data subject (if it is a natural person – entrepreneur) or until the end of the commercial relationship with the supplier, whose statutory body (executive) is the data subject, or until the end of the data subject’s acting as a statutory body (executive) of the supplier.
  • Our own company profile (FANPAGE) on social networks

    With a profile on social networks (Facebook, LinkedIn, Instagram, Twitter), our legitimate interest is to raise awareness about the controller in the online environment and communicate with clients and those interested in our services via our fanpage (fan pages).

    Personal data posted on our “FANPAGE” social media pages, such as comments, likes, videos, images, etc. will be published via the social network platform. We do not subsequently process these personal data for any other purpose.

    Social network operators have their own rules, service infrastructure and provisions for personal data protection.

    Facebook stores obtained data, such as user profiles, and uses them for its own purposes of advertising, market research and/or customisation of its services and tools for registered users. The data subject has the right to object to the creation of such user profiles, and must contact Facebook with the objection.

    We recommend learning more about the privacy protection conditions of social network platform providers:

    – Facebook: https://www.facebook.com/policy.php

    – LinkedIn: https://www.linkedin.com/legal/privacy-policy

    – Instagram: https://help.instagram.com/519522125107875

    – Twitter: https://twitter.com/privacy?lang=en

    Storage period: until the fan unfollows the fan page (deletes posts on the controller’s timeline) or objects to processing (in which case the posts will be deleted by the controller).

    For the purpose of “social networks – statistical data”, we and the operator of the Facebook social network act as joint operators under Article 26 (4) of the GDPR.

    When managing our controller profile on the Facebook social network, a data subject’s personal data may be processed for statistical purposes using the Facebook Insight functionality, which is provided to us free of charge by Facebook under unalterable conditions of use. When visiting our Facebook profile, Facebook records, among other things, the internet IP address of the data subject and other information. The user code, which can be matched to the connection data of users registered on Facebook, is collected and processed when opening fanpages.

    This information provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. More information about this statistical information (“insights”) is available at:


https://www.facebook.com/legal/terms/information_about_page_insights_data


https://www.facebook.com/help/pages/insight

For this processing, we act as joint controllers with Facebook, and the basic elements of the agreement of joint controllers for this case are available here:

https://www.facebook.com/legal/terms/page_controller_addendum

  • Presentation of cooperation between the controller and specialists (suppliers) by publishing the data subject’s professional profile, including a photo, on the controller’s website and on social networks (Facebook, Instagram, LinkedIn, Twitter) where the controller has created a profile

    We process personal data of data subjects – suppliers (natural persons) or persons authorised to act on behalf of suppliers (legal entities) for this purpose if the data subject gives us their consent.

    The consent is voluntary. The data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject may withdraw their consent by sending an e-mail to [email protected] or by delivering a written notice to the address of the controller’s registered office.

    The recipients of published personal data are visitors to the controller’s website and users of social networks where the controller has created their profile (Facebook, LinkedIn, Instagram, Twitter), operators of social networks, a provider of online advertising services and a company providing external website support and operation.

    Storage period: until the end of the commercial relationship with the data subject (if it is a natural person – entrepreneur) or until the end of the commercial relationship with the supplier, whose statutory body (executive) is the data subject, or until the end of the data subject’s acting as a statutory body (executive) of the supplier.
  • Presentation of the controller’s activities and events organised by the controller by publishing photos on social networks (Facebook, Instagram, LinkedIn, Twitter) where the controller has created a profile

    Based on consent, we will publish photos from our various activities and events organised by the controller on social networks where we have created a company profile.

    The provision of personal data for the specified purpose is not a legal or contractual requirement or a requirement necessary to conclude a contract. The data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The data subject may withdraw their consent by sending an e-mail to [email protected] or by delivering a written notice to the address of the controller’s registered office.

    The recipients of published personal data are visitors to the controller’s website and users of social networks where the controller has created their profile (Facebook, LinkedIn, Instagram, Twitter), operators of social networks, a provider of online advertising services and a company providing external website support and operation.

    Storage period: 10 years (from the consent date).
  • Registry obligations, including records of sent and received mail

    The processing is necessary for compliance with the controller’s legal obligations under Act No. 395/2002 Coll. on Archives and Registries and on Amendments to Certain Acts, as amended.

    Storage period: personal data are stored for this purpose for the period defined by the controller’s Registry Plan. We store personal data in the records of sent and received mail for 5 years (from the end of the calendar year in which the mail was sent/received).
  • Processing requests for the exercise of rights of data subjects

    The processing is necessary for compliance with the controller’s legal obligations under the personal data protection legislation (GDPR) with respect to the exercise of data subjects’ rights under Articles 15 to 22 of the GDPR.

    Storage period: 5 years from the date of processing the request, but at least until the finality of the administrative proceedings initiated by the data subject in connection with the request.
  • Company agenda, registration and notification of changes in the Business Register

    The processing for this purpose is necessary for compliance with the controller’s legal obligations (Act No. 530/2003 Coll. on the Business Register and on Amendments to Certain Acts, as amended, the Commercial Code).

    Storage period: We store personal data processed for this purpose (contained, for example, in minutes from the General Meeting and in other corporate and legal documents of the Company) for the duration of the controller’s legal personality (even in the event of the Company’s dissolution with a legal successor).
  • Access to and administration of the electronic mailbox

    For this purpose, we process personal data of the data subject who is authorised by us to access and administer the controller’s electronic mailbox assigned to us. When granting the access and administration authorisation, we will provide the data subject’s personal data in the scope required by law to the electronic mailbox module administrator in accordance with Act No. 305/2013 Coll. on e-Government and on Amendments to Certain Acts. The processing is necessary for compliance with the controller’s legal obligations.

    Storage period: for the duration of the authorisation granted to the data subject.
  • Keeping the personnel and payroll agenda

    For this purpose, personal data are processed on the following legal basis:
  1. The processing is necessary to perform a contract to which the data subject is a party (employment contract or agreement on work performed outside an employment relationship, agreement on material liability), or
  2. The processing is necessary for compliance with the controller’s legal obligations, especially under:
  • Act No. 311/2001 Coll. The Labour Code, as amended;
  • Act No. 125/2006 Coll. on Labour Inspection and on Amendments to Act No. 82/2005 Coll. on Illegal Work and Illegal Employment and on Amendments to Certain Acts, as amended;
  • Act No. 43/2004 Coll. on Old-age Pension Savings and on Amendments to Certain Acts, as amended;
  • Act No. 650/2004 Coll. on Supplementary Pension Savings and on Amendments to Certain Acts, as amended;
  • Act No. 580/2004 Coll. on Health Insurance and on Amendments to Act No. 95/2002 Coll. on Insurance and on Amendments to Certain Acts, as amended;
  • Act No. 595/2003 Coll. on Income Tax, as amended;
  • Act No. 461/2003 Coll. on Social Security Insurance, as amended;
  • Act No. 5/2004 Coll. on Employment Services and on Amendments to Certain Acts, as amended;
  • Act No. 462/2003 Coll. on Compensation of Income in Case of Temporary Incapacity for Work of an Employee and on Amendments to Certain Acts, as amended;
  • Act No. 152/1994 Coll. on Social Fund and on Amendments to Act No. 286/1992 Coll. on Income Taxes, as amended;

Storage period: The storage period for personal data of employees is detailed in a separate document for employees. We keep personal data of other data subjects for the purpose of complying with our legal obligations for the period defined in the applicable legislation (10 years).

  • Meeting obligations towards the Social Insurance Agency

    The processing of personal data is necessary for compliance with the controller’s legal obligations under Act No. 461/2003 Coll. on Social Insurance, as amended, Act No. 43/2004 Coll. on Old-age Pension Savings, as amended, Act No. 650/2004 Coll. on Supplementary Pension Savings and on Amendments to Certain Acts, as amended, Act No. 462/2003 Coll. on Compensation of Income in the Case of Temporary Incapacity for Work of an Employee and on Amendments to Certain Acts, as amended.

    Storage period: 10 years
  • Meeting obligations towards the health insurance company (mandatory contributions, annual health insurance reconciliation)

    The processing of personal data is necessary for compliance with the controller’s legal obligations under Act No. 580/2004 Coll. on Health Insurance and on Amendments to Act No. 95/2002 Coll. on Insurance and on Amendments to Certain Acts, as amended.

    Storage period: 10 years
  • Fulfilment of the controller’s tax obligations

    The processing of the data subject’s personal data is necessary for compliance with the controller’s legal obligations under Act No. 595/2003 Coll. on Income Tax, as amended.

    Storage period: 10 years
  • Meeting obligations towards a supplementary pension savings company

    The processing of the data subject’s personal data is necessary for compliance with the controller’s legal obligations under Act No. 650/2004 Coll. on Supplementary Pension Savings and on Amendments to Certain Acts, as amended.

    Storage period: 10 years.

Information about Cookies

We use cookies on our website. Cookies are small text files that are stored on your device (computer or other device with internet access, such as a smartphone or tablet) when you visit websites. Cookies contain information about the activities of website users. We use cookies to optimise and constantly improve our services and to customise them to your interests and needs.

Cookies are transferred either to our website (“proprietary cookies”) or to another website to which the cookies belong (“third-party cookies”).

We use essential (strictly necessary) cookies for our website to function. They enable the basic
functionalities of the website.

We process essential cookies on the basis of Article 6 (1) (f) GDPR (the legal basis is the controller’s
legitimate interest).
Our legitimate interest is the optimisation, functionality and security of the
website.

You have the right to object to the storage of cookies that we collect on the basis of our legitimate interest, for reasons relating to your particular situation. You can send an objection to the controller’s e-mail address below. Not using essential cookies could negatively affect the functioning of the website.

With your consent, we would also like to use voluntary cookies (which are not essential):

These cookies include:

  • Statistical/analytical cookies – they are used to improve the functionality of the website by monitoring the traffic and use of the website by website visitors;
  • marketing cookies – they collect information that helps to better customise advertising to your interests;
  • preferences – they enable the website to remember information that will change the way the website works or looks (e.g. your preferred language or the region when you are currently located).

For voluntary cookies, we process personal data on the basis of Article 6 (1) (a) of the GDPR (consent of the data subject). The consent is voluntary. We ask for your consent to the use of cookies on our cookie bar.

By clicking “Allow all cookies”, you agree to the use of all cookies, including third-party cookies, that we use on our website.

However, if you do not want all cookies to be used on our website, you can choose a setting directly on the cookie bar and confirm your choice by clicking “Allow selection”.

You can also choose “Only essential cookies”. By clicking this button, you disable all cookies processed based on consent.

Cookies, except for essential cookies, will not be stored until you specify your preferences on the bar (click a button).

You have the right to withdraw consent at any time. The withdrawal of consent does not affect the
lawfulness of processing based on consent before its withdrawal.

You can display the cookie bar at any time by clicking on the “cookies” icon at the bottom of our website, and withdraw your consent to the processing of cookies or change your preferences.

We inform you in detail about the individual cookie files used directly on the cookie bar.

We use the services of the supplier Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland (tools for measuring traffic using Google Analytics systems). Google Analytics services allow us to improve the functionality of the pages by tracking your use of our website. The collection and reporting of information is anonymised and it is not possible to identify individual users using common means. The information created by the cookie file about the use of the website (including your IP address) will be transferred and stored by Google. Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

When using the services of some of our suppliers, data is transferred to a third country (the United States of America or other countries where companies in the group are located).

Data transfer by Google is subject to standard contractual clauses approved by the Commission, which can be found here:

https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/

Google Privacy Policy: https://policies.google.com/privacy

The supplier Zendesk, Inc. (USA) uses binding intracompany rules for data transfer within the group:

https://d1eipm3vz40hy0.cloudfront.net/pdf/ZENDESK%20-%20BCR%20Processor%20Policy.pdf

Privacy Policy of Zendesk, Inc.: ttps://www.zendesk.com/company/agreements-and-terms/privacy-policy/

Data transfer by Meta Platforms Inc. is subject to standard contractual clauses approved by the Commission:
https://www.facebook.com/help/566994660333381?ref=dp

Privacy Policy of Meta Platforms Inc.:
https://www.facebook.com/policy.php

We use temporary and persistent cookies. Temporary cookies are stored on your device until you close the page. Persistent cookies remain on your device until they expire or until you delete them.

Controller: TITANS freelancers, s.r.o., with its registered office at: Jégého 16999/8, Bratislava-Ružinov 821 08, Company ID: 47 047 224, registered in the Business Register of District Court Bratislava I, Section: Sro; File No.: 89105/B

Contact details of the controller: phone: +421 (0) 908 857 752, e-mail: [email protected]

Data protection officer: [email protected]

Which entities have access to personal data?

Recipients of personal data are, or may be, entities designated by legal regulations, especially state administration and public authorities, to exercise control and supervision, in particular, health insurance companies, the Social Insurance Agency, tax authorities, supplementary pension savings companies, state administration and public authorities for the exercise of control and supervision, courts, law enforcement agencies.

Depending on the purpose of processing and the particular circumstances, other persons (in the position of a processor or a separate controller) may be recipients of personal data of data subjects, in particular:

  • An attorney;
  • An enforcement officer;
  • A data protection officer under the GDPR;
  • A bank;
  • A provider of postal services;
  • External trade intermediaries;
  • Contractual intermediaries who, based on consent obtained for us, insert professional profiles into our database of specialists, and profile and assign specialists to projects of our clients based on our instructions;
  • External providers of marketing services;
  • Provider of online advertising services;
  • A company providing external website support and operation;
  • External suppliers of programming work and system and implementation work;
  • Suppliers of installation, integration, migration, configuration, customisation, custom development, reporting and software product training;
  • A company providing design, development, implementation and other related IS and software services;
  • A company that is an external supplier of accounting services;
  • An external registry administrator;
  • External benefit providers (if identification and contact data of data subjects are processed to provide vouchers);
  • An external provider of audit services;
  • An external provider of the relevant SW solution and cloud database;
  • Providers of occupational health and safety services, occupational healthcare service and fire protection;
  • An external provider of administrative services and intermediation services (including search and selection services to find candidates for projects undertaken for third parties);
  • Operators of social networks Facebook, LinkedIn, Twitter and Instagram;
  • Visitors of the website and users of social networks where the controller has created its profile (Facebook, LinkedIn, Twitter, Instagram) with respect to the data published on them;
  • A supplier of software products and communication services, Microsoft Corporation;
  • A supplier of software products and communication services, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
  • Providers of SW solutions for electronic document signing (ANASOFT APR, spol. s.r.o. – okdokument.com and Digital factory s.r.o. – signi.com);
  • A supplier of messaging and live chat software on our website (Smartsupp.com, s.r.o.);
  • Sandberg Capital, an asset management company;
  • The facility manager of the building in which the controller rents premises.

Based on a given consent, we will provide personal data of a specialist from our database of specialists to our clients who wish to undertake a project and are looking for a specialist in the relevant area of the specialist’s qualification or specialisation.

Recipients of personal data also include recipients of e-mails containing the data subject’s profile.

If we process a data subject’s personal data using processors as a special category of recipients of personal data, we make sure that they comply with the applicable laws and terms and conditions agreed in the personal data processing agreement, that they are bound by confidentiality and that they protect the data subject’s data in accordance with the GDPR requirements.

Social network operators have their own rules, service infrastructure and provisions for personal data protection. Privacy protection terms and conditions of social network platform providers:

– Facebook: https://www.facebook.com/policy.php

– LinkedIn: https://www.linkedin.com/legal/privacy-policy

– Instagram: https://help.instagram.com/519522125107875

– Twitter: https://twitter.com/privacy?lang=en

Google Privacy Policy: https://policies.google.com/privacy

More information on how Microsoft Corporation processes personal data can be found here:
https://privacy.microsoft.com/sk-sk/privacystatement
.

Is data transferred to third countries or an international organisation (outside the European Union)?

When using the services of our suppliers, which we use in connection with our online activities on social networks (Facebook, LinkedIn, Instagram, Twitter), data is transferred to the United States of America (USA). The USA is considered a third country that does not provide an adequate level of protection, but any transfer of personal data outside the EU and/or the European Economic Area takes place only within the framework of compliance with the protection of personal data in accordance with the requirements of the GDPR. As the EU-US Privacy Shield mechanism was invalidated by a ruling of the Court of Justice of the EU in the Schrems II case of 16 July 2020, data transfers to the USA are subject to standard contractual clauses approved by the Commission, which you can find here:

Facebook, Instagram:
https://www.facebook.com/help/566994660333381?ref=dp

LinkedIn:
https://www.linkedin.com/legal/l/dpa

Twitter:

https://gdpr.twitter.com/en/controller-to-controller-transfers.html

The provision of software products and communication services by the suppliers Microsoft Corporation (intermediary) involves data transfers to the United States of America (USA). This data transfer is subject to standard contractual clauses approved by the Commission, which can be found here:

https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

When using the services of our supplier Google Ireland Limited, data is transferred to a third country (the United States of America). The data transfer is subject to standard contractual clauses approved by the Commission:
https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/

Some projects with clients in third countries (outside the EU) may involve the transfer of personal data of specialists who participate in or are candidates for projects undertaken for clients. We will always inform specialists about the particular intended transfer and its conditions individually depending on the client. If the country does not guarantee a suitable level of security in line with the European Commission’s decision, other institutes in accordance with the GDPR will be used for the transfer. If there is no decision on the suitability or suitable safeguards of transfers, we will only make such transfer on the basis of the data subject’s explicit consent (after informing the data subject about the risks of such transfers due to the absence of a decision on the suitability and suitable safeguards), or if such transfer is necessary to perform a contract between the data subject and the controller, or for pre-contractual arrangements made at the request of the data subject.

Will the data subject’s personal data be used for automated individual decision-making?

Personal data will not be used for automated individual decision-making.

Rights of data subjects:

Right to access personal data under Article 15 of the GDPR:

The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. The data subject has the right to access their personal data (they have the right to be provided with a copy of their personal data available to the controller), and information on how the controller processes personal data in the scope under Article 15 of the GDPR.

Right to rectification of personal data under Article 16 of the GDPR:

The data subject has the right to have inaccurate personal data concerning them rectified or to have incomplete personal data completed. The controller must comply with a request to rectify or complete personal data without undue delay.

Right to erasure (right to be “forgotten”) under Article 17 of the GDPR:

The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay where one of the grounds in Article 17 (1) of the GDPR applies (e.g. if the personal data obtained by the controller are no longer necessary for the purposes for which they were collected or otherwise processed). The controller will assess this right of the data subject with respect to all relevant circumstances in accordance with Article 17 of the GDPR (e.g. the controller does not comply with the request if processing is necessary to comply with the controller’s legal obligation or to establish, exercise or defend legal claims).

Right to restriction of processing of personal data under Article 18 of the GDPR:

The data subject has the right to obtain from the controller restriction of processing of their personal data in one of the following circumstances specified in Article 18 (1) of the GDPR. Where processing has been restricted under Article 18 (1) of the GDPR, such personal data will, with the exception of storage, only be processed: (a) with the data subject’s consent, or (b) for the establishment, exercise or defence of legal claims, or (c) for the protection of the rights of another natural or legal person, or (d) for reasons of important public interest of the Union or of a Member State.

Right to portability of personal data under Article 20 of the GDPR:

The data subject has the right to receive their personal data, which they have provided to the controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller, where the processing is based on consent, or on a contract and is carried out by automated means. The data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to object under Article 21 of the GDPR:

If the processing is based on legitimate interests (Article 6 (1) (f) of the GDPR), the data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them, including profiling based on those interests. In this event, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

If the data subject objects to the processing of their personal data for the purposes of direct marketing, including profiling to the extent that it is related to such direct marketing, the personal data must no longer be processed for such purposes.

Right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic

The data subject has the right to file a motion to initiate proceedings on personal data protection at any time with the supervisory authority, i.e. Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, www.dataprotection.gov.sk.

Back to main page?

Main page

30 168

Titans that have
joined us

650

Clients that have
joined us

425 987

Succcessfully supplied
man-days