Contact

PRIVACY POLICY

INFORMATION FOR THE DATA SUBJECT ABOUT THE COLLECTION AND PROCESSING OF PERSONAL DATA

The Controller hereby provides the Data Subject from whom the Controller collects personal data pursuant to Article 13 (1) and (2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”) with the following information: 

Identity and contact details of the Controller:

The Controller is the company: Krasno studio s. r. o. with its registered office: M. M. Hodžu 7, 031 01 Liptovský Mikuláš, Company ID: 47591889, Tax ID: SK2023985260, registered in the Commercial Register of the District Court Žilina, Section: Sro, Insert No. 61386/L, statutory body: Ing. Adam Bartánus, Ing. Michal Vavro, managing director: Ing. Adam Bartánus, Ing. Michal Vavro, e-mail address: vavro@krasno.studio, phone number: +421908588487

This privacy policy is used to help you understand our privacy practices, including what personal data we collect, why we collect it, how we handle it, how we protect it, and to learn about your personal rights in this regard. 

Processed personal data

The Controller processes the following personal data:

Name
Surname
E-mail
Phone number

Identity and contact details of the Controller's representative:

Ing. Michal Vavro, e-mail address: vavro@krasno.studio, phone number: +421908588487

Contact details of the responsible person:

Ing. Michal Vavro, e-mail address: vavro@krasno.studio, phone number: +421908588487 

Purposes of the processing of personal data of the Data Subject:

The purposes of the processing of personal data of the Data Subject are:

  • Processing and recording of received orders from potential customers or CVs from job seekers in Krasno Studio and their archiving in accordance with applicable legislation and accounting regulations.
  • Newsletter/email campaign – sending personalized emails with the option to unsubscribe. 

Legal basis for the processing of personal data of the Data Subject:

The legal basis for the processing of personal data of the Data Subject will be, depending on the specific personal data and the purpose of their processing, the consent of the Data Subject to the processing of personal data, or the legitimate interests of the Controller.

Specification of the legitimate interests pursued by the Controller or a third party:

Not applicable.

The recipients or categories of recipients of the personal data:

The recipient of personal data of the Data Subject will be or at least may be (i) statutory bodies or members of the statutory bodies of the Controller, (ii) employees of the Controller, (i) commercial representatives of the Controller and other persons cooperating with the Controller in the performance of the tasks of the Controller. For the purposes of this document, all natural persons performing dependent work for the Controller on the basis of an employment contract or agreements on work performed outside the employment relationship shall be considered to be employees of the Controller.

The recipient of personal data of the Data Subject may also be the Controller’s associates, business partners, suppliers and contractual partners, in particular: an accounting company, a company providing services related to the creation and maintenance of software, a company providing legal services to the Controller, a company or a natural person providing advice to the Controller, as well as employees of the said persons.

The recipients of personal data in cases specified by law will also be the tax office and other state authorities. 

Information on the intended transfer of personal data to a third country:

Not applicable – the Controller does not intend to transfer personal data to a third country.

Term of keeping personal data:

Personal data will be retained in accordance with the law for as long as necessary for the purposes of:

  1. the existence of a legal obligation to which we are subject,
  2. whether the retention is appropriate in relation to our legal status (for example, in connection with applicable restrictions, legal processes or regulatory investigations).

Security of personal data:

We use reasonable organizational, technological and administrative measures to protect personal data within our organization. Unfortunately, no data transfer and storage system can guarantee 100% security. If you have reason to believe that your interaction with us is unsafe, please notify us immediately at the e-mail address: info@krasno.studio 

Information on the existence of relevant rights of the Data Subject:

The Data Subject has the following rights:

a) the Data Subject's right to access data pursuant to Article 15 of the Regulation, the content of which is:

    1. the right to obtain the Controller’s confirmation as to whether or not personal data concerning the Data Subject are being processed;
    2. if personal data of the Data Subject are processed, the right to access the processed personal data and the right to obtain the following information:
    • information on the purposes of the processing;
    • information on the categories of personal data concerned;
    • information on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
    • where possible, the envisaged period for which personal data will be stored, or, if not possible, the criteria used to determine that period;
    • information on the existence of the right to request from the Controller the rectification of personal data concerning the Data Subject or their erasure or restriction of processing and the existence of the right to object to such processing;
    • information on the right to lodge a complaint with a supervisory authority;
    • if personal data have not been obtained from the Data Subject, any available information as to their source;
    • information on the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) of the Regulation and, in such cases, at least meaningful information about the procedure followed, as well as the significance and the envisaged consequences of such processing for the Data Subject;
    1. the right to be informed of the appropriate safeguards pursuant to Article 46 of the Regulation relating to the transfer of personal data where personal data are transferred to a third country or to an international organisation;
    2. the right to provide a copy of the personal data processed, subject to the condition that the right to provide a copy of the personal data processed must not have an adverse effect on the rights and freedoms of others; 

b) the Data Subject's right to rectification pursuant to Article 16 of the Regulation, the content of which is:

  1. the right to obtain from the Controller the rectification of incorrect personal data concerning the Data Subject without undue delay;
  2. the right to have incomplete personal data of the Data Subject completed, including by means of providing a supplementary statement of the Data Subject;

c) the Data Subject's right to the erasure of personal data (“the right to be forgotten") pursuant to Article 17 of the Regulation, the content of which is:

(i) the right to obtain from the Controller the erasure of personal data concerning the Data Subject without undue delay where one of the following grounds applies:

– personal data are no longer needed for the purposes for which they were acquired or otherwise processed;

– the Data Subject withdraws their consent on which the processing is based, subject to the condition that there is no other legal basis for processing personal data;

– the Data Subject objects to the processing of personal data pursuant to Article 21 ( 1) of the Regulation and there are no overriding legitimate grounds for the processing of personal data or the Data Subject objects to the processing of personal data pursuant to Article 21 (2) of the Regulation;

– personal data were processed unlawfully;

– personal data must be erased in order to comply with the statutory obligation under EU law or the law of the member state the Controller is subject to;

– personal data were obtained in relation to the provision of information society services pursuant to Article 8 ( 1) of the Regulation;

  1. the right that the Controller who disclosed the personal data of the Data Subject shall take appropriate measures, including technical measures, taking into account the available technology and the costs of implementing the measures, to inform other data controllers that the Data Subject requests them to delete all references to such personal data, their copy or replications; however, the right to the erasure of personal data containing rights under Article 17 ( 1) and (2) of the Regulation [i. e. with the content of rights under (i) and (ii) of this point (c) of point J. of this document] shall not arise if the processing of personal data is necessary:
  1. to exercise the right to freedom of expression and information;
  2. to comply with a legal obligation requiring processing under EU law or the law of the member state the Controller is subject to, or in order to perform a task carried out in the public interest or in the exercise of public authority entrusted to the Controller;
  3. on the grounds of public interest within public health, in accordance with Article 9 (2) point (h) and (i) of the Regulation, as well as Article 9 (3) of the Regulation;
  4. for the purposes of archiving in the public interest, scientific or historical research, or for statistical purposes under Article 89 (1) of the Regulation, as long as the right referred to in Article 17 (1) of the Regulation will render impossible or seriously impair the achievement of the objectives of such processing of personal data; or
  5. to prove, enforce or defend legal claims; 

d) the right of the Data Subject to restrict the processing of personal data pursuant to Article 18 of the Regulation, the content of which is:

(i) the right to restrict the processing of personal data by the Controller in one of the following cases:

– the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;

– the processing is unlawful and the Data Subject objects to the erasure of personal data and asks for restrictions on their use instead;

– the Controller no longer needs personal data for processing but the Data Subject needs them to prove, apply or defend legal claims;

– the Data Subject objects to the processing under Article 21 (1) of the Regulation, until it is verified whether the legitimate reasons on the part of the Controller outweigh the legitimate reasons of the Data Subject;

  1. the right that, where the processing of personal data has been restricted pursuant to (i) of this point (d) of point J. of this document, such restricted personal data shall, with the exception of storage, be processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or a member state;
  2. the right to be informed in advance of the lifting of the restriction on the processing of personal data; 

e) the Data Subject's right to fulfil the notification obligation towards the recipients pursuant to Article 19 of the Regulation, the content of which is:

  1. the right that the Controller shall notify each recipient to whom the personal data have been disclosed of any rectification, erasure of personal data or restriction of processing carried out pursuant to Article 16, Article 17 (1) and Article 18 of the Regulation, unless this proves impossible or requires disproportionate effort;
  2. the right that the Controller shall inform the Data Subject about these recipients if the Data Subject requests so;
  3.  

f) the Data Subject's right to data portability pursuant to Article 20 of the Regulation, the content of which is:

(i) the right to obtain the personal data concerning the Data Subject which they have provided to the Controller in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without the Controller to whom such data were provided prevented from doing so, if:

– the processing is based on the consent of the Data Subject referred to in Article 6 (1) (a) of the Regulation or Article 9 (2) (a) of the Regulation, or on the contract pursuant to Article 6 (1) (b) of the Regulation, and all at once;

– the processing is carried out by automated means, and all at once;

– the right to obtain personal data in a structured, commonly used and machine-readable format and the right to transfer such data to another Controller without being hindered by the Controller will not have an adverse effect on the rights and freedoms of others;

(ii) the right to transfer personal data directly from one Controller to another, as far as technically possible;

g) the Data Subject's right to object pursuant to Article 21 of the Regulation, the content of which is:

  1. the right to object at any time, on grounds relating to the particular situation of the Data Subject, to the processing of personal data concerning them, which is carried out pursuant to Article 6 (1) (e) or (f) of the Regulation, including objection to profiling based on these provisions of the Regulation;
  2. [in the event of the exercise of the right to object at any time, on grounds relating to the particular situation of the Data Subject, to the processing of personal data concerning them, which is carried out pursuant to Article 6 (1) (e) or (f) of the Regulation, including objection to profiling based on these provisions of the Regulation] the right that the Controller shall not further process personal data of the Data Subject unless it proves the necessary legitimate grounds for processing that outweigh the interests, rights and freedoms of the Data Subject, or the reasons for proving, exercising or defending legal claims
  3. the right to object at any time to the processing of personal data relating to the Data Subject for direct marketing purposes, including profiling to the extent that it is related to direct marketing; however, if the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes;
  4. (in connection with the use of information society services) the right to exercise the right to object to the processing of personal data by automated means using technical specifications;
  5. the right to object, on grounds relating to the particular situation of the Data Subject, to the processing of personal data concerning the Data Subject where the personal data are processed for scientific, historical or statistical research purposes pursuant to Article 89 ( 1) of the Regulation, except where processing is necessary for the performance of duties carried out on grounds of public interests;
  6.  

h) the Data Subject's right related to automated individual decision-making pursuant to Article 22 of the Regulation, the content of which is:

  1. the right not to be subject to a decision based solely on automated processing of personal data, including profiling, which produces legal effects concerning the Data Subject or similarly significantly affects them, except in cases referred to in Article 22 (2) of the Regulation [i. e. except where a decision: (a) is necessary for the conclusion or performance of a contract between the Data Subject and the Controller, (b) is authorised by EU or member state law to which the Controller is subject and which also lays down appropriate measures to safeguard the Data Subject’s rights, freedoms and legitimate interests, or (c) is based on the Data Subject’s explicit consent].

Instructions on the Data Subject's right to withdraw consent to the processing of personal data:

The Data Subject is entitled to withdraw their consent to the processing of personal data at any time, without affecting the lawfulness of the processing of personal data prior to consent withdrawal.

The Data Subject is entitled to withdraw their consent to the processing of personal data at any time – in whole or partially. Partial withdrawal of consent to the processing of personal data may relate to a certain type of processing operation(s), while the lawfulness of the processing of personal data in the scope of the remaining processing operations remains unaffected. Partial withdrawal of consent to the processing of personal data may relate to a certain specific purpose of the processing of personal data/certain specific purposes of the processing of personal data, while the lawfulness of the processing of personal data for other purposes remains unaffected.

The right to withdraw consent to the processing of personal data may be exercised by the Data Subject in paper form to the address of the Controller registered as its registered office in the Commercial Register at the time of withdrawal of consent to the processing of personal data or in electronic form by electronic means (by sending an e-mail to the e-mail address of the Controller specified when identifying the Controller in this document or by filling in the electronic form published on the Controller’s website).

Instructions on the right of the Data Subject to lodge a complaint with the supervisory authority:

The Data Subject have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or place of the alleged infringement, if they consider that the processing of their personal data infringes the Regulation, without prejudice to any other administrative or judicial remedy.

The Data Subject has the right to be informed by the supervisory authority to which the complaint has been lodged of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the Regulation.

The supervisory authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic.

Information on the existence/non-existence of the obligation of the Data Subject to provide personal data:

The Controller informs the Data Subject that the provision of personal data of the Data Subject is not a legal or contractual requirement, nor a requirement necessary to conclude a contract with the Controller. The Controller informs the Data Subject that the Data Subject is not obliged to provide personal data or give consent to their processing. The consequence of not providing personal data and/or not giving consent to the processing of personal data means that the Controller will not process personal data and that these personal data will not be used for the purposes listed in point D. of this document.

Information related to automated decision-making, including profiling:

Not applicable. – Since the Controller does not process personal data of the Data Subject in the form of automated decision-making, including profiling referred to in Article 22 (1) and (4) of the Regulation, the Controller is not obliged to provide information pursuant to Article 13 (2) (f) of the Regulation, i. e. information on automated decision-making, including profiling, and on the procedure used, as well as on the significance and expected consequences of such processing of personal data for the Data Subject.

Last but not least, we want to emphasize that we sincerely care about the protection of your personal data. You have shown us your trust through your interaction with our website www.krasno.studio and we highly appreciate your trust. This means that we are committed to protecting your privacy.

If you have any questions about this Privacy Notice or how Krasno Studio s. r. o uses your personal data, please contact us at info@krasno.studio 

DO YOU HAVE AN IDEA?

Together, let’s create
something beautiful

info@krasno.studio

Get in touch
Get in touch

+421 949 785 065

Behance Instagram Linkedin

Privacy policy

All rights reserved.