Personal Data Protection
Protection of personal data is a very important element in business.
Privacy issues have always been a part of our daily agenda even before GDPR came into force.
Whether you are organizing a consumer competition or in need of advice on personal data management and protection in your company, our law firm is fully available to assist you with our many years of experience in this field.
Our expertise includes:
- Protection of personal data in labour law matters (including the possibility of using biometrics), marketing issues and e-shops
- Assessments of the legal bases for processing
- Drawing up the consents of data subjects for various specific cases
- Participation at elaboration of internal directives and measures in the personal data protection agenda (including those on the exercise of data subjects’ rights)
- Elaboration of the ‘balance tests’ for cases when controllers use the “legitimate interest“ legal basis for their processing;
- Drafting and negotiation of Data Processing Agreements;
- Solving both standard and specific situations in personal data processing in the course of different businesses.
Depending on the nature of the business, the employer may have various legitimate interests which may justify the processing of personal data without the employee’s consent. In our experience, this concerns for example with an interest in (i) protecting the assets and safety of the company, employees and persons legally present at the employer’s premises; (ii) the management and effective organization of the company, carrying out administrative activities within the group; (iii) the protection of financial interests; (iv) ensuring anti-corruption measures; (v) ensuring confidentiality and safety of the data; (vi) ensuring network security and information security; (vii) exercising or protecting rights in various administrative, arbitration, criminal, judicial or execution proceedings and of course, also in other cases.
In addition to GDPR, Art. 78 sec. 3 of the Slovak Act on Personal Data Protection provides, that the employer is entitled to provide or disclose personal data of the employee in the extent of title, name, surname, job title, position, personal or employee number, department, place of work, telephone number, fax number, work email address and the employer’s identification data, if it is necessary in connection with the performance of the data subject‘s working responsibilities. However, the provision or disclosure of personal data shall not violate the seriousness, dignity and safety of the data subject.
Basically yes, but only upon a condition that you have given the customer the option to refuse the direct marketing communication (opt-out) at the time of concluding the electronical purchase contract and the content of your direct marketing is similar to services or goods that customer has already ordered from you.
Theoretically, GDPR considers direct marketing communication as a so-called legitimate interest of the controller, and hence generally would allow addressing the existing customers through the direct marketing. However, GDPR is not the only regulation that needs to be taken into account.
In the case of direct marketing addressed to natural persons, account must also be taken of the Electronic Communications Act (Sec. 62 par. 2 and 3), which requires direct consent of the recipient with direct marketing. Consent of the recipient is not required only if all of the following conditions are met: (i) it is the direct marketing both of entrpreneur‘s own and at the time similar goods and services, (ii) the contact information (e-mail address) has been obtained by the entrepreneur in connection with the sale of the goods or services; (iii) at the time when entrepreneur obtained the contact information – i.e. at the moment of concluding the purchase contract through the e-shop, the recipient had the opportunity to simply and free of charge refuse using of his or her contact information for direct marketing purposes.