PRIVACY POLICY
1. The protection of the personal data you entrust to us is of utmost importance to us, which is why we inform you in the following about the processing of your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”) and Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain acts (hereinafter referred to as “Act on the protection of personal data”).
The controller of your personal data is the company BOAT IT UP s.r.o. with its registered office at Mlynské nivy 4, Bratislava, 811 09, ID No.: 55 646 28 (hereinafter referred to as “Controller” or “BOAT IT UP”). We will be happy to provide you with any information regarding the handling of your personal data at the e-mail address sailing@boatitup.com.
This information is intended for visitors to our website, our clients, contractors and suppliers and aims to explain how we collect, use, disclose, transfer and protect your personal data and describes your data protection rights and the procedure for exercising them.
Personal data is any information by which you can be identified or identifiable. This may include common contact and identification information: title, first name, last name, job title, email address, telephone number, employer identification information, and for our clients, address, date of birth, or birth number.
2. Who do we share your personal data with?
As the controller, we have a legal obligation to provide your personal data during inspections, supervisory activities or at the request of authorised state authorities or institutions, if this is required by specific regulations.
If we process your personal data pursuant to special legislation, failure to provide your personal data could result in the impossibility of carrying out our legal obligations.
Your personal data may also be available to other recipients, such as suppliers of BOAT IT UP’s services in:
– bookkeeping
– IT support
– website development and management
– provision of postal services
– provision of legal services
3. Processing policy
We only process personal data if we have a legal basis to do so. The legal basis for processing may be:
– contract and pre-contractual relations
– the performance of legal obligations
– our legitimate interest
4. Contract and pre-contractual relations
We process personal data since pre-contractual and contractual relationships. This means that we need to process the data to enter and perform a business contract with you. Without your personal data, we cannot conclude a contract and subsequently ensure its performance, i.e. provide you with our services.
5. Legal obligation
We process certain personal data to comply with legal obligations. The law determines which personal data we must process and to what extent to fulfil our legal obligations. If we process your personal data pursuant to specific legislation, failure to provide your personal data could result in the insufficient or impossible performance of our legal obligations.
6. Legitimate interest
When we have our own commercial or business reason for using your data, this is called legitimate interest. The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject If we process personal data based on a legitimate interest, we inform you of this in the text below.
Consent
The Controller can also process personal data based on a consent; such being the case, the purpose of personal data processing is stated directly in the request for such consent. If personal data is provided on the grounds of consent, the data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of providing personal data based on the consent granted before its withdrawal.
7. For what purpose do we process your personal data, on what legal basis and for how long do we keep it?
We process your personal data for the purposes further defined in the following overview:
Purpose of processing your personal data |
Legal basis for the processing activity Retention period |
Category of recipients |
Conclusion and performance of various contractual relationships |
Contractual relationships
The retention period is for the duration of the contractual relationship until the contract has been duly terminated and all contractual obligations have been settled; at the latest 10 years after the termination of the contract |
The parties to the contract Service providers |
Accounting and related obligations |
Legal obligation Act No 431/2002 Coll. on Accounting, as amended regulations
Retention period of 10 years |
Tax office |
Contact data from the contact form |
The legitimate interest of the controller pursuant to Article 6(1)(f) of the Regulation in processing the contact details of entities with which it communicates, has business relations, etc.
Retention period is 1 year from the date of the request, unless a contractual relationship has been concluded |
Employees of the controller |
Handling and recording of exercised data subjects’ rights (GDPR) |
Legal obligation Pursuant to Chapter III of Regulation 2016/679 on the protection of natural persons regarding the processing of personal data and on the free movement of such data
Retention period is 5 years |
Individuals exercising data subjects’ rights |
Litigation, exercise of legal claims (generally, not only in court) and jurisdiction |
Purpose compatible with the original purpose of processing personal data – performance of contractual obligations, whereby the exercise of legal claims or defence of the controller’s rights under the law may be envisaged
The retention period is 10 years from the end of the litigation |
The parties to the proceedings, the legal representatives of the parties to the proceedings, the competent court, the entities authorized under special regulations to comment on the subject matter of the proceedings, chambers, associations established by law, forensic experts |
Executions |
Legal obligation Act No 59/2018 Coll. on bailiffs and enforcement activity (the Enforcement Code) 5 years |
Persons authorized under the relevant regulations, notaries |
Administration of archives and registers, including the registration of mail |
Legal obligation Act No 395/2002 Coll. on archives and registers Statutory retention periods for documents 10 years |
Ministry of the Interior of the Slovak Republic, other authorized body |
Out-of-court debt recovery |
Our legitimate interest
The retention period is based on the statutory limitation periods. |
Entity providing debt recovery services, legal representative |
The controller may also process personal data based on consent; in this case, the purpose of the processing of personal data is indicated directly in the request for such consent. Where personal data are provided based on consent, the data subject shall have the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the disclosure of personal data based on consent given prior to its withdrawal.
Personal data shall not be processed for a purpose other than that for which they were originally collected, unless provided for by a specific regulation under which the controller operates or unless the data subject gives his or her voluntary consent; except where the original purpose is compatible with the new purpose (e.g. the enforcement of claims under contracts).
The data provided to the extent requested in the contact form, such as name, surname, e-mail, telephone number, place or city where the requested service is to be performed, type of subject and other additional information is necessary for the processing of your request. If you do not provide this information, we will not be able to provide you with the relevant information or service.
8. Transfer of data to third countries
Your personal data is not transferred to third countries or international organisations.
9. From what sources do we obtain personal data?
We obtain your personal data directly from you when you enter into or perform a contract. We may also obtain personal data from publicly available sources, such as a client’s or supplier’s website or by submitting a form on our website.
10. Automated decision-making and profiling
BOAT IT UP does not carry out automated decision-making or profiling with a legal or similarly significant impact on you.
11. Security of personal data
We have put in place appropriate technical, organisational and physical measures to ensure data security.
We aim to protect your personal data from unauthorised processing, accidental loss, damage or destruction. Access to your personal data will only be granted to persons authorised by the controller to process your personal data and who process it based on the controller’s instructions, in accordance with the controller’s security policy.
BOAT IT UP protects your personal data against misuse by appropriate and available means. We store personal data in secure areas, rooms, storage facilities or systems. Access to these areas is restricted, pre-determined and always controlled.
BOAT IT UP immediately addresses any security incident. If an incident is likely to result in a high risk to your rights and freedoms, we will always notify you. We will also inform you of the measures we have taken to remedy the situation.
12. Retention of personal data
Your personal data will be kept securely and only for as long as necessary to fulfil the purpose of the processing.
Your personal data is backed up, in accordance with the retention policy of the controller. Your personal data will be completely erased from the backup storage as soon as it is possible in accordance with the backup rules stated. The personal data stored on backup storage sites is used to prevent security incidents, in particular data availability breaches due to a security incident. The controller is obliged to ensure that data is backed up in accordance with the security requirements of the Regulation and the Data Protection Act. We only retain your personal data for a limited period, with deletion occurring when it is no longer required for the purposes set out above.
13. What are your rights in relation to the personal data we process about you?
You can contact us regarding the following rights in relation to your personal data:
- Right of access – You have the right to be provided with a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written paper form, unless you request a different method of providing it. If you have requested this information by electronic means, it will be provided to you electronically where technically possible.
- Right to rectification – We take reasonable steps to ensure that the information we hold about you is accurate, complete and up to date. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or complete the information.
- Right to erasure – You have the right to ask us to erase your personal data if, for example, the personal data we have collected about you is no longer necessary to fulfil the original purpose of the processing. However, your right must be considered in the light of all the relevant circumstances. For example, we may have certain legal and regulatory obligations which mean that we may not be able to comply with your request.
- Right to restriction of processing – In certain circumstances, you are entitled to ask us to stop using your personal data. These include, for example, where you think that the personal data, we hold about you may be inaccurate or where you think that we no longer need to use your personal data.
- Right to withdraw consent – In exceptional circumstances, we may process your personal data based on consent. You will be specifically informed in advance of such processing. Where we process your personal data based on your consent, you have the right to withdraw this consent at any time. You may withdraw your consent electronically or in writing. Withdrawal of consent does not affect the lawfulness of the processing of personal data that we have processed about you based on that consent.
- Right to data portability – In certain circumstances, you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you based on consent or on the basis of a contract to which you are a party.
- Right to object – You have the right to object to processing based on our legitimate interests. If we do not have a compelling legitimate ground for processing and you object, we will no longer process your personal data.
- Right to lodge a complaint – If you believe that we are processing your personal data unfairly or unlawfully, you may lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, https://dataprotection.gov.sk, Hraničná 12, 820 07 Bratislava 27; Tel: +421 /2/ 3231 3214; E-mail: statny.dozor@pdp.gov.sk.
If you wish to exercise any of the above rights, please send us an e-mail to: sailing@boatitup.com. You can also contact us in writing by post to the address of BOAT IT UP.
We will process your request within 30 days. If necessary, we will request additional information from you to verify your identity. If your application is complicated or if you have submitted multiple applications, it may take us longer. If it takes us longer than a month to respond, we will let you know.
Getting a copy of your personal information (or exercising any other rights) is free of charge. However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or unreasonable.
14. Changes to information about the processing of personal data
If we decide to change this information, it will be published on the website as it stands.
The last change was made on 11.03.2024.