The protection of natural persons with regard to the processing of personal data
is a fundamental right. Article 8, par. 1 of the Charter of Fundamental Rights of the European Union
and Article 16, par. 1 of the Treaty on the Functioning of the European Union stipulate
that everyone has the right to the protection of personal data concerning him or her.
RIVERS, s.r.o., Commercial Register of the District Court Bratislava I,
Section: Sro, File Reg. no. 98010/ B, Company ID: 47700785, VAT no.: 2024064152,
Registered office: Mudroňova 1723/6 Bratislava 811 01, Slovak Republic,
Managing director: Mgr. Peter Mriňák - decided to address the issue of personal
data protection due to the processing of personal data of the persons concerned and
in the light of the above prepared security documentation containing a description of security
measures and impact assessment on personal data protection:
- in accordance with the currently valid legislation - Act. no. 122/2013 Coll.
on Personal Data Protection, as amended (as amended by Act no. 84/2014 Coll.,
Act no. 55/2017 Coll.) and the Decree no. 117/2014 Coll. of the Office for Personal
Data Protection of the Slovak Republic listed in the Collection of Laws,
which amends the Decree no. 164/2013 Coll. on the Scope and Documentation
of Security Measures of the Office for Personal Data Protection of the Slovak Republic,
- with regard to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of
27 April 2016 on the protection of individuals with regard to the processing of personal data
and on the free movement of such data, repealing Directive 95/46 / EC
(General Data Protection Regulation).
The controller informs that he has taken appropriate technical,
organizational and personnel security measures and guarantees on the part of both the controller
and the processor, taking into account in particular:
- principles of personal data processing such as legality,
fairness and transparency; limitation and compatibility of processing purposes;
data minimization, pseudonymization or encryption, and data retention minimization;
data accuracy; integrity and confidentiality, data availability;
- the principles of necessity and proportionality
(it also applies to the scope and amount of personal data processed,
the retention period and access to such personal data)
of processing with regard to the purpose of the processing;
- the nature, scope, context and purpose of the processing;
- resilience and recovery of processing systems;
- instructions for authorized persons;
- taking appropriate measures to immediately determine whether a personal data
breach has occurred and to promptly inform the supervisory authority and the data subject of such an event;
- taking appropriate measures to ensure that incorrect data are corrected or deleted
or that the data subject's rights are otherwise exercised;
- risks of varying probability and severity concerning the rights
and freedoms of individuals (in particular accidental or unlawful destruction of personal data,
loss or theft of personal data, misuse of personal data - unauthorized access or unauthorized disclosure;
risk assessment with regard to the origin, nature, likelihood and severity of risks,
identification of best practices for risk mitigation).
The controller also informs that the new General Data Protection Regulation (GDPR)
is a new piece of legislation that will significantly increase the protection of citizens'
personal data in the digital world. The aim of the GDPR regulation is to give European citizens
more control over what happens to their data, while unifying existing data protection laws
within the EU. The new General Data Protection Regulation will enter into force on 25 May 2018
and will be equally valid in all Member States of the European Union and will be binding upon
all cities, municipalities and their subordinate organizations located in the European Union,
regardless of their size or population and staff.
The GDPR brings significant changes to EU legislation in the field of personal data protection.
Major changes related to GDPR:
- the regulation introduces new measures and concepts - pseudonymisation,
profiling, genetic data, group of companies, etc.,
other data will be considered personal in certain circumstances -
IP addresses, cookies, RFID, e-mail addresses, location data, etc.,
- it will be possible to challenge the company's decision made on the basis
of personal data (e.g. categorization of the customer on the basis of income, gender, location, etc.),
expands the duties and responsibilities of the processor,
introduces special protection of children's personal data,
introduces new notification obligations towards the persons concerned and public administration institutions
(for example, towards the supervisory authority within 72 hours),
introduces the right to correct incorrect personal data,,
regulates the right to the transfer of personal data,
introduces the right to be informed of all personal data processed by the controller,
introduces the right to be forgotten - the right to delete personal data.
Provision of personal data to third parties:
The IS operator does not provide personal data to third parties.
Instruction on voluntariness: The data subject provides the above-mentioned personal data to the IS operator voluntarily, without coercion and enforcement on the part of the controller.
- 1. The full wording of the Personal Data Protection Act no. 136/2014 Coll.:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016
on the protection of individuals with regard to the processing of personal data and on the free
movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation).
Wording of the consent to the processing of personal data:
Consent to the processing of personal data
in accordance with Act. no. 122/2013 Coll. on Personal Data Protection, as amended by Act no. 84/2014 Coll.,
the full wording of the Act of May 30,
2014 listed in the Collection of Laws under number 136/2014,
and with regard to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 27 April, 2016 on the protection of individuals with regard to the processing of personal data
and on the free movement of such data, repealing Directive 95/46 / EC (General Data
(hereinafter referred to as the Act)
By checking the chekbox in website, the Interested party grants the company:
RIVERS, s.r.o., Commercial Register of the District Court Bratislava I,
Section: Sro, File Reg. no. 98010/ B, Company ID: 47700785,
VAT no.: 2024064152, Registered office: Mudroňova 1723/6 Bratislava 811 01, Slovak Republic,
Managing director: Mgr. Peter Mriňák (hereinafter referred to as the Processor)
consent to the processing of personal data in accordance with Act. no. 122/2013 Coll.
on the protection of personal data, as amended by Act no. 84/2014 Coll.,
as amended (the full wording of the Act of May 30, 2014 is listed in the Collection of Laws under
No. 136/2014 Coll.), which shall constitute a clear expression of will.
The consent shall be granted for a period of 10 years and regards the use of brokerage services:
mediation of sale, lease and purchase of real estate (real estate activities).
The consent hereby granted shall cover all processing operations carried out for the same
purpose or purposes, in particular:
creation, editing and publication of photographs, videos and information on the real estate
of the Interested party by means of computer technology
(camera, mobile devices, laptop, tablet, computer or aircraft (drone/ quadcopter)
in order to present the Interested party’s real estate on the intermediary's website,
webpages of real estate and advertising websites, as well as for advertising purposes
in online and paper media.
for the purposes of legal advice provided by a law firm / a lawyer registered with the Bar Association.
The necessary scope of processed personal data due to the use of the brokerage services
in the performance of the following activity: Mediation of the sale, lease and purchase of real estate
(real estate activities).
Art. 13 of the Act: birth number
Art. 10, par. 4 of the Act:
academic title, name, surname, maiden name, date of birth, identity card number,
domicile, correspondence address, telephone no., e-mail address,
specification of financial obligations, specification of a business case,
real estate data, real estate photos, contractual conditions, bank account no.,
real estate video.
By signing the checkbex, the Interested party also confirms that the wording of the consent is understandable and its layout is clear.
The Interested party is hereby informed that this consent may be revoked at any time.
PDF version GDPR