HRON Privacy Policy

This HRON Privacy Policy (hereinafter referred to as the “Terms and Conditions“) we would like to inform you about how we process personal data in connection with the operation of the HRON Attendance System.

HRON is an online software application developed and used as a time and attendance system (hereinafter also referred to as “HRON” or “Attendance system“). HRON is primarily intended for the electronic recording of attendance of employees or natural persons in a similar employment relationship. HRON can be used on devices with access to the internet and a web browser, or with access to the digital distribution platforms Google Play and AppStore, through which the HRON Mobile App can be downloaded.

In these Terms, you will find more information about how we process your personal data in connection with certain activities or areas relating to HRON, such as when you visit our Website hron.tech or when using our HRON Mobile App, or if you communicate with us by post, telephone, email, through our social media and other forms of communication with us.

These Terms also contain information about what personal data we collect, from what sources we obtain it, for what purposes we use it, to whom we disclose your personal data, and what your rights are in relation to the processing of your personal data.

The information contained in these Terms and Conditions is provided in accordance with the relevant data protection regulations, in particular GDPR a Personal Data Protection Act.

Within the text of these Terms and Conditions may be referred to terms whose definition is available in the Terms and Conditions (General Terms and Conditions of the Attendance System “HRON”), which are published on the Website hron.tech or in the Mobile App “HRON”. Capitalized terms defined in the Terms and Conditions shall have the same meaning in these Terms and Conditions, and their meaning shall be retained even if used in a different grammatical form or with a lower case letter, as long as it is clear from the context that it is a defined term.

Unless these Terms or the Terms and Conditions expressly provide otherwise, the terms defined in Article 4 of the GDPR shall have the same meaning as in the GDPR.

• Who are we?

We are PANTHEON.tech s.r.o., with registered office at Mlynské nivy 56, 821 05 Bratislava, Slovak Republic, ID No.: 35 821 779, registered in the Commercial Register of the Municipal Court of Bratislava III, Section: Sro, Insert No.: 25072/B (hereinafter referred to as “PANTHEON.tech” or “we” or “our company“) and we are the operator of the aforementioned HRON Attendance System as well as the Website hron.tech and the HRON Mobile App.

We always consider your privacy when providing the Attendance System for use or providing related Products or other services. We are aware of our obligations to our users arising from the requirements of the laws governing your privacy and the protection of your personal information. We therefore always treat the protection of personal data with respect and responsibility.

Under the GDPR Regulation and the Personal Data Protection Act, our company may have the status of a controller, but also of a processor, depending on the specific activity in which personal data is processed in connection with HRON.

• When are we in the position of a data processor?

Our company, when providing HRON for use as a cloud solution, provides data space (virtual terminal) for storing data operated within HRON. This takes place on our company’s servers or in a hosting centre. As HRON is an attendance system, such data may include data of natural persons (e.g. employees whose attendance is recorded in the attendance system).

In relation to the personal data that the Subscriber stores on our company’s servers or in the hosting centre, our company acts in the legal capacity of a personal data processor. The controller of this personal data is the Subscriber, i.e. the entity that has concluded the Master Agreement with our company. In such case, our company is authorised by the Data Controller to process the personal data on behalf of the Data Controller.

Notice to end users: HRON is intended primarily for use by a business entity in the position of a Subscriber within the meaning of the Terms and Conditions (i.e. a company as the employer of the data subject). Therefore, the use of HRON may be subject to the Subscriber’s privacy policy to the extent that such terms and conditions have been accepted by the Subscriber. If the Subscriber processes personal data of natural persons using HRON, the data subjects must contact the Subscriber with questions regarding data protection, as the Subscriber is in the legal position of a controller when processing personal data. Our company is not responsible for the terms and conditions of the protection of personal data or for the safety and security procedures used by the Subscriber, which may differ from these Terms and Conditions.

Procedure for processing personal data. Our company as a processor carries out its activities in accordance with the Personal Data Processing Agreement, which it concludes with the Customer for this purpose pursuant to § 34 et seq. Personal Data Protection Act and in accordance with Article 28 of the GDPR Regulation. Our company does not perform any operations with the data entered, modified, delivered or otherwise added to HRON, except for storing them on our company’s servers or in a hosting centre. The primary purpose of the handling of this personal data is its storage and the possibility of making it available to the Subscriber for the purpose of recording the attendance of its employees or other persons in a similar employment relationship. Unless we agree otherwise with the Customer, our company does not interfere with, modify, disclose or make available to third parties such data. An exception to this point is:

1. disclosure to public authorities on the basis of an obligation laid down by a generally binding legal regulation;
2. an explicit request by the Subscriber, and only to the extent necessary for the purposes of training, verification of functionalities, explanation of the interface and use of HRON before the start of proper operation of HRON, or for the purposes of providing service support or other performance under the SLA.

Categories of personal data processed. Our company, as a processor, processes personal data that are entered by the Operator modified, delivered or otherwise added to the Attendance System. These data are in particular:

1. name, surname, title;
2. occupational, professional or functional classification;
3. the personal number of the user (or data subject) or the data subject’s employee number;
4. professional unit;
5. place of work;
6. contact details – telephone contact or e-mail address;
7. time data relating to the attendance of the Data Subject, in particular the duration of the employment relationship, time worked, time off, leave pool, vacation time, break time including meal and rest breaks, business travel, work on business, time spent working away from the workplace, etc.;
8. a work photograph of the person concerned;
9. data on the effectiveness and evaluation of the employee as a Person of Concern;
10. geolocation (determining your location using location technologies such as GPS or IP address);
11. an indication of hourly or monthly pay or remuneration;
12. the bank account number and bank contact of the Concerned Person;
13. the details of the work vehicle assigned to it (including the registration number of the vehicle);
14. posts, comments, remarks added to the Attendance System if they contain Personal Data of the Data Subject.

• When are we in the position of a data controller?

Our company acts as a data controller in relation to the personal data of natural persons when we, alone or jointly with others, define the purpose and means of the processing of personal data and process personal data on our own behalf.

The processing of data in the capacity of controller occurs mainly in the following situations:

1. when you visit our Website or Mobile App;
2. when you download or view certain materials on the Website;
3. when you communicate with us e.g. via contact form, chat or electronically;
4. within the framework of pre-contractual negotiations and upon conclusion of the contractual relationship (Main Contract, SLA, Processing Contract, or issuance and acceptance of an Order for any of the Products provided in accordance with the Terms and Conditions;
5. in the performance of contractual or legal obligations (e.g. obligations under the Master Contract, the SLA, or generally binding tax legislation);
6. when you use our support services, call centre or other services under the SLA;

• For what purpose do we process your personal data?

If we have the status of a controller in terms of the Data Protection Act and the GDPR, our company defines the purposes of processing.

We process your personal data in the course of our business activities as the operator of the Attendance System, Website and Mobile App, as well as in the course of the performance of related business activities and the organisation of social activities related to the HRON Attendance System.

We process personal data for the purposes set out below:

1. establishment of pre-contractual relations, pre-contractual negotiations, conclusion and performance of the contract – personal data are processed by us for the purposes of establishing pre-contractual relations, conclusion and performance of the contract, in particular in connection with(o):

• establishing pre-contractual relationships and ensuring performance under pre-contractual relationships (e.g. submission of quotations, preparation of purchase orders, etc.);
• by providing performance (granting a license and access to the Attendance System, providing related Products);
• warranty repairs and procedures;
• providing support services or other performance under the SLA, including the resolution of problems, complaints and requests;

1. compliance with the obligations laid down by law – we further process personal data in cases where it is necessary for the purpose of fulfilling obligations arising from the legislation of the Slovak Republic and the European Union, e.g. fulfilling obligations arising from legislation in the field of accounting, taxation and archiving; fulfilling obligations arising from the legal responsibility for product safety and compliance with technical standards, as well as fulfilling other obligations stipulated by the relevant legislation;
2. handling routine correspondence and effective communication – personal data are processed by us within the legitimate interest of our company consisting in ensuring the effective conduct of communication, handling or ensuring related matters arising from the communication in question. If the communication containing the data subject’s data relates to a pre-contractual or contractual relationship, the communication with the data subject is carried out for the purpose of fulfilling the respective relationship;
3. marketing outreach – we further process personal data for the purpose of direct marketing (direct marketing), such as sending written information (newsletter) about the Attendance System, Products and related services, in particular about new products, providing information about new events, etc. We process personal data on the basis of your consent or on the basis of our legitimate interest if it is possible to contact you for these purposes via the relevant communication channel(s) without your prior consent;
4. market research – we further process personal data to obtain feedback regarding the Attendance System, Products and related services of our company (e.g. customer satisfaction surveys, product and service quality surveys). We process personal data on the basis of your consent or our legitimate interest if it is possible to contact you via the relevant communication channel(s) and to process your personal data as our existing customer for these purposes without your prior consent;
5. preparation of internal analyses and statistics – our company, within the framework of legitimate interests or on the basis of a legal obligation, may process data for the purposes of drawing up internal analyses and statistics, which are generally anonymised data that are not personal data. However, the processing of personal data for the aforementioned purpose cannot be completely excluded. In this case, we process the minimum amount of personal data necessary to achieve the purpose of the processing;
6. organizing social events of our company – we process personal data for the purpose of registering participants for social events organised by our company, contacting them, etc;
7. protection of our company’s property, rights and legally protected interests – our company also processes personal data on the basis of legitimate interest in cases where it is necessary for the establishment, exercise or defence of legal claims of our company or third parties or the protection of our company’s property;
8. the purpose defined by the specific consent – our company may also process personal data on the basis of the consent to the processing of personal data given by the data subjects for the specific purpose(s) of processing defined in the consent;
9. negotiating with third parties interested in purchasing or financing our company or its business, and executing agreements with such parties – the legitimate interest pursued by our company in this processing is its ability, if it so chooses, to effect the sale of the business or part of it or shares in our company to a third party, whereby the prospective purchaser may require documents for the purpose of conducting legal and other due diligence prior to the transaction, which may include your personal data; the third parties will be contractually bound to a duty of confidentiality in respect of the data provided.

For some activities, in particular for some specific advertising campaigns or competitions where we cooperate with entities within the PANTHEON group, we may be in the position of joint controllers of personal data with the relevant entities within this group. In such case, we will comply with the relevant data protection regulations, in particular the GDPR and the Data Protection Act.

• On what legal basis do we process your personal data?

In order for us to process your personal data lawfully, it is necessary that we have a predetermined purpose for processing it, as well as a legal basis. Our company processes personal data exclusively on one of the legal bases listed in Article 6(1) of the GDPR. Below we list the legal bases on which your personal data is collected and further processed:

1. the performance of a contract or the implementation of pre-contractual measures taken at the request of the data subject (Article 6(b) of the GDPR)

• we process personal data on this legal basis in the case of the provision of our company’s products and services on the basis of a concluded contract, or for the purpose of performance of another contract where the personal data of the data subject is processed, or in connection with the negotiation of the conclusion of this contract and the implementation of the relevant pre-contractual measures at the request of the data subject.

1. compliance with a legal obligation (Article 6(c) of the GDPR)

• where we are under a legal obligation to do so, personal data will be processed to the extent necessary to comply with that obligation.

1. consent of the data subject (Article 6(a) of the GDPR)

• we also process personal data in cases where the data subject has given us consent to do so, solely to the extent, for the period and for the purpose or purposes specified in the subject consent.

1. the legitimate interests of our company or of a third party (Article 6(f) of the GDPR)

• the legitimate interests of our company or of a third party provide a legal basis for the processing of your personal data, unless they are overridden by your interests or fundamental rights and freedoms as a data subject, always taking into account your reasonable expectations based on your relationship with our company.

On the basis of legitimate interest, we are entitled to process personal data mainly for the following purposes:

• protecting our rights and legitimate interests;
• protection of our company’s assets;
• marketing outreach (direct marketing);
• handling routine correspondence and effective communication;
• market research;
• monitoring and controlling the quality of service of our distribution networks;
• preparation of internal analyses and statistics;
• negotiating with third parties interested in purchasing or financing our company or its business, and executing agreements with such parties.

• if your personal data is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data at any time. If we receive such an objection, we will no longer process your personal data for that purpose unless we can demonstrate legitimate grounds for further processing. Our company will always assess the validity of the objection in the light of the specific situation to which the processing of personal data relates.
• However, if you object to the processing of your personal data for direct marketing purposes, we will comply with such objection in its entirety without further delay and we will no longer process your personal data for this purpose.

• What categories of personal data do we process?

The scope and type of personal data processed are determined by the specific purpose for which we process personal data. We always process personal data exclusively to the extent necessary to achieve the purpose pursued.

In particular, our company processes the following categories of personal data:

• identification data – This is data by which the data subject can be identified (in particular, title, name and surname, residence address, date of birth, signature, etc.);

• contact details – This is data that enables us to contact the data subject on the selected matter (in particular, correspondence address, e-mail address and telephone number);

• contractual data – This is data relating to the performance of the contract, in particular data on the Products purchased by our company and related services and the relevant specifications (e.g. contract or order number, date of conclusion of the contract), and other data arising from the relevant contract;

• payment details – This is data that is necessary for the purpose of the payment transaction between us and the third party (in particular, the bank account number, the bank designation, or other payment data);

• other data – it is data that does not fall into any of the above categories of data to the extent necessary for the purpose pursued (e.g. data in a curriculum vitae, information on the conduct of enforcement or bankruptcy proceedings against the data subject, feedback from the data subject, data relating to employment, etc.).

• From what sources do we obtain personal data?

We obtain personal data directly from you as the data subject and, where necessary, from other sources.

You provide us with personal data, for example, when you enter into a contract with our company, fill in the relevant application, contact form or survey, or provide your consent to the processing of personal data.

However, in certain cases we also obtain personal data from other sources, such as in particular public sources (e.g. the commercial register, the trade register, the central register of foreclosures, the register of bankrupts) or, where justified, from other third parties.

We may also collect personal data from other sources when they contact us on your behalf, e.g. when they alert us to certain of your actions or recommend you as a possible customer of the Attendance System and/or our Products or other services we provide or arrange.

In connection with the use of the Attendance System, the Website and/or the Mobile App, we collect analytical data about their traffic and usage.

We also collect information about your interaction with us, such as how the services were used, how you logged in, from where you accessed our company’s site and how long you used it, response times, download errors, how you accessed and exited the services, etc.

We also collect technical data about the devices and settings used, such as IP address, browser settings, operating system, platform, cookies; for more information on how we use cookies, please visit the Website www.hron.tech.

• How long will we process personal data?

We process your personal data in accordance with legal requirements, which means that we do not keep personal data for longer than is necessary for the purpose of the processing.

The following are the periods during which we process personal data for each purpose:

Purpose of processing	Duration of processing
Establishment of pre-contractual relations, pre-contractual negotiations, conclusion and performance of the contract	If personal data are processed on the basis of a contractual relationship with the data subject or with an entity represented by the data subject (e.g. a statutory signatory on behalf of a company), they will be processed for the duration of the contractual relationship and, after its termination, for the period necessary to assert or defend against claims arising from the contract. In the absence of a contractual relationship with the data subject or with the said entity, his or her personal data shall only be stored within the framework of the pre-contractual relationship for a maximum period of 1 year after the data has been obtained.
Compliance with legal obligations	Personal data will be processed for the period of time specified by the relevant regulations.
Conducting routine correspondence and effective communication	Personal data processed in the context of communication with data subjects, which does not relate to the other defined purposes of processing, is kept for the time necessary for its processing and for the protection of the legitimate interests of our company.
Marketing outreach	If personal data are processed on the basis of our company’s legitimate interests, the personal data will only be processed for the duration of the contractual relationship with our company, and in any case, at most until you object to such processing. If the data subject gives us consent to marketing outreach, the personal data will only be processed for the period specified in the consent, but at the latest until the consent is withdrawn.
Market research	If personal data are processed on the basis of our company’s legitimate interests, the personal data will only be processed for the duration of your contractual relationship with our company, and in any case, at most until you object to such processing. If personal data are processed on the basis of the data subject’s consent, the personal data will be processed only for the period specified in the consent, but at the latest until the consent is withdrawn.
Preparation of internal analyses and statistics	Personal data will be processed for the duration of the legitimate interest of our company or for the duration specified by law.
Arrangement of social events of our company	Personal data will be processed for the duration of the social event and for a maximum of 1 year after its conclusion.
Protecting our company’s assets, rights and legally protected interests	Personal data will be processed for a maximum period of 10 years from the termination of the contractual relationship or the acquisition of the data, unless specific legal regulations provide otherwise or unless there is a justified need to store personal data for another period in a specific case.
Purpose defined by specific consent	Personal data will be processed for the period specified in the consent to the processing of personal data, but at the latest until the consent is withdrawn.
Negotiations with third parties interested in purchasing or financing our company or its business and the performance of contracts entered into with such parties	Personal data will be processed during pre-contractual negotiations and for the duration of the contractual relationship with such third parties. Subsequently, for the period necessary to assert claims arising from such contractual relationship; in specific cases where this is justified by a particular interest, e.g. for the purpose of protecting against threatened or actual litigation, the processing period is extended until the circumstance in question (e.g. the termination of the litigation) has ceased to exist.

If the retention period of personal data for a specific purpose has expired, but we need to process the same personal data for another purpose with a longer retention period (typically for archiving purposes within the meaning of applicable law or if it is necessary for the establishment, exercise and defence of legal claims and the legally protected interests of our company), we process the personal data for the period that is justified by this additional purpose.

If we can no longer or no longer need to process your personal data for any purpose, we will automatically delete it.

• Who do we provide or disclose your personal data to?

In certain cases provided for by applicable law, the legitimate interests of our company, or your consent to the processing of your personal data, or if necessary to achieve another purpose of processing your personal data, we are entitled or obliged to disclose your personal data to third parties.

As a data controller, we ensure that everyone to whom your personal data is transferred maintains a high standard of data protection. We will not, under any circumstances, provide your personal data to a subject where this standard is not ensured.

The categories of persons (recipients) to whom your personal data may be disclosed include, in particular:

1. PANTHEON partners, in the framework of the cooperation on:

• provision of the Attendance System for use, Products, support services according to the SLA, or other related services;
• providing accounting and tax advice;
• the provision of personnel and administrative services;

1. public authorities for the purpose of implementing the relevant legislation,
2. the postal company or courier (for delivery purposes);
3. banking institutions and payment service providers (for the purpose of carrying out the relevant transaction);
4. our company’s information technology service providers.

In certain circumstances related to a specific situation, your personal data may also be disclosed to lawyers (for the purpose of providing legal services), insurance companies (for the purpose of settling insurance claims), courts, law enforcement authorities and other third parties, provided that the disclosure is necessary to achieve the purpose of the processing of the data.

Your personal data may also be disclosed to the acquirer if the personal data is transferred as part of a sale or other transfer of all or part of our company’s assets to the acquirer, or is provided to the acquirer as part of the negotiations for such transfer.

• What can be the consequences of not providing personal data?

The provision of personal data to our company is voluntary. However, in certain cases we would not be able to provide you with the requested performance without the personal data we have collected, or the collection of personal data is directly imposed on us by the relevant legislation. Therefore, if personal data is processed:

1. under a legal obligation – the data subject is obliged to provide the personal data. If the data subject nevertheless fails to provide his or her personal data, our company will not be able to fulfil its obligations under the law, which may result in the refusal to provide a service or the sale of a product from our company’s portfolio;
2. on the basis of a contract – the provision of personal data is a contractual requirement. If the data subject does not provide his or her personal data, our company will not be able to fulfil its obligations under the contractual relationship, which may ultimately have a negative impact on the data subject himself or herself, e.g. the inability to provide the service, etc;
3. on the basis of the data subject’s consent to the processing of personal data – the provision of personal data is voluntary and is an expression of the free will of the data subject. If the data subject does not provide his or her personal data, our company will not be able to process the data for the purpose(s) specified in the specific consent, which may prevent us from providing the data subject with the activities or actions described in the consent. The data subject is entitled to withdraw the consent given at any time;
4. based on our legitimate interests or the legitimate interests of a third party – the personal data of the data subjects are also processed without their prior consent, provided that the legitimate interests of our company or a third party do not override the interests or fundamental rights and freedoms of the data subject.

• Transfer of personal data to third countries

Only PANTHEON.tech and its agents will have access to your personal data. The personal data is physically located in the territory of the Slovak Republic (European Union). Our company does not transfer your personal data to third countries or international organizations in the course of its normal activities.

A third country is a country that is not a Member State of the European Union or a contracting party to the Agreement on the European Economic Area.

The transfer of your personal data to third countries may only occur if you contact our company via its profile on a social network (e.g. Meta Platforms, Inc.), which is the parent company of the European branch operating the aforementioned social network. Some cookies may also be transferred to third countries in specific cases.

In the case of transfers of personal data to third countries, we undertake to ensure an adequate level of protection for the personal data of data subjects.

If in the future our company transfers personal data to third countries that do not guarantee an adequate level of protection, we undertake to comply with the GDPR and the Data Protection Act, as well as other generally applicable laws.

• Automated processing of personal data, individual decision-making, including

profiling

Automated processing of personal data may also take place in the context of the performance of the contract. Such processing involves the use of automated information systems, e.g. software, IT applications and other support systems.

The purpose of automated processing of personal data is the efficient performance of the contract.

We may also carry out profiling with your personal data, but only to the extent necessary to provide you with individually tailored offers and information and not to bother you with mass general offers and information.

Profiling is any form of automated processing of personal data which consists of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of the data subject’s performance at work, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements.

• What rights do you have as a data subject?

The Data Protection Act, as well as the GDPR Regulation, provides you with a number of rights that allow you to keep the protection of your personal data under your own control. Our company fully respects your rights. In this section you will therefore learn what these rights are.

Right of access to personal data

This right means that you are entitled to request confirmation from us as to whether personal data concerning you is being processed. Therefore, if we are processing such personal data about you, you have the right to access and be informed about your personal data:

• why we process your personal data (purpose of processing personal data)
• what data we process about you (category of personal data)
• to whom your personal data may or will be disclosed (identification of the recipients or the recipients’ group)
• how long we will keep your personal data (retention period)
• that you have the right to request from us the rectification of your personal data, their deletion as well as the restriction of their processing or that you have the possibility to object to the processing of your personal data
• that you have the right to bring a personal data protection action under the Personal Data Protection Act or the right to lodge a complaint with the supervisory authority under the GDPR, which is the Office for Personal Data Protection of the Slovak Republic
• where your personal data comes from (source information), unless you have provided us with personal data directly
• whether we use automated individual decision-making, including profiling pursuant to Section 28 (1) and (4) of the Personal Data Protection Act; in particular, the procedure used, as well as the significance and expected consequences of such processing of personal data for you
• adequate safeguards regarding the transfer, if we transfer your personal data to a third country or an international organisation

This right of access also means that you can obtain the personal data we process about you. We will provide you with a copy of the personal data we process about you. However, if you make repeated requests for your personal data, we may charge you a reasonable administrative fee in connection with your request for a copy of your personal data.

Right to rectification of personal data

As part of our terms of service, we inform you to provide us with the correct data. However, if we nevertheless happen to process incorrect data about you, the right to rectification of personal data means that you are entitled to request that we rectify the incorrect personal data relating to you. You also have the right to have your incomplete personal data completed, taking into account the purpose of the processing of the personal data.

Right to erasure of personal data (right to be forgotten)

You have the right to have us delete personal data relating to you where at least one of the following grounds is met:

• Your personal data is no longer necessary for the purpose for which we collected or otherwise processed it
• you have withdrawn your consent to the processing of your personal data on the basis of which we process your personal data and there is no other legal basis for further processing
• you object to the processing of personal data which is carried out on the legal basis of public interest or legitimate interest and there are no overriding legitimate grounds for the processing
• Your personal data has been unlawfully processed
• Your personal data must be erased because it is necessary to comply with an obligation under Slovak law or European Union law
• Your personal data was collected in connection with the offer of information society services pursuant to Section 15(1) of the Personal Data Protection Act

However, your right to erasure of personal data may not be granted in a particular case in light of the specific circumstances, if the processing of personal data is necessary for:

• exercising our right to freedom of expression or the right to information
• compliance with a legal obligation
• exercising our legal right
• for archiving, historical research or statistical purposes, unless it is likely that the right to erasure would prevent or seriously impede us from achieving the purposes of such processing

Right to restriction of processing of personal data

You have the right to have us restrict the processing of personal data relating to you and at the same time

at least one of the following reasons:

• during the period allowing us to verify the accuracy of your personal data, you challenge the accuracy of your personal data
• the processing of personal data is unlawful, you object to the erasure of personal data and request restriction of the processing of personal data instead of erasure
• we no longer need your personal data for any of the processing purposes, or you need it to establish or exercise your legal claims
• you object to the processing of your personal data until it is verified that our legitimate interests outweigh your legitimate interests

Right to portability of personal data

If our right to process your personal data is based on your consent or the performance of obligations under a contract we have entered into with you, you have the right to request the transfer of data that

relating to you and which you have provided to us, to another data controller.

Right to withdraw consent

If we process your personal data on the legal basis of the data subject’s consent, you have the right to withdraw this consent at any time, even before the expiry of the period for which the consent was given. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

Right to ineffectiveness of automated individual decision-making, including profiling

You have the right to request that automated individual decision-making, including profiling, be ineffective against you.

Right to object

If you have grounds relating to your particular situation, you have the right to object to the processing of your personal data where the legal basis for such processing is our legitimate interest.

However, if our legitimate interest in processing outweighs your personal interest, we may continue to process your data despite your objection to processing. We are also entitled to continue to process your data if this is necessary for the establishment, exercise or defence of our legal claims.

Direct marketing (including analyses carried out for direct marketing purposes):

You have the opportunity to object or withdraw your consent to the processing of your personal data for direct marketing purposes. The objection also applies to the analysis of personal data (“profiling”) carried out in connection with direct marketing. If you object to direct marketing, we will stop processing your personal data for this purpose as well as for the purpose of all types of direct marketing actions.

Of course, you can easily opt-out of receiving messages and personal offers on specific channels. For example, you may only receive offers from us via email, but not via SMS.

You can change your settings at any time in the HRON user environment on the Website hron.tech or via the Mobile App. You can also change your settings via email, SMS or a combination of the two. If you need help with your settings, you can contact our customer service at any time.

• How can you contact us?

You can exercise the above rights in writing or by email using our company contact details. When contacting us, please include “Privacy Policy” as the subject of your message so that we can process your request as quickly as possible.

If you have any questions about the processing of your personal data, you can contact us regarding the processing of your personal data. In this case, please send us an email to info@hron.tech or contact us by mail at Mlynské nivy 56, 821 05 Bratislava, Slovak Republic.

If you are not satisfied with our response or if you believe that we are processing your data unlawfully, you can complain to the supervisory authority:

The supervisory authority in the territory of the Slovak Republic is:

Office for Personal Data Protection of the Slovak Republic

Hraničná 4826/12, 820 07 Bratislava

Web: www.dataprotection.gov.sk

Further information about the Slovak supervisory authority and the complaints procedure can be found on its official website: https://dataprotection.gov.sk/uoou/.

If you believe that there has been a breach of the terms and conditions for processing your personal data, you may lodge a complaint with the above-mentioned authority at the following email address statny.dozor@pdp.gov.sk.

Date of publication and effectiveness of the Terms of Use as amended: 25.06.2024