1. THE PURPOSE OF THE PRIVACY NOTICE

The purpose of this notice is to provide information about the data protection and data processing principles applied by AMBROPEK spol. s.r.o in their newsletter subscription processes. AMBROPEK spol. s.r.o (hereinafter referred to as “Data Controller”) processes the personal data of the visitors of www.ambropek.sk (hereinafter referred to as “Website”) and of the newsletter subscribers.

2. CONTACT INFORMATION OF THE DATA CONTROLLER

Name: AMBROPEK spol. s.r.o. Registered office and mailing address: Malodvornícka cesta 6566, 929 01 Dunajská Streda, Slovakia

Telephone number: +421 905 281 767

E-mail address: vratnica@ambropek.sk.

3. SCOPE OF THE DATA COLLECTED

We process the following personal data in connection with the newsletter subscription:

• name
• e-mail address

4. THE LEGAL BASIS, THE PURPOSE AND THE METHOD OF DATA PROCESSING

4.1. Data processing is based on your freely given and informed indication of your unambiguous consent that allows the processing of your personal data with your subscription to our newsletter. The legal basis for the data processing is the consent of the data subject as described in Article 6, paragraph (1) section (a) of the Regulation (EU) 2016/679 of the European Parliament and of The Council (General Data Protection Regulation). The consent for data processing in connection with the newsletter subscription is given when, by subscribing to our newsletter, you freely give your requested data and tick the box confirming your consent. 4.2. The purpose of the data processing is to ensure that you receive the newsletter on the e-mail address provided. Data Controller only uses your data for the purpose of sending newsletters. 4.3. Data Controller does not and shall not use the personal data obtained for other purposes than described in the points above. Transmitting personal data to a third party is only possible with your prior explicit consent, unless otherwise required by law. 4.5. Data Controller does not verify the obtained personal data. Only you are responsible for the veracity of the data provided. With providing an e-mail address, you are responsible for being the only person who access services from said e-mail address. In respect of such responsibilities, only the person who registered the e-mail address is subject to any responsibilities in connection with the logins of said e-mail address.

5. DURATION OF THE DATA PROCESSING

In the case of newsletter subscription, the processing of personal data lasts until the unsubscription from the newsletter as set out in point 8.

6. ACCESS TO DATA, DATA TRANSFER, DATA PROCESSING

Data may be primarily accessed by Data Controller and those volunteers and employees of Data Controller whose responsibility is to access and process the data.

7. YOUR RIGHTS AS THE DATA SUBJECT AND WAYS TO EXERCICE SUCH RIGHTS

7.1. You should have the right to be informed about the personal data the Data Controller processes about you, and to have them rectified by providing a supplementary statement as described in 7.3. 7.2. You should have the right to obtain information about your personal data controlled by Data Controller; the data processed by the Data Controller or a processor mandated by the Data Controller; the sources of the data; the purpose, the legal basis and the duration of the data processing; the name and address of the Data Controller and their actions in connection with data processing; the circumstances and the consequences of the data breach and the measures taken to address such event; and, in the case of data transfer, the legal basis of such transfer and the recipient of the personal data. Data Controller should provide the requested information no later than 30 days after receiving the request. Data Controller – through its Data Protection Officer – should keep records of personal data breaches to monitor the measures in relation of such event and to inform you about it. These records should contain the nature of the personal data concerned; the scope and number of data subjects concerned; the date, the circumstances, the consequences of the data breach and the measures taken to address such event; and other data specified in the relevant legislation. 7.3. You can exercise your rights by contacting us in email at vratnica@ambropek.sk. You should contact the Data Protection Officer of the Data Controller on the above e-mail address about any questions or observations on data processing. 7.4. You should have the right to request the rectification of inaccurate personal data or the erasure of personal data. Data Controller should erase the data no later than 5 days after receiving the request at vratnica@ambropek.sk. The erased data cannot be recovered. In case the Data Controller does not comply with your request to have your data rectified or erased, Data Controller should inform you about the rejection of your request for rectification or erasure and its factual and legal reasons no later than 30 days after receiving the request. You should have to right to object to processing your personal data. Data Controller should investigate the objection in the shortest possible time, but no later than 15 days after receiving the request, decide on whether the objection is reasoned, and inform you in writing about the decision. 7.5. Pursuant to Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information and Act V of 2013 on the Civil Code, you may contact the Hungarian National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu). 7.6. In case you provided the personal data of a third party for using this service, Data Controller should have the right to claim damages against you. In such cases, Data Controller should provide any necessary help to the relevant authorities to determine the identity of the infringing person.

8. UNSUBSCRIPTION

Data Controller shall process your data that you provide subscribing to their newsletter until you decide to unsubscribe from said service by clicking on the “Unsubscribe” button on the bottom of every newsletter. Data Controller shall not contact you after the unsubscription. You can unsubscribe and withdraw your consent from the newsletter subscription any time, free of charge.

9. MISCELLANEOUS PROVISIONS

9.1. In any case when Data Controller would like to use the collected personal data for other use than the purpose of the data processing, they should inform you about it, request your prior, explicit consent in writing and provide opportunity to object to such use. 9.2. Data Controller shall ensure the appropriate level of data security, implements technical measures that ensure the security of the recorded, stored and processed data, and do its utmost to prevent the loss, destruction, unauthorised use or alteration of personal data. Data Controller shall promote the awareness of third parties who may receive or process the data of such obligations. 9.3. Data Controller reserves the rights to unilaterally modify the data processing regulation.