GDPR statement


The company CPGfinance Management s.r.o., with its registered office at Mlynské nivy 16, 821 09 Bratislava – Ružinov, company ID.: 35 873 639, registered it the Commercial Register at the District Court Bratislava I, Section: Sro, Insert No.: 30464/B (hereinafter as the “CPGfinance”) processes the following groups of personal data:

  • the personal data in relation to which CPGfinance is the controller as it determines the purpose and means of its processing;
  • the personal data in relation to which CPGfinance is the processor as it processes the respective data on behalf of its clients which determine the purpose and means of its processing.

CPGfinance processes the personal data in accordance with REGULATION (EU) 2016679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as the “Regulation”).

In terms of the Regulation, CPGfinance has adopted the appropriate technical and organisational measures in order to ensure the protection of the personal data and the rights of the persons, whose personal data is processed (hereinafter as the “Data Subject”). In order to fulfill the obligation laid down by the Regulation, CPGfinance is obliged to inform the Data Subject about the details of the processing of the personal data.

CPGfinance as the Controller may collect the Personal Data for the following purposes:

Marketing

Purpose of personal data collecting: sending our newsletters about important and interesting business-related news, events invitations and other CPGfinance materials.
Legal basis: Art. 6 and 7 from the Regulation (GDPR) regarding the lawfulness of processing and consent; Recital 42 (GDPR) regarding the burden of proof and requirements for consent, and Recital 43 (GDPR) on freely given consent
Scope of personal data: name, surname, company, function, e-mail, phone number, interests (countries, business areas, material/communication type), CVs, other details that the user is including in the available message box
Recipients: IT services suppliers and administrative services in the premises of CPGfinance for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of consent of the data subject or for the period of the contractual relationship (for clients/partners/suppliers)
Data subjects: contact persons of CPGfinance´s clients, potential clients, individuals interested in receiving the information our company is offering (newsletters, events, informational or promotional materials, career and business opportunities)
Categories of processing: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, alignment or combination, restriction, erasure or destruction

Job applicants

Purpose: keeping records of unsuccessful job applicants of the controller
Legal basis: consent (art. 6 para. 1 a) of the Regulation)
Scope of personal data: data stated in curriculum vitae and other accompanying documents
Recipients: IT services suppliers and administrative services in the premises of CPGfinance for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of 2 years
Data subjects: job applicants

KYC (Know Your Client)

Purpose: fulfilling of controller’s obligations resulting from legislation related to the prevention of legalization of proceeds from criminal activity and to the prevention of the terrorist financing.
Legal basis: compliance with a legal obligation (art. 6 para. 1 c) of the Regulation), especially with the Act No. 297/2008 Coll. on the prevention of legalization of proceeds from criminal activity and on the prevention of terrorist financing.
Scope of personal data: name, surname, personal number, eventually date of birth, address of permanent residence, eventually of temporary residence, nationality, eventually additional personal data required in terms of the special legal regulation stated above.
Recipients: directorate of the financial authority, law enforcement authorities, IT services suppliers, administrative services in the premises of the controller.
Transfer to third country: N/A
Storage period: during the contractual relationship and 5 years after its termination.
Data subjects: statutory bodies, proxy holders, contact persons, ultimate beneficiaries of the controller´s clients.

Contractual documentation

Purpose: Administration of evidence of natural persons with whom a contract has been concluded, contact persons in case of contracts with legal persons and natural persons to whom the Power of Attorney has been granted.
Legal basis: contract (art. 6 para. 1 b) of the Regulation) legitimate interest (art. 6 para. 1 f) of the Regulation) – processing of contact data of the client´s employee for communication purposes.
Scope of personal data: degree, name, surname, maiden name, job position, address of permanent residence, address of temporary residence, phone number and e-mail, date of birth, type and number of identification card, bank account, signature.
Recipients: tax authorities, courts, Social insurance company, health insurance company, banks, IT services suppliers, administrative services in the premises of the controller.
Transfer to third country: N/A
Storage period: during the contractual relationship and 11 years after its termination.
Data subjects: employees of the controller, natural persons with whom a contract has been concluded or to whom the power of attorney has been granted, contact persons of the client.

Mail

Purpose: keeping records of recipients and senders of mail.
Legal basis: legitimate interest (art. 6 para. 1 f) of the Regulation) – to be informed on the date of the sent and received mail including the sender and recipient in order to protect the rights and interests of the controller.
Scope of personal data: degree, name, surname, signature, address, e-mail.
Recipients: IT services suppliers, administrative services in the premises of the controller.
Transfer to third country: N/A
Storage period: 5 years following the closure of the evidence for calendar year.
Data subjects: natural persons – senders and receivers of mails.

Please read also our Privacy Policy and Cookie Policy for more details about the data we collect via our website (forms, email, phone), the way we collect it and how you can handle it.

CPGfinance as the Processor shall process the Personal Data in the areas of the provision of the services based on the contract or any other legal act:

HR (including Recruitment services) and Payroll services

Purpose of personal data collecting: Provision of the services of the fulfilling of the obligations of the employer related to employment relationship or to similar labour relations
Legal basis: compliance with a legal obligation of the controller (art. 6 para. 1 c) of the Regulation) based on the local legislation and performance of contract (art. 6 para. 1 b of the Regulation)
Scope of personal data: personal data required in terms of the special legal regulations stated in the local legislation
Recipients: Social insurance company, health insurance companies, tax authorities, supplementary pension insurance company, labour inspectorate, Labour offices, courts, law enforcement authorities, bailiff, payroll software providers, IT services suppliers, administrative services providers in the premises of CPGfinance for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of the contractual relationship with the controller and afterwards for 11 years
Data subjects: Candidates, employees of the controller, spouses of the employees, dependent children of the employees, parents of the dependent children of the employees, close relatives, former employees
Categories of processing: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Accounting services

Purpose of personal data collecting: maintenance of accountancy of the controller according to local legislation
Legal basis: compliance with a legal obligation of the controller (art. 6 para. 1 c) of the Regulation) based on the local legislation
Scope of personal data: personal data required in terms of the special legal regulations stated in the local legislation
Recipients: Social insurance company, health insurance companies, tax authorities, accounting software providers, IT services suppliers, administrative services providers in the premises of CPGfinance for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of the contractual relationship with the controller and afterwards for 11 years
Data subjects: employees, statutory bodies and shareholders of the controller, external trainers and trainees
Categories of processing: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Tax services

Purpose of personal data collecting: Provision of tax advisory services according to the local legislation
Legal basis: compliance with a legal obligation of the controller (art. 6 para. 1 c) of the Regulation) based on the local legislation
Scope of personal data: personal data required in terms of the special legal regulations stated in the local legislation
Recipients: Social insurance company, health insurance companies, tax authorities, accounting software providers, IT services suppliers, administrative services providers in the premises of of CPGfinance for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of the contractual relationship with the controller and afterwards for 11 years
Data subjects: employee, statutory body, shareholders of the controller, external trainers and trainees
Categories of processing: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Legal and Corporate services

Purpose of personal data collecting: Provision of legal services according to the local legislation
Legal basis: compliance with a legal obligation of the controller (art. 6 para. 1 c) of the Regulation) based on the local legislation, legitimate interest (Art. 6 para. 1 f) of the Regulation – for protection of the rights and interest of the controller in case of any claims and the performance of a contract (Art. 6 para. 1 b) of the Regulation)
Scope of personal data: all personal data processed by the controller in the necessary extent for fulfilling rights and obligations laid down by the valid legislation (based on the principle of proportionality)
Recipients: courts, public authorities, insurance companies, law enforcement companies, IT services suppliers, administrative services in the premises of CPGfinance for the purpose of maintenance only
Transfer to third country: N/A
Storage period: for the period of the contractual relationship with the controller and afterwards for 11 years
Data subjects: Employees of the controller, natural persons performing the services to the controller upon the contract on cooperation, statutory bodies, proxy holders, clients – natural persons, contact persons of the clients, external trainers and trainees
Categories of processing: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, alignment or combination, restriction, erasure or destruction