Information memorandum of personal data protection

The objective of this Information Memorandum of Personal Data Protection is to provide information related to processing of personal data pursuant to provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC.


InthisInformationMemorandumofPersonalDataProtectionyouwillfindinformationaboutthepurposeswe process your personal data for, whom they may be provided to, what your rights are, as well as information where you can contact us in case you have a question related with processing of your personaldata.


The controller is PSEnergia s.r.o., Organization ID.: 44 887 710, registered office at Na bielenisku 4, 902 01 Pezinok 1, registered in the Bratislava I District Court Companies, Section: Sro, Insert No.: 59520/B, (hereinafter referred to as “Company”).


Ensuring protection of your personal data is very important for us and therefore we pay proper attention to compliance with the valid legal regulations at personal data processing, especially the principles and requirements resulting from GDPR. We have set the respective technical and organizational measures that contribute to ensuring protection of the processed personal data of our clients.


In case of any questions related to processing of your personal data please contact date protection officer who ensures relevant answer or cooperation. You may contact data protection officer by e-mail on or in writing at: Na bielenisku 4, 902 01 Pezinok.


Client-PersonwithwhomCompanyenteredintotransaction,whereatransactionmeansformation,change or termination of contractual relationships between the Client andCompany.


Commercial Code - Act No. 513/1991 Coll.


Controller - The company who determines the purposes and means of personal data processing.


Data subject - Natural person whose personal data are processed. It is a person who can be identified directly or indirectly, especially with reference to the identifier such as name, identification number, online identifier or one or several elements specific for physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.


Information system - Organized set of personal data processed by Company for the following purpose:

toidentifytheClients,Company´scontractpartners,customers,facilitators;toinformaboutservicesprovided by Company; to provide services; to protect interests of Company; to fulfill obligations arising from legal provisions; to fulfill tax and accounting obligation of the Company; to lodge the claims of theCompany.


Otherlegalacts–ApplicablelegislationoftheSlovakrepublice.g.ActNo.455/1991Coll.ontradelicensing, Act No. 311/2001 Coll. Labor Act, Act No. 431/2002 Coll. Accounting Act, Act No. 461/2003 Coll. on social insurance, Act No. 580/2004 Coll. Health Care Insurance Act, Act No. 297/2008 Coll. on the Prevention of Legalization of Proceeds of Criminal Activity and Terrorist Financing on Amendments and supplements to Certain Acts asamended.


Personaldata–Dataaboutnaturalpersonwhowasidentifiedorwhocanbeidentifieddirectlyorindirectly, especially with reference to the identifier such as name, identification number, online identifier or one or several elements specific for physical, physiological, genetic, mental, economic, cultural or social identify of this naturalperson.


Processing-Anyoperationorsetofoperationswhichisperformedonpersonaldataoronsetsofpersonal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure ordestruction.


Processor-Anypersonwhoprocessespersonaldataonbehalfofthecontrolleronbasisofauthorizationin compliance with Article 28GDPR.


A. Causes of processing personal data byCompany


Company processes the personal data on legal grounds and processes only those personal data which are required for achieving the particular processing purposes. Personal data are processed always for the pre- determinedandlegitimatepurposewhileitwouldnotbepossibletoachievesuchpurposewithoutprocessing of the respective data according to Commercial Code and the Other legalacts.


Company processes personal data on the purpose:

  1. Identification ofclients,

  2. Provideservices,

  3. Maintenance of contract relationships including changes and termination of contractrelationships,

  4. Acceptance and processing of suggestions and complaints ofClients,

  5. Relationshipmanagement,

  6. Protection and seeking the rights ofCompany,

  7. To fulfill obligations arising from legalprovisions,


  1. MaintenanceofseparaterecordsofClientswhodonotmeettheirobligationsensuingfromthecontract relationships with the Company duly and on time, Clients who have committed action considered as unusual business transaction and Clients the international sanctions relateto,

  1. To fulfill tax and accounting obligation of theCompany,

  2. To lodge the claims of theCompany,

  3. Activities related with meeting the archiveduties,

  4. Marketing.


Companymayproceedtoprocessingofyourpersonaldataincasesnotmentionedaboveunderthefollowing legalgrounds:

  1. if it is necessary for performance of the contract concluded between Client and Company including precontract relationships pursuant to Article 6 par. 1 b)GDPR,

  2. data subject have granted consent to processing of personal data for the particular purpose/purposes pursuant to Article 6 par. 1 a)GDPR,

  3. data subject have granted consent to processing of personal data for the particular purpose/purposes pursuant to Article 9 par. 2 a)GDPR,

  4. if it is necessary for purposes of legitimate interests followed by Company or a third party pursuant to Article 6 par. 1 f)GDPR,

  5. if processing is necessary for proving, claiming or justification of legal claims pursuant to Article 9 par. 2 f)GDPR.


Company proceeds personal data also on purpose to prevent against criminal activity or other illegal action.


In relation to inform Clients about products and services provided by Company, personal data are processed the legitimate interests of the Company and only exceptionally without your prior consent.


Company has legitimate interest in taking care for its Clients and developing business relations with its Clients, and hence informing them about its products and services.


InrelationtheretoCompanycancontactClientyetwithouthispriorconsentwhileitwillinformClientofsuch processing of his personal data and instructs Client about his rights, especially about the right to object to processing of his personaldata.


B. Processing of personaldata


Company process these personal data:

  1. Identification data (for instance name, surname, date of birth, birth identification number, data from the identification document, nationality, identification document photography, client number, product number),


  1. Contact data (for instance permanent/temporary residence address, e-mail address, telephone number),

  2. Data about the utilized products and services (e.g. data about the utilized products and services, data related with processing of yoursuggestions),

  1. Data about representatives or employees of the Client with whom Companycommunicates,

  2. Economic data (for instance data about ownership of movable and immovableobjects),

  3. Data required for monitoring of secure utilization of products andservices,

  4. Data related with utilization of websites and applications of Company (for instancecookies),

  5. Other relevant data (for instance data about execution proceedings, bankruptcy proceedings, personal bankruptcy, data related with meeting your contract duties and obligations, data about your payment discipline,datafromcreditregisters,dataaboutinclusioninthelistofclientstheinternationalsanctions relate to),

  6. Data arising from activity on social networkingsites.


C. Entities, to which Company provides personaldata


Company shall not provide your personal data to other entities, except for the cases in which data subject havegrantedit´sconsentorwritteninstructionorifotherlegalgroundforprovisionofpersonaldatatoother entities exists, for instance in case of performance of the legal obligation ofCompany.


Company in meeting legal obligations provides personal data to other entities in these cases:

  1. in the area of providing and securing obligation of theemployer,

  2. protection against legalization of incomes from criminal activities and financing ofterrorism,

  3. in connection with reporting to the law enforcement authorities about suspicion that a crime is being prepared, being committed or wascommitted,

  4. in connection with the reporting duty to the respective authority of the Slovak Republic for the purpose of automatic exchange of information about financial accounts for purposes of tax administration pursuant to a separate regulation (FATCA,CRS).


Company may process your personal data in certain cases also by means of its processors. Authorization for processing personal data of data subject by an processor does not require it´s consent or other legal ground such as in case of provision of data to other controllers. In such case the processor processes personal data of data subject on behalf of Company as thecontroller.


Processing of personal data by means of an processor has no negative impact on performance and application of data subject´s rights while the Client can apply the respective rights with Company or also directly with the particular processor.


Company uses the processors providing appropriate technical, organizational and other measures so that processing meets the GDPR requirements and protection of rights of the data subject is provided in full extent.


Company uses the following processors, whose provide:

  1. marketing activities,

  2. economical, accounting and taxservices,

  3. print services and services of masscorrespondence,

  4. administrative services connected withdelivery,

  5. legalservices,

  6. recovery and maintenance ofreceivables,

  7. financial and relatedservices,

  8. maintenance of registry records pursuant to separateregulations.


Personal data are not the subject of cross-border transfer to third countries.


D. Retention period of personaldata


Company shall retain personal data in a form enabling the identification for the period necessary to achieve the purpose of personal data processing.


If the personal data are being processed with the consent of data subject, Company will store personal data aftertheconsentisrevokedoritsvalidityexpiresonlyfortheperiodrequiredtodemonstrate,applyordefend legal claims of Company. This also applies in case of processing under thecontract.


If the personal data are being processed in terms of performance of the legal obligation of Company, the respectivelegalregulationsspecifytheperiodduringwhichCompanyisobligatedtostorethepersonaldata and related documents. Such legal regulations includeespecially:

  1. Act No. 431/2002 Coll. AccountingAct,

  2. Act No. 199/2004 Coll. CustomsLaw,

  3. Legal acts governing tax obligations of theCompany,

  4. Legal acts governing obligations of the Company asemployer,

  5. Act No. 297/2008 Coll. on the Prevention of Legalization of Proceeds of Criminal Activity and Terrorist Financing,

  6. Act No. 395/2002 Coll. The Registry andarchives.


E. Personal rights and Company obligations in relation to personal dataprocessing


The Company is mandatory to provide the personal data to the data subject whose the personal data is processed.


The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccuratepersonaldataconcerninghimorher.Takingintoaccountthepurposesoftheprocessing,thedata subject shall have the right to have incomplete personal datacompleted.


The Company immediately erase and rectify the personal data which are incorrect in relation to the purpose for which they are processed.


TheCompanyshallhavetheobligationtoerasepersonaldatawithoutunduedelaywhereoneofthefollowing groundsapplies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwiseprocessed,

  2. thedatasubjectwithdrawsconsentonwhichtheprocessingisbasedandwherethereisnootherlegal ground for theprocessing,

  3. the data subject objects to the processing the personal data and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing the personaldata,

  4. the personal data have been unlawfullyprocessed,

  5. the personal data have to be erased for compliance with a legal obligation in GDPR, special law or international contract to which Slovak republic issubject.


Where the Company has made the personal data public under GDPR and is obliged to erase the personal data, the Company, taking account of available technology and the cost of implementation, shall take reasonablesteps,includingtechnicalmeasures,toinformcontrollerswhichareprocessingthepersonaldata that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personaldata.


The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling the Company to verify the accuracy of the personaldata,

  1. theprocessingisunlawfulandthedatasubjectopposestheerasureofthepersonaldataandrequests the restriction of their useinstead,

  2. the Company no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legalclaims,

  3. the data subject has objected to processing the personal data pending the verification whether the legitimate grounds of the Company override those of the datasubject.


Thedatasubjectshallhavetherighttoreceivethepersonaldataconcerninghimorher,whichheorshehas provided to a Company, in a structured, commonly used and machine-readable format and have the right to transmitthosedatatoanothercontrollerwithouthindrancefromtheCompanytowhichthepersonaldata


have been provided, where the data subject has given consent to the processing of his or her personal data for one or more specific purposes, or where processing is necessary for the performance of a contract to whichthedatasubjectispartyorinordertotakestepsattherequestofthedatasubjectpriortoenteringinto acontract.


Weadopttechnicalandorganizationalmeasureswiththeaimtoprotectyourpersonaldataagainstintentional or neglectful deletion, loss or change and unauthorized accession of your personaldata


The Company employees, as well as Company contract partners who process personal data on behalf of Company are bound by the obligation of secrecy which lasts yet after the contract relationship terminates.


InconnectionwithprocessingofpersonaldatayouhavetherighttofileacomplianttotheOfficeforPeronal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, SlovakRepublic.


IfyourpersonaldataarebeingprocessedbasedontheconsentpursuanttoArticle6par.1GDPRorpursuant to Article 9 par. 2 GDPR, you are entitled to withdraw this consent at any time. However, withdrawal of consent has no impact on lawfulness of processing resulting from consent before itswithdrawal.