In the Notice, we provide information about how Highgate Group collects, processes and protects your personal data, what your rights are in relation to the processing of your personal data and how you can exercise those rights.
The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC(GDPR) and Act No. 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain laws(the Act).
I. TO WHOM THIS NOTICE IS ADDRESSED
The information in the Notice relates to:
- website visitors;
- clients to whom Highgate Group provides legal, tax or accounting services;
- jobseekers or other forms of professional cooperation;
- suppliers of goods or services;
- persons who have ordered products or services through the e-shop;
- contact persons or other persons authorised to act for or on behalf of the aforementioned entities.
II. WHO WE ARE AND HOW TO CONTACT US
Highgate Law & Tax s. r. o. | |
Headquarters: | Nivy Tower, Mlynské Nivy 5, 821 09 Bratislava – Ružinov district, Slovak Republic, |
ID: | 51 477 262 |
Highgate Accounting s. r. o. | |
Headquarters: | Nivy Tower, Mlynské Nivy 5, 821 09 Bratislava – Ružinov district, Slovak Republic, |
ID: | 52 822 982 |
Highgate Management s. r. o. | |
Headquarters: | Nivy Tower, Mlynské Nivy 5, 821 09 Bratislava – Ružinov district, Slovak Republic, |
ID: | 44 138 148 |
Highgate Events with. r. o. | |
Headquarters: | Nivy Tower, Mlynské Nivy 5, 821 09 Bratislava – Ružinov district, Slovak Republic, |
ID: | 50 399 675 |
Highgate Corporate Tax s. r. o. | |
Headquarters: | Nivy Tower, Mlynské Nivy 5, 821 09 Bratislava – Ružinov district, Slovak Republic, |
ID: | 54 434 882 |
Highgate Investment Funds s. r. o. | |
Headquarters: | Nivy Tower, Mlynské Nivy 5, 821 09 Bratislava – Ružinov district, Slovak Republic, |
ID: | 51 733 137 |
Highgate Finance s. r. o. | |
Headquarters: | Nivy Tower, Mlynské Nivy 5, 821 09 Bratislava – Ružinov district, Slovak Republic, |
ID: | 50 458 981 |
(the above companies are hereinafter referred to as the Highgate Group)
If you enter into a contract (including a pre-contractual relationship) with any of the Highgate Group companies or if you provide your personal data to any of the Highgate Group companies, the controller of your personal data will be the Highgate Group company with which you enter into the contract or to which you have provided your personal data. For example, for the provision of legal services, the operator will be Highgate Law & Tax s. r. o.
Companies belonging to the Highgate Group are joint operators in the operation of the www.highgate.sk web portal(the Portal). The data subject may contact any company of his or her preference in all matters relating to the processing of his or her personal data.
If you have any questions about the processing of your personal data, please contact Highgate Group:
info@highgate.sk
+421 907 768 793
+421 918 953 897
III. PURPOSE, LEGAL BASIS, CATEGORIES OF PERSONAL DATA AND RETENTION PERIOD
PURPOSE OF PROCESSING | LEGAL BASIS FOR PROCESSING | CATEGORIES OF PERSONAL DATA | RETENTION PERIOD |
Provision of legal services, accounting services and tax consultancy. | The performance of the contract pursuant to Article 6 para. 1 lit. b) GDPR. | All personal data provided or obtained in the course of entering into and performance of a contractual relationship. | 4 years from the end of the contractual relationship. |
Selling products and services (ebook, training, seminars, conferences). | The performance of the contract pursuant to Article 6 para. 1 lit. b) GDPR. | Common personal data required for invoicing (name, surname, country, residence, delivery address, IBAN, telephone, e-mail address). | 4 years from the end of the contractual relationship. |
Compliance with obligations in the area of protection against money laundering and protection against terrorist financing. | The fulfilment of the legal obligation under Article 6(1) of the EC Treaty. 1 lit. c) GDPR. | All personal data required by Law no. 297/2008 Coll. in identifying clients and verifying their identity. | For the duration of the contractual relationship and for 5 years after its termination, unless the financial reporting unit requests an extension of this period. |
Filling vacancies/conducting pre-contractual negotiations with job applicants. | The performance of the contract or the implementation of pre-contractual measures at the request of the data subject pursuant to Article 6(1)(a) of Regulation (EC) No … 1 lit. b) GDPR. | Common personal data you provide to Highgate Group during the selection process (CV, cover letter). | Pending the conclusion of the contract or the end of the selection procedure. |
Maintaining a database of job seekers or service seekers. | Consent pursuant to Art. 6 para. 1 lit. a) GDPR. | Common personal data you provide to Highgate Group during the selection process (CV, cover letter). | Within 6 months of the end of the selection procedure. |
Sending marketing communications | Consent pursuant to Art. 6 para. 1 lit. a) GDPR.Legitimate interest under Article 6 para. 1 lit. f) GDPR for existing customers and marketing of similar goods and services. | E-mail, first and last name. | For the duration of the consent granted or until the consent is withdrawn. |
Corporate document management | The fulfilment of the legal obligation under Article 6(1) of the EC Treaty. 1 lit. c) GDPR. | Ordinary personal data contained in corporate documents (i.e. personal data on statutory bodies, persons authorised to act for the company). | During the term of the company. |
Communication with the person who filled in the contact form. | Consent pursuant to Art. 6 para. 1 lit. a) GDPR. | Name, email, phone number, company, personal data included in the message. | Pending the resolution of the report or the conclusion of the contract. |
Bookkeeping and tax management. | The fulfilment of the legal obligation under Article 6(1) of the EC Treaty. 1 lit. c) GDPR. | All personal data provided in accounting and tax documents. | 10 years following the year to which the accounting and tax documents relate. |
Conclusion and administration of contractual relations with service providers and suppliers of goods. | The performance of the contract pursuant to Article 6 para. 1 lit. (b) GDPR.Legitimate interest pursuant to Article 6 para. 1 lit. f) GDPR. | Ordinary personal data necessary for the conclusion and performance of contracts (personal data of contact persons, statutory persons, etc.). | 4 years from the end of the contractual relationship. |
Exercise of data subjects’ rights (submissions). | The fulfilment of the legal obligation under Article 6(1) of the EC Treaty. 1 lit. c) GDPR. | Name, surname, place of residence, date of birth or other data for proper verification of the identification of the data subject. | 2 years after the processing of the data subject’s request. |
Records of data breaches. | Compliance with the legal obligation pursuant to Article 6(1) of the EC Treaty. 1 lit. c) GDPR. | Personal data affected by a data breach. | During the term of the company. |
Presentation of the company (i.e. social media, conferences, taking photos and videos) | Legitimate interest pursuant to Article 6(1) of Regulation (EC) No … 1 lit. (f) GDPR.Consent of the data subject pursuant to Article 6(1) of the GDPR. 1 lit. a) GDPR. | Common personal data, namely photo, video, name, surname, position, email, phone number. | For as long as consent is given or until consent is withdrawn. |
Proving, pursuing and defending the company’s legal claims. | Legitimate interest pursuant to Article 6(1) of Regulation (EC) No … 1 lit. f) GDPR. | Common personal data. | Pending the final termination of the claim being proved, asserted or defended. |
The use of so-called. cookies for social networks and cookies for advertising. | Consent of the data subject pursuant to Article 6(1) of Directive 95/46/EC 1 lit. a) GDPR. | Common personal data. | Depending on the cookie category. |
Archived at | Compliance with the legal obligation pursuant to Article 6(1) of the EC Treaty. 1 lit. c) GDPR. | Personal data contained in documents to be archived. | Depending on the type of document to be archived. |
IV. WHAT LEGITIMATE INTERESTS DOES THE HIGHGATE GROUP HAVE?
Highgate Law & Tax, s.r.o. relies on legitimate interests in the event of litigation or out-of-court disputes or in proceedings with public authorities in which Highgate Law & Tax, s.r.o. does not represent its clients, but asserts and proves its legal claims, and in the processing of personal data of contact persons or other persons authorized to act for legal entities with which Highgate Group cooperates.
The Highgate Group also sends marketing communications on the basis of legitimate interest for which consent is not required under applicable law, in particular to clients of the Highgate Group or other persons with whom the Highgate Group already has a relevant relationship.
The legitimate interest is also used by the Highgate Group for the processing of personal data of data subjects for the conclusion and performance of contractual relations, if the data subjects are not a party to the contract, and also for the presentation of companies externally.
The Highgate Group may take photographs or video footage of attendees and highlights at conferences, training sessions or other professional events it organises, which may then be used to promote the Highgate Group’s activities. If you do not wish to be captured on the above footage, please inform the Highgate Group prior to the event by emailing info@highgate.sk.
V. INTRA-GROUP TRANSFERS
Disclosures of personal information within Highgate Group companies may be necessary to effectively provide services to customers, and disclosures of personal information will be made only to the extent necessary.
VI. DISCLOSURE OF PERSONAL DATA
Area | Service provider | Transfer outside the EEA |
IT services | IT service provider | No |
Domain and web hosting | The domain registrar and web hosting provider (Websupport s. r. o.) | No |
Subcontractors | Contracted providers of legal, accounting and tax services. | No |
Accounting and taxation | Provider of accounting platform (Pohoda, SuperFaktúra). | No |
Marketing | Providers of marketing tools and platforms (LinkediN, Mailchimp, Facebook, Google) | Yes (USA) |
Billing | Billing software provider (Marktime, Refis, Raynet) | No |
Office (email, cloud) | Microsoft Ireland Operations Limited | Yes (USA) |
Fulfilling legal obligations | Public authorities | No |
E-shop | WordPress, WooCommerce | Yes (USA) |
Intra-group transfer of personal data | Companies belonging to the Highgate Group | No |
Online payments | Payment Processor (Stripe) | Yes (USA) |
VII. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
When processing personal data at Highgate Group, we aim to minimise any transfer of personal data outside the European Economic Area (EEA). However, the Highgate Group also uses global service providers in the conduct of its business activities who may transfer personal data outside the EEA (listed in Article VI). In these cases, the Highgate Group will ensure that the GDPR conditions for such processing are met and will only make the transfer on the basis of the existence of a European Commission adequacy decision pursuant to Article 45 GDPR or on the basis of standard data protection clauses pursuant to Article 46(1) GDPR. 2 GDPR (e.g. transfers to the US).
VIII. DATA PROTECTION
The Highgate Group continuously evaluates and upgrades the technical and organisational measures in place to ensure the secure processing of personal data. The following are the basic technical and organisational measures:
- Identification, authentication and authorization of authorized persons when using the information system.
- Recording of entries of authorised persons in the information system.
- Detection of the presence of malicious code in incoming electronic mail and other files received from a publicly accessible computer network or from data storage media.
- Protection against unsolicited e-mail.
- Creating backups with a pre-selected periodicity.
- Secure deletion of personal data from data carriers.
- Regular updating of the operating system and application software.
- Written instructions to authorised persons on the rights and obligations arising from the GDPR and the Act.
- Assigning access rights and access levels (roles) to authorised persons.
- Password management.
- Encrypted protection of the contents of data media and encrypted protection of data moved over computer networks.
- Protecting the external and internal environment with a network security tool (e.g. firewall).
- Login to computers and user accounts only with assigned passwords.
- Regular training of authorised persons on security and protection of personal data.
- Ensured physical access control to premises 24×7.
- Monitoring and management of access cards to the premises.
If you would like more information about the security of your personal data, please contact us at info@highgate.sk.
IX. AUTOMATED INDIVIDUAL DECISION-MAKING
In the normal course of the business activities of the companies in the Highgate Group, there is no automated individual decision-making within the meaning of Article 22 of the GDPR.
X. COLLECTION OF PERSONAL DATA
The Highgate Group mainly processes personal data obtained directly from data subjects. However, the Highgate Group may also obtain personal data from publicly available sources or from persons with whom it cooperates in the conduct of its business.
XI. RIGHTS OF DATA SUBJECTS
If Highgate Group processes personal data on the basis of your consent, you have the right to withdraw your consent at any time by sending an email to: info@highgate.sk.
Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
Notwithstanding this, you have the right to object at any time to the processing of your personal data on the grounds of legitimate or public interest, as well as for direct marketing purposes, including profiling.
In addition to the above rights, you have the right under the conditions set out in the GDPR:
- request access to personal data concerning you;
- request the rectification of incorrect personal data concerning you;
- to delete your personal data;
- to restrict the processing of your personal data;
- to the portability of your personal data;
- file a complaint with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, Bratislava, email: dozor@pdp.gov.sk.
- CHANGES TO THE NOTIFICATION
XII. CHANGES TO THE NOTIFICATION
Highgate Group reserves the right to modify and amend the Notice. In the event of a material change to the Notice, Highgate Group will notify you of the change e.g. by a general notice on this Portal.