Privacy Policy


ColosseoEAS, a.s., having its registered office at Einsteinova 11/3677, 851 01 Bratislava, Slovak Republic, registered in the Commercial Register administered by District Court Bratislava I, Section Sa, Entry No: 5742/B, ID No: 47 089 849 (“CEAS”), as Data Controller, processes personal data of CEAS’ customers and website users, as Data Subjects, whose personal data are subject to protection under the terms of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).

CEAS is publishing this Privacy Policy for the purpose of informing Data Subjects about the processing of their Personal Data (e.g. name, surname, email address, country of residence, phone number, IP address) by CEAS and the rights granted by GDPR and other relevant laws with regard to the protection of Personal Data. All services incorporated in this website and other services provided by CEAS, including CEAS’ Newsletter, are governed by this Privacy Policy.

This Privacy Policy shall be governed by Slovak law, primarily the Act No. 18/2018 Coll. on Protection of Personal Data, and the GDPR. All disputes arising out of or in connection with this Privacy Policy between CEAS and Data Subjects shall be finally settled by the relevant Slovak court having jurisdiction. CEAS and Data Subject/s in accordance with Article 23 Council Regulation No 44/2001 of 22 December 2000 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters, agree that the courts of the Slovak Republic are the competent courts for the settlement of all disputes arising from and in connection with this Privacy Policy between CEAS and Data Subject/s, whereas the competent court for the proceedings in the first instance shall be the District Court Bratislava I.

Any complaints about the processing of Personal Data by CEAS can be brought to the Office of Personal Data Protection of the Slovak Republic, which performs the supervision and enforcement of personal data protection (https://dataprotection.gov.sk/uoou/en).

PURPOSE OF PROCESSING

Data Subjects may use CEAS’ website for information purposes without providing any Personal Data. However, the processing of Personal Data is inherent in some services that are provided by CEAS. CEAS does not sell, rent or otherwise transfer Personal Data to third parties, whereas Personal Data is processed at CEAS’ registered offices  (with regard to Gooogle Inc.’s Analytics also in USA). Personal Data is collected for the following purposes:

  • CEAS may collect Personal Data for the purposes of direct communication with Data Subjects in order to respond to their questions and requests sent via the website form or email or other means of communication. Furthermore, CEAS may have to contact Data Subjects in order to gain additional Personal Data necessary for processing their requests. Based on the communication means Data Subjects choose to contact CEAS, CEAS may collect the following Personal Data: name, surname, email address, phone number.
  • CEAS may collect Personal Data of Data Subjects who are customers or when explicit consent was given with processing of Personal Data for the purposes of marketing communication. CEAS may process Personal Data to administer marketing communication (e.g. CEAS’ Newsletter or direct email marketing), to propose products and services offered by CEAS, until the Data Subject unsubscribes or sends a withdrawal of consent. With regard to marketing purposes, CEAS may collect the following Personal Data: name, surname, job title, company, email address, phone number.
  • CEAS may collect information about Data Subjects’ computer, including the IP address where available, operating system and browser type, for system administration and to report aggregate information for advertising purposes under the legitimate interest legal basis. This is statistical data about CEAS’ website users' browsing actions and patterns, and does not identify any individual. CEAS uses the services of Google Inc.’s Google Analytics, a web analysis service that utilizes collected data, such as usage data, to track and analyze the use of CEAS’ online services and subsequently produces reports on users’ activities (in anonymised form). Google Inc.’s Privacy Policy may be viewed at: https://policies.google.com/privacy?hl=en&gl=ZZ, and furthermore the option of opt-out is available at: https://tools.google.com/dlpage/gaoptout.

LEGAL BASIS

CEAS’ aims to limit Personal Data processing to the minimum necessary for the legitimate purposes while providing products and services to customers, and to protect Personal Data with the highest priority. CEAS data processing activities are mainly conducted on the following legal bases:

  • Legitimate interest with regard to marketing and website usage analytics. CEAS applies this principle when it comes to communication with Data Subjects who are CEAS’ customers and furthermore analytics used by CEAS’ website.
  • Consent, when required by legislation, primarily when approaching potential customers having had no previous contact with CEAS.
  • Compliance with legal obligation, e.g. stipulating requirements for electronic communication, invoicing or billing.

THE RIGHTS OF DATA SUBJECTS

CEAS implements appropriate technical and organizational measures to ensure a level of security, which is appropriate to minimize potential risks. CEAS aims to ensure the ongoing confidentiality and integrity of Personal Data. Data Subjects are entitled to the following rights (among other rights pursuant to GDPR):

- right to request access to Personal Data processed by CEAS,
- right to rectification of Personal Data if inaccurate,
- right to request erasure of Personal Data,
- right to request restriction of Personal Data processing,
- right to object to Personal Data processing,
- right to Personal Data portability.

Requests for exercising above specified rights or questions concerning Personal Data protection may be sent to CEAS via email: GDPR@ColosseoEAS.com

RETENTION TIME

CEAS’ intention is to prevent Personal Data from being stored longer than necessary while providing products and services. Personal Data is kept for the time necessary to provide the services requested by Data Subjects, or for the validity period of Data Subject’s consent, or for the time stated by the processing purposes outlined in this Privacy Policy, however for the maximum period of 5 years from the receipt of Personal Data. Once the retention time elapses, Personal Data shall be deleted by CEAS.

Data Subjects may at any time, without giving a reason, request the suspension or removal of their respective Personal Data or withdraw their previously given consent via email at: GDPR@ColosseoEAS.com