1.1. Company Kedros, a.s. (hereinafter referred to as „company“) commits to protecting personal data gathered and processes within services rendered and thus takes optimal technical and organizational measures in protecting them.
1.2. Company also processes personal data in concordance with GDPR requirements and according to Act No. 18/2018 Coll. on the protection of personal data subsequently amended.
1.3. This document specifies internal company policy of personal data protection in concordance with Art. 24 of the GDPR.
1.4. This document provides necessary information about data collection for data subject as stipulated in § 15 par 1 of Act No. 122/2013 Coll. and Art. 13 of the GDPR.
1.5. Company incorporates similar personal data protection policy within certification; STN EN ISO 9001:2016/ EN ISO 9001:2015 (Quality Management System), STN EN ISO 14001:2016/ EN ISO 14001:2015 (Environmental Management System), STN OHSAS 18001:2009/ OHSAS 18001:2007 (Occupation Health and Safety Management System), STN ISO/IEC 27001:2014 – ISO/IEC 27001:2013 (Information Security Management System), ISO 37001:2016 (Anti-bribery Management System), STN ISO/IEC 20000-1:2011 (Service Management System(Information technology)).
2. Operator basic information
Kedros, a.s. Karloveská 6C, 84104 Bratislava, Slovak Republic, ID No.: 35 893 907, the company is registered with the Business Register of the District Court Bratislava I, Section: Sa, insert No.: 3373/B. Tel: +421 (0) 914 329 696, e-mail:
2.2. Data Protection Officer:
2.3. Instruction on the rights of the data subject:
2.3.1. Personal data access rights
You, as a data subject, have the right to ask for confirmation whether your personal data are being processed. In case it is so, you have the right to access information about your personal data processing in extend stipulated in Art. 15 of the GDPR. At the same time, you have the right to obtain a copy of the personal data that are being processed about you.
2.3.2. Personal data correction rights
In case your personal data are being processed incorrectly, or are incomplete, you have the right to demand their correction or competition.
2.3.3. Consent withdrawal rights
In case you consented to your personal data being processed, you have the right to withdraw the consent without prejudice to the lawfulness of consent-based processing prior to its withdrawal.
2.3.4. Personal data deletion rights
You have the right to demand deletion of your personal data that are being processed. However, the exercise of this right is preceded by an individual assessment of your demand. In case that further processing of personal data is necessary in any of the cases referred to in Art. 17 of the GDPR, in particular for the fulfilment of a legal obligation, the legitimate interest of the operator, for the purpose of archiving in the public interest or for proving, asserting or defending legal claims, the demand will not be answered.
2.3.5. Personal data processing restriction rights
You have the right to limit the processing of your personal data that we process about you, but only for the reasons stated in Art. 18 of the GDPR. You can exercise this right especially if our organization no longer needs to process your personal data and these data are necessary for you to prove the exercise or defence of your legal claims.
2.3.6. Personal data portability rights
In case we process your personal data provided to our organization by consent or under a contract, and these personal data are being processed in an automated way, you have the right to obtain your personal data provided to us in a structured, routinely applicable and machine-readable format. Upon your request, we will transfer these data to another operator you picked, unless this is prevented by legal or other obstacles.
2.3.7. Objection rights and automated individual decision making
You have the right to object to the processing of personal data that we execute based on a legitimate interest or in connection with the performance of direct marketing activities, as well as to object to profiling for the stated purpose. If you find or suspect that your personal data are being processed in violation of the protection of your private and personal life or in violation of the law, please contact us and demand explanation or elimination of the inappropriate status.
2.3.8. Rights to file a complaint to the supervisory authority
You have the right to file your complaint regarding the personal data processing with the supervisory authority at: Office for Personal Data Protection of the Slovak Republic Hraničná 12 820 07 Bratislava, ID No.: 36 064 220, Tel No .: +421 (2) 323 13 220, web: https://dataprotection.gov.sk/uoou/
2.4. Contact details for exercising the rights of the data subject:
You can exercise the individual rights listed in paragraph 2.3. by sending an e-mail request to the address or by a written request sent to the address of the registered office of the operator Kedros, a.s. Karloveská 6C, 84104 Bratislava, Slovak Republic (mark envelope “intended for DPO “).
2.5. Means of attending the data subject’s rights execution:
All information and statements on the rights that you exercise with us are free of charge and will be provided to you no later than 1 month from the delivery of the application. The period may be extended by further 2 months if complexity or number of the application demands it. If the application is evidently unfounded or inapposite, especially if it is repeated, we are entitled to charge a reasonable fee for the administrative costs spent to provide the information. In case of a repeated requests for copies of the personal data processed, we reserve the right to charge a reasonable fee for administrative costs as well. If you contact us via one of the above-mentioned communication channels, we will use the data provided by you (your e-mail address or your name, surname and your telephone number) to answer your questions or to process your application. The data will be deleted immediately after they are no longer needed to answer your questions or to process your application, or we will limit their processing if we need to prove, assert or defend legal claims, or if there are legal obligations to keep them. If we have reasonable doubts about your identity, we may, within with the exercise of individual rights, request additional information to confirm your identity.
3. Processing activity information
Omitted paragraphs 3.1. to 3.8. do not deal with testing and therefore they are not included in English version.
3.9. Processing activity: Company’s development, testing, administration, operation and application support
3.9.1. Purpose of personal data processing:
Providing development, testing, administration, operation and support for company’s applications, including certification and access control to these applications, change procedure management, incident resolution, monitoring of their operation and providing support to their users. The provisions for the protection of privacy in the development, testing, administration, operation and support of applications are regulated in this document generally, but each application of the company may still have published specific rules, specifically focused on the given application.
3.9.2. Legal basis for personal data processing:
Personal data are being processed based on a legitimate interest of company, namely, to ensure the protection (confidentiality, availability and integrity) of data processed within company’s application or by company’s applications. The processing of personal data is in the legitimate interest of Kedros, a.s., to ensure the proper care of application users, the application improvement and development, the provision of products and services, in order to promote their marketability. We process personal data based on data subject consent to the processing of personal data during application download from online stores in accordance with point 3.9.5.. The legal basis for the processing of personal data for this purpose is the contractual relationship concluded between the company and the data subject, resp. provision § 10 par. 3 letter b) of Act no. 122/2013 Coll. and the provision of Article 6 para. 1 letter b) GDPR. The consents of the data subjects is supplemented by License Terms or the General Terms and Conditions approved by the company for the use of a specific application thus creating the preconditions for compliance with the basic principles of personal data processing according to Article 5 para. 1 letter (a) and (b) of the GDPR and Article 7 of the GDPR. The company shall, in addition to the notification mechanisms, draw the data subjects’ attention to the wording of the said consents to the processing of personal data with regard to the requirement arising from Article 7 para. 2 GDPR. The company is entitled to process data subjects’ personal data also for the purpose of performing the so-called due diligence audits that could occur before the possible sale of the application to a candidate in a third-party position. The legal basis for the processing of personal data will be the protection of the rights and legally protected interests of the company, respectively. the provision of Article 6 para. 1 letter f) GDPR.
3.9.3. Processed personal data and personal data sources:
184.108.40.206. Processed personal data categories:
– application users: name and surname, contact information (e-mail, tel. No.), assigned user rights, IP address, device model, location data.
220.127.116.11. The source of collected personal data:
– data subject,
– data subject’s employer.
3.9.4. Personal data storage time:
Personal data are processed for the entire period of administration, operation and support for applications, then they are included in pre-archival care in accordance with the requirements of Act no. 395/2002 Coll. on archives and registries and on the amendment of certain laws as amended and kept for a period of 5 years. Records of system operation in electronic form (logs) are kept for 2 years from the creation of the record.
3.9.5. Personal data recipients’ categories:
Personal data are being processed by the following intermediaries: suppliers providing certification, sales, administration, operation and support of infrastructure applications and access control systems, incident resolution, traffic monitoring and user support. Some applications can be freely downloaded from the so-called online stores for smart devices, namely, from the App Store and Google Play. The company informs data subjects that in the case of downloading the application into the end user’s device, from the so-called online stores, these applications may have their personal data processed by third party operators completely independently of the company. The Company has no influence on the personal data processing by the App Store and Goole Play.
The App Store and Google Play have their own protection of personal data and privacy in place, which also apply to data subject when downloading an app from the App Store and Google Play. More information on the Appstore protection of personal data and privacy can be found in at the following URL: https://www.apple.com/legal/privacy/ . More information on the Google Play protection of personal data and privacy can be found in at the following URL: https://policies.google.com/privacy .
3.9.6. Personal data transfer to a third country or international organization:
The Operator cooperates with the following partners, who have the status of a third party and an independent operator, responsible for the personal data protection independently and separately from the Operator:
Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, United States;
and Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA, United States.
3.9.7. Existence of automated decision making, including profiling:
No automated decision making or profiling is performed with personal data.
4. Privacy protection change
We do not consider the personal data protection to be a one-off issue. The information we are required to provide to you with respect to our personal data processing may change or cease to be current. Therefore, we reserve the right to modify and change these conditions to any extent at any time. In case we do change these conditions in a significant way, we will notify you e.g. by general notice on our website or by a special notice via e-mail.