Information provided in obtaining personal data from a data subject – business partners representatives under Art. 13 of the GDPR Regulation


Data controller´s data

The company Trnavská NAD, a.s. (TNAD) with its registered office at Nitrianska 5, 917 54 Trnava, CIN: 34 127 844, registered in the Commercial Register of the District Court Trnava, Section: Sa, Insert No: 130/T, which determines the purposes and means of personal data processing, is the data controller under the Regulation (EU) 2016/679 on the Protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Act no. 18/2018 Coll. on Personal Data Protection and on amendments and supplements of certain other Acts.

Contact details of the data controller for further questions concerning the processing of your personal data or the exercise of your following rights: sekretariat@tnad.sk or the registered office of the company: Trnavská NAD, a.s., Nitrianska 5, 917 54 Trnava.

The purposes of the processing and the legal basis

Common personal data provided by you (name, surname, e-mail address, telephone contact, etc.) are processed by TNAD for the purpose of keeping a database of business partners and contact persons, managing relationships with the business partners, contacting the business partners through you as their representatives.

The legal basis for the processing of your personal data, when you as a natural person have concluded a contract with TNAD, is its necessity to fulfill the contract with TNAD to which you are party.

If a contract with TNAD is concluded by the company you represent, the legal basis for the processing of your personal data is TNAD’s legitimate interest in managing the business in accordance with the requirements of the business partners and contacting you as the data subject in fulfilling obligations or pursuing claims from that business relationship.

At the same time, the data controller processes your personal data – your visual image and figure, using a camera system located in the private premises of the data controller, which are also used by other persons than the data controller and its employees. The purpose of processing such data is to detect crime, security breach, property or health protection in the data controller´s private premises.

The legal basis for the processing is the legitimate interest of the data controller in ensuring safety, protecting business secrets and protecting the property of the data controller and its employees.

Who may be the recipient of your personal data

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed. However, public authorities (e.g. tax authorities, courts, law enforcement authorities) which may receive personal data in the framework of a particular inquiry in accordance with Slovak law shall not be regarded as recipients.

Most of your personal data received by TNAD are not provided to other recipients. TNAD does not transfer personal data to third countries or international organisations. TNAD will disclose personal data to other bodies only in accordance with TNAD’s internal regulations and where required by law.

Data storage period

TNAD stores your personal data in a form that allows your identification as long as it is necessary to fulfill the individual processing purposes. Your personal data are stored for the period specified in the relevant legislation and for the period specified in TNAD’s registry. Personal data will be discarded when they are no longer needed for processing and after the necessary time for their storage.

Your rights

If TNAD as a data controller already processes your personal data, in accordance with the GDPR and the Personal Data Protection Act, you as the data subject have the following rights:

  • • The right to request from the data controller access to your personal data – you shall have the right to obtain confirmation as to whether or not your personal data are being processed and, where that is the case, access to the personal data and the necessary information listed in Art. 15 GDPR (e.g. why we process your personal data, personal data categories, and how long your personal data are stored).
  • • The right to rectification of personal data – at your request, the data controller shall, without undue delay, rectify your inaccurate personal data, or complete your incomplete personal data.
  • • The right to erasure of your personal data – you shall have the right to obtain from the data controller the erasure of your personal data without undue delay and the data controller shall have the obligation to erase personal data where one of the following grounds applies: (i) the personal data are no longer necessary in relation to the purposes for which they were collected, (ii) you withdraw your consent to the processing of personal data (and there are no other legitimate grounds for the processing), (iii) you object to the processing of your personal data, (iv) your personal data have been unlawfully processed, (v) the personal data have to be erased for compliance with a legal obligation under EU or Slovak law, (vi) the personal data have been collected in relation to the offer of information society services based on the consent of the legal representative of the data subject under 16 years of age.
  • • The right to restriction of processing of your personal data – you shall have the right to obtain from the data controller restriction of processing where one of the following applies: (i) you contest the accuracy of the personal data, (ii) the processing is unlawful and instead of the erasure of the personal data you request the restriction of their use, (iii) the data controller no longer needs your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (iv) you have objected to processing and the restriction of processing of your personal data will last pending the verification whether the legitimate grounds of the data controller override your legitimate grounds.
  • • The right to object to the processing of your personal data – you shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, or which is necessary for the purposes of the legitimate interests of the data controller, including objecting to profiling. The data controller shall no longer process your personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, (which includes profiling) to the extent that it is related to such direct marketing.
  • • The right to portability of personal data – you shall have the right to receive your personal data which you have provided to the data controller in a structured, commonly used and machine-readable format and the right to transmit those data to another data controller. This right may be exercised only if the processing of personal data is based on your consent or the processing is necessary for the performance of a contract to which you are party, and if the processing is carried out by automated means.

As the data subject you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you.

If the processing of your personal data is based on your consent with the processing, you shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

You may exercise your abovementioned rights as well as withdrawal of consent in writing, by sending an application to the registered office of TNAD, or electronically, by sending your application to the responsible person to the e-mail address: sekretariat@tnad.sk

In the case of a personal data breach at TNAD, which is likely to result in a high risk to the rights and freedoms of natural persons, TNAD shall communicate the personal data breach to the data subject without undue delay. For this purpose, the company has adopted an internal regulation regulating the procedure and measures for breaching the protection of personal data as well as the formalities for notifying the authority and the data subject.

At the same time, you have the right to file a complaint to the Office for Personal Data Protection if TNAD does not properly comply with the rights of the data subject or the processing of personal data will not be in accordance with the GDPR processing principles.

Further information

Personal data provision is a necessary requirement for the conclusion and performance of a contract with a business partner (e.g. a contract for transportation of goods). You shall be obliged to provide the required personal data to TNAD for the specified purposes, otherwise TNAD could not properly fulfill its obligations arising from its business relationship and from the contract with the business partner.

TNAD will not make decisions with legal effects relating to the data subjects based solely on automated processing (including profiling).


Cenová ponuka dopravy

Cenová ponuka
Zavrieť