Information on the processing of personal data in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: "GDPR")
Name: Disig, a. s.
Registered Office: Záhradnícka 151, 821 08 Bratislava
Company ID (IČO): 35 975 946
Registration: Business Register of the District Court of Bratislava I, Section: Sa, Insert No.: 3794/B
Data Protection Officer Contact: firstname.lastname@example.org
Categories of personal data, the purpose of their use and the legal basis for their processing:
- IP address – it is the address of the PC which is sent automatically to our server when the browser of the User requests displaying our website; the legal basis for its processing is our legitimate interest in providing Services and products;
- Information on the browser type used by the User - like the IP address, this information is sent automatically; the legal basis for its processing is our legitimate interest in providing Services and products;
- On-device biometrics - fingerprint or facial biometrics on Android devices and technologies like TouchID or FaceID on Apple devices - we use this kind of authentication method solely to facilitate your access to a protected certificate store, which is used when you sign documents in our mobile application. This feature uses the functionality provided by the operating system of your device, which compares current biometrics data with the data securely stored in your device and evaluates the result on application request. Depending on the result, our mobile application grants or refuses your access to the given certificate store. Biometric data needed to perform these operations are stored on your device and are processed by your mobile device only. We do not have access to your biometric data and therefore we do not process them in any way. It is up to you to decide whether you use this feature or you prefer to enter the password manually. The evaluation of this biometric authentication and functionality as such is at the responsibility of the provider of the operating system.
- Information stated in the certificate - electronic certificates and the data contained therein are processed by us for due functioning of our Services, their improvement and for the purpose of protecting our rights and interests protected by the law; the legal basis for their processing is a contractual relationship (determined by the General Terms and Conditions of Use of QES Portal Services, hereinafter: "General Terms and Conditions");
- Electronic documents that are uploaded by the User to our server through the website – they are processed by us for due functioning of our Services and their improvement; the legal basis for their processing is a contractual relationship (determined by the General Terms and Conditions);
- E-mail address needed and processed by us in case of using our support service to resolve technical problems; the legal basis for its processing is our legitimate interest in the proper provision of Services and products;
- Information from Google Analytics – our website uses the Google Analytics service, which allows us to identify how our website is used by Users (it identifies the number of visits, from what website the User got to our website, etc.). This information is transmitted to the Google company and is available to us in anonymized form. The legal basis for its processing is our legitimate interest in providing Services and products.
Recipients and storage of personal data:
- Apart from information obtained through Google Analytics, the data of our Users are not provided or disclosed by us to third parties unless expressly required by a legal regulation or necessary to achieve the intended purpose of the processing of personal data.
- We also do not publish or transmit any data obtained to non-EU countries.
- Personal data contained in a qualified certificate for electronic signature issued on the QES Portal to the mobile device are sent to the National Security Authority in accordance with Section 6 paragraph 2 of Act No. 272/2016 Coll. on Trust Services (hereinafter referred to as the "Act"), and the Registration Authority - Disig, a.s., has access to them. Should we terminate the provision of the trust Services, the recipient or the National Security Authority may be another provider of the trust services in accordance with Section 4 paragraph 2 of the Act. In the case of issuing a qualified certificate, we store the data for 10 years from the date of revocation or expiration of the certificate.
- Electronic documents that a User uploads or creates as part of the request for provision of our Services, including signed electronic documents, are kept by us for a maximum period of 14 days.
- When providing technical support (if User decides to send us the document again), we keep it for a reasonably long period of time needed to effectively identify and resolve the reported issue.
We are responsible for the proper protection of your personal data provided and/or made available to other entities being processors. The up-to-date list of specific recipients of personal data can be provided on request via our e-mail address.
Cookies are small text files that are stored in the User's browser when he / she uses our website. We use them to improve the functionality of our website and Services, to customize them to the User as well as to determine statistics on their use.
On the Portal we use the following cookies:
- Configuration cookie – it allows our Service to remember which certificate was selected by the User for signing so that the User does not need to make this selection every time he / she creates an electronic signature;
- Session cookies – they allow the basic functionality of this Portal and Services;
- Google Analytics cookies – they are third-party cookies (of Google) that help us to identify how users are using our website, in particular, the number of visitors, the sites visited by them and the time they spent there.
The User has the right at any time to change the decision in the following ways:
- By setting the browser - the User can set his / her browser so that the websites he / she visits cannot store some or any cookies to their browser. The manner in which the User can change these cookie settings depends on their browser type - more information can be found in the user guide of the specific browser. By disabling the storage of cookies, however, the cookies which are already stored in the browser will not be deleted, and it is necessary to delete them directly from the browser.
- By using Google Analytics Opt-Out Browser Add-on – installation of this add-on into the browser by the User will prevent his / her data from being used by Google Analytics. The tool is available at https://tools.google.com/dlpage/gaoptout
If the User decides to disable the storage of cookies or if their usage is prevented by any other means, some parts of our website or some Services may not work properly, or the User may face some kind of inconvenience, such as repeated input or confirmation of previous settings which are otherwise loaded from these cookies.
Automated decision-making, including profiling
No automated decision-making or profiling is performed when processing personal data for the purposes set out above.
In terms of GDPR, you have the right to:
- access to your personal data, which includes the right to obtain confirmation as to whether or not your personal data are processed by us, and, where that is the case, the right to obtain information about the processing of such data (the purpose of their processing, categories of your personal data, their recipients, the storage period, the source of your personal data, etc.);
- rectification of your inaccurate or out-of-date personal data and their completion if necessary (depending on the type of processing);
- restriction of processing your personal data if:
- the accuracy of your personal data is contested by you, for a period enabling us to verify the accuracy of your personal data;
- the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
- we no longer need your data, but they are required by you for the establishment, exercise or defence of legal claims;
- erasure of your personal data (unless any of the grounds stipulated by Article 17(3) of the GDPR applies) in cases where the personal data:
- are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us;
- have been unlawfully processed;
- have to be erased in order to fulfil our legal obligation;
- submit a complaint to the Office for Personal Data Protection of the Slovak Republic.
Some of these rights apply only with certain exceptions described in the GDPR and only on condition that we can identify you - we will therefore comply with your requirements in accordance with these legal conditions. You can exercise your rights with us in paper or electronic form, using the contact details listed in the header of this information.
On 1st of April 2021