Centrálny depozitár cenných papierov SR, a.s. (hereinafter also „CDCP“) acts at processing of personal data of all natural persons/data subjects (e.g. clients, employees, suppliers) pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter only “General Data Protection Regulation”) and pursuant to the Act No. 18/2018 Coll. on Protection of personal data and on amendments and supplements to certain acts (hereinafter only “Act on Protection of Personal Data”).
To meet all duties resulting from the General Data Protection Regulation and from the Act on Protection of Personal Data, CDCP adopted appropriate technical and organisational measures to ensure adequate data protection. (You can find further details on: https://www.cdcp.sk/cdcpweb/en/about-cdcp/risk-management/)
Definitions related to personal data protection:
Personal data means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to a generally applicable identifier (birth identification number), other identifier such as a name, surname, location data, an online identifier or to one or more parameters or attributes forming physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing of personal data means systematic operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, restriction, erasure.
Data subject is each natural person whose personal data are processed. Data subject indicates an individual whose personal data are processed. It can be client of the company, employees of the company, job applicants, etc.
Controller means such entity which, alone or jointly with others, determines the purposes and means of the processing of personal data and processes personal data on own behalf; the controller or specific criteria for its nomination may be provided for by the special regulation or an international agreement which is binding for the Slovak Republic, if such regulation or agreement provides for purpose and means for processing of the personal data. Similarly, CDCP is the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
Legal basis in conditions of CDCP – In accordance with lawfulness of personal data processing the possible legal basis in conditions of CDCP is according to article 6(1) letter a) of the General Data Protection Regulation – consent, according to article 6(1) letter b) of the General Data Protection Regulation – fulfilment of a contract and pre-contractual relationship, according to article 6(1) letter c) of the General Data Protection Regulation – legal duty and according to article 6(1) letter f) of the General Data Protection Regulation – legitimate interest.
Consent of the data subject means any earnest and voluntary, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Consent is one of legal bases – authorisation to process the personal data. Basic principle for consent is voluntariness. It is not allowed to enforce or condition the consent by threat of refusing the contractual relationship, service or duty assigned to CDCP by legally binding act of the European Union, international agreement or special act.
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Protection of data subject is important for us. For that reason Centrálny depozitár cenných papierov SR, a.s. appointed the personal data protection officer to supervise processing of personal data and who can be contacted anytime:
• in written at address: Centrálny depozitár cenných papierov SR, a.s., ul. 29. augusta 1/A, 814 80 Bratislava or
• in electronic form at e-mail address: oou@cdcp.sk.