Processing of my personal data for the purpose of receiving newsletters – Nordika
Skip to content

Processing of my personal data for the purpose of receiving newsletters

Pursuant to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR“), and the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 163/22, hereinafter referred to as the “ZVOP-2“), the following notice on the processing of personal data is issued:

Controller: CORWIN SK a.s.
Registered seat: Námestie Mateja Korvína 1, 811 07 Bratislava, Slovakia
Company ID: 45 500 126
(hereinafter„ Controller” or „CORWIN“)

CORWIN is a developer of real estate projects (hereinafter also referred to as “Projects“) and, as Controller, processes personal data of clients and potential clients (hereinafter also referred to as “Data Subject“) to the extent and under the conditions set out in this document and is responsible for its protection and processing. Unless otherwise provided by law, the Controller shall also be responsible for the processing of personal data by processors authorised by it for that purpose.

More detailed information on the Projects carried out by the CORWIN Group is available on the following website: http://corwin.sk.

Since you have expressed an interest in receiving news and updates on offers related to our Projects, we process your personal data to the following extent:

  • name and surname,
  • email address,
  • telephone number,
  • data from the submitted online form (in the context of signing up for a newsletter or expressing interest in receiving marketing notifications),
  • other information that the Data Subject voluntarily provides to the Controller when submitting the enquiry.

(the data referred to in points (a) to (e) hereinafter referred to as “Personal Data“).

I. Identification of Controller and Contact Data

Controller, in whose name the Personal Data are processed is CORWIN a.s., with its registered office: Námestie Mateja Korvína 1, 811 07 Bratislava – Staré Mesto Municipality, ID No.: 45 500 126, registered in Comm. Reg. of District Court Bratislava I, Section: Sa, file No. 5015/B. Contact data : tel.: +421 2 5441 6009, 5441 6007, fax: +421 2 5441 6011, e-mail: corwin@corwin.sk.

II. Definition of Processing Purposes and Determination of the Legal Basis

The Controller processes Personal Data for the following purposes:

  • direct marketing, to inform Data Subjects about news related to specific Projects and to communicate further marketing offers from CORWIN to customers by e-mail, newsletter, direct offers or any other form of communication. The legal basis for the processing of Personal Data is consent, given that the Data Subject provides an e-mail address and agrees to the processing of his/her Personal Data for the purpose of receiving CORWIN’s business and marketing information;
  • statistical purposes, for the purpose of merging Personal Data with other Data Subjects’ data in order to generate reports that help to improve CORWIN’s services, taking into account technical and organisational measures to ensure compliance with the principle of data minimisation. The legal basis for the processing of Personal Data is the further processing of Personal Data (Article 5(1)(b) in connection with Article 89(1) of the GDPR) – the result of such processing is never Personal Data, but grouped/anonymous information (for example, the number of customers or economic statistics).

III. Categories of Data Subjects

CORWIN processes personal data for the purposes set out in Article II in relation to Data Subjects who have expressed an interest in receiving information concerning CORWIN’s current Projects and the activities of the Controller.

IV. The right of the Data Subject to object to the processing of Personal Data

The Data Subject shall have the right to object at any time to processing of Personal Data concerning him/her in relation to direct marketing purposes, including profiling, where it is related to such direct marketing. If the Data Subject objects to processing for direct marketing purposes, the Personal Data may no longer be processed for such purposes.

V. The voluntary nature of the consent to processing of Personal Data

If the Data Subject wishes to receive news and commercial information from CORWIN or is interested in being contacted by CORWIN for the purpose of arranging a meeting and presenting CORWIN’s Projects, offers or investment opportunities, he/she must at least provide CORWIN as the Controller with his/her e-mail address and give his/her consent to the processing of his/her Personal Data. Consent to the processing of Personal Data for the purposes of direct marketing is a legal requirement without which CORWIN will not be able to send newsletters and marketing information. Of course, the decision of the Data Subject to provide his/her Personal Data for the purposes of receiving newsletters and marketing information is a voluntary decision and any omission to provide such Personal Data should not have any material consequences for him/her.

Data Subject gives his/her consent to the processing of Personal Data by clicking the check box on the online form on the website. Data Subject may withdraw his/her consent at any time. If consent is withdrawn, the Personal Data will no longer be used by the Controller to communicate relevant content. The withdrawal of consent will not affect the lawfulness of the processing of the Personal Data at the time before the withdrawal was given.

VI. Recipients or Categories of Recipients of Personal Data

It is assumed that the Personal Data processed on behalf of CORWIN for the purposes of Article II will also be disclosed to the following recipients:

  • CORWIN SI d.o.o., Dunajska cesta 155, 1000 Ljubljana, registration number: 8190356000, through which, among other things, the marketing communication of the Controller is ensured,
  • Kvartet rezidence d.o.o., Dunajska cesta 155, 1000 Ljubljana, registration number: 8123012000,
  • Vilharia offices I d.o.o., Dunajska cesta 155, 1000 Ljubljana, registration number: 8529302000,
  • Vilharia offices II d.o.o., Dunajska cesta 155, 1000 Ljubljana, registration number: 8920877000,
  • CC Koppa d.o.o., Dunajska cesta 155, 1000 Ljubljana, matična številka: 9149961000,
  • Linhartov kvart d.o.o., Dunajska cesta 155, 1000 Ljubljana, registration number: 8920419000,
  • Masarykova rezidence d.o.o., Dunajska cesta 155, 1000 Ljubljana, registration number: 8878587000,
  • the processors authorised in writing by the Controller to process the Personal Data. These are in particular CORWIN group companies, consultancy companies and agencies, IT service providers and other persons whose services are used by the Controller in the performance of its activities. The Controller shall select the processors in such a way that all data protection requirements are ensured.

(hereinafter the “Recipients”).

VII. The period for which the Personal Data are stored

Personal Data shall be processed until the Data Subject withdraws the consent or submits a request to stop the processing.

VIII. Information on Automated Individual Decision-Making

CORWIN does not use any of the automated individual decision-making or profiling when processing Personal Data.

IX. Information on Other Rights of Data Subjects

In accordance with the legislation governing the protection of personal data, the Data Subject has the following rights:

The Right of access by the Data Subject

The Data Subject has the right to obtain from CORWIN confirmation as to whether or not Personal Data concerning him/her are being processed, and, where that is the case, access to the Personal Data and the following information:

  • the purposes of the processing;
  • the categories of Personal Data concerned;
  • the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the Controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the Data Subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of GDPR

and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.

The Controller shall provide a copy of the Personal Data undergoing processing. For any further copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. Where the Data Subject makes the request by electronic means, and unless otherwise requested by the Data Subject, the information shall be provided in a commonly used electronic form. The right to obtain a copy shall not adversely affect the rights and freedoms of others.

The Right to rectification

The Data Subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning him/her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

The Right to erasure (‘right to be forgotten’)

The Data Subject shall have the right to obtain from the Controller the erasure of Personal Data concerning him/her without undue delay and the Controller shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies:

  • the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the Data Subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
  • the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing,
  • the Personal Data have been unlawfully processed;
  • the Personal Data must be erased in order to comply with a legal obligation under EU and Slovenian law.

The Controller shall take reasonable steps, including technical measures, taking into account the technology available and the cost of implementing the measures, to inform controllers which are processing the Personal Data that the Data Subject has requested the erasure by such controllers of any links to, or copy or replication of, those Personal Data.

The erasure shall not be carried out if the processing of the Personal Data is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by EU or Slovenian law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • for reasons of public interest in the area of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
  • for the establishment, exercise or defence of legal claims.

The Right to restriction of processing

The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:

  • the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data;
  • the processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead;
  • the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
  • the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.

Where processing has been restricted, such Personal Data shall, with the exception of storage, only be processed:

  • with the Data subject’s consent, or
  • for the establishment, exercise or defence of legal claims, or
  • for the protection of the rights of another natural or legal person, or
  • for reasons of important public interest of the EU or of Slovenia.

The Right to data portability

The Data Subject shall have the right to receive the Personal Data concerning him/her, which he/she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the Personal Data have been provided, where:

  • the processing is based on consent or on a contract; and
  • the processing is carried out by automated means.

The right to data portability is only admissible where technically feasible. The exercise of this right is without prejudice to the right to erasure.

That right shall not apply to processing necessary:

  • for the performance of a task carried out in the public interest, or
  • in the exercise of official authority vested in the Controller.

The Right to object

The Data Subject shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of Personal Data concerning him/her which is based on point (e) or (f) of Article 6(1) of GDPR, including profiling based on those provisions. The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

Where Personal Data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of Personal Data concerning him/her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the Data Subject objects to processing for direct marketing purposes, the Personal Data shall no longer be processed for such purposes.

The Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every Data Subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his/her habitual residence, place of work or place of the alleged infringement if the Data Subject considers that the processing of Personal Data relating to him/her infringes this Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78. of GDPR.

The data subject has the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana.

The Right to withdraw the consent

If the legal basis for the processing of Personal Data is the consent of the Data Subject, the Data Subject may at any time withdraw his/her consent without affecting the lawfulness of processing based on consent before its withdrawal.

The right to withdraw the consent at any time, even before the expiry of the period for which the consent was granted, may be exercised by the Data Subject in particular in the following ways:

  • by post to the address of the registered office of CORWIN,
  • at any time and free of charge by clicking on the relevant link in each delivered newsletter;
  • by e-mail to CORWIN;
  • by phone.

In addition to the information, communications, replies and actions of the Controller referred to in Articles 15 to 22 of the GDPR, which shall be provided free of charge, the information, communications, replies and actions of the Controller with regard to the exercise of rights and claims in the field of personal data protection, access to, acquisition and processing of personal data under the ZVOP-2 or any other law shall also be provided free of charge.

Where the Data Subject’s requests are manifestly unfounded or excessive, in particular because they are repetitive, the Controller may nevertheless grant the request if it is substantiated on its merits and charge the Data Subject reasonable costs. Reasonable costs shall include only the material costs of providing the information, communications, replies or taking the action requested.

The Controller shall provide the Data Subject with information on the measures taken upon request pursuant to Articles 15 to 22 of the GDPR without undue delay and in any event within one month of receipt of the request. This period may be extended by up to two additional months, if necessary, taking into account the complexity and number of requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the Data Subject submits the request by electronic means, the information shall, where possible, be provided by electronic means, unless otherwise requested by the Data Subject.