For the purposes of this section, the Enterprise Register shall provide information on the processing of the personal data it has carried out, as specified in the applications submitted in the Enterprise Register.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), the data importer should inform him or her of the data in the application to the Enterprise Register of the data concerning the worker. as a data subject, that:
- the processing of personal data specified in the application shall be carried out by the Enterprise Register, as a data controller, for the following purposes:
(a) to transfer information to the State Regional Development Agency for the establishment of access, which ensures the receipt of information from the registers carried by the Enterprise Register;
(b) where necessary, for communication with the persons indicated in the application on different data exchange issues;
- information on the Enterprise Register as a data controller and its data protection specialist is available in the Processing of Personal Data section;
- the register of undertakings will not transfer the personal data indicated in the applications to third parties, except if such an obligation is provided for by regulatory enactments, and will not transfer it to third countries;
- applications received in the Enterprise Register will be kept for 10 years in conformity with the nomenclature of cases.
At the same time, the processing of personal data specified in applications submitted in the Enterprise Register shall also be carried out by the State Regional Development Agency for the following purposes:
(a) to ensure the circulation of data between ALL and third party systems (BOM Regulation No 374 of 14 June 2016, Regulations of the National Information Systems integrator);
verification of identity and access rights of users (Section 10, Paragraph two of the Law on State Information Systems)
; (c) ensure the existence of service metadata and personal identity certificates for cases of investigation or claims (BOM Regulation No 374 of 14 June 2016, Regulations No 374 on the National Information Systems integrator Regulations and No 442 of 28 July 2015 'Procedures for ensuring compliance of information and communication technology systems with minimum security requirements', paragraph 15.10).
For the receipt of information regarding the State Regional Development Agency as curators, the data protection specialist and the processing of data carried out shall be invited to refer to the State Regional Development Agency.
In matters relating to the processing of personal data, including the exercise of the rights of the data subject or complaints regarding the use of personal data in the specified data processing processes, the data subject may contact a data protection specialist in the Enterprise Register (contact details on the home page under the Processing of Natural Personal Data) or a data protection specialist of the National Regional Development Agency or with its data security specialist.: email@example.com or firstname.lastname@example.org.
Where the data subject considers that the use of its data infringes its rights and freedom, the data subject shall have the right to lodge complaints concerning the use of data for the National Data Inspectorate.