in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) we hereby inform you about how our healthcare facility ISCARE, a.s., ID No.: 35752351, with registered office at Prievozská 4/A, 821 09 Bratislava, registered in Business Register of District Court Bratislava I, Section: Sa, File No.: 1849/B, as the controller of personal data (the “Controller”) processes your personal data obtained through the Controller’s application/website (www.iscare.sk) and the rights and obligations related thereto.
You can contact the Controller in writing at the above address, or via email at email@example.com or by calling +421 259 207 800.
Personal data means any information relating to an identified or identifiable natural person (the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The Controller processes the personal data to the extent to which the Controller obtains the personal data on the basis of the application/web form published on the Controller’s website www.iscare.sk through which the data subject will disclose his/her personal data to the Controller. The Controller processes the personal data in compliance with the applicable and generally binding legal regulations of the Slovak Republic.
Personal data of data subjects obtained through the Controller’s application/website are processed for the following purposes:
The legal basis for processing of data subject’s personal data is a voluntary consent of the data subject given for the purpose defined by the data subject, except for the purpose specified in Clause i of this Article in case of successful negotiations between the data subject and the Controller and conclusion of the healthcare contract, as the purpose for processing of personal data defined therein is based on the data subject’s request to implement the measures prior to conclusion of the contract (“pre-contractual relations”), or the processing is necessary for the performance of the contract to which the data subject is the party, i.e. it constitutes the contractual requirement to disclose the personal data. Depending on the particular circumstances of processing of the data subject’s personal data, the Controller informs the data subject that there can be also another legal basis for processing of the data subject’s personal data, in which case the Controller strictly complies with the respective legal regulations.
After expiry of the period or after withdrawal of consent the Controller will store only the data necessary to demonstrate that the personal data have been processed by the Controller in a due manner and in accordance with the consent given by the data subject and with the legal regulations. If the Controller processes the personal data also for the reasons and purposes other than those specified in the consent given by the data subject (e.g. for the purpose of performance of the contract), the personal data will be further processed for these reasons.
The consent to processing of personal data as well as the consent to sending the direct marketing messages is voluntary and the data subject may withdraw it at any time, either in writing at the address of the registered office of the Controller or via email at firstname.lastname@example.org (please, state “withdrawal of consent” in email subject line” ).
The Controller processes the personal data obtained:
The following categories of personal data are processed:
Data subjects whose personal data are processed by the Controller and for whom this information is intended are:
Personal data are processed in compliance with the applicable legal regulations. Safeguarding and protection of personal data are ensured in accordance with the aforesaid regulations and in compliance with GDPR.
Personal data will not be used for decisions based solely on automated processing or profiling.
Personal data of the data subject will be processed to the extent specified above in the Controller’s electronic database of the Controller or of the processor with which the Controller will conclude a respective contract. All disclosed personal data will be stored by the Controller in digital form. Processing is performed manually both in paper and electronic form or by automated means through computing while following all security principles for handling and processing of personal data. For this purpose, the Controller has implemented technical and organisational measures, in particular those preventing accidental or unlawful access to personal data, their destruction or loss, unauthorised transfer, unauthorised processing and other abuse of such personal data.
All entities to which the personal data may be disclosed respect the data subject’s right to privacy and are under obligation to comply with the applicable legislation concerning protection of personal data.
The Controller keeps the personal data for the period necessary to achieve the respective purpose and for the periods specified in the consent to processing of personal data given by the data subject as well as in the generally binding legal regulations of the Slovak Republic for destruction and archiving of documents, or for the period necessary to establish, exercise or defend legal claims.
Data disclosed by the data subject to the Controller for the purpose of contacting the data subject and negotiations for the conclusion of the healthcare contract with the Controller which have not been successful will be stored until the moment when the Controller and the data subject agree that the contract will not be concluded, or when the data subject has not given to the Controller an explicit consent to further processing of the data subject’s personal data in the Controller’s database for the purpose of contacting the data subject in future, or for other purpose. Maximum period for storing the data subject’s personal data is defined in consent of the concerned data subject given to the Controller.
Recipients of data subject’s personal data are:
In our company which is the Controller of personal data, you have the right:
When we receive your request relating to exercise of the aforesaid rights, we will inform you about the implemented measures without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In certain cases, defined by GDPR, our company is not obliged to comply with the request in full or in part, mainly where requests are manifestly unfounded or excessive, in particular because of their repetitive character. In such cases we may (i) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (ii) refuse to act on the request.
If we receive the above request, but have reasonable doubts concerning the identity of the person making the request, we may request the provision of additional information necessary to confirm the identity.
Furthermore, you have the right to lodge your complaint directly with the supervisory authority, i.e. with Úrad na ochranu osobných údajov SR (Office for Personal Data Protection of the Slovak Republic) , Hraničná 12, 820 07 Bratislava 27, www.dataprotection.gov.sk if you consider that the personal data are not processed in compliance with legal regulations.
We hereby also inform you that our company has appointed the data protection officer. The data protection officer is Martina Masopustová and you can contact her via email at: email@example.com.
In Bratislava on 20 January 2020.
Ing. Denis Čabaj, director