Skip to content Skip to footer
+421 903 788 670
Menu Close
Close
0 items - 0,00 € 0
+421 903 788 670
0 items - 0,00 € 0

Information on Personal Data Processing

Please read the following information regarding the processing of your personal data. This information is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”), and with Act No. 18/2018 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts, as amended. When your personal data is processed, you, as the buyer, are considered the data subject.

1. Identification of the Controller

The company Súkromné zdravotnícke centrum Hippokrates, s.r.o., with its registered office at: Prievozská 4/A, 821 09 Bratislava, Company ID: 35 683 856, Tax ID: 2020893688, registered in the Commercial Register of the District Court Bratislava I, Section: Sro, Entry No.: 10397/B,

Controller’s contact details: tel. no. +421 903 788 670, e-mail: recepcia@hippokrates.sk

Should you have any questions or wish to exercise your rights regarding the processing of your personal data, please contact the controller via the aforementioned
e-mail. You may also exercise your rights in writing by sending a letter to the controller’s registered office address.

2. What is meant by the term personal data?

According to Article 4, point 1 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”), personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. Where do we obtain your personal data?

We obtain personal data directly from you, for example, when you fill out a contact form on the controller’s website or when concluding a purchase agreement.

4. For what purposes do we process your personal data and what is the legal basis for their processing?

  1. The processing of your personal data is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR).
    • for the purpose of completing data in connection with your order
      In this case, processing is necessary to take steps at your request prior to entering into a contract (pre-contractual relations).
    • for the purpose of fulfilling existing contractual relationships with customers, i.e., for the purpose of delivering goods and/or services based on a contract concluded with you as a customer, including the registration of existing contractual relationships (contracts, orders) with customers
      This purpose includes activities related to the fulfillment of the controller’s obligations arising from the contract we have concluded with you as our customer, as well as administrative tasks associated with the concluded contract, e.g., monitoring agreed deadlines. Concurrently, in connection with the conclusion of a contract for the provision of our services, we maintain a record of existing customer contracts.

      In this case, processing is necessary for the performance of a contract to which the data subject is a party.

  2. Processing of personal data based on the legitimate interest of the controller (Article 6(1)(f) GDPR)
    • for the purpose of ensuring network and information security
      The legal basis for processing your personal data stored electronically in the controller’s information systems is, in this case, the controller’s legitimate interest to prevent unauthorized access to electronic communication networks, prevent damage to computer and electronic communication systems, and protect data located in the controller’s IT technologies and systems.
    • for the purpose of managing agendas related to ongoing disputes and enforcement proceedings, and the agenda for collecting receivables and other claims of the controller within judicial, extrajudicial, enforcement, or insolvency proceedings, including legal representation in these proceedings
      If we process your personal data for this purpose, the legal basis for processing is the controller’s legitimate interest, namely the assertion or defense of the controller’s legal claims, prevention of damages, and ensuring the fulfillment of receivables and other legal claims of the controller. For this purpose, the controller may provide personal data to a lawyer who processes personal data of clients and other natural persons to the extent necessary for the practice of law.
    • for the purpose of legal representation (outside proceedings)
      If we process your personal data for this purpose, it involves the use of legal services from lawyers in the form of commenting on contracts and their amendments (including annexes) concluded with data subjects, or participation in meetings and other communication with data subjects. For this purpose, the controller provides personal data to a lawyer who processes personal data of clients and other natural persons to the extent necessary for the practice of law in accordance with Act No. 586/2003 Coll. on Advocacy and on Amendments and Supplements to Act No. 455/1991 Coll. on Trade Licensing (Trade Licensing Act), as amended, and GDPR. In this case, we provide your personal data to a lawyer based on our legitimate interest: to validly conclude contractual relationships by adhering to the legally stipulated requirements for concluded contracts and to prevent potential damages by utilizing professional legal services.
    • for direct marketing purposes
      If you are already our customer, we will send you email messages presenting our products and services. Your personal data is processed for this purpose on the legal basis of the controller’s legitimate interest to present customers with news in the area of our provided products and services. Email messages will be sent to you in accordance with Act No. 147/2001 Coll. on Advertising and Act No. 351/2011 Coll. on Electronic Communications.
      As a data subject, in accordance with Article 21(2) GDPR, you have the right to object at any time to the processing of your personal data for such marketing purposes, including profiling, to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
    • for the purpose of business communication with customers and suppliers
      The legal basis for processing your personal data in this case is the legitimate interest of the controller. This legitimate interest of the controller is the necessity of communication with customers and suppliers when carrying out the controller’s business activities.
    • for the purpose of concluding contracts
      We have a legitimate interest in processing the contact personal data of the person authorized to act on behalf of the contractual partner (customer) as well as the contact personal data of the contractual partner’s employee, which are stated in the contracts we conclude within supplier-customer relationships (or in the drafts of these contracts).

      We process the data of these data subjects for these purposes based on the controller’s legitimate interest to ensure the valid conclusion of contracts and their effective performance.

The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data where the processing is based on legitimate interests or Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller), including objecting to profiling based on these interests, and under the conditions set out in Article 21 GDPR. In such a case, the controller shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

  1. Processing of personal data based on compliance with a legal obligation (Article 6(1)(c) GDPR)
    • for the purpose of accounting, processing accounting and tax documents, invoicing, and cash register records
      Processing for this purpose is necessary for the fulfillment of the controller’s legal obligations, particularly under Act No. 431/2002 Coll. on Accounting, Act No. 222/2004 Coll. on Value Added Tax, and Act No. 595/2003 Coll. on Income Tax.
    • for the purpose of fulfilling consumer protection obligations
      Processing for this purpose is necessary for the fulfillment of the controller’s legal obligations, particularly under Act No. 250/2007 Coll. on Consumer Protection and on Amendments to Act of the Slovak National Council No. 372/1990 Coll. on Offenses, as amended, especially in relation to handling lodged complaints.
    • for the purpose of handling data subjects’ rights
      Your personal data is processed for this purpose on the legal basis that processing is necessary for the fulfillment of the controller’s legal obligations under personal data protection regulations (GDPR), which the controller has in connection with exercising the rights of data subjects pursuant to Articles 15 to 22 GDPR.
    • for the purpose of properly identifying the litigating party / debtor in an enforcement proposal
      If we process your personal data for this purpose, we do so because it is our legal obligation to properly designate (identify) the debtor in an enforcement proposal (especially the Civil Code, Enforcement Procedure Code) as well as to properly identify the plaintiff or defendant in a lawsuit (especially the Civil Procedure Code, Non-Contentious Civil Procedure Code, Administrative Judicial Procedure Code).
    • for the purpose of registering and handling data subjects’ submissions in connection with reporting anti-social activity
      For this purpose, we process personal data because it is necessary for the fulfillment of our legal obligation under Act No. 307/2014 Coll. on Certain Measures Related to Reporting Anti-Social Activity, in the event that a submission was made to the controller in accordance with the provisions of this Act.
    • for the purpose of inspections carried out by public authorities
      Based on the provisions of specific legal regulations, we may be obliged to submit your personal data to public authorities within the scope of their supervisory activities.

We would like to inform you that the data subject is obliged to provide their personal data if the processing of personal data is necessary in connection with the fulfillment of the controller’s legal obligation.

  1. Processing of personal data with your consent (Article 6(1)(a) GDPR)
    • for direct marketing purposes
      Based on your consent, we will contact you regarding our service offerings, even if you are not yet our customer. Granting your consent is voluntary, and you can provide it by entering your email address on our website, in the newsletter section. Unfortunately, without your consent, we cannot contact you in this regard.

      You have the right to withdraw your consent at any time by clicking on the relevant link in the email message or by sending an email to recepcia@hippokrates.sk or by delivering a written notification to the controller’s registered office address. The withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

  2. Processing of special categories of personal data with your consent (Article 9(2)(a) GDPR)
    • in connection with the fulfillment of our contractual obligations
      As you have contacted us as an interested party in using our services, consisting of the sale of vouchers and goods, we would like to inform you that the provision of the service you requested will not be objectively possible on our part unless you provide us with consent to process your required personal data to the necessary extent.

      You may refuse to grant consent for the processing of special categories of your personal data. However, in such a case, for objective reasons, we will not be able to provide you with the requested service.

      You have the right to withdraw your consent at any time by sending an email to recepcia@hippokrates.sk or by delivering a written notification to the controller’s registered office address. The withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

5. Recipients of Personal Data

In connection with the fulfillment of the controller’s legal obligations, the recipients of your personal data are or may be entities designated by legal regulations, especially health insurance companies, the Social Insurance Agency, the tax office, supplementary pension savings companies, pension management companies, state administration bodies and public authorities for control and supervision (e.g., labor inspectorate), courts, and law enforcement authorities.

Depending on the purpose of processing and specific circumstances, other persons (acting as processors or independent controllers) may also be among the recipients of your personal data, especially:

  • lawyer,
  • bailiff,
  • Data Protection Officer (DPO) under GDPR,
  • postal and courier service provider,
  • external providers of marketing services,
  • company providing external website support and operation,
  • external suppliers of programming work and system and implementation work,
  • suppliers of services for installation, integration, migration, configuration, customization, custom development, reporting, and training of software products,
  • company performing certification audit of an integrated management system, specifically a quality management system and an information security management system,
  • company performing design, development, implementation, and other related services in the field of information systems and software,
  • external provider of cloud-based software application operation services,
  • company providing services related to telecommunication line connection,
  • company providing telecommunication services,
  • company providing electronic communication services,
  • company that is an external supplier of accounting services,
  • company providing auditing services,
  • company providing archiving services,
  • supplier of Data Loss Prevention System,
  • external security service,

In cases where we process your personal data through processors as a special category of personal data recipients, we ensure that they act in accordance with applicable legal regulations and the terms agreed upon in the personal data processing agreement, that they are bound by confidentiality, and that they protect your data in accordance with GDPR requirements.

6. Will your personal data be provided outside the European Union?

Data transfer to a third country or international organization does not occur.

7. Will your personal data be used for automated individual decision-making?

Your personal data will not be used for automated individual decision-making.

8. Cookies

Our website uses cookies, which help us provide you with better services. These are small text files that a browser stores on a visitor’s computer or device when visiting a website. Cookies allow the website to recognize the user’s device and remember certain information about your sessions during your connection. More detailed information regarding cookies is published on our website.

9. How long will we store your personal data?

If your personal data is processed within the scope of fulfilling the controller’s legal obligations and a legal regulation specifies the retention period, we will store the personal data and related documentation for the period required by the relevant legal regulation.

Personal data processed for the purpose of accounting and tax agenda management are stored for a period of 10 years.

Personal data processed in the records of sent and received postal items are stored for a period of 5 years.

Your personal data obtained within pre-contractual relationships will be stored for a period of one year.

Personal data processed on the legal basis of necessity for the performance of a contract to which the data subject is a party will be stored for the duration of the contractual relationship until mutual rights and obligations arising therefrom are settled, but for a minimum period of 10 years. For the same period, we also store the personal data of the data subject – the person authorized to act on behalf of the contractual partner (customer) or the contractual partner’s employee, which are stated in the contracts.

Your personal data processed for the purpose of handling data subjects’ rights will be stored for a period of 5 years from the date of handling the request, but at least until the final conclusion of any administrative proceedings initiated by the data subject in connection with this purpose.

Personal data processed for the purpose of managing agendas related to ongoing disputes and enforcement proceedings, and the agenda for collecting receivables and other claims of the controller within judicial, extrajudicial, enforcement, or insolvency proceedings, will be stored for the duration of statutory limitation and preclusion periods, or until the legal claim pursued in the respective judicial, extrajudicial, enforcement, or insolvency proceedings is settled. If we process your personal data for the purpose of legal representation (outside proceedings), we store this data for a period of 5 years.

Personal data processed for the purpose of ensuring network and information security are stored during the retention periods stipulated by specific laws.

Personal data processed for direct marketing purposes will be stored for a period of 5 years (or until processing is objected to).

Personal data processed based on consent will be stored for a maximum period of 5 years (or until consent is withdrawn).

10. What rights do you have as a data subject regarding the processing of your personal data?

  1. Right of access to personal data according to Art. 15 GDPR:
    You have the right to obtain access to your personal data and information to the extent specified in Article 15 GDPR. You have the right to receive a copy of the personal data we hold about you, as well as information on how we use your personal data. In most cases, your personal data will be provided to you in written paper form, unless you have requested another method of provision. If you have requested this information by electronic means, it will be provided to you electronically, if technically feasible.
  2. Right to rectification of personal data according to Art. 16 GDPR:
    We have adopted and continuously update appropriate measures to ensure the accuracy, completeness, and currency of the information we hold about you. If you believe that the personal data we possess is inaccurate, incomplete, or outdated, please do not hesitate to ask us to amend, update, or supplement this information. We are obliged to comply with your request for rectification or supplementation of personal data without undue delay.
  3. Right to erasure (right to be “forgotten”) according to Art. 17 GDPR:
    You have the right to request us to erase your personal data if one of the reasons stated in Art. 17 (1) GDPR is met. You may do so, for example, if the personal data we have collected about you is no longer necessary for the original purpose of processing. We will assess your right considering all relevant circumstances. If the processing of your personal data is necessary, for example, to fulfill our legal obligation or for the establishment, exercise, or defense of legal claims, we will not be able to comply with your request.
  4. Right to restriction of processing of personal data according to Art. 18 GDPR:
    If any of the cases specified in Art. 18 (1) GDPR occur, you are entitled to request us to cease using your personal data. This includes, for example, situations where you believe that the personal data we hold about you may be inaccurate, or when you believe that we no longer need to use your personal data. If processing has been restricted in accordance with Art. 18 (1) GDPR, such personal data shall, with the exception of storage, be processed: a) only with your consent, or b) for the establishment, exercise, or defense of legal claims, or c) for the protection of the rights of another natural or legal person, or d) for reasons of important public interest of the Union or of a Member State.
  5. Right to data portability according to Art. 20 GDPR:
    Under the conditions specified in Art. 20 GDPR, you have the right to request us to transfer the personal data you have provided to us to another third party of your choice. However, the right to data portability only applies to personal data that we have obtained from you based on consent or based on a contract to which you are a party.
  6. Right to object according to Art. 21 GDPR:
    In specific cases, you have the right to object to the processing of data based on our legitimate interests (i.e., according to Art. 6 (1) (f) GDPR), including objecting to profiling based on these interests. If we cannot demonstrate compelling legitimate grounds for the processing and you submit an objection, we will no longer process your personal data. Similarly, you may object to the processing of data according to Art. 6 (1) (e) GDPR (performance of a task carried out in the public interest or in the exercise of official authority).

    In accordance with Art. 21 (2) GDPR, if personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

  7. Right to lodge a complaint with the Office for Personal Data Protection
    If you believe that your personal data is being processed incorrectly or unlawfully, you may at any time lodge a complaint regarding the processing of your personal data with the supervisory authority, i.e., the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, tel.: +421 2 3231 3220, www.dataprotection.gov.sk, email: statny.dozor@pdp.gov.sk. If a submission is made electronically, it must meet the requirements of Section 19 (1) of Act No. 71/1967 Coll. on Administrative Procedure (Administrative Code).

These Information on Personal Data Processing become effective on 28.07.2021.

Cart0
Cart0