SK
PRIVACY POLICY
I. General provisions
The company Institute of Predictive and Personalized Medicine, s. r. o., with its registered office at Nábr. arm. gen. L. Svobodu 32, 811 02 Bratislava, ID No.: 47 217 642, a company registered in the Commercial Register of the Municipal Court of Bratislava III, Section: Sro, Entry No.: 90058/B, places emphasis on the protection of personal data. This Privacy Policy provides information on how the Data Controller obtains, stores and further processes the personal data of the Data Subjects in connection with the performance of its business activities.
With regard to ensuring the security and protection of the personal data of Data Subjects, the Data Controller has adopted and implemented a number of technical and organizational measures to minimize unauthorized interference and unauthorized access to and handling of personal data. In this Privacy Policy, we also provide you with information on how the Controller protects your personal data, as well as your rights and how to exercise them.
This document is published on the website: www.ippmclinic.com and is publicly available to all Affected Persons.
We recommend that you read this Privacy Policy carefully.
II. Personal data controller
The personal data controller is:
Institute of Predictive and Personalized Medicine, s. r. o.
with registered office Nábr. arm. gen. L. Svobodu 32, 811 02 Bratislava
ID: 47 217 642
company registered in the Commercial Register of the Municipal Court Bratislava III, Section: Sro, Entry No.: 90058/B
Contact details:
Phone number: +421 911 212 838
E-mail: office@ippm.sk
III. Responsible person
The controller has not appointed a responsible person in relation to the processing of personal data. As a Data Subject, you may contact Lucia Čmelková, e-mail: office@ippm.sk
IV. Basic concepts
For the purposes of this document, the following terms shall have the following meanings:
|
Person concerned |
any natural person whose personal data are processed by the Data Controller; this is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; |
|
GDPR Regulation |
Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation); |
|
Patient |
means any natural person who is in a contractual relationship with the Operator, based on the Contract - Health Care Agreement; the Patient is also the Concerned Person; |
|
Operator |
the entity which alone or jointly with others determines the purposes and means of processing personal data; in accordance with this document, the Controller shall be understood as the company Institute of Predictive and Personalized Medicine, s. r. o., with its registered office at Nábr. arm. gen. L. Svobodu 32, 811 02 Bratislava, ID No.: 47 217 642, a company registered in the Commercial Register of the Municipal Court of Bratislava III, Section: Sro, Entry No.: 90058/B; |
|
Recipient |
the natural or legal person, public authority, agency or other entity to whom the personal data is disclosed, whether or not it is a third party; the specification of the Recipients of the personal data is contained in the relevant provisions of this document; |
|
Agent |
a natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the Controller; Processors with whom the Controller has entered into a contract for the processing of personal data are specified in this document; |
|
Customer |
means any natural person or business entity (if personal data protection applies to it) who is in a contractual relationship with the Controller, based on the Contract; the Customer is also the Data Subject; |
|
Contract |
any contract between the Operator and the Customer (e.g. service contract, cooperation contract, healthcare agreement, etc.); |
|
ZOOU |
Act No 18/2018 Coll. on the protection of personal data and on amendment and supplementation of certain acts, as amended. |
V. What is personal data?
Personal data are any data relating to an identified natural person or an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of personal data means any operation or set of operations which deals with personal data or sets of personal data, such as obtaining, recording, organizing, structuring, storing, transforming or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, rearranging or combining, restricting, erasing or disposing of, whether or not by automated or non-automated means.
The personal data of Data Subjects processed by the Controller are specified in this document.
VI. Processing of personal data
The controller shall obtain and process your personal data exclusively for the specifically identified, explicitly stated and legitimate purposes and shall not further process the personal data thus obtained in a way that is incompatible with those purposes. Any processing of personal data by the Data Controller has its legal basis in Article 6 of the GDPR. In addition, the Data Controller processes your personal data in accordance with the principles of personal data processing within the meaning of Article 5 of the GDPR.
The controller processes your personal data in electronic and paper form.
The controller processes your personal data for the following purposes and to the following extent:
- If you are a jobseeker, more detailed information about the processing of your data will be sent to you by email or other appropriate means.
- If you are our employee, more detailed information about the processing of your data will be provided to you upon commencement of your employment or during the duration of your employment if there is a change in the collection and processing of personal data by the Data Controller.
- If you are a current or prospective Customer, Patient, Supplier, Subscriber, agent of a business partner, or are in any relationship with us where we have access to your personal data, more detailed information about the processing of your data is set out later in this document:
|
Establishment and existence of a contractual relationship with the Affected Person and performance of obligations under the Contract |
|
|
The Controller obtains and processes the personal data of the Data Subjects necessary for the conclusion and duration of the contractual relationship, as a rule, with its suppliers, customers, customers or other contracting parties, for the purposes of the implementation and performance of the Contract and related obligations, the exercise of rights or the application of any property sanctions and rights to compensation for damages and other claims arising from the contractual relationship in question. Particularly in the case of Customers who are interested in the provision of the services offered by the Operator (e.g. Customers who have purchased services related to the examination of the intestinal microbiome), the Operator processes the personal data of the Data Subjects for the purpose of fulfilling the Contract in question, which are necessary for the proper provision of the services offered. Particularly in the case of Customers who are in a contractual relationship with the Controller other than that referred to in the preceding paragraph (e.g. suppliers, customers, etc.) by virtue of the Contract, the Controller processes the personal data of the Data Subjects by virtue of the performance of the Contract in question, which are necessary for its performance. |
|
|
Description of the category of persons concerned |
Customers |
|
Legal basis for the processing of personal data |
In accordance with Article 6 of the GDPR Regulation and Section 13 of the ZOOÚ, the legal basis for the processing of personal data is:
As a rule, you have given your consent to the Operator directly in the Contract or in the context of the provision of services under the Contract in electronic form. The consent you have provided to the Operator for the aforementioned purposes is voluntary and its provision is not a contractual or legal requirement. If you do not provide your consent, the Operator will not be able to provide the services in sufficient quality. If you have given your consent to the processing of your personal data, you are giving it to us as express, freely given, specific, informed and unambiguous, and you therefore have the right to withdraw this consent or to restrict the processing of your personal data at any time. For this purpose, please contact us without delay. If you do so, we will no longer process this personal data for the purposes for which consent was given. Please note that the withdrawal of your consent does not affect the lawfulness of any processing carried out on the basis of a consent previously given prior to its withdrawal by you. The withdrawal of consent will not be affected by the Controller. |
|
Scope and categories of personal data processed |
The controller will process the following scope/categories of personal data, in particular: natural person: name and surname, delivery and billing address, correspondence address, contact details (e-mail, telephone number), date of birth and, separately in the case of Customers under the Contract for the provision of services in connection with the examination of the intestinal microbiome, the medical data required for the proper provision of services; entrepreneur (if personal data protection applies to him/her): business name, place of business, registered office, VAT number, VAT number, contact details (e-mail, telephone number), name and surname of the statutory body, function, IBAN |
|
Retention period of personal data |
Personal data is stored in accordance with the legal requirements for the storage and archiving of personal data. Personal data are processed during the duration of the contractual relationship and subsequently after the termination of the contractual relationship for the periods necessary for the exercise of the legitimate and legally protected interests of the Controller (e.g. in the case of the recovery of incurred claims, litigation, proving compliance with an obligation arising from a specific law and the related retention of contractual documentation, etc.). If personal data are processed on the basis of the consent of the Data Subject, the personal data will be processed only during the validity of this consent or until the Data Subject withdraws this consent. |
|
Provision of health care |
|
|
For the purposes of providing health care, services related to the provision of health care, including above-standard services in accordance with Act No. 576/2004 Coll., the Act on Health Care, Services Related to the Provision of Health Care and on Amendments and Additions to Certain Acts, as amended, including the identification of the Patient, which are necessary for the proper provision of health care, the Operator obtains and processes a special category of personal data (sensitive data) of the Patients on the basis of agreements on the provision of health care. The provision of personal data for the purpose of providing health care is not a legal obligation of the Data Subject, however, in the event of failure to provide personal data, the Controller will not be able to properly provide health care. |
|
|
Description of the category of persons concerned |
Patients |
|
Legal basis for the processing of personal data |
In accordance with Article 6 of the GDPR Regulation and Section 13 of the ZOOÚ, the legal basis for the processing of personal data is:
|
|
Scope and categories of personal data processed |
The controller will process the following scope/categories of personal data, in particular: name and surname, permanent address / temporary address, correspondence address, contact details (e-mail, telephone number), date of birth, medical data necessary for the proper provision of health care (e.g. height, weight, blood pressure, diseases, prescribed medications, allergies, medical history, etc.), personal data of the legal representative in the scope of name and surname, date of birth, contact details (e-mail, telephone number) |
|
Retention period of personal data |
Personal data is stored in accordance with the legal requirements for the storage and archiving of personal data. The medical records shall be kept by the Controller for 20 years from the last provision of health care to the person. |
|
Records of Patients and other Customers |
|
|
The Controller obtains and processes the personal data of Data Subjects in connection with the provision of healthcare to Patients and keeps a Patient record for these purposes. The Controller also keeps a record of its Customers who are not directly provided with health care, but are provided with other services on the basis of a contractual relationship by virtue of a concluded Contract (e.g. services of providing an intestinal microbiome examination and providing professional consultation on the results of the examination, etc.). |
|
|
Description of the category of persons concerned |
Customers, Patients |
|
Legal basis for the processing of personal data |
In accordance with Article 6 of the GDPR Regulation and Section 13 of the ZOOÚ, the legal basis for the processing of personal data is:
|
|
Scope and categories of personal data processed |
The controller will process the following scope/categories of personal data, in particular: name and surname, date of birth, permanent address, correspondence address, e-mail, telephone number |
|
Retention period of personal data |
Personal data is stored in accordance with the legal requirements for the storage and archiving of personal data. |
|
Provision of data from medical records |
|
|
The Controller processes the personal data of the Data Subjects in connection with the fulfilment of the Controller's legal obligations to provide data from the Patients' medical records to third parties who so request, whereby the applicable legislation allows them to provide such personal data and determines the conditions of their provision (scope, manner, etc.). |
|
|
Description of the category of persons concerned |
Patients requesting personal data |
|
Legal basis for the processing of personal data |
Pursuant to Article 6 of the GDPR Regulation and Section 13 of the ZOOÚ, the legal basis for the processing of personal data is: Article 6(1)(c) of the GDPR Regulation and Section 13(1)(c) of the ZOOÚ: the processing is necessary for the fulfilment of a legal obligation of the controller; the processing of personal data is necessary pursuant to a special regulation or an international treaty by which the Slovak Republic is bound; in particular, pursuant to Act No. 576/2004 Coll. on health care, services related to the provision of health care and on amendment and supplementation of certain acts, as amended |
|
Scope and categories of personal data processed |
The controller will process the following scope/categories of personal data, in particular: name and surname, date of birth, permanent address, correspondence address, e-mail, telephone number, health data (e.g. height, weight, pressure, diseases, prescribed medication, allergies, medical history, etc.) and other data required for the maintenance of medical records by applicable legislation, and, where applicable, the personal data of the applicant for the provision of personal data in the range of name and surname, date of birth, permanent address, correspondence address, e-mail address, telephone number, or business name, registered office / place of business, personal identification number (if personal data protection applies to the legal entity), name and surname of the person taking over the medical records and other necessary personal data necessary to fulfil the purpose of processing. |
|
Retention period of personal data |
Personal data is stored in accordance with the legal requirements for the storage and archiving of personal data. The medical records shall be kept by the Controller for 20 years from the last provision of health care to the person. |
|
Accounting and tax rules |
|
|
The Controller obtains and processes the personal data of the Data Subjects necessary for the purposes of bookkeeping, including invoicing (issuing tax documents), sending invoices, payment of invoices and other obligations arising from the Contracts or applicable law. |
|
|
Description of the category of persons concerned |
Customer, Patient, other Affected persons |
|
Legal basis for the processing of personal data |
In accordance with Article 6 of the GDPR Regulation and Section 13 of the ZOOÚ, the legal basis for the processing of personal data is:
|
|
Scope and categories of personal data processed |
The Controller will process the following scope/categories of personal data, in particular: personal data of Data Subjects within the scope of the law, in particular within the meaning of Act No. 431/2002 Coll., the Accounting Act, as amended, Act No. 595/2003 Coll., the Income Tax Act, as amended, Act No. 222/2004 Coll., the Value Added Tax Act, as amended, and other related legislation. For billing purposes: natural person: name and surname, billing address, IBAN entrepreneur (if personal data protection applies): business name, place of business, registered office, VAT number, VAT number, IBAN |
|
Retention period of personal data |
The retention period for tax and accounting documents shall be 10 years, unless otherwise provided by applicable law. |
|
Complaints and complaints |
|
|
The Controller obtains and processes the personal data of the Data Subjects necessary for the conduct of complaint proceedings, as well as proceedings on complaints or complaints, or the registration of these proceedings, whether on account of the provision of health care, or on account of other services provided by the Controller, or on account of the concluded Contracts, or for any other reasons whatsoever. |
|
|
Description of the category of persons concerned |
Customer, Patient, Complainant, Complainant's representative |
|
Legal basis for the processing of personal data |
Pursuant to Article 6 of the GDPR Regulation and Section 13 of the ZOOÚ, the legal basis for the processing of personal data is: Article 6(1)(c) of the GDPR Regulation and Section 13(1)(c) of the ZOOÚ: the processing is necessary for the fulfilment of a legal obligation of the controller; the processing of personal data is necessary pursuant to a special regulation or an international treaty by which the Slovak Republic is bound; in particular, Act No. 9/2010 Coll. on Complaints, as amended, Act No. 250/2007 Coll. on Consumer Protection, as amended, Act No. 576/2004 Coll. on Health Care, Services Related to the Provision of Health Care and on Amendments and Additions to Certain Acts, as amended, and other related legislation; |
|
Scope and categories of personal data processed |
The controller will process the following scope/categories of personal data, in particular data necessary for the processing of a complaint, complaint or complaint: common personal data such as: natural person: name and surname, address, contact details (e-mail, telephone number) entrepreneur (if personal data protection applies): business name, place of business, registered office, registration number, contact details (e-mail, telephone number) |
|
Retention period of personal data |
The Controller retains personal data for 2 years from the end of the contractual relationship or the duration of the Contract, or the settlement of a complaint, unless otherwise provided for by applicable law. |
|
Pre-contractual relations, contact form |
|
|
The Controller collects and processes personal data for the purpose of contacting potential Customers, Patients or other Data Subjects, processing the origin of contact for the purpose of informing about the services provided and for the purpose of concluding a Contract, if you contact us via the contact form published on our website, or by e-mail, telephone or other means. |
|
|
Description of the category of persons concerned |
Affected persons - potential Customers or Patients, other persons contacting the Operator |
|
Legal basis for the processing of personal data |
In accordance with Article 6 of the GDPR Regulation and Section 13 of the ZOOÚ, the legal basis for the processing of personal data is:
You have provided your consent to the Operator either directly in the Agreement, or via the form on the Operator's website "www.ippmclinic.com", by telephone or in another credible way (e.g. by letter or e-mail). Consent provided by you to the Operator, for example, for the purpose of informing yourself about the services provided or for other similar purposes, is voluntary and its provision is not a contractual or legal requirement. If you have given your consent to the processing of your personal data, you give this consent as a serious and freely given, specific, informed and unambiguous consent, and you therefore have the right to withdraw this consent at any time or to restrict the processing of your personal data. For this purpose, please contact us without delay. If you do so, we will no longer process this personal data for the purposes for which consent was given. Please note that the withdrawal of your consent does not affect the lawfulness of any processing carried out on the basis of a consent previously given prior to its withdrawal by you. The withdrawal of consent will not be affected by the Controller. |
|
Scope and categories of personal data processed |
The controller will process the following scope/categories of personal data, in particular: name and surname, e-mail, telephone number, IP address |
|
Retention period of personal data |
In the absence of a contractual relationship with the Data Subject, personal data shall be kept only for as long as they are necessary to achieve the purpose for which they were collected. If the personal data are processed on the basis of the data subject's consent, the personal data will be processed only for the strictly necessary period of time required to fulfil the purpose of the processing, or until the data subject withdraws this consent. |
|
Competitions |
|
|
The Controller is entitled to organise competitions for the purpose of its promotion and advertising of its services, and in this context it collects and processes the personal data of the Data Subjects for the purposes of entering the participants in the competition, evaluating, contacting and announcing the winners of the competition. Competitions are in any case governed by the terms and conditions or the competition statutes. |
|
|
Description of the category of persons concerned |
Affected persons - contest participant and contest winner |
|
Legal basis for the processing of personal data |
In accordance with Article 6 of the GDPR Regulation and Section 13 of the ZOOÚ, the legal basis for the processing of personal data is:
|
|
Scope and categories of personal data processed |
The Controller will process the following scope/categories of personal data, in particular: name and surname, correspondence address, e-mail, telephone number, date of birth, or other data strictly necessary for sending and delivering the prize to the winner. |
|
Retention period of personal data |
Personal data shall be kept only for as long as is necessary to achieve the purpose for which it was collected. The personal data of the participants of the competition is kept until the end of the respective competition. The personal data of the winners of the competition is kept for as long as necessary for the purpose of providing the prize to the winner. |
VII.Processors and Recipients of Personal Data
Your personal data may be accessed as Personal Data Recipients by persons authorised to process personal data by the Data Controller, who are authorised to collect and process the personal data of Data Subjects solely for the purpose and to the extent specified in this document and by legal requirements.
The Controller declares that all persons who come into contact with your personal data have been duly instructed in connection with the processing of personal data and ensuring their maximum protection and security, are authorised to handle your personal data only on the basis of our explicit instructions, and have been instructed at the same time about the obligation to maintain confidentiality of personal data, even after the termination of the contractual relationship with the Controller.
Access to your personal data may also be granted to our Intermediaries, through whom the Controller processes personal data, on the basis of an authorization given to them by the Controller (e.g. an accountant). The processing of personal data through a Processor is governed by a separate contract concluded between the Controller and the Processor, whereby the Processor processes your personal data on behalf of the Controller. The Controller shall only use Processors for the processing of your personal data that provide sufficient guarantees for the adoption of appropriate technical and organisational measures so that the processing of your personal data complies with the requirements under applicable law and in accordance with this document, and to ensure the necessary and indispensable protection of your rights as a Data Subject. The delegation of the processing of personal data to the Processor does not affect the exercise of your rights in relation to the processing of your personal data, which you can exercise both with the Controller and the Processor.
Some of your personal data may exceptionally be accessed by external auditors, tax advisors or legal representatives if this is necessary to protect our interests.
In the case of the provision of health care, for example, in the case of the provision of data from medical records, the persons referred to in § 24 and § 25 of Act No. 576/2004 Coll., the Act on Health Care, Services Related to the Provision of Health Care and on Amendments and Additions to Certain Acts, as amended, may also have access to your personal data.
We may also provide your personal data to other Recipients or third parties to whom the Controller is obliged to provide personal data on the basis of applicable law in the performance of its legal obligations (social insurance company, health insurance companies, tax authorities, competent authorities for the exercise of supervision, or entities to which a special regulation confers the power to decide on the rights and obligations of third parties - patients, namely the Office for Health Care Supervision, law enforcement authorities in connection with the notification of suspicion of preparation for the commission of a crime or the commission of a crime, etc.).
Further details and contact details of the Intermediaries and Beneficiaries are available on request at the following email address: office@ippm.sk.
VIII. Transfer of personal data
Taking into account Article 13(1)(f) of the GDPR Regulation and Section 19(1)(f) of the GDPR Act, the Data Controller does not transfer personal data to a third country or an international organisation, except as set out below.
In specific cases and in order to provide quality, efficient and proper services and healthcare, the Operator uses the services and applications of other companies that are based, or whose other companies within the group are based, in the USA, which is generally considered to be a third country that does not guarantee an adequate level of protection. Thus, in some cases, data may physically leave servers located outside the EU. We only carry out such cross-border transfers in accordance with the GDPR and the GDPR, and only provided that sufficient measures are taken to mitigate the risks to data subjects, according to our findings and conclusions. In this context, the following operations may involve the transfer of personal data to third countries:
- Google LLC: Google Analytics, Google Ads, Google Tag Manager, Google Calendar
- Meta Platforms, Inc.: Meta Pixel (Facebook Pixel)
- WPEngine, Inc.: AddThis Share Buttons
In the case of Google LLC, Meta Platforms, Inc and WPEngine, Inc, the transfer of personal data to the US is based on the Data Privacy Framework certification and the transfer of personal data is based on the European Commission's adequacy decision. Companies that are registered with this framework are considered secure recipients of personal data that guarantee an adequate level of protection under the provisions of Article 45 of the GDPR, and the transfer of data to such companies is conducted under the same regime as transfers between companies from EU member states.
IX. Automated decision-making and profiling
The controller does not use automated decision-making or profiling when processing personal data.
X. Security
The controller declares that it has taken appropriate technical and organisational measures to ensure an adequate level of security of your personal data and to protect it against unauthorised disclosure and unauthorised or unlawful processing, as well as against intentional, accidental, or negligent erasure, loss, damage, destruction or alteration and breach of integrity, taking into account the nature, scope and purposes of the processing of your personal data, as well as the risks to the rights and freedoms of Data Subjects arising from the processing of personal data. The measures taken are regularly reviewed and monitored by the Data Controller.
XI. What are your rights in relation to the processing of personal data?
As Data Subjects, you are obliged to provide the Controller with true and up-to-date personal data. In the event of a change in your personal data, you are obliged to notify the Controller of the change without delay.
In accordance with applicable law, you have the right of access to information, i.e. you have the right to obtain confirmation from the Data Controller as to whether personal data relating to you are being processed. If the Data Controller processes such personal data, as a Data Subject you have the right to obtain access to such personal data and information on (i) the purpose of the processing, (ii) the category of personal data processed, (iii) the identification of the Recipient or the category of Recipient to whom the personal data has been or is to be disclosed, in particular the Recipient in a third country or international organisation, if applicable, (iv) the period of retention of the personal data; if this is not possible, information on the criteria for its determination, (v) the right to bring proceedings, (vi) the source of the personal data, if the personal data were not obtained from the Data Subject, (vii) the existence of automated individual decision-making, including profiling; in these cases, the Data Controller shall provide the Data Subject with information, in particular, on the procedure used as well as on the meaning and the envisaged consequences of such processing of the personal data for the Data Subject.
You also have the right to rectification of the data we process about you. In certain cases, you have the right to request the erasure of your personal data, and you have the right to access or transfer your personal data (e.g. transfer to another service provider). In some cases you have the right to object and also the right to request restriction of the processing of your personal data. You also have the right not to be subject to a decision based on automated processing, including profiling. The individual rights and how to exercise them are described in more detail below, as well as in the relevant provisions of the GDPR and the GDPR.
1.1 Method of exercising rights
If you exercise any of your rights under this section or under applicable law, we will inform you of the action taken in accordance with your request, as well as any Recipient to whom personal data has been disclosed hereunder.
If you wish to exercise your rights and/or obtain the relevant information, you may do so directly by written request delivered to the address of the Operator: the Institute of Predictive and Personalised Medicine, s. r. o., Odbojárov 300/4, 955 01 Tovarníky (Topoľčany), Slovak Republic, or electronically by submitting a request to the e-mail address office@ippm.sk.
In order to process your request, we may require you to provide certain identifying information that you have previously disclosed to us. We will only ever request this information to the extent strictly necessary to verify that the relevant request was in fact sent by you. We will process your request without undue delay, but no later than one month after receiving it, while we also reserve the right to extend this period by two months in more complex cases.
1.2 Erasure of your personal data
You can ask us to delete your personal data at any time in the manner set out above. If you contact us with such a request, we will delete without undue delay all of your personal data that we hold if we no longer need your personal data for the performance of our contractual and legal obligations or the protection of our legitimate interests, or if the grounds for deletion of personal data under applicable law are fulfilled. We will also delete all of your personal data if you withdraw your consent to the processing of your data, if you have previously provided us with consent, or if required to do so by law.
1.3 Correction of your personal data
Under current legislation, you have the right to rectification of your personal data that you share with us in the event of a change to the personal data processed, on the basis of which the personal data is no longer up-to-date, or in the event that your personal data processed is inaccurate or incomplete. To request a rectification, please contact us in the manner set out above. We take reasonable steps to ensure that you can keep your personal data accurate and up to date. You can always contact us to ask if we are still processing your personal data.
1.4 Disclosure and portability of your personal data
You have the right to request information about whether and to what extent we process personal data about you. You also have the right to request that we disclose to you the personal data you have provided to us and other personal data relating to you. If you would like access to the data we process about you, please contact us in the manner set out above.
If you request the transfer of your personal data to another controller, we may transfer some of your personal data (in particular, data that we process based on the performance of the Contract and/or your consent) directly to the third party (other controller) that you specify in your request, provided that such request will not adversely affect the rights and legitimate interests of others and that such transfer is technically and legally feasible.
1.5 Right to object
If we process your personal data on the basis of our legitimate interest, including profiling, you have the right to object to such processing at any time on grounds relating to your particular situation. Unless in such case we can demonstrate our compelling legitimate grounds for the processing which override your interests or rights, or unless we can demonstrate that the data is necessary for the establishment, exercise and defence of our legal claims, we will no longer process the data and will delete it without undue delay.
1.6 Restrictions on processing
If you ask us to restrict the processing of your personal data, e.g. if you question the accuracy, lawfulness or our need to process your personal data, we will limit the processing of your personal data to the minimum necessary (storage) and, where applicable, we will only process it for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for other limited reasons prescribed by applicable law. If the restrictions are lifted and we continue to process your personal data, we will inform you without undue delay.
1.7 Complaint to the Data Protection Authority
You have the right to lodge a complaint regarding our processing of personal data with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic, e-mail: statny.dozor@pdp.gov.sk, telephone number: +421 /2 3231 3214.
1.8 Consent / Withdrawal of consent to the processing of personal data
If you have given your consent to the processing of your personal data, you are giving it to us as your serious and freely given, specific, informed and unambiguous consent. You have the right to withdraw this consent at any time or to restrict the processing of your personal data. For this purpose, please contact us immediately in the manner set out above. If you do so, we will no longer process this personal data for the purposes for which consent was given. Please note that the withdrawal of your consent does not affect the lawfulness of any processing carried out on the basis of a consent previously given prior to its withdrawal by you.
XII. Effectiveness and Updating of the Privacy Policy
This Privacy Policy shall come into force on 07.05.2024.
We may modify or update this Privacy Policy from time to time, in accordance with applicable legislation and changes in the scope and manner of processing of personal data of Data Subjects by the Data Controller. This Privacy Policy is always available in an up-to-date version in electronic form on the Controller's website "www.ippmclinic.com", and we therefore ask you to consult the current version of this document on a regular basis.
As a Data Subject, you can contact us at any time to request more detailed information about the processing of your personal data by emailing us at: office@ippm.sk