Principles of Personal Data Protection
According to Article 13 and relevant recitals of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: the “Regulation”) and to the Act of the National Council of the Slovak Republic No. 18/2018 Coll. on Protection of Personal Data and on Changing and Amending of certain laws(hereinafter: the “Act on Protection of Personal Data”)
The purposes of the processing of personal data shall be the reasons for which the personal data of data subjects (employees, clients) are processed in our information systems on precisely defined legal bases. Purposes are defined specifically, provided explicitly, and legitimate, and in the processing of the personal data of data subjects, we comply with the principle of lawfulness as per Articles 6 and 9 of the Regulation (the particular purposes and legal bases are stated in the annex of these Principles of Personal Data Protection).
The data subjects whose personal data are processed in our information systems for specifically defined purposes may exercise the following rights in writing or electronically:
1. Right of access to personal data is the right to obtain confirmation as to whether or not your personal data are being processed, and the right to gain access to such data, in the scope of the purposes and period of processing, the categories of personal data concerned, the circle of recipients, the procedure in each automatic processing, and, if appropriate, the results of such processing. We as the data controller have the right to use all reasonable measures to verify the identity of a data subject who requests access to data, in particular in the context of online services and online identifiers (Article 15, recitals 63, 64 of the Regulation).
2. Right to rectification of incorrect and to the addition of incomplete personal data (Article 16, recital 65of the Regulation).
3. Right to erasure is the right to be forgotten for the personal data that are no longer necessary in relation to the purposes for which they were collected and processed; in the case of the withdrawal of consent on which the processing is based; in the case of unlawful processing; if the personal data were collected with respect to an offer of an information company (for children), provided that the conditions stated in Article 17, recitals 65, 66 of the Regulation, are fulfilled.
4. Right to restriction of processing may be exercised if the accuracy of the personal data and other elements according to Article 18, recital 67 of the Regulation, is contested by you as a data subject, in the form of temporary movement of selected personal data into another processing system, prevention of access to selected personal data by users or temporary removal of the processing.
5. Right to personal data portability is the right to transmit the personal data provided by you to our information systems based on consent or performance of a contract, to another controller, in a structured, commonly used, and machine-readable format, where technically feasible, including the fulfillment of the conditions of Article 20, recital 68 of the Regulation, if the processing is carried out by automated means. The exercise of this right is without prejudice to Article 17 of the Regulation. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the data controller.
6. Without prejudice to any other administrative or judicial remedy, according to Article 77 of the Regulation, you as a data subject shall have the right to lodge a complaint with the Office for Personal DataProtection of the Slovak Republic, if you consider that the processing of personal data relating to you infringes this Regulation or the Act on Protection of Personal Data.
You, as a data subject, shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, also if the processing is necessary for the purposes of the legitimate interests pursued by us as the controller or by a third party (except for processing carried out by public authorities while performing their tasks), except where such interests are overridden by the interests or fundamental rights and freedoms of you as a data subject which requires the protection of personal data (in particular where the data subject is a child).
SanaClis, as an information system operator, has taken all reasonable personnel, organizational and technical measures to ensure maximum protection of your personal data in order to minimize as far as possible the risk of their misuse, leakage, and the like. In accordance with our duty under Article 34 of the Regulation, we inform you as the data subjects that if a situation occurs that we, as a data controller, violate the protection of your personal data in a manner that is likely to lead to a high risk to the rights and freedoms of natural persons, we will notify you of this fact without undue delay.
NOTE: Due to the observance of the minimization principle, all personal data provided by you are an essential legal or contractual requirement for the attainment of the purpose of their processing. Any failure to provide compulsory data required for the conclusion of a contract may result in the contractual relationship is not established.
Should you have any questions concerning the protection of your personal data, including the exercise of your rights according to the Regulation and the Act on Protection of Personal Data, please contact us at our e-mail address firstname.lastname@example.org or at phone number: +421 2 6428 7622