Privacy Policy and Personal Data Processing

According to Art. 13 of the Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "Regulation") in accordance with § 19 of Act no. 18/2018 Coll. on Personal Data Protection (hereinafter"Act")

DEAR PATIENTS, DEAR CLIENTS.
We greatly value your trust and pay close attention to matters of protecting your privacy and personal data from unauthorized handling. We process your personal data in a lawful, professional, and sensitive manner, including through our websites www.klinikamd.sk and www.chirkoz.sk.

Your personal data is stored in a secure information system. All persons who come into contact with your personal data from the controller's side are properly instructed on legal handling and are bound by confidentiality. We only collect data from you that is necessary for fulfilling the purpose for which you contacted us.

  1. MEDICÍNSKE ZARIADENIE MLYNSKÁ DOLINA s.r.o., with its registered office at Staré Grunty 56, 841 04 BRATISLAVA, Company ID: 47 236 311, registered in the Commercial Register of the Bratislava III District Court, Section Sro, File No. 77268/B, is the operator of a healthcare facility under the valid permit issued by the relevant authority (hereinafter the "Controller") at the address Staré Grunty 56, 841 04 Bratislava, which provides its clients with healthcare, services related to healthcare, premium services (hereinafter "healthcare") and other non-medical services (hereinafter "other services"), also obtains personal data through the websites www.klinikamd.sk and www.chirkoz.sk.
  2. The Controller processes personal data for the purpose of:
    • providing healthcare and services related to healthcare (hereinafter "data subject"), including identification of the data subject. The provision of personal data by the data subject is voluntary but necessary for the proper provision of healthcare. For this purpose, the personal data of the data subject will be processed and stored for a period of 20 (twenty) years from the date of healthcare provision;
    • providing other services to the data subject, including identification of the data subject. The provision of personal data by the data subject is voluntary but necessary for the proper provision of other services. For this purpose, the personal data of the data subject will be processed and stored for a period of 10 (ten) years from the date of provision of other services;
    • exercising legal claims of the Controller. For this purpose, the personal data of the data subject will be processed and stored until the expiration of the limitation period according to the relevant generally binding legal regulations;
    • determining satisfaction with the quality and level of healthcare and other services provided, addressing with news and current service offerings of the healthcare facility. For this purpose, the personal data of the data subject will be processed and stored for a period of 2 (two) years from the date of their provision;
  3. The legal basis for processing the personal data of the data subject is Act No. 576/2004 Coll. on healthcare and on amendments to certain acts.

    When processing for the purposes of exercising legal claims and for the purposes of determining satisfaction with the quality and level of healthcare and other services provided, and for the purposes of addressing with news and current service offerings of the healthcare facility, the legal basis is the legitimate interest of the Controller, which is the operator of a healthcare facility and provider of healthcare and other services.

    When processing for the purposes of providing other services; and contacting the data subject, the legal basis for processing personal data is the consent of the data subject, which the data subject grants directly by providing contact details, with the legal basis for processing contact details pursuant to § 78 para. 6 of Act No. 18/2018 Coll. Without granted consent, it is not possible to process personal data of data subjects. Processing of personal data is necessary for the conclusion of a contract or for the provision of other services. If the data subject does not provide their personal data, it is not possible to provide these services by the Controller.

  4. Personal data of the data subject are:
    • identification of the data subject - name and surname, title, personal identification number, address of permanent or temporary residence, gender, insured person code, health insurance company, telephone contact, e-mail address and special categories of personal data, such as health information;
    • in the case of a minor - also personal data of the legal representative, namely name, surname, address of permanent or temporary residence, telephone contact and e-mail address;
    • account number, in case of electronic bank transfer.
  5. The Controller obtains only those personal data of the data subject that are necessary for providing healthcare and other services, or for the purpose set out in point 2 of this document. The Controller processes personal data of the data subject only for the time necessary to fulfill the purpose. The Controller does not publish the obtained personal data of the data subject.
  6. The Controller has adopted appropriate technical, organizational and personnel measures corresponding to the method of processing personal data, taking into account in particular the usable technical means, the confidentiality and importance of the processed personal data, as well as the scope of potential risks that are capable of disrupting the security or functionality of its information systems. The Controller undertakes to handle and manage the personal data of the data subject in accordance with the applicable legal regulations of the Slovak Republic and EU regulations. The Controller will ensure immediate liquidation of the personal data of the data subject after the purpose of processing has been fulfilled.
  7. The period of processing personal data for the above purposes is specified in point 2 of this document.
  8. The data subject has the right of access to their data. Based on a request from the data subject, the Controller will issue confirmation as to whether personal data concerning them are being processed. If the Controller processes such data, it will issue a copy of these personal data of the data subject upon request.
  9. If a person requests information by electronic means, it will be provided in a commonly used electronic form, specifically by email, unless they request another method.
  10. The data subject has the right to rectify personal data if the Controller keeps incorrect personal data about them. The data subject also has the right to complete incomplete personal data. The Controller will carry out the rectification or completion of personal data without undue delay after the data subject requests it.
  11. The data subject has the right to erase personal data concerning them, provided that:
    • personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    • the data subject withdraws consent on which the processing is based;
    • the data subject objects to the processing of personal data;
    • the personal data have been processed unlawfully;
    • the reason for deletion is compliance with the obligation of law, a specific regulation or an international treaty to which the Slovak Republic is bound, or the personal data was obtained in connection with the offer of information society services to a person under the age of 16.
  12. The Controller will delete personal data of data subjects based on a request, without undue delay after evaluating that the data subject's request is justified.
  13. The data subject has the right to restrict the processing of personal data if:
    • they challenge the accuracy of personal data with an objection according to point 18, for a period enabling the Controller to verify the accuracy of the personal data;
    • the processing is unlawful and the data subject requests the restriction of their use instead of erasure of the personal data;
    • the Controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
    • the data subject has objected to processing of personal data based on the Controller's legitimate claim, pending the verification whether the legitimate grounds on the part of the Controller override the legitimate grounds of the data subject.
  14. If the data subject requests restriction of processing of their personal data, the Controller will not perform any processing operations with the affected data, except for storage, without the consent of the data subject.
  15. The data subject will be informed by the Controller if the restriction of processing of this data is lifted.
  16. The data subject has the right to data portability, which means obtaining personal data that they provided to the Controller, with the right to transmit this data to another Controller in a commonly used and machine-readable format, provided that the personal data was obtained on the basis of consent of the data subject or on the basis of a contract and their processing is carried out by automated means.
  17. The data subject has the right to object at any time to the processing of their personal data for reasons relating to their particular situation. The data subject may object to the processing of their personal data on the basis of:
    • the legal title of performing tasks carried out in the public interest or in the exercise of public authority, or from the legal title of the legitimate interest of the Controller,
    • processing personal data for direct marketing purposes,
    • processing for purposes of scientific or historical research or for statistical purposes.
  18. If the data subject objects to the processing of personal data for direct marketing purposes according to point 18 paragraph 2, the Controller may no longer process their personal data.
  19. The Controller will evaluate the objection received within a reasonable time. The Controller must not further process personal data unless it demonstrates necessary legitimate interests in processing personal data that override the rights or interests of the data subject, or reasons for establishing a legal claim.
  20. The data subject has the right to withdraw their consent to the processing of personal data at any time if the processing of personal data was based on this legal title.
  21. The data subject shall withdraw their consent by contacting the Controller with their request in any chosen way.
  22. The lawfulness of processing personal data based on granted consent is not affected by its withdrawal.
  23. Cookies. Cookies, pixels, and similar tools are also used for all the above purposes. Cookies are small pieces of data that are stored in the browser or mobile device of data subjects while browsing websites. Pixels are small images or "pieces of code" found on a website or in an email that collect information about the browser or mobile device of data subjects, and some of them can also store cookies. Individual cookies have different "durability" - different storage periods in the devices of data subjects. Some cookies are deleted from the device after the browser window is closed, others remain even after finishing browsing our websites. By using our website, you agree to storing cookies on your computer, tablet, or smartphone. We use cookies in accordance with Article 6(1)(f) of the Regulation. It is in our interest to adapt our services to your requirements as best as possible and to optimize them from a commercial perspective, and this interest is considered legitimate within the meaning of the above-mentioned regulation. Text of consent in connection with personal analysis of user behavior and data: "This website uses cookies. By browsing the website, you consent to their use." Consent can be withdrawn at any time with effect for the future at the address below.

Contact details of the controller for the purposes of fulfilling obligations in the field of personal data protection are available at the address of the healthcare facility: Staré Grunty 56, 841 04 BRATISLAVA, e-mail: recepcia@klinikamd.sk and riaditel@klinikamd.sk.