Protection and Processing of
Personal Data

according to Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation") in accordance with § 19 of Act No. 18/2018 Coll. on Personal Data Protection (hereinafter referred to as the "Act")

DEAR PATIENTS, DEAR CLIENTS,

We highly value your trust and pay special attention to the protection of your privacy and the protection of your personal data from unauthorized processing. We approach the processing of personal data exclusively in a lawful, professional, and sensitive manner, including through the website www.klinikapupava.sk.

Your personal data is stored in secure information systems. All persons who come into contact with personal data on behalf of the controller – including, but not limited to, doctors and other healthcare and/or administrative staff, laboratories, health insurance companies, as well as entities that process personal data on our behalf and according to our instructions – processors (e.g., accounting service providers, tax service providers, website administrators, auditing and HR service providers, hosting and data center service providers, bulk email service providers, registry and archive management service providers, etc.) – are properly instructed on the lawful handling of personal data and are bound by confidentiality obligations. We process only the personal data that is necessary to fulfill the purpose for which you contacted us or for which we provide services to you.

Poliklinika Púpava, s. r. o.

with registered office at Ulica Mikovíniho 6961/10, 917 01 Trnava

Company ID: 54 483 646

Tax ID: 2121694817

registered in the Commercial Register of the District Court Trnava, Section: Sro, File No.: 51252/T, is the operator of a healthcare facility pursuant to a valid permit issued by the competent authority (hereinafter referred to as the "Controller") and provides healthcare, services related to the provision of healthcare, above-standard (non-medical) services, and other services (hereinafter referred to as "healthcare" and "other services"). The Controller also processes personal data through the website www.klinikapupava.sk.

Due to the nature of its activities (processing health data on a large scale), the Controller has appointed a Data Protection Officer who oversees the protection of personal data. If you have any questions regarding the processing of your personal data or the exercise of your rights, you can contact our Data Protection Officer via: cingel@klinikapupava, or at the correspondence address: Poliklinika Púpava, s. r. o., Ulica Mikovíniho 6961/10, 917 01 Trnava (please mark the envelope "Attention: Data Protection Officer")

The Controller processes personal data for the purpose of:

  • providing healthcare and services related to the provision of healthcare to the data subject, where the data subject is any natural person whose personal data is processed, including their identification. The provision of personal data is voluntary, but necessary for the proper provision of healthcare. For this purpose, personal data is processed and stored for a period of 20 (twenty) years from the date of provision of healthcare;
  • providing other (non-medical) services to the data subject, including their identification. The provision of personal data is voluntary, but necessary for the proper provision of these services. For this purpose, personal data is processed and stored for a period of 10 (ten) years from the date of provision of the service;
  • exercising the Controller's legal claims. For this purpose, personal data is processed for the duration of the relevant limitation periods according to generally binding legal regulations;
  • assessing satisfaction with the quality and level of healthcare and other services provided, as well as contacting data subjects with information about news and the Controller's current service offerings. For this purpose, personal data is processed for a period of 2 (two) years from the date of their provision.

Legal Basis for Processing Personal Data

The legal basis for processing personal data of data subjects is primarily Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Act No. 18/2018 Coll. on Personal Data Protection and on Amendments to Certain Acts, as amended, in conjunction with Act No. 576/2004 Coll. on Healthcare, Services Related to the Provision of Healthcare and on Amendments to Certain Acts, Act No. 581/2004 Coll. on Health Insurance Companies, Healthcare Supervision and on Amendments to Certain Acts, as well as other legal regulations in the field of healthcare.

When processing personal data for the purposes of exercising legal claims and for assessing satisfaction, informing about news and current service offerings, the legal basis is the Controller's legitimate interest.

When processing personal data for the purpose of providing other services and in marketing communication, the legal basis is the consent of the data subject in accordance with § 78 para. 6 of Act No. 18/2018 Coll. Without granting consent, it is not possible to process this personal data.

Personal Data of the Data Subject

The personal data of the data subject includes in particular:

  • name, surname, title, birth number or date of birth, address of permanent or temporary residence, gender, health insurance company, insured person code, telephone number, e-mail address, and special categories of personal data, in particular health data;
  • in the case of minors, also the personal data of the legal representative;
  • bank account number in case of non-cash payments.

The Controller processes personal data only for the period necessary to fulfill the purpose of processing and does not disclose this data.

Protection of Personal Data

The Controller has adopted appropriate technical, organizational, and personnel measures to protect personal data. Upon fulfillment of the purpose of processing, the Controller ensures the immediate destruction of personal data in accordance with legal regulations.

Rights of the Data Subject

The data subject has the right to access their personal data, the right to rectification, erasure, restriction of processing, data portability, the right to object to the processing of personal data, and the right to withdraw consent at any time.

The data subject has the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, at the address: Námestie 1. mája 18, 811 06 Bratislava (Park One Building), web: www.dataprotection.gov.sk, e-mail: statny.dozor@pdp.gov.sk.

Cookies

The Controller uses cookies, pixels, and similar technologies on the website to ensure its functionality and for analytical and marketing purposes. Necessary (technical) cookies: These are required for the website to function and cannot be disabled. The legal basis is the Controller's legitimate interest in the proper functioning of the website. Analytical and marketing cookies: These cookies (e.g., Google Analytics, Facebook Pixel) are used by the Controller only if the data subject gives voluntary consent through the cookie banner on the first visit to the website. Consent can be withdrawn at any time by changing the website settings or in the browser settings.

Controller's Contact Information

Poliklinika Púpava, s. r. o.

Ulica Mikovíniho 6961/10, 917 01 Trnava

e-mail: recepcia@klinikapupava.sk, riaditel@klinikapupava.sk