Website Data Protection Notice
The Office for Personal Data Protection of the Slovak Republic (hereinafter referred to as the “Office”) uses the Office's website to ensure communication with the public. Through the website the Office provides basic information on the Office's activities, provides guidance, informs on Slovak and European news and general information on personal data protection, provides information on selection procedures, provides forms for registration of data protection officers, provides a form for data breach notifications, provides a form for providing access to the information.
The services offered on the website of the Office require the processing of your personal data.
Below, we give you an overview of the ways this website processes your personal data including the use of cookies.
Our Office collects your personal information only to the extent necessary to fulfil a purpose related to our tasks as a public body which are set in Article 81 of the Slovak Data Protection Act No. 18/2018 Coll. on Processing of Personal Data as amended and in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “Regulation”).
1.Who is responsible for handling of your personal data on this website?
Office for personal data protection of the Slovak Republic
Hraničná 12
820 07 Bratislava
Slovak Republic
2. Contact details of the Data Protection Officer of our Office
3. For what purposes are we handling your personal data?
We use features of the website to collect personal data in the context of the Office’s activities. In particular, the website implements:
- Form to send request for information to the Office on the way of providing access to information
- Form to notify personal data breaches by the controller
- Form to register Data Protection Officers of controllers and processors
- Security of networks and security (cybersecurity protection)
4. What categories of personal data do we handle?
- Form to send request for information to the Office on the way of providing access to information - name and surname, address, email address, telephone contact, fax, or other personal data filled in the access request.
- Form to notify personal data breaches by the controller - name and surname, academic degrees, e-mail, phone number, address
- Form to register Data Protection Officers of controllers and processors- name and surname, e-mail, phone number, address
- Security of networks and security (cybersecurity protection) – network traffic Logs from systems, Email addresses, phone number, Technical data - IP address, IT asset involved in an incident, file name
These processing activities are accounted for by general information about processing acctivities of the Office.
5. Which is the legal basis for the handling of your personal data?
- Form to send request for information to the Office on the way of providing access to information - Act no. 211/2000 Coll. on Free Access to Information and on Amendments to Certain Acts (Freedom of Information Act) as amended
- Form to notify personal data breaches by the controller - the Slovak Data Protection Act No. 18/2018 Coll. and Regulation –sec. 40 Act No. 18/2018 Coll. on Processing of Personal Data as amended, Art. 34 Regulation
- Form to register Data Protection Officers of controllers and processors – sec. 44 Act No. 18/2018 Coll. on Processing of Personal Data as amended, Art. 37 Regulation
- Security of networks and security – sec. 12 subsec. 1 letter a) Act No 95/2019 Coll. on information technologies in public administration as amended, sec. 30, sec 34, and sec 35 Decree of the Ministry of Finance of the Slovak Republic No. 55/2014 Coll. on standards for public administration information systems
6. How long we keep your personal data?
- Form to send request for information to the Office on the way of providing access to information - 5 years
- Form to notify personal data breaches by the controller - 5 years
- Form to notify Data Protection Officers of controllers and processors – 5 years from after the end of the notification
- Security of networks and security – 1 year
7. Who will have access to your personal data?
Your personal data might be accessed by the employees of our Office.
8. Will your personal data be transferred to a third country or international organization?
Data stored at the Office will not be transferred to a third countries or international organizations.
9. Does the handling of your personal data involve automated individual decision-making, including profiling? What are the consequences for you?
Not applicable.
10. What are your rights? How can you exercise them?
Data subject has right to request from the Office:
- a confirmation whether or not his or her personal data are processed by the Office and obtain access to their personal data and other information,
- rectification of incorrect, inaccurate or incomplete personal data concerning him or her.
- erasure of personal data concerning him or her, where any of the reasons referred to in Article 17 of the Regulation (right to be forgotten), for example if:
- the Office no longer needed the personal data,
- the Office processes the personal data unlawfully,
- restrictions of processing personal data concerning him or her, where one of the following grounds referred to in Article 18 of the Regulation applies.
11. Is your personal data shared with social media by our website?
We do not share your data with the social media.
12. How is our website protected?
We protect data in transit between your client and our website by using the SSL secure code protocol ensuring their confidentiality and integrity.
13. Could we disclose your information to third parties?
Under certain conditions outlined in law, we may disclose your information to third parties, (such as: law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes.
14. You have the right to lodge a complaint with the Office
Template of the application to lodge a complaint to initiate personal data protection proceeding can be found at the Office's website: Proposal to initiate proceedings on personal data protection
The complaint to initiate personal data protection proceeding may be brought
- in written paper form,
- in written electronic form authorized under a special law on the electronic form of the exercise of public authority; electronic submission without authorization under the special electronic law on the electronic form of the exercise of public authority (i.e. e-mail without guaranteed electronic signature) shall be completed in paper form within three working days,
- in person at the Office in oral form.