Slovak accreditation agency for hight education
This Privacy Policy (hereinafter as the “Policy”) contains information about the processing of your personal data by the Slovak Accreditation Agency for Higher Education, with registered office at Nám. slobody, 6943/11, P.O.Box 7, 811 06 Bratislava, Slovak Republic, ID number: 52 113 680 (hereinafter as “the Auditor” or „SAAHE“).
The Auditor provides you via this Policy information on why your personal data are processed, how they are processed, how long they are stored, what are your rights in connection with the processing of your personal data and other relevant information about the processing of your personal data.
You can contact the Auditor and it´s designated Data protection officer in matters related to the processing and protection of personal data at the following address: Slovak Accreditation Agency for Higher Education, Nám. slobody, 6943/11, P.O.Box 7, 811 06 Bratislava, Slovak republic or via e-mail to the e-mail address gdpr@saavs.sk.
INFORMATION ON PROCESSING OPERATIONS (categories of personal data, purposes of processing, legal bases and retention periods) – GENERAL PURPOSES
The Auditor processes your personal data exclusively in accordance with the principle of minimization, which means that the Auditor does not require from you personal data that are not necessary for a specific and justified purpose of processing. The auditor processes personal data only if there is a legal basis for their processing and thus they are processed in accordance with the principle of legality. The specific purposes, including the specified legal basis and the retention period for which the Auditor processes your personal data, can be found in the table below.
| The processing purpose | Keeping records of job seekers |
| The legal base | Article 6 (1) (a) of the Regulation (the processing is carried out if data subject has granted a consent to the processing of their personal data) |
| Categories of personal data | Name, surname, e-mail, work experience data, other personal data specified in the CV and / or cover letter |
| Retention period | 1 year from the date of consent or until its withdrawal, whichever occurs first |
| The processing purpose | Conducting the selection procedure of employees (ensuring the selection of new staff – onboarding) |
| The legal base | Article 6 (1) (b) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party and for the execution of pre-contractual relations) |
| Categories of personal data | Name, surname, e-mail, work experience data, other personal data specified in the CV and / or cover letter |
| Retention period | During the selection procedure (i.e. no later than 90 days from the date of receipt of the CV and/or cover letter, if no employment relationship or similar employment relationship is established) |
| The processing purpose | Processing of accounting documents |
| The legal base | Article 6 (1)(c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Common personal data necessary for the fulfilment of legal obligations (name, surname, address of residence / place of business, service delivery address, contact details, phone number, email address, bank details), other personal data necessary for the processing of accounting agenda |
| Retention period | In accordance with SAAHE registry rules |
| The processing purpose | Registry administration, registration and handling of received and outgoing mail (including electronic communication with relevant institutions) |
| The legal base | Article 6 (1) (c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Common personal data |
| Retention period | In accordance with SAAHE registry rules |
| The processing purpose | Conduct of judicial and administrative proceedings |
| The legal base | Article 6 (1) (c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Common personal data necessary to comply with legal obligations |
| Retention period | In accordance with SAAHE registry rules |
| The processing purpose | Data subjects rights handling |
| The legal base | Article 6 (1) (c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Common personal data that are part of the data subject’s request and are necessary to comply with legal obligations |
| Retention period | Unit the processing of the exercised rights in accordance with the relevant provisions of the Regulation (maximum 120 days) |
| The processing purpose | Records of exercised rights of data subjects |
| The legal base | Article 6 (1) (f) of the Regulation (processing is necessary for the purposes of the legitimate interests pursued by the auditor, which lays in the need to keep evidence on how the exercised rights of the data subject were handled with in for the needs of an audit carried by the respective supervisory authority) |
| Categories of personal data | Common personal data that are part of the data subject’s request and are necessary to comply with legal obligations |
| Retention period | 5 years following the date on which the right exercised or the request made by the data subject was handled with |
| The processing purpose | Verification of whistleblowers’ complaints |
| The legal base | Article 6 (1) (c) of the Regulation, Act No. 54/2019 Coll. on the protection of whistleblowers of anti-social activities and on amendments to certain acts (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Common personal data necessary to comply with legal obligations |
| Retention period | 120 days from the date of receipt of the complaint |
| The processing purpose | Keeping a list of whistleblowers’ complaints |
| The legal base | Article 6 (1) (c) of the Regulation, Act No. 54/2019 Coll. on the protection of whistleblowers of anti-social activities and on amendments to certain acts (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Common personal data necessary to comply with legal obligations |
| Retention period | 3 years from the date of termination of whistleblower protection pursuant to § 8 of Act no. 54/2019 Coll. on the protection of whistleblowers of anti-social activities and on amendments to certain acts |
| The processing purpose | Handling and registration of complaints executed according to the respective legislation |
| The legal base | Article 6 (1) (c) of the Regulation, Act No. 9/2010 Coll. on Complaints as amended (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Name, surname, address of residence, e-mail address for delivery, handwritten signature, other personal data detected or submitted during the handling of the complaint |
| Retention period | In accordance with applicable legislation |
| The processing purpose | Repeated complaints registration |
| The legal base | Article 6 (1) (c) of the Regulation, Act No. 9/2010 Coll. on Complaints as amended (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Name, surname, address of residence, e-mail address for delivery, handwritten signature, other personal data detected or submitted during the handling of the complaint |
| Retention period | In accordance with applicable legislation |
| The processing purpose | Complaint against compliant handling |
| The legal base | Article 6 (1) (c) of the Regulation, Act No. 9/2010 Coll. on Complaints as amended (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Name, surname, address of residence, e-mail address for delivery, handwritten signature, other personal data detected or submitted during the handling of the complaint |
| Retention period | In accordance with applicable legislation |
| The processing purpose | Provision of information pursuant to Act No. 211/2000 Coll. on free access to information and on amendments to certain acts |
| The legal base | Article 6 (1) (c) of the Regulation, Act No. 211/2000 Coll. on free access to information and on amendments to certain acts (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Name, surname, address of residence, e-mail address, other data collected or submitted in the submitted request |
| Retention period | For 5 years following the information request receival |
| The processing purpose | The public procurement process execution |
| The legal base | Article 6 (1) (c) of the Regulation, Act No. 343/2015 Coll. on Public Procurement and on Amendments of Certain Acts as amended (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Name, surname, title, address, date of birth, birth number, number, ID card number, address, e-mail, telephone contact, signature |
| Retention period | In accordance with the registry rules of SAAHE |
| The processing purpose | Keeping records of contact persons and employees of suppliers, customers and other business partners (their contact persons / representatives if business partners are legal entities) in contractual relations |
| The legal base | Article 6 (1) (f) of the Regulation – the processing of personal data is carried out on the basis of the legitimate interest of the Auditor, which consists in the necessity of records of contact persons, employees and other representatives of business partners in the position of legal entities for the needs of bookkeeping, ensuring internal control activities, fulfilment of contractual obligations towards legal entities and for the enforcement of legal and other claims arising from concluded contracts |
| Categories of personal data | Name, surname, title, legal entity identifier (function or job position), contact details (phone number, e-mail address) |
| Retention period | During the duration of the contractual relationship with the legal entity and after its termination until the expiry of the relevant limitation periods and until the full settlement of contractual and other claims arising from the contractual relationship or until the termination of the position of a natural person as a representative or contact person of the partner – legal entity, if further processing of personal data after the termination of such status is not necessary for the specified purpose |
| The processing purpose | Fulfilment of contractual obligations (based on contracts with customers, suppliers of goods and services, other business partners in the position of natural persons) and execution of pre-contractual relations |
| The legal base | Article 6 (1) (b) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party) |
| Categories of personal data | Name, surname, business name, address of the place of business, ID, VAT ID, VAT number, contact details (tel. no., e-mail), bank details |
| Retention period | During the contractual relationship and after its termination, until the full settlement of contractual and other claims arising from the contractual relationship or until the expiry of the relevant limitation periods, whichever occurs first |
| The processing purpose | Processing of personal data within the scope of the contact form on the website of the Auditor (provision of answers to requests that do not meet the conditions of received mail, complaints, requests under special laws and/or requests according to the Act No. 211/2000 Coll. on free access to information and on amendments to certain acts) |
| The legal base | Article 6 (1) (e) of the Regulation (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Auditor; when dealing with individuals’ requests, reports and other suggestions that are not petitions, complaints or information requests pursuant to special legislation) |
| Categories of personal data | Name, surname, address, e-mail address, other data delivered to the Auditor |
| Retention period | Within 30 days from the date of the purpose fulfilment |
| The processing purpose | Maintenance of the reviewers list |
| The legal base | Article 6 (1) (c) of the Regulation, § 4 (2) (c), first point of the Act No. 269/2018 on a quality assurance in higher education and on change and supplementing Act No. 343/2015 Coll. on public procurement and amending and on amendment of certain acts, as amended (hereinafter as “the Act”) – SAAHE maintains a list of reviewers, form which the SAAHE Executive Board creates working groups (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Personal data to the extent specified in § 18 of the Act |
| Retention period | In accordance with SAAHE registry rules and within the meaning of § 8 (5) of the Act – for the duration of the entry in the list of reviewers or 6 years from the date of entry in the list |
| The processing purpose | Publication of the list of reviewers on the Auditor’s website |
| The legal base | Article 6 (1) (c) of the Regulation – pursuant to § 18 (2) of the Act SAAHE publishes personal data in the scope specified in § 18 (1) (a), (b) and (f) to (m) of the Act on its website (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Name and surname, academic degree, scientific pedagogical degree, artistic-pedagogical degree or a scientific degree; the beginning and end of the entry in the list of reviewers, specification of subject who proposed the appointment, name of the field of study in which the reviewer is pedagogical, scientifically or artistically active, name of the field of study in which the reviewer obtained his university degree; if the reviewer has undergone a habilitation procedure or an inaugural procedure, the name of the habilitation and inauguration proceedings in which the procedure took place; identification details of the employer; identification of the university of which the reviewer is a student of, if the reviewer is a student; name of the field of study in which the study programme for which the student is enrolled is carried out, in the case the reviewer is a student; information on the membership in a working group, in which the reviewer participated and link to the evaluation report on drafting of which the reviewer participated (pursuant to § 18 (2) of the Act) |
| The retention period | In accordance with SAAHE registry rules and within the meaning of § 8 (5) of the Act – for the duration of the entry in the list of reviewers or 6 years from the date of entry in the list |
| The processing purpose | Mandatory contracts and appointment decrees (working groups members appointment) |
| The legal base | Article 6 (1) (b) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party and for the execution of pre-contractual relations) |
| Categories of personal data | Common personal data within the scope of the mandatory contract (in particular name, surname, date of birth, permanent residence, e-mail, telephone, bank details, account number) and common personal data within the scope of the appointment decrees (letters) |
| The retention period | For the period necessary to achieve the processing purpose, at the latest for the period of performance of the reviewer’s activities and the duration of the concluded contract |
| The processing purpose | Reviewer’s nameplates |
| The legal base | Article 6 (1) (e) of the Regulation (processing is necessary for the performance of the task carried out in the public interest or during the exercise of official authority vested in the Auditor in connection with the transparent performance of the SAAHE activities performed by reviewers) |
| Categories of personal data | Common personal data to the extent of name, surname and titles |
| The retention period | For the period necessary to achieve the processing purpose, at the latest for the period of performance of the reviewer’s activities and the duration of the concluded contract |
| The processing purpose | Performance of external quality assurance activities in higher education pursuant to the Act |
| The legal base | Article 6(1)(c) of the Regulation, the Act No 269/2018 on a quality assurance in higher education and change and supplementing Act No 343/2015 on public procurement and amending and supplements to certain acts, as amended (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Scope of processed personal data according to § 18 (1) of the Act. For the purpose of carrying out its activities, the Agency shall process the members of the Executive Board, the members of the Board of Appeal, the Auditor and the reviewers: name and surname; demic degree, a scientific pedagogical degree, an artistic-pedagogical degree or a scientific degree; date of birth; the place of permanent residence or, in the case of a foreign national, the place of residence in the Slovak Republic; telephone number and e-mail address; the beginning and end of the term of office or of the period of inclusion in the list of reviewers; the designation of whom he has been appointed; the name of the field of study in which he is pedagogical, scientifically or artistically active; the name of the field of study in which he obtained his university degree; if he has undergone a habilitation procedure or an inaugural procedure, the name of the habilitation and inauguration proceedings in which the procedure took place; identification details of the employer; identification of the university of which he is a student, if it is a student; the name of the field of study in which the study programme for which the student is enrolled is carried out, in the case of a student; information on the membership of the working group, in the case of the reviewer, with a link to the published application, which it is assessing or assessing, and to the evaluation report in which he participated; information on the professional development training of the reviewers. For the purpose of carrying out the activities of SAAHE, a member of the Executive Board, a member of the Board of Appeal, a member of a working group and the Chairperson of the Executive Board shall have the right to access academic land, to consult, to the extent necessary, the files of students, higher education teachers, researchers and artistic staff, to be present in the educational activities of the higher education institution and to process the personal data contained in the decision documents (§ 18 (4) of the Act). |
| Retention period | In accordance with SAAHE registry rules |
| The processing purpose | Compliance supervision regrading standards pursuant to the Act |
| The legal base | Article 6 (1) (c) of the Regulation, § 4 (2) (d) of the Act in conjunction with § 24 of Act – supervision over the internal system; § 27 (2) of the Act – continuous supervision of compliance with standards regarding the internal system; § 24 (3) of the Act – SAAHE may initiate an extraordinary assessment procedure for the internal system (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Data from the Central Register of Students of Slovak Republic, the Register of Employees of Higher Education Institutions, the Central Register of Final Theses, Rigorous Theses and Habilitation Theses, the Central Register of Records of Publication Activities, the Central Register of Artistic Activity Records and the Register of Study Programmes; in particular, common personal data within the scope of above stated registers (pursuant to § 18 (4) of the Act) |
| Retention period | In accordance with SAAHE registry rules |
| The processing purpose | Activities of the SAAHE bodies |
| The legal base | Article 6 (1) (c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject) |
| Categories of personal data | Scope of processed personal data according to § 18 (1) of the Act. For the purpose of carrying out its activities, the Agency shall process the members of the Executive Board, the members of the Board of Appeal, the Auditor and the reviewers: name and surname; demic degree, a scientific pedagogical degree, an artistic-pedagogical degree or a scientific degree; date of birth; the place of permanent residence or, in the case of a foreign national, the place of residence in the Slovak Republic; telephone number and e-mail address; the beginning and end of the term of office or of the period of inclusion in the list of reviewers; the designation of whom he has been appointed; the name of the field of study in which he is pedagogical, scientifically or artistically active; the name of the field of study in which he obtained his university degree; if he has undergone a habilitation procedure or an inaugural procedure, the name of the habilitation and inauguration proceedings in which the procedure took place; identification details of the employer; identification of the university of which he is a student, if it is a student; the name of the field of study in which the study programme for which the student is enrolled is carried out, in the case of a student; information on the membership of the working group, in the case of the reviewer, with a link to the published application, which it is assessing or assessing, and to the evaluation report in which he participated; information on the professional development training of the reviewers. For the purpose of carrying out the activities of SAAHE, a member of the Executive Board, a member of the Board of Appeal, a member of a working group and the Chairperson of the Executive Board shall have the right to access academic land, to consult, to the extent necessary, the files of students, higher education teachers, researchers and artistic staff, to be present in the educational activities of the higher education institution and to process the personal data contained in the decision documents (§ 18 (4) of the Act). |
| Retention period | In accordance with SAAHE registry rules |
| The processing purpose | Processing of personal data within social networks (provision of answers to questions and comments that do not meet the conditions of received mail, complaints, requests under special laws and/or requests in accordance with Act No. 211/2000 Coll. On access to information and amending certain other acts – the Freedom of Information Act) |
| The legal base | Article 6 (1) (e) of the Regulation (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the auditor; when dealing with requests, reports and other suggestions from citizens that are not complaints or information requests) |
| Categories of personal data | Name, surname, address, e-mail address, other data delivered to the Auditor |
| Retention period | Within 30 days |
| The processing purpose | Subscribing to the newsletter and sending the newsletter via the Auditor’s website |
| The legal base | Article 6 (1) (a) of the Regulation (the processing of personal data is carried out if the data subject has granted consent to the processing of his or her personal data) |
| Categories of personal data | E-mail address |
| Retention period | Maximum 5 years from the date of consent or until its withdrawal, whichever occurs first |
| The processing purpose | Measuring website traffic and targeting the Auditor’s advertising through the use of cookies on the website |
| The legal base | Article 6 (1) (a) of the Regulation (the processing of personal data is carried out if the data subject has granted consent to the processing of his or her personal data) |
| Categories of personal data | Common personal data – data about website activity of the visitors and their preferences in the online environment |
| Retention period | Maximum 1 year from the date of consent or until its withdrawal, whichever occurs first |
INFORMATION ON PROCESSING OPERATIONS (categories of personal data, purposes of processing, legal bases and retention periods) – CONDUCTING SURVEYS AMONG STUDENTS
| The processing purpose | Conducting surveys among students (pursuant to § 4 (2) (g) second point of the Act) |
| The legal base | Article 6 (1) (c) of the Regulation – processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject, because pursuant to Section 4 (2) (g), second point of the Act: SAAHE prepares analyses of the development of the higher education system in the Slovak Republic, including surveys among students, university employees, employers and other concerned entities and analysis of internal evaluation reports concerning internal systems |
| Categories of personal data | Common personal data to the extent of: e-mail address of the data subject |
| Retention period | For the time necessary to achieve the purpose, and at the latest for the duration of the survey (including its evaluation and the drafting of the relevant survey report) |
| Additional information | SAAHE for this purpose, it only processes e-mail address of data subject (student) in order to be able to deliver to the student a notification of the survey carried out and the relevant questionnaire (i.e. so that the student can participate in the survey). The answers provided in the survey are anonymous and will be further processed and evaluated as anonymous. |
In order to ensure the protection of your personal data, the Auditor has taken appropriate security measures, which it has documented, both at the organizational and technical level.
SOURCE OF PERSONAL DATA?
SAAHE obtains personal data directly from you as the data subject.
Another source of your personal data for the purpose of supervising compliance with standards may be data from the Central Register of Students pursuant to § 18 par. 4 of Act no. 269/2018 Coll. on quality assurance in higher education and on amendments to Act no. 343/2017 Coll. on public procurement and on amendments to certain acts (hereinafter referred to as the “Act”), from the register of employees of higher education institutions, from the central register of final theses, from the register of rigorous theses and habilitation theses, from the central register of records of publication activities, from the central register of records of artistic activities and from the register of study programmes, to which SAAHE has legal access under the relevant legislation.
For the purpose of carrying out SAAHE the activity within the meaning of § 18(3) of the Act, other sources of data may be the files of students, university teachers, researchers and artistic workers. The source of the authorities for the purposes according to § 4 (2) (g) second point of the Act, carrying out analyses of the development of the higher education system in the Slovak Republic, including surveys among students, employees of higher education institutions, employers and other concerned entities and analysis of internal evaluation reports concerning internal systems data from registers pursuant to § 18 (4) of the Act.
TO WHOM THE AUDITOR PROVIDES YOUR PERSONAL DATA?
In certain cases, the Auditor is obliged to provide your personal data to public authorities authorized to process your personal data, e. g. courts, law enforcement authorities as well as supervisory and supervisory authorities (e. g. the Office for Personal Data Protection in case of inspection) (third parties).
The Auditor also provides your personal data to its processors, i. e. external entities that process your personal data on behalf of the Auditor. Intermediaries process personal data on the basis of a contract concluded with the Auditor, in which they undertake to take appropriate technical and security measures in order to safely process your personal data. The Auditor’s processors include:
- a company providing services in the field of web hosting services (exclusively to the extent of the purposes of processing carried out through the website SAAHE).
TRANSFER TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS AND AUTOMATED INDIVIDUALISED DECISION-MAKING, INCLUDING PROFILING?
The Auditor does not transfer your personal data to third countries and/or international organizations.
The Auditor does not use profiling when processing your personal data and does not process personal data in any form of automated individual decision-making that would evaluate your personal aspects.
WHAT ARE YOUR RIGHTS IN RELATION TO THE PROCESSING OF PERSONAL DATA?
In connection with the processing of your personal data, you as the data subject have the following rights:
| Right of access – as the data subject, you have the right to obtain from the Auditor confirmation as to whether it processes your personal data and, if so, you have the right to access such personal data and information pursuant to Article 15 of the Regulation. The operator will provide you with a copy of the personal data being processed. If you submit a request by electronic means, the Auditor will provide you with the information in a commonly used electronic form, unless you request another method. | Right to rectification – the Auditor has taken appropriate measures to ensure the accuracy, completeness and timeliness of your personal data. As the data subject, you have the right to have the Auditor correct your incorrect personal data or complete your incomplete personal data without undue delay. |
| RIGHT TO OBJECT You have the right to object to the processing of personal data, for example if the Auditor processes your personal data on the basis of a legitimate interest or in processing in which profiling takes place. If you object to such processing of personal data, the Operator will no longer process your personal data unless it demonstrates compelling legitimate reasons for further processing of your personal data. | |
| Right to erasure (“right to be forgotten”) – You also have the right to obtain from the Auditor the deletion of your personal data without undue delay if certain conditions are met, for example if personal data are no longer necessary for the purposes for which the Auditor obtained or processed them. However, this right of yours must be assessed individually, as there may be a situation where other circumstances prevent the Auditor from deleting personal data (for example, a legal obligation of the Auditor). This means that in such a case, the Auditor will not be able to comply with your request for deletion of personal data. | Right to data portability – under certain circumstances, you have the right to transfer personal data to another Auditor you designate. However, the right to portability applies only to personal data that the Auditor processes on the basis of the consent you have given to the Auditor on the basis of a contract to which you are one of the parties or if the Auditor processes personal data by automated means. |
| RIGHT TO WITHDRAW CONSENT If the Auditor processes your personal data on the basis of your consent, you have the right to withdraw your consent at any time in the same form as you gave it. The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal of consent. | |
| Right to restriction of processing – You also have the right to have the Auditor restrict the processing of your personal data. This will be the case, for example, if you contest the accuracy of the personal data or if the processing is unlawful and you request the restriction of processing, or if the Auditor no longer needs your personal data for processing purposes, but you need them for the establishment, exercise or defence of legal claims. The Auditor will restrict the processing of your personal data if you request it. | Right to file a complaint or suggestion – If you feel that your personal data are processed in violation of applicable law, you may contact the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, with its registered office Hraničná 12, 820 07 Bratislava 27; Website: dataprotection.gov.sk, Phone number: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk |
You can exercise your rights listed in the table above at the contact addresses of the Auditor listed at the beginning of this document.
The Auditor will provide you with an answer to exercising your rights free of charge. In case of repeated, unjustified or excessive request to exercise your rights, the Auditor is entitled to charge a reasonable fee for providing information. The Auditor will provide you with an answer within 1 month from the day on which you exercised your rights. In certain cases, the Auditor is entitled to extend this period, in case of a high number and complexity of requests from data subjects, but not more than 2 months. The Auditor will always inform you about the extension of the period.
VALIDITY
This updated Policy is valid and effective from 09.10.2023 Due to the fact that an update of information on the processing of personal data contained in this Policy may be required in the future, the Auditor is entitled to update this Policy at any time. In such a case, however, the Auditor will inform you accordingly in advance.
