THE PRIVACY POLICY

Slovak accreditation agency for hight education


This Privacy Policy (hereinafter as the “Policy”) contains information about the processing of your personal data by the Slovak Accreditation Agency for Higher Education, with registered office at Nám. slobody, 6943/11, P.O.Box 7,  811 06 Bratislava, Slovak Republic, ID number: 52 113 680 (hereinafter as “the Auditor” or  „SAAHE“).

The Auditor provides you via this Policy information on why your personal data are processed, how they are processed, how long they are stored, what are your rights in connection with the processing of your personal data and other relevant information about the processing of your personal data.

The Auditor processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)(hereinafter asthe Regulation“), relevant Slovak legislation, in particular Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter as the “the Act”) and other regulations on the protection of personal data(the Regulation, the Act and other legislation on the protection of personal data  hereinafter collectively referredto as thePersonal Data Protection Legislation“).

You can contact the Auditor and it´s designated Data protection officer in matters related to the processing and protection of personal data at the following address: Slovak Accreditation Agency for Higher Education, Nám. slobody, 6943/11, P.O.Box 7, 811 06 Bratislava, Slovak republic or via e-mail to the e-mail address gdpr@saavs.sk.  

INFORMATION ON PROCESSING OPERATIONS (categories of personal data, purposes of processing, legal bases and retention periods) – GENERAL PURPOSES

The Auditor processes your personal data exclusively in accordance with the principle of minimization, which means that the Auditor does not require from you personal data that are not necessary for a specific and justified purpose of processing. The auditor processes personal data only if there is a legal basis for their processing and thus they are processed in accordance with the principle of legality. The specific purposes, including the specified legal basis and the retention period for which the Auditor processes your personal data, can be found in the table below.

 
The processing purposeKeeping records of job seekers
The legal baseArticle 6 (1) (a) of the Regulation (the processing is carried out if data subject has granted a consent to the processing of their personal data)
Categories of personal dataName, surname, e-mail, work experience data, other personal data specified in the CV and / or cover letter
Retention period1 year from the date of consent or until its withdrawal, whichever occurs first
 
The processing purposeConducting the selection procedure of employees (ensuring the selection of new staff – onboarding)
The legal baseArticle 6 (1) (b) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party and for the execution of pre-contractual relations)
Categories of personal dataName, surname, e-mail, work experience data, other personal data specified in the CV and / or cover letter
Retention periodDuring the selection procedure (i.e. no later than 90 days from the date of receipt of the CV and/or cover letter, if no employment relationship or similar employment relationship is established)
 
The processing purposeProcessing of accounting documents
The legal baseArticle 6 (1)(c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataCommon personal data necessary for the fulfilment of legal obligations (name, surname, address of residence / place of business, service delivery address, contact details, phone number, email address, bank details), other personal data necessary for the processing of accounting agenda
Retention periodIn accordance with SAAHE registry rules
 
The processing purposeRegistry administration, registration and handling of received and outgoing mail (including electronic communication with relevant institutions)
The legal baseArticle 6 (1) (c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataCommon personal data
Retention periodIn accordance with SAAHE registry rules
 
The processing purposeConduct of judicial and administrative proceedings
The legal baseArticle 6 (1) (c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataCommon personal data necessary to comply with legal obligations
Retention periodIn accordance with SAAHE registry rules
 
The processing purposeData subjects rights handling
The legal baseArticle 6 (1) (c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataCommon personal data that are part of the data subject’s request and are necessary to comply with legal obligations
Retention periodUnit the processing of the exercised rights in accordance with the relevant provisions of the Regulation (maximum 120 days)
 
The processing purposeRecords of exercised rights of data subjects
The legal baseArticle 6 (1) (f) of the Regulation (processing is necessary for the purposes of the legitimate interests pursued by the auditor, which lays in the need to keep evidence on how the exercised rights of the data subject were handled with in for the needs of an audit carried by the respective supervisory authority)
Categories of personal dataCommon personal data that are part of the data subject’s request and are necessary to comply with legal obligations
Retention period5 years following the date on which the right exercised or the request made by the data subject was handled with
   
The processing purposeVerification of whistleblowers’ complaints
The legal baseArticle 6 (1) (c) of the Regulation, Act No. 54/2019 Coll. on the protection of whistleblowers of anti-social activities and on amendments to certain acts (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataCommon personal data necessary to comply with legal obligations
Retention period120 days from the date of receipt of the complaint
 
The processing purposeKeeping a list of whistleblowers’ complaints
The legal baseArticle 6 (1) (c) of the Regulation, Act No. 54/2019 Coll. on the protection of whistleblowers of anti-social activities and on amendments to certain acts (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataCommon personal data necessary to comply with legal obligations
Retention period3 years from the date of termination of whistleblower protection pursuant to § 8 of Act no. 54/2019 Coll. on the protection of whistleblowers of anti-social activities and on amendments to certain acts
 
The processing purposeHandling and registration of complaints executed according to the respective legislation
The legal baseArticle 6 (1) (c) of the Regulation, Act No. 9/2010 Coll. on Complaints as amended (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataName, surname, address of residence, e-mail address for delivery, handwritten signature, other personal data detected or submitted during the handling of the complaint
Retention periodIn accordance with applicable legislation
 
The processing purposeRepeated complaints registration
The legal baseArticle 6 (1) (c) of the Regulation, Act No. 9/2010 Coll. on Complaints as amended (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataName, surname, address of residence, e-mail address for delivery, handwritten signature, other personal data detected or submitted during the handling of the complaint
Retention periodIn accordance with applicable legislation

 
The processing purposeComplaint against compliant handling
The legal baseArticle 6 (1) (c) of the Regulation, Act No. 9/2010 Coll. on Complaints as amended (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataName, surname, address of residence, e-mail address for delivery, handwritten signature, other personal data detected or submitted during the handling of the complaint
Retention periodIn accordance with applicable legislation

 
The processing purposeProvision of information pursuant to Act No. 211/2000 Coll. on free access to information and on amendments to certain acts
The legal baseArticle 6 (1) (c) of the Regulation, Act No. 211/2000 Coll. on free access to information and on amendments to certain acts (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataName, surname, address of residence, e-mail address, other data collected or submitted in the submitted request
Retention periodFor 5 years following the information request receival
 
The processing purposeThe public procurement process execution
The legal baseArticle 6 (1) (c) of the Regulation, Act No. 343/2015 Coll. on Public Procurement and on Amendments of Certain Acts as amended (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataName, surname, title, address, date of birth, birth number, number, ID card number, address, e-mail, telephone contact, signature
Retention periodIn accordance with the registry rules of SAAHE
 
The processing purposeKeeping records of contact persons and employees of suppliers, customers and other business partners (their contact persons / representatives if business partners are legal entities) in contractual relations
The legal baseArticle 6 (1) (f) of the Regulation  – the processing of personal data is carried out on the basis of the legitimate interest of the Auditor, which consists in the necessity of records of contact persons, employees and other representatives of business partners in the position of legal entities for the needs of bookkeeping, ensuring internal control activities, fulfilment of contractual obligations towards legal entities and for the enforcement of legal and other claims arising from concluded contracts
Categories of personal dataName, surname, title, legal entity identifier (function or job position), contact details (phone number, e-mail address)
Retention periodDuring the duration of the contractual relationship with the legal entity and after its termination until the expiry of the relevant limitation periods and until the full settlement of contractual and other claims arising from the contractual relationship or until the termination of the position of a natural person as a representative or contact person of the partner – legal entity, if further processing of personal data after the termination of such status is not necessary for the specified purpose
 
The processing purposeFulfilment of contractual obligations (based on contracts with customers, suppliers of goods and services, other business partners in the position of natural persons) and execution of pre-contractual relations
The legal baseArticle 6 (1) (b) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party)
Categories of personal dataName, surname, business name, address of the place of business, ID, VAT ID, VAT number, contact details (tel. no., e-mail), bank details
Retention periodDuring the contractual relationship and after its termination, until the full settlement of contractual and other claims arising from the contractual relationship or until the expiry of the relevant limitation periods, whichever occurs first
 
The processing purposeProcessing of personal data within the scope of the contact form on the website of the Auditor (provision of answers to requests that do not meet the conditions of received mail, complaints, requests under special laws and/or requests according to the Act No. 211/2000 Coll. on free access to information and on amendments to certain acts)
The legal baseArticle 6 (1) (e) of the Regulation (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Auditor; when dealing with individuals’ requests, reports and other suggestions that are not petitions, complaints or information requests pursuant to special legislation)
Categories of personal dataName, surname, address, e-mail address, other data delivered to the Auditor
Retention periodWithin 30 days from the date of the purpose fulfilment
 
The processing purposeMaintenance of the reviewers list  
The legal baseArticle 6 (1) (c) of the Regulation, § 4 (2) (c), first point of the Act No. 269/2018 on a quality assurance in higher education and on change and supplementing Act No. 343/2015 Coll. on public procurement and amending and on amendment of certain acts, as amended (hereinafter as “the Act”) – SAAHE maintains a list of reviewers, form which the SAAHE Executive Board creates working groups (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataPersonal data to the extent specified in § 18 of the Act
Retention periodIn accordance with SAAHE registry rules and within the meaning of § 8 (5) of the Act – for the duration of the entry in the list of reviewers or 6 years from the date of entry in the list
 
The processing purposePublication of the list of reviewers on the Auditor’s website 
The legal baseArticle 6 (1) (c) of the Regulation – pursuant to § 18 (2) of the Act SAAHE publishes personal data in the scope specified in § 18 (1) (a), (b) and (f) to (m) of the Act on its website (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataName and surname, academic degree, scientific pedagogical degree, artistic-pedagogical degree or a scientific degree; the beginning and end of the entry in the list of reviewers, specification of subject who proposed the appointment, name of the field of study in which the reviewer is pedagogical, scientifically or artistically active, name of the field of study in which the reviewer obtained his university degree; if the reviewer has undergone a habilitation procedure or an inaugural procedure, the name of the habilitation and inauguration proceedings in which the procedure took place; identification details of the employer; identification of the university of which the reviewer is a student of, if the reviewer is a student; name of the field of study in which the study programme for which the student is enrolled is carried out, in the case the reviewer is a student; information on the membership in a working group, in which the reviewer participated and link to the evaluation report on drafting of which the reviewer participated (pursuant to § 18 (2) of the Act)
The retention periodIn accordance with SAAHE registry rules and within the meaning of § 8 (5) of the Act – for the duration of the entry in the list of reviewers or 6 years from the date of entry in the list
 
The processing purposeMandatory contracts and appointment decrees (working groups members appointment)
The legal baseArticle 6 (1) (b) of the Regulation (processing is necessary for the performance of a contract to which the data subject is party and for the execution of pre-contractual relations)
Categories of personal dataCommon personal data within the scope of the mandatory contract (in particular name, surname, date of birth, permanent residence, e-mail, telephone, bank details, account number) and common personal data within the scope of the appointment  decrees (letters)
The retention periodFor the period necessary to achieve the processing purpose, at the latest for the period of performance of the reviewer’s activities and the duration of the concluded contract
 
The processing purposeReviewer’s nameplates
The legal baseArticle 6 (1) (e) of the Regulation (processing is necessary for the performance of the task carried out in the public interest or during the exercise of official authority vested in the Auditor in connection with the transparent performance of the SAAHE activities performed by reviewers)
Categories of personal dataCommon personal data to the extent of name, surname and titles
The retention periodFor the period necessary to achieve the processing purpose, at the latest for the period of performance of the reviewer’s activities and the duration of the concluded contract
 
The processing purposePerformance of external quality assurance activities in higher education pursuant to the Act
The legal baseArticle 6(1)(c) of the Regulation, the Act No 269/2018 on a quality assurance in higher education and change and supplementing Act No 343/2015 on public procurement and amending and supplements to certain acts, as amended (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataScope of processed personal data according to § 18 (1) of the Act. For the purpose of carrying out its activities, the Agency shall process the members of the Executive Board, the members of the Board of Appeal, the Auditor and the reviewers: name and surname; demic degree, a scientific pedagogical degree, an artistic-pedagogical degree or a scientific degree; date of birth; the place of permanent residence or, in the case of a foreign national, the place of residence in the Slovak Republic; telephone number and e-mail address; the beginning and end of the term of office or of the period of inclusion in the list of reviewers; the designation of whom he has been appointed; the name of the field of study in which he is pedagogical, scientifically or artistically active; the name of the field of study in which he obtained his university degree; if he has undergone a habilitation procedure or an inaugural procedure, the name of the habilitation and inauguration proceedings in which the procedure took place; identification details of the employer; identification of the university of which he is a student, if it is a student; the name of the field of study in which the study programme for which the student is enrolled is carried out, in the case of a student; information on the membership of the working group, in the case of the reviewer, with a link to the published application, which it is assessing or assessing, and to the evaluation report in which he participated; information on the professional development training of the reviewers.   For the purpose of carrying out the activities of SAAHE, a member of the Executive Board, a member of the Board of Appeal, a member of a working group and the Chairperson of the Executive Board shall have the right to access academic land, to consult, to the extent necessary, the files of students, higher education teachers, researchers and artistic staff, to be present in the educational activities of the higher education institution and to process the personal data contained in the decision documents (§ 18 (4) of the Act).
Retention periodIn accordance with SAAHE registry rules
 
The processing purposeCompliance supervision regrading standards pursuant to the Act
The legal baseArticle 6 (1) (c) of the Regulation, § 4 (2) (d) of the Act in conjunction with § 24 of Act – supervision over the internal system; § 27 (2) of the Act – continuous supervision of compliance with standards regarding the internal system; § 24 (3) of the Act – SAAHE may initiate an extraordinary assessment procedure for the internal system (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataData from the Central Register of Students of Slovak Republic, the Register of Employees of Higher Education Institutions, the Central Register of Final Theses, Rigorous Theses and Habilitation Theses, the Central Register of Records of Publication Activities, the Central Register of Artistic Activity Records and the Register of Study Programmes; in particular, common personal data within the scope of above stated registers (pursuant to § 18 (4) of the Act)
Retention periodIn accordance with SAAHE registry rules
 
The processing purposeActivities of the SAAHE bodies
The legal baseArticle 6 (1) (c) of the Regulation (processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject)
Categories of personal dataScope of processed personal data according to § 18 (1) of the Act. For the purpose of carrying out its activities, the Agency shall process the members of the Executive Board, the members of the Board of Appeal, the Auditor and the reviewers: name and surname; demic degree, a scientific pedagogical degree, an artistic-pedagogical degree or a scientific degree; date of birth; the place of permanent residence or, in the case of a foreign national, the place of residence in the Slovak Republic; telephone number and e-mail address; the beginning and end of the term of office or of the period of inclusion in the list of reviewers; the designation of whom he has been appointed; the name of the field of study in which he is pedagogical, scientifically or artistically active; the name of the field of study in which he obtained his university degree; if he has undergone a habilitation procedure or an inaugural procedure, the name of the habilitation and inauguration proceedings in which the procedure took place; identification details of the employer; identification of the university of which he is a student, if it is a student; the name of the field of study in which the study programme for which the student is enrolled is carried out, in the case of a student; information on the membership of the working group, in the case of the reviewer, with a link to the published application, which it is assessing or assessing, and to the evaluation report in which he participated; information on the professional development training of the reviewers.   For the purpose of carrying out the activities of SAAHE, a member of the Executive Board, a member of the Board of Appeal, a member of a working group and the Chairperson of the Executive Board shall have the right to access academic land, to consult, to the extent necessary, the files of students, higher education teachers, researchers and artistic staff, to be present in the educational activities of the higher education institution and to process the personal data contained in the decision documents (§ 18 (4) of the Act).
Retention periodIn accordance with SAAHE registry rules
 
The processing purposeProcessing of personal data within social networks (provision of answers to questions and comments that do not meet the conditions of received mail, complaints, requests under special laws and/or requests in accordance with Act No. 211/2000 Coll. On access to information and amending certain other acts – the Freedom of Information Act)
The legal baseArticle 6 (1) (e) of the Regulation (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the auditor; when dealing with requests, reports and other suggestions from citizens that are not complaints or information requests)
Categories of personal dataName, surname, address, e-mail address, other data delivered to the Auditor
Retention periodWithin 30 days
 
The processing purposeSubscribing to the newsletter and sending the newsletter via the Auditor’s website
The legal baseArticle 6 (1) (a) of the Regulation (the processing of personal data is carried out if the data subject has granted consent to the processing of his or her personal data)
Categories of personal dataE-mail address
Retention periodMaximum 5 years from the date of consent or until its withdrawal, whichever occurs first
 
The processing purposeMeasuring website traffic and targeting the Auditor’s advertising through the use of cookies on the website
The legal baseArticle 6 (1) (a) of the Regulation (the processing of personal data is carried out if the data subject has granted consent to the processing of his or her personal data)
Categories of personal dataCommon personal data – data about website activity of the visitors and their  preferences in the online environment
Retention periodMaximum 1 year from the date of consent or until its withdrawal, whichever occurs first
 

INFORMATION ON PROCESSING OPERATIONS (categories of personal data, purposes of processing, legal bases and retention periods) – CONDUCTING SURVEYS AMONG STUDENTS

 
The processing purposeConducting surveys among students (pursuant to § 4 (2) (g) second point of the Act)
The legal baseArticle 6 (1) (c) of the Regulation – processing of personal data is necessary for compliance with a legal obligation to which the Auditor is subject, because pursuant to Section 4 (2) (g), second point of the Act: SAAHE prepares analyses of the development of the higher education system in the Slovak Republic, including surveys among students, university employees, employers and other concerned entities and analysis of internal evaluation reports concerning internal systems
Categories of personal dataCommon personal data to the extent of: e-mail address of the data subject
Retention periodFor the time necessary to achieve the purpose, and at the latest for the duration of the survey (including its evaluation and the drafting of the relevant survey report)
Additional informationSAAHE for this purpose, it only processes e-mail address of data subject (student) in order to be able to deliver to the student a notification of the survey carried out and the relevant questionnaire (i.e. so that the student can participate in the survey). The answers provided in the survey are anonymous and will be further processed and evaluated as anonymous.
 

In order to ensure the protection of your personal data, the Auditor has taken appropriate security measures, which it has documented, both at the organizational and technical level.

SOURCE OF PERSONAL DATA?

SAAHE obtains personal data directly from you as the data subject.

Another source of your personal data for the purpose of supervising compliance with standards may be data from the Central Register of Students pursuant to § 18 par. 4 of Act no. 269/2018 Coll. on quality assurance in higher education and on amendments to Act no. 343/2017 Coll. on public procurement and on amendments to certain acts (hereinafter referred to as the “Act”),  from the register of employees of higher education institutions, from the central register of final theses, from the register of rigorous theses and habilitation theses, from the central register of records of publication activities, from the central register of records of artistic activities and from the register of study programmes, to which SAAHE has legal access under the relevant legislation.

For the purpose of carrying out SAAHE the activity within the meaning of § 18(3) of the Act, other sources of data may be the files of students, university teachers, researchers and artistic workers. The source of the authorities for the purposes according to § 4 (2) (g) second point of the Act, carrying out analyses of the development of the higher education system in the Slovak Republic, including surveys among students, employees of higher education institutions, employers and other concerned entities and analysis of internal evaluation reports concerning internal systems data from registers pursuant to § 18 (4) of the Act.

TO WHOM THE AUDITOR PROVIDES YOUR PERSONAL DATA?

In certain cases, the Auditor is obliged to provide your personal data to public authorities authorized to process your personal data, e. g. courts, law enforcement authorities as well as supervisory and supervisory authorities (e. g. the Office for Personal Data Protection in case of inspection) (third parties).

The Auditor also provides your personal data to its processors, i. e. external entities that process your personal data on behalf of the Auditor. Intermediaries process personal data on the basis of a contract concluded with the Auditor, in which they undertake to take appropriate technical and security measures in order to safely process your personal data. The Auditor’s processors include:

  • a company providing services in the field of web hosting services (exclusively to the extent of the purposes of processing carried out through the website SAAHE).

TRANSFER TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS AND AUTOMATED INDIVIDUALISED DECISION-MAKING, INCLUDING PROFILING?

The Auditor does not transfer your personal data to third countries and/or international organizations.

The Auditor does not use profiling when processing your personal data and does not process personal data in any form of automated individual decision-making that would evaluate your personal aspects. 

WHAT ARE YOUR RIGHTS IN RELATION TO THE PROCESSING OF PERSONAL DATA?

In connection with the processing of your personal data, you as the data subject have the following rights:

Right of access – as the data subject, you have the right to obtain from the Auditor confirmation as to whether it processes your personal data and, if so, you have the right to access such personal data and information pursuant to Article 15 of the Regulation. The operator will provide you with a copy of the personal data being processed. If you submit a request by electronic means, the Auditor will provide you with the information in a commonly used electronic form, unless you request another method.Right to rectification – the Auditor has taken appropriate measures to ensure the accuracy, completeness and timeliness of your personal data. As the data subject, you have the right to have the Auditor correct your incorrect personal data or complete your incomplete personal data without undue delay.  
RIGHT TO OBJECT You have the right to object to the processing of personal data, for example if the Auditor processes your personal data on the basis of a legitimate interest or in processing in which profiling takes place. If you object to such processing of personal data, the Operator will no longer process your personal data unless it demonstrates compelling legitimate reasons for further processing of your personal data.  
Right to erasure (“right to be forgotten”) – You also have the right to obtain from the Auditor the deletion of your personal data without undue delay if certain conditions are met, for example if personal data are no longer necessary for the purposes for which the Auditor obtained or processed them. However, this right of yours must be assessed individually, as there may be a situation where other circumstances prevent the Auditor from deleting personal data (for example, a legal obligation of the Auditor). This means that in such a case, the Auditor will not be able to comply with your request for deletion of personal data.Right to data portability – under certain circumstances, you have the right to transfer personal data to another Auditor you designate. However, the right to portability applies only to personal data that the Auditor processes on the basis of the consent you have given to the Auditor on the basis of a contract to which you are one of the parties or if the Auditor processes personal data by automated means.  
RIGHT TO WITHDRAW CONSENT
If the Auditor processes your personal data on the basis of your consent, you have the right to withdraw your consent at any time in the same form as you gave it. The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal of consent.
Right to restriction of processing – You also have the right to have the Auditor restrict the processing of your personal data. This will be the case, for example, if you contest the accuracy of the personal data or if the processing is unlawful and you request the restriction of processing, or if the Auditor no longer needs your personal data for processing purposes, but you need them for the establishment, exercise or defence of legal claims. The Auditor will restrict the processing of your personal data if you request it.Right to file a complaint or suggestion – If you feel that your personal data are processed in violation of applicable law, you may contact the supervisory authority, which is  the Office for Personal Data Protection of the Slovak Republic, with its registered office Hraničná 12, 820 07 Bratislava 27; Website: dataprotection.gov.sk, Phone number: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk  

You can exercise your rights listed in the table above at the contact addresses of the Auditor listed at the beginning of this document.

The Auditor will provide you with an answer to exercising your rights free of charge. In case of repeated, unjustified or excessive request to exercise your rights, the Auditor is entitled to charge a reasonable fee for providing information. The Auditor will provide you with an answer within 1 month from the day on which you exercised your rights. In certain cases, the Auditor is entitled to extend this period, in case of a high number and complexity of requests from data subjects, but not more than 2 months. The Auditor will always inform you about the extension of the period.

VALIDITY

This updated Policy is valid and effective from 09.10.2023 Due to the fact that an update of information on the processing of personal data contained in this Policy may be required in the future, the Auditor is entitled to update this Policy at any time. In such a case, however, the Auditor will inform you accordingly in advance.