Privacy Policy

Identification data of the controller:

Axis rehab s.r.o., Company ID: 53215796, 8.mája 2800/1, 921 01 Piešt’any (hereinafter referred to as “the Company”) acts as an information systems controller (hereinafter referred to as “IS”) when processing personal data of its employees, clients, customers or business partners (hereinafter referred to as “the data subject”).

The legal basis for the processing of personal data of data subjects:

When processing personal data, the company proceeds in accordance with Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Regulations (hereinafter referred to as the “Personal Data Protection Act”). The legal basis for the processing of personal data is the Personal Data Protection Act, special legal regulations and consent to the processing of personal data, depending on the purpose of the processing of personal data.

If the purpose of the processing of personal data, the range of data subjects and the list of personal data is provided for by a directly enforceable act of the European Union, an international treaty to which the Slovak Republic is bound, the Personal Data Protection Act or a special law, the Company is entitled to process personal data without the consent of the data subject in accordance with the Personal Data Protection Act.

SThe Company processes personal data without the consent of the data subject if the purpose of processing personal data, the range of data subjects and the list of personal data or their scope is provided for by a directly enforceable legally binding act of the European Union, an international treaty to which the Slovak Republic is bound or this Act. If the list or scope of personal data is not established, the company may process personal data only to the extent and in the manner necessary to achieve the established purpose of processing, while complying with the basic obligations under the Personal Data Protection Act.

Furthermore, the company shall process personal data without the consent of the data subject if the purpose of processing personal data, the range of data subjects and the list of personal data are provided for by a special law and only to the extent and in the manner provided for by the special law. The personal data processed may be disclosed, made available or published from the information system only if a special law provides for the purpose of disclosure, disclosure or publication, the list of personal data that may be disclosed, disclosed or published, as well as the third parties to whom the personal data are disclosed or the range of recipients to whom the personal data are disclosed, unless otherwise provided for in the law on the protection of personal data.

The company also processes personal data without the data subject’s consent if:

a) the processing of personal data is necessary for the performance of a contract to which the data subject acts as one of the contracting parties or in pre-contractual relations with the data subject or in the negotiation of a change to the contract, which are carried out at the request of the data subject,

b) the processing of personal data is necessary to protect the life, health or property of the data subject,

c) the subject of the processing is exclusively the title, first name, surname and address of the data subject, without the possibility of associating further personal data with them, and their use is intended solely for the needs of the controller in the postal contact with the data subject and the recording of these data,

d) personal data are processed which have already been disclosed in accordance with the law and have been duly identified by the controller as having been disclosed; the person who claims to be processing disclosed personal data shall, on request, demonstrate to the Authority that the personal data being processed have already been lawfully disclosed,

e) the processing of personal data is necessary for the protection of the rights and legitimate interests of the controller or of a third party, except where such processing of personal data is overridden by the fundamental rights and freedoms of the data subject which are subject to protection under this Act.

If, in view of the purpose of processing personal data as laid down in a directly enforceable legally binding act of the European Union, an international treaty by which the Slovak Republic is bound, the Personal Data Protection Act and a special act, the individual personal data to be processed cannot be specifically determined in advance, the list of personal data may be replaced by a range of personal data.

The company is obliged to comply with the Personal Data Protection Act when processing personal data in this way, except for those controllers who process personal data for the purposes of and in connection with legal proceedings.

Where the Data Protection Act does not apply to the processing of personal data, the Company, as controller, is only entitled to process personal data with the consent of the data subject.

The company obtains the data subject’s consent without coercion or compulsion, as well as without conditioning it on the threat of refusal of the contractual relationship, the services provided or the obligations arising for the controller from legally binding acts of the European Union, an international treaty to which the Slovak Republic is bound or a law.

In the event of refusal to provide personal data to the company for the purposes necessary for the provision of services or the fulfilment of legal obligations, the company is entitled to warn the data subject of the possible consequences of the failure to provide personal data.

The data subjects consent to the Company entrusting the processing of personal data to an intermediary who processes personal data on behalf of the Company. At the end of the purpose of processing personal data, the Company shall dispose of such lawfully obtained personal data of the data subjects within the time limit set by applicable law and in accordance with the Company’s internal regulations.

Purpose of processing of personal data of data subjects:

The Company respects your privacy and considers the personal data provided to be confidential.

The Company needs to know certain personal data of the data subjects for the quality of its services and needs to provide it to other recipients in order to comply with its legal obligations and to provide the highest quality services.

The Company processes the personal data provided for a number of purposes.

Firstly, it is personal data of job applicants and personal data of its employees for the purposes of personnel and payroll and related legal obligations arising from specific legislation.

Furthermore, the Company also processes personal data of its clients, customers and business partners for the purpose of ensuring its business activities taking into account the interests of its clients, customers and business partners.

The processing of personal data for other purposes does not occur in the company, which means that the company collects, stores and processes only the personal data of the data subjects that it needs in order to fulfill its services. The personal data provided is strictly protected against misuse by unauthorised third parties by means documented in the adopted security project and security directive in accordance with the Data Protection Act.

When processing the personal data of data subjects, the company complies with the basic obligations of the controller under the Personal Data Protection Act, which include the following obligations.

The company shall always use the personal data provided for the predetermined purpose of processing, which is clear, unambiguous and specific, in accordance with the Constitution of the Slovak Republic, constitutional laws, laws and international treaties to which the Slovak Republic is bound.

The Company shall always define the conditions for processing personal data in such a way as not to restrict the rights of the data subject provided for by law.

The Company shall only obtain personal data of the data subjects which, in terms of their scope and content, correspond to the purpose of the processing and are necessary for its achievement.

The company ensures that the personal data of the data subjects are processed only in a manner that is consistent with the purpose for which they were previously collected.

The Company, as the controller, is obliged to process only correct, complete and, where necessary, updated personal data in relation to the purpose of the processing. Incorrect and incomplete personal data shall be blocked by the controller and rectified or supplemented without undue delay; if they cannot be rectified or supplemented so as to be correct, the company shall clearly mark and destroy the personal data without undue delay.

The Company shall ensure that the personal data of the data subjects are processed in a form which permits identification of the individual data subjects for no longer than is necessary to achieve the purpose of the processing.

The Company shall dispose of in the prescribed manner those personal data for which the purpose of processing has ended. After the end of the defined purpose, the company is entitled to process the personal data to the extent necessary for research or statistical purposes in their anonymised form. Personal data processed in this way may not be used by the controller to support measures or decisions taken against the data subject to restrict his or her fundamental rights and freedoms.

Processors:

The Company does not provide your personal data to third parties in violation of the Data Protection Act and for the purpose of collecting it, contrary to your interests or instructions, and it is only provided to third parties within the scope of the above-mentioned purpose.

In its business activities, the company cooperates with several intermediaries whose aim is to provide quality services, and these entities process the personal data of data subjects in the performance of their contractual activities for the company.

The Company declares on its honour that, when selecting individual processors, it has paid attention to their professional, technical, organisational and personnel competence and their ability to guarantee the security of the personal data processed by means of the security measures taken in accordance with the Personal Data Protection Act.

At the same time, when selecting a suitable processor, the company has acted in such a way as not to jeopardise the rights and legitimate interests of data subjects.

The Company as a controller has concluded written agreements with processors within the meaning of the Personal Data Protection Act to ensure the protection of personal data processed by the processors it has entrusted with the processing of personal data of data subjects only to the extent, under the conditions and for the purpose agreed in the agreement and in the manner provided for in the Personal Data Protection Act.

Scope and list of personal data processed:

The Company processes personal data of data subjects in its information systems to the extent necessary to achieve the stated purpose. This is the scope of the personal data provided for by specific legislation or to the extent of the data subject’s consent to the processing of his or her personal data.

The company only processes personal data that have been provided to it voluntarily and to the extent necessary by the data subject. The provision of personal data to the company beyond the scope of specific laws is voluntary.

Conditions and manner of processing of personal data of data subjects:

The Company processes personal data of data subjects in its information systems by automated and non-automated means of processing.

The Company does not disclose the personal data processed, except where required by a specific legal regulation or by a decision of a court or other public authority.

The Company will not process your personal data without your explicit consent or any other lawful legal basis for any other purpose, or to a greater extent than is specified in this information and in the record sheets of the individual information systems of the controller.

Rights of the data subject related to the processing of his or her personal data:

The data subject shall have the right, upon written request from the company, to request:

a) confirmation as to whether or not personal data concerning him or her are being processed,

b) information in a generally comprehensible form about the processing of personal data in the information system to the extent provided for in the Personal Data Protection Act; when a decision is issued under the Personal Data Protection Act, the data subject shall be entitled to be informed of the procedure for processing and evaluating operations,

c) in a generally comprehensible form, precise information about the source from which he or she obtained his or her personal data for processing,

d) in a generally comprehensible form, a list of her personal data subject to processing,

e) the rectification or erasure of its incorrect, incomplete or outdated personal data subject to processing,

f) the destruction of his or her personal data for which the purpose of the processing has ceased; where official documents containing personal data are the subject of the processing, he or she may request their return,

g) the destruction of his or her personal data which are the subject of the processing if there has been a breach of the law,

h) the blocking of her personal data due to the withdrawal of her consent before the expiry of its validity period, if the company processes personal data on the basis of the data subject’s consent.

The aforementioned rights of the data subject under points (e) and (f) may be restricted only if such restriction is based on a specific law or if its application would violate the protection of the data subject or would infringe the rights and freedoms of other persons.

Pursuant to the Data Protection Act, the data subject shall have the right to object, upon written request to the company, to:

a) the processing of his or her personal data which he or she believes is or will be processed for direct marketing purposes without his or her consent, and to request their destruction,

b) the use of the personal data referred to in the Data Protection Act for direct marketing purposes in postal communications; or

c) the provision of personal data referred to in the Data Protection Act for direct marketing purposes.

Pursuant to the Personal Data Protection Act, the data subject shall have the right to object at any time to the processing of personal data in cases under the Personal Data Protection Act by submitting, upon written request to the company or in person if the matter cannot be delayed, legitimate grounds for objection or by providing evidence of unlawful interference with his or her rights and legitimate interests which are or may be adversely affected by such processing of personal data in a particular case; unless prevented by lawful grounds and the objection of the data subject is proven to be justified, the company shall block and delete the personal data to which the data subject has objected without undue delay and as soon as the circumstances permit.

Pursuant to the Personal Data Protection Act, the data subject shall have the right at any time, on the basis of a written request addressed to the company or in person if the matter cannot be delayed, to object and not to submit to a decision of the company that would have legal effects or significant impact on him or her, if such decision is made solely on the basis of automated processing operations of his or her personal data. The data subject shall further have the right to request the company to review the decision issued by a method other than automated processing, and the company shall comply with the data subject’s request, with the authorised person playing a decisive role in the review of the decision; the controller shall inform the data subject of the method of review and the result of the finding within the time limit provided for in the Personal Data Protection Act. The data subject shall not have this right only if a specific law providing for measures to safeguard the data subject’s legitimate interests so provides, or if, in the context of a pre-contractual relationship or during the existence of a contractual relationship, the controller has issued a decision granting the data subject’s request, or if the controller has taken other appropriate measures on the basis of a contract to safeguard the data subject’s legitimate interests.

If the data subject exercises his or her right:

a) in writing and it is clear from the content of his or her request that he or she is exercising his or her right, the request shall be deemed to have been made pursuant to the Personal Data Protection Act; a request made by electronic mail or fax shall be delivered in writing by the data subject no later than three days from the date of its dispatch,

b) orally in person in a record, which must show who has exercised the right, what is claimed and when, and who made the record, his or her signature and the signature of the data subject; a copy of the record must be given by the company to the data subject,

c) in the case of an intermediary referred to in point (a) or (b), the latter shall forward the request or the minutes to the company without undue delay.

If the data subject suspects that his or her personal data are being unlawfully processed, he or she may file a petition for initiation of personal data protection proceedings with the Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava 27, Slovak Republic, or contact the Office via its website at.
http://www.dataprotection.gov.sk.

If the data subject lacks full legal capacity, his or her rights may be exercised by a legal representative.

If the data subject is deceased, his or her rights under this Act may be exercised by a person close to him or her.

The company shall process the data subject’s request under the Data Protection Act free of charge.

The request of the data subject pursuant to the Personal Data Protection Act shall be processed by the company free of charge, except for the payment of an amount which may not exceed the amount of the reasonably incurred material costs associated with the making of copies, the procurement of technical media and the sending of information to the data subject, unless a special law provides otherwise.

The company shall be obliged to deal with the data subject’s request in writing in accordance with the Personal Data Protection Act within 30 days of receipt of the request at the latest.

The company shall notify the data subject and the Office for Personal Data Protection of the Slovak Republic in writing without undue delay of the restriction of the data subject’s rights under the Personal Data Protection Act.

The company has hereby informed you as the data subject about the protection of your personal data and has informed you of your rights in relation to the protection of personal data within the scope of this written information obligation.