Information systems operator LV-Medical, s.r.o. , with headquarters at Humenská 11, 040 11 Košice, ID: 47 584 581 publishes the following information on the protection of personal data for the persons concerned, for the purpose of observing justice and transparency:

Personal data protection policy

in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and Act NR SR no. 18/2018 on the protection of personal data and on the amendment of certain laws (hereinafter referred to as the “Law”)

In information systems, the operator processes the personal data of the affected persons (they are mainly patients and employees, but also third parties) for a precisely determined purpose. The purpose of personal data processing is the reason for which personal data is processed and this reason must have a precisely defined legal basis (principle of legality according to Article 6 and 9 of the Regulation).

Personal data are processed on the basis of § 13 par. 1 letter c/ of the Act without the consent of the person concerned, their processing is necessary to fulfill the purpose of their processing in the sense of:

Act No. 576/2004 Coll. on health care, services related to the provision of health care and on amendments to certain laws, as amended,
Act No. 578/2004 Coll. on health care providers, health care supervision and amendments to certain laws, as amended,
Act No. 362/2011 Coll. on medicines and medical devices and on amendments to certain laws, as amended,
Act No. 153/2013 Coll. on the national health information system and on the amendment of certain laws, as amended,
Act No. 311/2001 Coll. The Labor Code, as amended,
Act No. 355/2006 Coll. on the protection, resistance and development of public health and on the amendment of certain laws, as amended,
Act No. 124/2006 Coll. on safety and health protection at work and on amendments to certain laws, as amended,
Act No. 595/2003 Coll. on income tax, as amended,
Act No. 461/2003 Z z. on social insurance as amended, etc. (other legal bases are separately registered by the operator according to the purpose of processing).
The operator provides personal data to the following recipients: public authorities according to relevant legal regulations, other health care providers, third parties to whom a special regulation entrusts the authority to decide on the rights and obligations of natural persons (e.g.: patients – Health Care Supervision Office).

The operator does not transfer personal data to third countries. Automated decision-making, including profiling, is not carried out.

All affected persons whose personal data is processed by the operator in its information systems for a specifically defined purpose may exercise (in writing or electronically) the following rights:

a/ the right to access personal data (§ 21 of the Act) – this is the right to obtain from the operator confirmation of whether your personal data is being processed (as well as the access to this data itself), and information about the purpose of processing, categories of processed personal data data, range of recipients, storage period, the right to request from the operator the correction of personal data concerning the person concerned, their deletion or restriction of their processing, or the right to object to the processing of personal data, the right to file a motion to initiate proceedings pursuant to § 100 of the Act on the source of personal data, about the existence of automated individual decision-making and about the procedure used in each automated processing.

The operator has the right to use all reasonable measures and methods to verify the identity of the data subject who requests access to personal data, especially in connection with online services and identifiers.

b/ the right to correct incorrect and supplement incomplete personal data (§ 22 of the Act);

c/ the right to erasure of personal data (§23 of the Act) – if these are no longer necessary for the purposes for which they were obtained or otherwise processed, – if the consent on the basis of which the processing is carried out has been revoked and there is no other legal basis for the processing, – when illegal processing; if the data subject objects to the processing,

d/ the right to restriction of processing (§24 of the Act) can be exercised if the person concerned objects to the correctness of personal data during the period allowing the operator to verify the correctness of personal data, if the processing is illegal and the person concerned objects to the deletion of personal data and requests their restriction instead use, if the operator no longer needs the personal data for the purpose of processing, but the data subject needs them to assert a legal claim, if the data subject objects to the processing of personal data according to § 27 par. 1 of the Act until it is verified whether the legitimate reasons on the part of the operator prevail over the legitimate reasons of the person concerned;

e/ the right to portability of personal data (§26 of the Act) is a right when the person concerned has the right to obtain personal data concerning him and which he has provided to the operator and has the right to transfer this data to another operator in a structured, commonly used and machine-readable format, if it is technically possible; The right to data portability does not apply to the processing of personal data necessary for the fulfillment of a task carried out in the public interest or in the exercise of public authority entrusted to the operator.

f/ the right to submit a proposal to initiate proceedings for the protection of personal data pursuant to § 100 of the Act to the Personal Data Protection Office of the Slovak Republic, Hraničná 12, 820 07 Bratislava, if you believe that the processing of personal data is contrary to the regulation or the Act.

g/ the right to object to the processing of personal data (§27 of the Act) for reasons related to a specific situation. The operator may not continue to process your personal data if he does not demonstrate the necessary legitimate interests for processing personal data that outweigh the rights or interests of the person concerned, or grounds for asserting a legal claim.

The provision of personal data for the purpose of providing health care is a legal requirement according to Act no. 576/2004 Coll. on health care, services related to the provision of health care and on amendments to certain laws, as amended.

The company LV-Medical, s.r.o. as an operator of information systems, it has taken all appropriate personnel, organizational and technical measures for the purpose of maximum protection of the personal data of the affected persons with the aim of reducing the risk of their misuse, leakage, etc. to the greatest extent possible. . At the same time, we announce that in the event of a situation with a high risk for the rights and freedoms of natural persons, we will inform you without undue delay.

Warning: In order to comply with the principle of minimization, all personal data provided by you is a necessary legal or contractual requirement to fulfill the purpose of their processing. Failure to provide mandatory data necessary for concluding a contract may result in failure to conclude a contractual relationship.

In case of any questions related to the protection of your personal data, including the exercise of your rights in accordance with the Regulation and the Act, you can contact us and contact our responsible person at ochranosobneudaje@lv-medical.sk.