General Practice for Adults
Current Announcements

Personal Data Protection

Information on the processing of personal data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, and pursuant to Sections 19 and 20 of Act No. 18/2018 Coll. on the Protection of Personal Data and on the amendment of certain acts.

For the purpose of informing patients and clients (hereinafter referred to as the "data subject") about the methods of processing their personal data, the controller issues these Personal Data Processing Conditions (hereinafter referred to as "PDPC"). The data subject is obliged to familiarise themselves with these PDPC, and the controller shall, upon request, provide the data subject with a copy of these PDPC before or at any time during the provision of services.

1. Website Controller webovej stránky

The website controller and healthcare provider is Medimag s. r. o. (hereinafter also referred to as the „ Website Controller“).

Registered office: Bratislava – Záhorská Bystrica district

Company ID: 57 331 987

Registered in: Commercial Register of the Municipal Court Bratislava III, Section: Sro, File No. 193938/B

2. Controller's Contact Details Prevádzkovateľa

For matters related to the processing and protection of personal data, you may contact the Controller by email at ambulancia@medimag.sk.

3. General Information informácie

The Controller processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the „ Regulation “) and Act No. 18/2018 Coll. on the Protection of Personal Data (hereinafter the „ Act “).

The Controller obtains personal data directly from you as a data subject (hereinafter also the „ Data Subject ") or from another person who provides us with your personal data. A situation may arise in which the Controller obtains personal data from a person other than directly from you; therefore, this document provides information to all Data Subjects pursuant to both Article 13 of the Regulation and Article 14 of the Regulation / Sections 19 and 20 of the Act.

All personal data that the Controller processes about you as a data subject are processed only for justified purposes, for a limited period, and with the highest possible level of security. To this end, the Controller also adopts an Internal Directive on the Processing of Personal Data, as well as security measures set out in the security documentationHere you will find information about what personal data we process about you, for what specific purpose, on what legal basis, to whom we may provide your personal data, and above all what rights you have in connection with the processing of your personal data.

4. Provision of Healthcare and Handling of Personal Data a práca s osobnými údajmi

The Controller is a healthcare provider within the meaning of Act No. 578/2004 Coll. on Healthcare Providers, Healthcare Workers, Professional Organisations in Healthcare and on the amendment of certain acts, as amended (hereinafter the "Healthcare Providers Act").

1. Legal Basis

For the purpose of providing healthcare, the Controller must and is entitled to process patients' personal data. The legal basis for processing is the necessity for the performance of contractual obligations under a contract concluded between the Controller and the Data Subject (Art. 6(1)(b) GDPR), as well as the necessity for compliance with the Controller's legal obligations (Art. 6(1)(c) GDPR), in particular, but not exclusively, under:

  • Act No. 576/2004 Coll. on Healthcare, Services Related to the Provision of Healthcare and on the amendment of certain acts, as amended (hereinafter the "Healthcare Act"),
  • the Healthcare Providers Act,
  • Act No. 362/2011 Coll. on Medicines and Medical Devices and on the amendment of certain acts, as amended,
  • Act No. 153/2013 Coll. on the National Health Information System and on the amendment of certain acts, as amended (hereinafter the "NHIS Act"),
  • Act No. 580/2004 Coll. on Health Insurance and on the amendment of Act No. 95/2002 Coll. on Insurance and on the amendment of certain acts, and the legitimate interests of the Controller (Art. 6(1)(f) GDPR).
2. Purposes of Personal Data Processing

The purposes of processing Data Subjects' personal data include, in particular, the proper provision of healthcare, proper handling of medicines and medical devices, maintenance of medical records, reporting of data to the National Health Information System (e-health, hereinafter "NHIS"), exercising the Controller's rights and obligations towards health insurance companies, patient records and communication with patients, as well as scheduling selected medical procedures. The purpose of processing Data Subject's personal data based on the Controller's legitimate interest is direct marketing and offering additional services directly related to the provision of healthcare to the Data Subject.

3. Necessity

The provision of personal data by the Data Subject is voluntary; however, it is a necessary condition for the processing of personal data for the purposes stated in Section 4.2 of these PDPC. In the case of providing healthcare, prescribing or using a medicine or medical device, the Controller must retain personal data in accordance with these PDPC, and the Data Subject generally no longer has the right to their erasure and destruction.

4. Categories of Data

The personal data that the Controller processes about the Data Subject include, in particular:

  1. Ordinary personal data, e.g. title, first name, surname, permanent residence address, date of birth, personal identification number. The Controller has a legal entitlement to process these data.
  2. Health data (special category of personal data), e.g. data on diagnosis, medical history, previous healthcare procedures, medicines and medical devices used, allergies, illnesses and health condition of the patient, the patient's attending physicians, data on healthcare provided by the Controller, medicines and medical devices used in the provision of healthcare by the Controller. The Controller has a legal entitlement to process these data.
  3. Contact data, in particular email address, telephone number, correspondence address and other contact details. The Controller does not have a legal entitlement to process these data.
5. Legitimate Interests

The Controller's legitimate interest in processing the Data Subject's personal data includes, in particular, improving the Controller's services and assessing patient and client satisfaction, scheduling selected medical procedures, reminding patients of regular procedures (e.g. preventive check-ups, via SMS or email), and offering additional services to patients and clients. Based on the data provided, the Controller will not make automated decisions of significance to the Data Subject.

6. Accuracy

By providing personal data, the Data Subject declares that the data provided are correct, truthful and up to date; otherwise, the Data Subject shall be liable for any damage that may be caused to the Controller by providing incorrect, untruthful or outdated data. The Data Subject is obliged to report any change in their provided personal data to the Controller.

7. Duration of Processing

The Controller processes the Data Subject's personal data as follows: Pursuant to Section 22(2) of Act No. 576/2004 Coll., the Controller retains the Data Subject's personal data for 20 years after the Data Subject's death / 20 years from the last provision of healthcare to the Data Subject.

8. Data Transfer

The Data Subject's personal data may be provided to third parties and public authorities to the extent necessary if required by generally binding legislation; in particular, they may be transferred to the NHIS, reported to the relevant health insurance company, handed over upon transfer of medical records to another healthcare provider, made accessible to persons authorised to inspect medical records, and reported to the Healthcare Surveillance Authority.

9. Data Protection Officer

The Controller declares that it has not appointed a Data Protection Officer pursuant to Article 37 of the GDPR.

5. Cookies Cookies

When using the websites at https://www.medimag.sk/, cookies (small files that ensure the persistence of the user's session and track their activity on the websites) may be stored on the electronic device through which the user (hereinafter the "user") accesses these websites. The conditions for storing and processing cookies are as follows:

  1. The user always has the option to express consent or refuse the storage of cookies by configuring their web browser — by allowing or, conversely, refusing the storage of cookies.
  2. If consent is granted (cookies are allowed), temporary cookie files may be stored on the user's electronic device; these are automatically deleted or invalidated when the user's internet browser is closed.
  3. By giving consent (allowing cookies), the user also permits the Controller to use cookies for its own record-keeping or statistical purposes and for the purposes of targeted advertising by partners with whom the Controller has concluded separate agreements on displaying advertisements on the websites. Consent expires upon the prohibition of the use of cookies.
  4. The Controller is not responsible for the use of cookies stored on the user's end device by third parties.
  5. If consent is refused (cookies are rejected), the Controller cannot guarantee full functionality of the websites for the user.

6. Contact Form formulár

Users of the websites at https://www.medimag.sk/ may contact the Controller through contact forms available on the websites. A user who contacts the Controller in this manner is a data subject.

  1. If the Controller already processes the personal data of a user who is a patient or client pursuant to Section 4 of these PDPC, these personal data will continue to be processed as the personal data of a patient/client pursuant to Section 4 of these PDPC.
  2. In the event that personal data (title, first name, surname, email address and/or telephone number) of another user are provided through the contact form on the Controller's website, the Controller does not have a legal entitlement to process the Data Subject's personal data, and the data will be used exclusively for the purpose of return contact.
  3. The legal basis for the processing of user personal data provided through the contact form is the Controller's legitimate interest in responding to the user's contact.
  4. Personal data of users provided through the contact form will be used exclusively for the purpose of return contact and will be processed only for the duration of the correspondence and for a short reasonable period after its conclusion. These personal data will not be provided to third parties nor used for marketing purposes.

Contact forms on the website https://www.medimag.sk/ serve only for sending your message; no information is stored on them, and the doctor's response will not be made accessible through them. The doctor will deliver the response to you by the agreed method — by email, by telephone, or in person.

7. How Does the Controller Protect Your Personal Data? chráni Vaše osobné údaje?

All transmitted data are protected by an SSL (Secure Sockets Layer) certificate. This certificate ensures encrypted data transmission.

8. Information on the Rights of the Data Subject

The rights of the Data Subject in connection with the protection of personal data are governed in particular by Articles 12 to 22 of the GDPR, as amended. As a Data Subject, you have the right, on the basis of a written or email request addressed to the Controller (to the Controller's registered office address or to the email address ambulancia@medimag.sk), to request:

  1. confirmation of whether or not your personal data are being processed, access to your personal data and information about them, as well as the correction of such data,
  2. restriction of the processing of your personal data, in particular if they are incorrect or if they have been processed unlawfully,
  3. erasure of your personal data, in particular if the purpose of their processing has ceased or if they have been processed unlawfully, or if this is required to fulfil other legal obligations,
  4. a printout of your personal data in a structured and machine-readable format, and their transfer to another controller, provided this is technically possible and not in conflict with generally binding legislation.