Information memorandum on personal data protection
(processing of clients‘/patients‘ personal data and other individuals for the purposes of providing health care, accounting, marketing and others)
Adeli s.r.o., residing at Hlboká 45, 921 01 Piešťany, Slovakia, Company registration number: 35 850 655, registered in Bussiness Register with District Court Trnava, section: Sro, input no.: 17467/T (hereinafter referred to as “Controller“ or “Company“) processes your personal data for purposes and based on legal grounds as stated bellow in this Information memorandum. In this Information Memorandum you will find more detailed information about processing your personal data as well as information about your rights as a data subject, that concerns you under the Law No. 18/2018 Coll. on Personal Data Protection with and on the subsequent amendments of certain other Acts, as amended (hereinafter referred to as GDPR) and regulations of the European Parliament and of the Council (EU) No. 216/679 of 27. April 2016 on the Protection of Natural Persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/ES (General Data Protection Regulation) (hereinafter referred to as GDPR).
Our company is the controller of your personal data, meaning, our company states purposes and means of processing your personal data.
1. Contact details of our company
Bussines name: Adeli s.r.o.
Address: Hlboká 45, Piešťany, Slovakia
Email address: firstname.lastname@example.org
Telephone contact: +421337915900
2. What personal data do we process?
2.1. General personal data: as a controller our Company process following personal data provided personally by you to our company in our Center, by email, through our website www.adelicenter.com or by other means, including mainly details of:
2.1.1. Identification data (especially your name, surname, degree, date of birth, social security number, other details of your ID card, nationality, client’s number);
2.1.2. Contact data (especially address of permanent or temporary residence, email address, telephone contact);
2.1.3. Sociodemographic data (especially age, gender, occupation);
2.1.4. Information needed to use the electronic services (especially IP address, information on used software, browser and devices, cookies).
2.2. Specific categories of personal data (sensitive data): As a Controller our Company processes specific categories of personal data about you (sensitive data), meaning health data. These are especially data on illnesses, data on course of the disease and outcome of examination, data on treatment and other significant circumstances pertaining to your health status and actions taken while providing health care, data on the range of provided health care, data on treatment schedule and important facts for assessment of health care for performing work, significant epidemiologic facts, data on taken, processed, tested, preserved, stored and distributed human tissues or cells administered by tissue establishment in compliance with specific regulations, height, weight, data on health condition of your relatives and close persons and other requisite data on health to provide you with appropriate health care.
3. Purposes of processing personal data (why do we have your personal data?) and legal grounds for their processing (based on what do we have your personal data?)
3.1. Personal data for particular purpose: to provide you with our services we always process your personal data for particular predefined purpose and for every purpose only some of your personal data are processed. Contrariwise if your personal details essential for particular purpose are not provided to us our company will not be able to provide particular service (health care) or will be able to provide it in limited range, which can result in undesirable outcome.
3.2. Purposes of processing and relevant legal grounds:
We are processing your personal data for following purposes and based on following legal grounds:
3.2.1. For the purposes of providing services and health care to our clients/patients (based on fulfilment of a contract, law and legitimate interest): for the purpose in question we process your general personal data as well as your health data (specific category of personal details) about you as a client (patient). We always require only personal details requisite for the purpose in question, or for appropriate provision of our services and health care (rehabilitation). Your personal details in question are processed on the following legal grounds:
126.96.36.199. Legal ground of processing (fulfilment of contract and based on law): we process your personal data especially in regard to pre-contract relations and fulfilment of contracted relation based on an agreement about providing health care concluded between our Company as a provider of health care and you as a client/patient. Equally is our company authorised as well as obliged to process your general personal data and personal data about your health status without your consent under the provision of paragraph 18 and following Act No. 576/2004 Coll. on Healthcare, Services related to Provision of Healthcare and on the subsequent amendments of certain other Acts, as amended, especially in medical documentation.
Our company processes personal data of clients/patients in relation to Act No. 153/2013 Coll. on the National Health Information System and on the subsequent amendments and supplements to certain laws, as amended.
188.8.131.52. Legal grounds for processing (legitimate interest): Our company is obliged to provide to our clients/patients appropriate health care under the Act No. 576/2004 Coll. on Healthcare, services related to Provision of Healthcare and on the subsequent amendments of certain other laws, as amended. In order to provide an appropriate health care our Company it is requisite to process personal data and personal data about your health as well as your relatives and close persons. In case of missing personal data of your relatives or close persons it is possible that our company will not be able to provide you with fully-effective health care (rehabilitation). Personal details such as those of your relatives and close persons are processed on the grounds of legitimate interest whereby legitimate interest pertaining to our Company being under the law responsible for appropriate administration of health care to its clients/patients. You, as a person concerned, can rise an objection against the processing of your personal data we performed on the grounds of legitimate interest whereby more detailed information on the rights of raising an objection can be found in article 3.3. and 7.1.6. in this Memorandum.
3.2.2. Marketing purposes (on the grounds of consent and legitimate interest): it is processing of your contact details and personal identification data especially due to sending a newsletter, assessment of our clients/patient satisfaction, sending offers on products and services provided by our Company as well as products and services provided by other companies and partners of ADELI. We process your personal contact data for aforementioned purposes either on the grounds of your consent or legitimate interest.
Legitimate interest of our Company on processing your contact details and personal identification data for marketing purposes in question pertaining to such a matter that by promoting our Company’s services and products to our existing and former clients/patients can our Company develop and expand, at the same time, based on the feedback and communication with our former and existing clients/patients our Company is able to identify how we can improve our services, products and health care and eliminate possible drawbacks. Our Company has the utmost interest in providing the best quality of services, products and health care to our clients/patients therefore it is the legitimate interest of our company to use the basic contact details or our former and existing clients/patients on the grounds of legitimate interest in order to send information about our services, products and health care and at the same time we can acquire continuous feedback from them. Aforementioned is almost requisite in order to function appropriately and develop our company, because in today’s modern world every company on the market tries to maintain regular relationship with its clients/patients.
We equally point at the provision of paragraph 62 (3) Act No. 351/2011 Coll. on Electronic Communication as amended, under which prior consent of an email recipient is not required if it is a direct marketing of own similar goods and services of a person and contact details for delivering emails were obtained by the same individual in relation to selling goods and services in accordance with the law in question or specific regulation.
You, as a data subject, can rise an objection against the processing of your personal data we performed on the grounds of legitimate interest whereby more detailed information on the rights of raising an objection can be found in article 3.3. and 7.1.6. in this Memorandum.
3.2.3. Accounting and contractual documentation (based on the contract and fulfilment of legal obligation): it is processing of your regular identification and personal contact data of business partners and subcontractors of our Company who are natural persons including contact details of business partners and subcontractors for purposes of exercising contractual and business relations. Legal grounds for processing concerned personal data for purpose in question is in fulfilment of a contract and pre-contractual relations. Our Company archives concerned personal data after fulfilment or termination of contractual relations in question in compliance with particular law (especially Act No. 431/2001 Coll. on Accounting as amended).
3.2.4. Exercising of legal claims of our company (based on legitimate interest): it is processing of personal data for the purposes of exercising legal claims of our Company in judicial, out of court, arbitration, administrative, execution, bankruptcy and restructuring proceedings. Our Company needs personal data in question in order to exercise its legitimate claims and rights effectively. You, as a data subject, can rise an objection against the processing of your personal data we exercised on grounds of legitimate interest whereby more detailed information on the rights of raising an objection can be found in article 3.3. and 7.1.6. in this Memorandum.
3.2.5. Identification data and contact details (based on the legitimate interest): it is processing of contact details of representatives of legal persons and other natural persons obtained through publicly accessible resources intended for that, from these persons directly as well as from others, whereby concerned data are needed by our Company to establish contact with other legal and natural persons for the purposes of appropriate operation of our Company. You, as a data subject, can rise an objection against the processing of your personal data we exercised on grounds of legitimate interest whereby more detailed information on the rights of raising an objection can be found in article 3.3 and 7.1.6. in this Memorandum.
3.2.6. Appeal for rectification, suggestions and complaints (based on legitimate interest): it is processing of contact details of our clients/patients in particular as well as other natural persons, who send appeals for rectification to our Company along with other suggestions and complaints in particular related to provision of services and health care by our Company. Whereas our Company by course of legal order of the Slovak Republic is obliged to provide appropriate health care to our clients/patients and at the same time our Company has the utmost interest in providing the appropriate health care as well as our Company cares about satisfaction of our clients/patients, and therefore our Company processes personal data for the purpose in question in order to react appropriately on these appeals, suggestions and complaints and if needed administer rectification in case any appeals for rectification were legitimate. At the same time our Company must be able to demonstrate execution of appeals for rectification and complaints, which is overseen by the Health Care Surveillance Authority SR and other specific supervisory authorities. You, as a data subject, can rise an objection against the processing of your personal data we exercised on grounds of legitimate interest whereby more detailed information on the rights of raising an objection can be found in article 3.3. and 7.1.6 in this Memorandum.
3.2.7. Property protection and security (based on legitimate interest): it is processing of personal details of clients as well as other persons concerned obtained by surveillance system for purposes of protection of our Company’s property and security of our Company along with the security of persons concerned inside and outside of our Company’s premises. Our Company has legitimate interest to monitor our inside and outside premises by CCTV within which we exercise our activities and provide services. It is a significant interest that our Company has to ensure protection of property of our Company, protection of its operations and public order as well as to ensure the security of our clients along with other natural persons. You, as a data subject, can rise an objection against the processing of your personal data we exercised on grounds of legitimate interest whereby more detailed information on the rights of raising an objection can be found in article 3.3 and 7.1.6 in this Memorandum.
3.3. Processing personal details on the basis of legitimate interest: our Company as a controller is enabled by GDPR to process personal data without granted consent to process such data or to process personal data on the base of other legal grounds as is for instance contract fulfilment or fulfilment of obligation under specific law.
You can appeal against such a processing of personal data based on legitimate interest under the Article 6 (1) lit f GDPR, you have right to object whereby details of aforementioned law are stated in article 7.1.6. bellow. If you apply this right in question to object against particular processing, our Company is not allowed to process personal data any further as long as it does not demonstrate necessary lawful reasons of our Company for processing where such interests are overriding your interests, rights and freedom or as long as our Company does not demonstrate reasons for proving, applying or defending the legal claims. If you object against using your personal data on the basis of legitimate interest specifically for the purposes of direct marketing our company will not process your personal data for that purpose in question any further.
4. Beneficiaries or categories of personal data beneficiaries
4.1. List of personal data beneficiaries: your personal data can be provided to following beneficiaries:
4.1.1. Adeli Center s.r.o., residing at Kátlovce 70, 915 55 Kátlovce, Company registration number: 36 449 521 for the purposes of providing accommodation to our clients/patients and other services our clients/patients use;
4.1.2. marketing and PR companies, providing marketing and PR services to our Company;
4.1.3. translators and interpreters, if providing services to clients/patients or exercising claims and rights of our Company requires translation or interpretation to foreign language;
4.1.4. accounting and tax advisors, providing complex services in the field of taxation and accounting processing, or specific accounting/tax software solutions;
4.1.5. auditors, providing audits at our Company, in particular to verify financial statements of our Company;
4.1.6. health insurance companies, for purposes of keeping databases of clients/patients;
4.1.7. external laboratories, especially if providing personal data is required for appropriate provision of our services or healthcare to our clients/patients;
4.1.8. external cooperating doctors and specialists from health service environment, especially if providing personal data is required for appropriate provision of our services or healthcare to our clients/patients;
4.1.9. IT services providers, providing some IT cover and infrastructure for our company, including the website.
4.1.10. the Health Care Surveillance Authority SR, especially while providing a surveillance over administrating health care by our Company and for the purposes of investigation of complaints;
4.1.11. the Ministry of Healthcare of SR for the purposes of electronic healthcare program (e-health, electronic medical records book of patients, e-prescription, e-medication, e-allocation);
4.1.12. reviewing physicians, pharmacist and nurse of particular health insurance company, and that is the medical documentation for the purposes of inspection activities;
4.1.13 the Ministry of Healthcare, leading doctor and nurse of autonomous regions, and that is the medical documentation for the purposes of an inspection in compliance with particular regulations, if it is medical documentation of a member of the Slovak Republic armed forces or medical documentation kept in medical facilities of the Ministry of Defence of the Slovak Republic, the Ministry of Justice of the Slovak Republic and the Ministry of Transport, Post and Telecommunications of the Slovak Republic, as well as doctors appointed by specific central government authorities after an agreement with the Ministry of Healthcare;
4.1.14. general practitioner of the Ministry of Justice of the Slovak Republic, and that is the medical documentation for the purposes of medical examination during the admission procedure in compliance with particular regulations and reviewing physician of the armed forces of the Slovak Republic for the purposes of tender and investigative procedures;
4.1.15. reviewing physician, and that is the medical documentation for the purposes of medical assessment activities during the performance of social insurance and social security of the policemen and the soldiers in compliance with particular regulations;
4.1.16. reviewing physician of the Office of Labour, Social Affairs and Family, and that is the medical documentation for the purposes of medical assessment activities in compliance with particular regulations;
4.1.17. an expert appointed by the court or was called in by law enforcement bodies or was required to draft an expert report by one of the parties for the purposes directly related to proceedings before a judge in the extent requisite to make the expert report, and that is the medical documentation (the expert decides on the extent requisite to draft an expert report; we proceed accordingly in case of an expert designated in compliance with particular regulations);
4.1.18. an insurance company performing individual health insurance in compliance with particular regulations, and that is the medical documentation for the purposes of inspection activities of provided health care related to insurance fulfilment;
4.1.19. a relevant authority of a professional association, and that is the medical documentation in the extent of an inspection of performing a particular medical occupation;
4.1.20. a specialist in epidemiology of a relevant regional public health office and a specialist in epidemiology of public health office at the Ministry of Justice of the Slovak Republic, and at the Ministry of Defence of the Slovak Republic and that is the medical documentation in the extent requisite to secure epidemiologic investigations.
4.2. State authorities and other beneficiaries: your personal data can be also provided to any competent law enforcement bodies, attorney office, court, moderator, supervisory and inspection authorities, state agency, distraint officer, administrator of bankruptcy estate, municipality, town, higher territorial unit, a ministry, the National Security Authority, the Supreme Audit Office, the Office for Personal Data Protection of the Slovak Republic, the Financial Directorate of SR or other beneficiary if our Company assumes that providing of such personal data is:
4.2.1. in accordance with generally biding legal regulations, GDPR; or
4.2.2. it is requisite for the purposes of exercising, establishing or defence of legal claims of our Company; or
4.2.3. it is necessary to protect important interests of our Company or important interests of any other individual.
4.3. Provision of personal data on request of data subject: we can also provide your personal data to other beneficiaries if you give consent to our Company or you give instructions to our Company to provide such personal data.
5. Retention period of personal data
5.1. We keep your personal data as long as it is requisite for the purposes of which our company processes your personal data, while the generally biding legal regulation does not allow or require to keep personal data in question for longer period.
5.2. We keep your particular personal data for following periods:
Purpose: providing services and health care to clients/patients
Retention period: for the duration of contract/agreement, wherby our Company in compliance with regulation of paragraph 22 Act No. 576/2004 Coll. is obliged to keep medical documentation of a client/patient twenty (20) years after the decease of a client/patient; other medical documentation twenty (20) years after the last provided health care to the individual. In regards to sampling, testing, preserving, distribution, characterisation, transplantation and traceability of human organs and in regards to sampling, testing, processing, preserving, storing, distributing, transplantation and traceability of human tissue or cells our Company in compliance with particular regulations is obliged to keep medical documentation at least thirty (30) years from sampling, transplanting and liquidating. We retain personal data of your relatives and close persons for the period requisite for purposes in question, the longest for the period of retaining medical documentation as aforementioned.
Purpose: Marketing purposes
Retention period: For the duration of validity of the consent (3 years) or its withdrawal.
In case of processing personal data on the basis of legitimate interest, for the duration necessary to fulfil the purpose of processing, the longest for the duration of ten (10) years.
Purpose: Accounting and contractual documentation
Retention period: For the duration of the contract and then for ten years following the year of expiration/fulfilment of contract (under the Act No. 431/2002 Coll. on Accounting as amended).
In case of initiating legal proceedings against you as a debtor our Company will process your personal data for the requisite duration of legal proceedings in question.
Purpose: Exercising of legal claims
Retention period: For the duration requisite to exercise our Company’s rights and entitlements, at least for the duration of period of limitation under the Civil Code and the Commercial Code, nevertheless the longest for the duration of ten (10) years. In case of initiating legal proceedings or administrative proceedings will our Company process your personal data for the requisite duration of the legal or administrative proceedings in question.
Purpose: Identification and contact data.
Retention period: For the duration necessary to establish contact with stated persons, nevertheless the longest for the duration of five (5) years from obtaining them.
Purpose: Appeal for rectification, suggestion and complaints
Retention period: For the duration requisite for full execution of appeals, suggestions and complaints, the longest for the duration of ten (10) years for the purposes of record-keeping and potential supervisory body inspection as well as in case of lawsuit or other execution of rights and entitlements of our Company for the duration of period of limitation under the Civil Code and the Commercial Code.
Purpose: Protection of property and security
Retention period: for the duration of 15 days
6. Personal data portability to the third countries
6.1. Our Company does not carry out and does not think about carrying out the transfer of your personal data to the third counties that does not provide adequate protection of personal data except cases when such data are specifically required by generally biding legal regulation or decision of the state authority.
7. Your legal rights as a data subject in the context of processing your personal data.
7.1. Particular legal rights of data subjects: our Company has its rights and obligations related to personal data protection as well as you have rights and obligations related to your personal data protection (personal data which concerns you). It is the matter of following rights:
7.1.1. Right of access: you have the right to obtain a confirmation from our Company whether our Company processes your personal data, what personal data we process, for what purposes, for what duration we keep the data, where we obtain them from, where and to whom we provide them, who else except of our Company personal data in question processes whether and how comes to automated decision making including profiling while processing your personal data and what other rights you have in connection to your personal data processing. All aforementioned information is stated in this Information Memorandum, however if you have the feeling of not knowing whether or what personal data of yours our Company processes and how, you have the right of access to such personal data. Within presented right of access you can request a copy of your processed personal data, while the first copy is provided free of charge by our Company the other copies are chargeable.
7.1.2. Right to rectification: in case of you finding out that our Company processes your personal data which are inaccurate, incorrect or incomplete you have the right to have them rectified or completed by our Company.
7.1.3. Right to erasure (right to be forgotten): you have the right to erasure of your personal data processed by our Company without undue delay in following cases:
184.108.40.206. the personal data are no longer requisite in relation to the purposes for which they were acquired by our Company or otherwise processed; or
220.127.116.11. you withdrew consent on processing your personal data while this consent was requisite for processing your personal data and at the same time our Company has no other reason or other legal ground for processing them (for instance, for exercising rights and claims of our Company); or
18.104.22.168. you will use your right to object against processing your personal data (more details on right in question are stated in article 7.1.6. bellow), that our Company processes on the base of legitimate interest and our Company will find out that there are no other legitimate interests that would allow our Company to process further such personal data.
22.214.171.124. if our Company processes your personal data unlawfully; or
126.96.36.199. to fulfil legal obligation stated in generally biding legal regulation pertaining to our company; or
188.8.131.52. if personal data were acquired in the context of offering services of information company addressed directly to a child.
It is necessary to advise you that if it comes to one of aforementioned cases, our company is not obliged to erase your personal data (personal data related to you), while their processing is requisite:
184.108.40.206. for exercising the right of freedom of expression and information; or
220.127.116.11. for fulfilling the legal obligations of our Company in compliance with generally biding legal regulations; or
18.104.22.168. for the archiving purposes, scientific or historical purposes or for statistical purposes; or
22.214.171.124. for the establishment, exercise or defence of legal claims of our Company
7.1.4. Right of restriction of processing: in some cases, except of the right for erasure you have also the right for restriction of processing your personal data, through which you can in some particular cases require your personal data to be marked and not to be a subject of any further processing operations for specific period. Our Company is obliged to restrict processing of your personal data in case of:
126.96.36.199. the accuracy of personal data is contested by you, for the period enabling our company to verify the accuracy of the personal data; or
188.8.131.52. the processing of your personal data is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
184.108.40.206. our Company no longer needs your personal data for the purposes of the processing but you need them for the establishment, exercise or defence of your legal claims; or
220.127.116.11. you will use your right to object to the processing of your personal details (more details on the right in question are stated in article 7.1.6. bellow) pending the verification whether the legitimate grounds of our company override your legitimate grounds.
Where the processing of your personal data has been restricted under this right of restriction of processing, such personal data, with the exception of storage, can only be processed with your consent or for the establishment, exercise of defence of legal claims of our company or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union member state or a contracting party of the Agreement on the European Economic Area.
7.1.5. Right to data portability: you have the right to obtain all your personal data, that you provided to our Company if our Company processes them on the grounds of consent on processing personal data or on the grounds of contract fulfilment while it needs to be explicitly personal data which our Company processes by automated means (electronically). We will provide your personal data in a structured, commonly used, and machine-readable format and you have the right to transmit these personal data directly to other controller, where technically feasible.
7.1.6. Right to object: you have the right to object against processing your personal data carried out on the base of public interest, legitimate interest, including objection against profiling based on the grounds of legitimate interest. Our Company will no longer process your personal data unless our Company demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless our Company demonstrates grounds for establishment, exercise or defence of its legal claims.
If our company processes your personal data for the purposes of direct marketing, you have the right to object to processing of such personal data for the purposes of such marketing at any time, including profiling to the extent related to such direct marketing. If you object to processing of your personal data for direct marketing purposes, your personal data will no longer be processed for such purposes by our Company.
7.1.7. Modalities for the exercise of rights: Aforementioned rights can be exercised by contact details of our Company, stated in article 1 above.
7.1.8. Right to lodge a complaint with an authority: along with exercising of aforementioned rights you can lodge a complaint at the Office for Personal Data Protection regarding processing your personal data by our Company. The residency of the Office for Personal Data Protection is on the address Hraničná 12, 820 07, Bratislava, Slovak Republic, while you find other details on the website: https://dataprotection.gov.sk/
7.1.9. Notification of a breach of personal data security: in case of violation of your personal data protection, which may result in high risk to your rights and freedoms, is our Company obliged to notify you without undue delay about violation of personal data protection in question.
8. Right to withdraw the consent to personal data processing
8.1. In case of giving consent to our Company to process some of your personal data (legal grounds for processing some personal data by our Company is a consent or explicit consent) such consent can be withdrawn at any time, via contact details of our company stated in article 1 above. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
9. Changes in this Information Memorandum
9.1. This Information Memorandum on personal data protection can be continuously updated in response to changes in legal, technical or commercial development. While updating this Information Memorandum on personal data protection we will take appropriate measures to inform you according to the importance of the executed changes.