Data Protection (GDPR)
Data Protection (GDPR)
MedControl Systems s.r.o. is a company established in accordance with the Commercial Code, registered with the District Court Bratislava 1, Section Sa, Insert No. 80425 / B.
Personal data is collected, processed and stored in our databases with a high level of organizational and technological security.
• GDPR Regulation is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation);
• Personal data is any information relating to an identified or identifiable natural person ("the person concerned"); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or a reference to one or more elements that are specific to a physical, physiological, genetic, mental , the economic, cultural or social identity of that individual;
• An operator is a natural or legal person, public authority, agency or other entity that alone or jointly with others determines the purpose and means of processing personal data; where the purposes and means of such processing are laid down in Union law or in the law of a Member State, it may be determined by Union law or by the law of a Member State, or the specific criteria for its designation.
• An intermediary is a natural or legal person, public authority, agency or other entity that processes personal data for administrators;
• The beneficiary is a natural or legal person, public authority, agency or other entity to whom personal data is provided, regardless of whether it is a third party. Public authorities which may receive personal data in a particular survey in accordance with Union law or the law of a Member State shall not be considered as recipients;
• Processing is an act or set of personal data or personal data files, such as acquiring, recording, organizing, structuring, storing, customizing or modifying, searching, viewing, using, providing, transmitting, disseminating or otherwise providing, rearranging or combining, limiting , erasure or disposal, regardless of whether they are carried out by automated or non-automatic means;
• Processing limitation is the identification of stored personal data in order to limit future processing;
• Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a person, in particular the analysis or prediction of aspects of the individual concerned related to work performance, property, health, personal preferences, interests , reliability, behavior, position or movement;
• An information system is any structured set of personal data that is accessible according to specified criteria, regardless of whether it is centralized, decentralized or distributed on a functional or geographical basis;
• The consent of the person concerned is any free, specific, informed and unambiguous expression of the will by which the person concerned, by means of a declaration or unambiguous confirmatory act, agrees to the processing of personal data concerning him / her;
• Data breach is a security breach that leads, in particular, to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data that is transmitted, stored or otherwise processed;
• Third country is a country that is not a Member State of the European Union or a party to the Agreement on the European Economic Area;
The Authority is an independent public authority established by a Member State under Article 51 of the GDPR Regulation; in the Czech Republic, the Office for Personal Data Protection of the Czech Republic is the supervisor.
Operator identification data:
MedControl Systems s.r.o. , With its registered office at Pálffy 10, 900 25 Chorvátsky Grob, IČO: 46 607 684, ("operator" or "company") as the operator of information systems (hereinafter "IS") acts as an operator in processing of personal data of customers.
Legal basis for processing personal data of the persons concerned:
When processing personal data, the Company proceeds in accordance with the GDPR Regulation and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Regulations (hereinafter referred to as the "Data Protection Act"). The legal basis for personal data processing is:
• The processing of personal data is necessary for the performance of a contract to which the person concerned is a party, or a third party who provided the personal data, or when negotiating a change of contract that takes place at the request of the person concerned, or to implement a pre-contractual measure upon request persons
• The consent of the person concerned to the processing of personal data for a specific purpose
• The processing of personal data is necessary for the purposes of the legitimate interests of the operator or third party
The Company processes personal data without the consent of the person concerned if:
• They received them from a third party
• In cases under § 30 of the Personal Data Protection Act
The Company obtains the consent of the affected person without coercion and enforcement, as well as without the threat of rejection of the contractual relationship, the services provided or the obligations arising for the operator from legally binding acts of the European Union, an international treaty by which the Slovak Republic is bound or law.
In the event of refusal to provide personal data, the Company is entitled to notify the person concerned of the possible consequences of not providing personal data.
Upon termination of the processing of personal data, the Company will dispose of these legally acquired personal data within the deadline set by applicable law.
Purpose of processing personal data of the persons concerned:
A. The Company respects your privacy and considers the personal information provided confidential.
The Company needs to know some of the personal data of the persons concerned and needs to provide it to other recipients for the purpose of carrying out its business activities and for providing its services in order to comply with legal obligations and to provide the highest quality activities and services.
The Company processes personal data provided for several purposes.
The Company processes the personal data of its customers for the purpose of fulfilling its contractual obligation resulting from the concluded purchase contract (issuance of invoice and delivery of goods).
B. The legal basis is the performance of a contract to which the person concerned is a party or the need to implement pre-contractual arrangements at the request of the person concerned.
The Company may process personal data in order to fulfill legal obligations imposed by a special regulation.
The processing of personal data for a different purpose in the company does not occur, which means that the company only collects, stores and processes personal data of the persons it needs to fulfill its tasks. The personal information provided is strictly protected against misuse by third parties.
The Company is responsible for supervising the protection of personal data processed under the Personal Data Protection Act.
The Company always uses the provided personal data for a predetermined purpose of processing, which is clear, clearly defined and specifically, while complying with the GDPR Regulation, the Constitution of the Czech Republic, constitutional laws, laws and international agreements by which the Slovak Republic is bound.
The Company always defines the terms and conditions of the processing of personal data in such a way that the rights of the person concerned by the law are not restricted.
The Company acquires only such personal data of the persons concerned, which, by their scope and content, correspond to the purpose of the processing and are necessary for its achievement.
The Company ensures that the personal data of the persons concerned are processed exclusively in a manner consistent with the purpose for which they were collected.
The Company as an operator is obliged to process only the correct, complete and, where necessary, updated personal data in relation to the purpose of the processing. Incorrect and incomplete personal data shall be limited by the operator and corrected or supplemented without undue delay if they cannot be corrected or supplemented so that they are correct, the Company clearly identifies these personal data and deletes them without undue delay.
The Company ensures that the personal data of the persons concerned are processed in a form that allows the individual persons concerned to be identified for no longer than is necessary to achieve the purpose of the processing.
The Company will liquidate in the prescribed manner those personal data that have ended their processing. Upon termination of the specified purpose, the Company is authorized to process personal data to the extent necessary for research or for statistical purposes in their anonymised form. The personal data processed in this way may not be used by the operator to support measures or decisions taken against the person concerned to limit their fundamental rights and freedoms.
The Company does not disclose your personal information to third parties in violation of the GDPR Directive and the Data Protection Act and for the purpose of collecting, conflicting with your interests or instructions, and is provided to a third party only within the aforementioned purpose.
In selecting the appropriate intermediary, the Company proceeded in such a way that the rights and interests of the persons concerned were not jeopardized.
The Company, as an operator, has entered into a written agreement with the intermediaries within the meaning of Section 8 of the Personal Data Protection Act to ensure the protection of personal data processed by intermediaries. personal data.
The scope and list of personal data being processed:
The Company processes in its information systems the personal data of the persons concerned to the extent necessary to achieve the stated purpose. It is the extent of personal data specified by special legal regulations or in the scope of the consent of the person concerned to the processing of their personal data.
The Company only processes personal data provided to it voluntarily and to the extent necessary by the person concerned. The provision of personal data beyond the scope of special laws is voluntary.
Conditions and method of processing personal data of affected persons:
The Company strictly respects the principles of personal data processing of individuals concerned and their privacy, while ensuring that personal data must be in particular:
processed lawfully, fairly and transparently;
b. Obtained for specified, explicit and legitimate purposes;
c. Adequate, relevant and limited to the extent necessary to achieve the appropriate purpose of processing;
d. updated correctly and as necessary;
e. kept in a form that permits the identification of the persons concerned as long as necessary for the purposes for which the personal data are processed;
f. processed in a manner that guarantees the personal data security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, through appropriate technical or organizational measures.
In the event of the transfer of personal data of the persons concerned to a third country or an international organization, the Company undertakes to inform the person in advance of the existence or absence of a European Commission decision on adequacy. In the absence of a European Commission decision on adequacy, the Company undertakes to transfer the personal data of the persons concerned to a third country or international organization only if there are adequate safeguards under Articles 46 and 47 of the GDPR Regulation, or if there are exceptions to specific situations under Article 49 of the GDPR . The existence of reasonable safeguards, resp. the existence of exceptions to special situations, the company undertakes to inform the person concerned in advance.
The Company processes in its information systems personal data of the persons concerned by automated and non-automatic means of processing.
The Company does not disclose the processed personal data, except when required by a special legal regulation or decision of a court or other state body.
The Company will not process your personal data without your explicit consent or other legal legal basis for any other purpose or to a greater extent than stated in this information.
The rights of the person concerned to the processing of his personal data:
The person concerned shall be entitled to request, on written request:
Confirmation of personal data being processed or not
b. in a comprehensible form, information on the processing of personal data in the information system
c. in a comprehensible form, accurate information about the source from which it has obtained its personal data for processing;
d. a list of personal data processed in a generally understandable form;
e. Correcting or deleting your incorrect, incomplete or outdated personal data subject to processing
f. deletion of its personal data whose purpose of processing has ended; if they are subject to the processing of official documents containing personal data, they may request their return,
g. deletion of its personal data that is subject to processing if there is a violation of the law;
h. restrictions on the processing of personal data
i. for the portability of personal data
j. to initiate personal data protection proceedings at the Office for Personal Data Protection
The person concerned has the right, at the written request of the company addressed or in person, if the matter cannot be deferred, the right to disagree with the processing of personal data at any time, the company is obliged to delete the personal data disputed by the person concerned as soon as circumstances permit.
The person concerned is entitled, at the written request of the company or in person, if the matter cannot be deferred, to have the right to object at any time to the automatic processing of his personal data.
If the person concerned suspects that he / she is personally processing his / her personal data, he / she may file a petition to initiate a personal data protection procedure at the Office for Personal Data Protection of the Czech Republic, with its registered office at Hraničná 12, 820 07 Bratislava 27, or contact the office through its website. www.dataprotection.gov.sk.
If the person concerned does not have full legal capacity, his / her rights may be exercised by the legal representative.
If the person concerned does not live, his / her rights under this law may be exercised by a close person.
The application of the person concerned according to §21 of the Personal Data Protection Act is provided by the company free of charge, in case of repeated application the company will charge a fee in the amount of administrative costs.
The Company is obliged to process the request of the person concerned in writing within 30 days from the date of receipt of the request.
The Company shall notify the person concerned in writing without undue delay of the restriction of the rights of the persons concerned.
The Company has informed you how the person concerned has been informed about the protection of your personal data and has instructed you on your rights in relation to the protection of personal data within the scope of this leaflet.