The proper processing of your personal data is very important to us and the protection of your personal data is a matter of course for us, therefore we would like to provide you with information regarding the processing of your personal data.
If, after reading this document, anything is unclear or you are unsure about anything, we will be happy to explain any term or part of this document to you if you contact us electronically at GDPR@frais.sk. The security of your data and the processing of your data in a lawful manner is of paramount importance to us. Here you can find out how we process your personal data and how we keep it secure.
1. Who are we?
Your personal data is processed by our company: SAPIENTIA, s.r.o., registered in the Commercial Register of the District Court Bratislava I, Sec. Sro, insert no. 26836/B, registered office: Brigádnická 54, 841 10 Bratislava , ID No: 35 838 87 (hereinafter referred to as the “Operator”).
You can contact the person responsible for the protection of personal data, who supervises the proper processing of personal data, at any time electronically at GDPR@frais.sk.
2. What personal data do we process?
In particular, the controller processes the following data about you in paper and electronic form: name, surname, address, e-mail address, telephone number, date of birth, client’s insurance data, client’s health status (especially in the scope of identification of pain, information about administered medications, previous treatment, etc.), historically ordered products and services, detailed information about health status.
You acknowledge that electronic communication replaces the paper form of documents delivered within the meaning of the Civil Code and other generally binding legal regulations. A document delivered via the Electronic Branch shall be considered equivalent to a document sent by post to the address of residence, registered office or other address designated for the delivery of mail. It is not necessary, and therefore not possible, to send documents signed with a guaranteed electronic signature via the Electronic Branch.
Pursuant to § 40 para. 4 of Act No. 40/1964 Coll. Civil Code, as amended, the written form is preserved if the legal act is performed by electronic means that enable the content of the legal act to be captured and the person who performed the legal act to be identified.
3. For what purpose do we process your personal data?
The Controller processes your personal data to the extent necessary:
(a) in the performance of a distance contract to which you are a party
- for the purpose of identification of the client in the conclusion, performance and termination of this contract,
- for the purpose of fulfilling the Operator’s contractual obligations under this Agreement.
For these purposes, the provision of your personal data is entirely voluntary, but is necessary for the conclusion of the contract and its subsequent performance. Without this information, we would not be able to enter into this contract with you at all and to perform the rights and obligations arising from it.
(b) in the performance of legal obligations under specific legislation
- for the purpose of complying with the basic principles of processing personal data, implementing and maintaining technical and organisational security measures, including but not limited to preventing unauthorised access to systems and information, investigating suspected or known security breaches and reporting such breaches to individuals and authorities, processing and responding to requests and complaints from data subjects
- for the purpose of dealing with inspections and requests from public authorities
c) for the purposes of the legitimate interests of the Controller, which are
- protection of the Operator’s property or the health of employees,
- protection of public order and security,
- administration of information related to the contractual relationship,
- the determination, exercise and defence of the Operator’s legal claims.
d) on the basis of your consent
– for marketing purposes – promotion of the Operator, promotion of its products and services of the companies and to determine satisfaction with the services
The consent provided for these purposes is entirely voluntary, but it is necessary in order to be able to be contacted with offers of products and services of the operator. You can revoke your free consent, which you can unambiguously confirm with your signature (by clicking the consent button on the website), at any time in writing sent to the Operator’s registered office. However, withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal
4. How can you give us consent?
You can give us consent to process your personal data in any of the following ways:
Upon written request, you are entitled to (i) request access to your personal data, (ii) request correction of your personal data, (iii) request the erasure of your personal data, (iv) to request a restriction of processing, (v) object to processing, (vi) request the transfer of your personal data; and (vii) complain to the Office for Personal Data Protection, Hraničná 12, Bratislava.
5. How can you withdraw consent?
You may withdraw your consent to the processing of your personal data at any time. You can withdraw your consent electronically at GDPR@frais.sk or by post to the address of the operator’s registered office.
6. Who do we provide your data to?
With your consent, we provide personal data to IT service providers, attorneys, auditors, archivists and other persons who provide services to the Controller and with whom the Controller has concluded a contract for the processing of personal data.
7. How long do we keep your personal data?
Your personal data will be stored by the Controller for the period of processing your request, respectively. for as long as its legitimate interests last. When handling personal data, the Controller applies the principle of minimization, which means that as soon as the period for which it is obliged or entitled to store personal data expires, it immediately anonymizes your personal data from databases and information systems. The Data Controller has strict internal data retention policies in place to ensure that information is not held for longer than the Data Controller is entitled or obliged to.
Accounting
a) Accounting documents are kept for 10 years.
Portal
a) Contracts concluded via the website are kept for the period of order processing and for the necessary time in case of exercising rights, e.g. Claims.
Records of claims
a) Documents relating to a claim shall be kept for a period of 5 years.
Debt recovery/Litigation
a) Documents relating to litigation are kept for 10 years.
Marketing
a) Documents relating to marketing are kept for the period for which the data subject has given consent, or, where applicable, for the period of time for which the data subject has given consent, or, where applicable, for the period of time for which the data subject has given consent. for a shorter period of time until consent is withdrawn. Unless consent is given for a specific period of time, personal data shall be processed until the purpose for which the person gave consent has been completed.
8. Where do we transfer your personal data?
We do not intend to transfer your personal data to a third country.
9. Who can you contact?
If you have any questions or suggestions regarding your personal data, you can contact:
Email: GDPR@frais.sk
Tel: 02/210 285 82
10. Not satisfied?
If you are not satisfied with how we process your personal data, you can let us know by emailing GDPR@frais.sk. You also have the opportunity to complain to the Data Protection Authority if you think we are processing your personal data unlawfully.
11. How do we process your personal data?
We process your personal data in electronic and paper form. We use the means of automated individual decision-making.
12. Do we use automated decision-making, including
profiling, when processing personal data?
When processing personal data, we mainly profile clients by diagnosis category and use this information for the inclusion for sending targeted messages regarding product and service offerings that are as close as possible to our client.
We also use profiling for direct marketing to target campaigns and send notifications.
We also use profiling for targeted communications with clients.
There is no automated decision making, including profiling, when processing your personal data.
13. How do we ensure the protection of your personal data?
The security of your personal data is of paramount importance to us. To ensure the protection of your personal data, we have taken the necessary technical and organisational measures.
14. Final Provisions
This Privacy Policy comes into force on the date of its publication on 15.07.2020
We reserve the right to change this policy if the processing of personal data in our company changes. You will be informed of any changes.