Privacy Policy

1. Data processing policy

GYNCARE s.r.o. with registered office at Magnezitárska 2/C ,040 13 Košice, Company Identification Number (ID): 47 242 990, entered in the Commercial Register of the Košice I District Court, Section Sro, File no. 39664/V (hereinafter referred to as “Controller”) pursuant to the Regulation 2016/679, GDPR on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “Regulation”) and Act no. 18/2018 Coll. on the Protection of Personal Data and on the Amendment of Certain Acts (hereinafter referred to as the “Act”) has elaborated and implemented security system, which is regularly updated. This system defines the scope and type of security measures necessary to eliminate and minimize threats and risks affecting the information system in order to ensure:

  1. availability, integrity and reliability of management systems using state-of-the-art information technology,
  2. protection of personal data from loss, damage, theft, modification, destruction and to maintain its confidentiality,
  3. identification of potential issues and sources of compromising and to prevent them.

Contact to the Data protection Officer: dpo@gyncare.sk

2. Privacy Policy

Your personal data will be stored safely, in accordance with the data storage policy and only for the time necessary to fulfil the purpose of the processing. Only the persons authorized by the Controller to process personal data, who process it on the basis of the Controller’s instructions have access to personal data. Your personal data will be backed up in accordance with the Controller’s data retention rules. Personal data kept in back-up storages is used to prevent security incidents that could arise in particular due to security compromise or damage to the integrity of the processed data.

3. Definitions

  1. “Personal data” shall represent any information relating to an identified or identifiable natural person (hereinafter referred to as “Data Subject”); an identifiable natural person is an individual who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, localization data, online identifier, or by reference to one or more items specific to physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
  2. “Processing” represents an operation or set of operations involving personal data or sets of personal data, such as obtaining, recording, organizing, structuring, storing, processing or modifying, retrieval, browsing, exploiting, provision by transmitting, disseminating or otherwise providing, rearranging or combining, restriction, erasure or disposal, regardless of performing by automated or non-automated means;
  3. “Restriction of processing” represents the designation of stored personal data with the aim of limiting their processing in the future;
  4. “Profiling” means any form of automated processing of personal data which consists in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular analysing or predicting aspects of the Data Subject concerning work performance, assets, health, personal preferences, interests, reliability, behaviour, their location or movement;
  5. “Filing system” means any structured set of personal data which is accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
  6. “Controller” means the natural or legal person, public authority, agency or other body which, individually or jointly with others, which determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  7. “Processor” means a natural person, legal entity, public authority, agency or any other body processing personal data on behalf of the Controller;
  8. “Third party” means a natural person or legal entity, public authority, agency or body other than the data subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process personal data;
  9. “Consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  10. “Genetic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person which provide unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
  11. “Personal data breach” means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed;
  12. “Relevant and reasoned objection” means an objection to a draft decision as to whether there
    is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union;

4. The purpose of personal data processing

  1. Provision of health care

    Personal data on the patients are processed for the purpose of providing health care, keeping medical records of patients, and conducting medical and other interventions and services for the purposes of billing to health insurance companies and the Social Insurance Company in accordance with Article 6 (1) c) of the Regulation in accordance with Act 576/2004 Coll. on Health Care. The scope of personal data processed: title, name, surname, date of birth, birth number, data on illness, data on the course and results of tests, data on treatment, data on the scope of provided health care, data on services related to the provision of health care, data on health insurance company. Subsequently, the data is stored in accordance with Act no. 395/2002 Coll. on Archives and Registries.

  2. Application for consultation

    We process the personal data on patients for the purpose of ordering the date and time of the visit pursuant to Article 6 par. (1) b) of the Regulation – the processing is necessary to perform a contract to which the Data Subject is a party or for measures to be taken before the conclusion of the contract at the request of the Data Subject. The scope of personal data processed: name, surname, telephone number, e-mail and a brief description of the problem. Subsequently, the data is stored for 1 year. If the periods for which the data is stored must be observed in accordance with commercial and tax law, this storage period is governed by Act no. 395/2002 Coll. on Archives and Registries. Personal data is not transferred to a third country. Personal data shall not be used  for automated individual decision-making including profiling.

  3. Performance of an contract to which the data subject is a party or for measures to be taken before the conclusion of the contract at the request of the Data Subject

    We process personal data of our customers on the basis of a contract as defined in Article 6 par. 1 item (b) of the Regulation (processing is necessary for the performance of a contract to which the data subject is a party or for measures to be taken before the conclusion of the contract at the request of the data subject). The scope of personal data processed: title, name, surname, address, date of birth, birth number, telephone, e-mail, signature and other necessary personal data, and health data that is necessary for the testing/processing. Subsequently, the data is stored in accordance with Act no. 395/2002 Coll. on Archives and Registries.

  4. Keeping records of requests

    The personal data we processed via e-mails is only processed to handle your request. By completing and sending the application, you grant consent to the processing of personal data in accordance with Article 6 (1) a) of the Regulation (the data subject has consented to the processing of his or her personal data for one or more specific purposes). The scope of personal data processed: name, surname, address, telephone number, e-mail. Personal data will only be kept until the purpose for which they were processed has been fulfilled. If data retention periods must be observed in accordance with commercial and tax law, the retention period is governed by Act no. 395/2002 Coll. on archives and registries. Personal data shall not be transferred to a third country. Personal data shall not be used for automated individual decision-making, including profiling.

  5. Processing of accounting documents

    Processing is necessary to fulfil the legal obligation of the Controller pursuant to Article 6 (1) c) of the Regulation. The scope of personal data processed: title, name, surname, address, telephone number, account number, e-mail and signature. Subsequently, the data is stored in accordance with Act no. 395/2002 Coll. on archives and registries.

  6. Keeping records of complaints

    The personal data of data subjects, who seek to protect their rights or legally protected interests, or point to specific shortcomings, in particular infringements of legislation, the removal of which requires the intervention of the competent authority, shall be processed in accordance with Article 6 (1) c) of the Regulation (processing is necessary to fulfil the legal obligation of the Controller). The scope of personal data processed: name, surname, address, telephone number, e-mail. Subsequently, the data is stored for 5 years.

  7. Collection of receivables

    In the case of collection of receivables, personal data shall be processed in accordance with Article 6 (1) c) of the Regulation. The scope of personal data processed: name, surname, address, telephone number, e-mail. Subsequently, the data is stored in accordance with Act no. 395/2002 Coll. on Archives and Registries.

  8. Enforcement

    Processing of personal data is necessary to fulfil the legal obligation of the Controller pursuant to Article 6 (1) c) of the Regulation. The scope of personal data processed: standard personal data, other personal data found or provided during the proceedings. Subsequently, the data is stored in accordance with Act no. 395/2002 Coll. on Archives and Registries.

  9. Register of job applicants

    The processing of personal data of job applicants is performed on the basis of the “Consent” with the processing of personal data in accordance with Article 6 (1) a) of the Regulation, provided by the applicant. The Controller shall only contact the successful applicants. Personal data shall be stored for 12 months from granting of the consent.

    Personal data shall not be transferred to a third country. Personal data shall not be used for automated individual decision-making, including profiling.

    You have the right to withdraw your consent to the processing of personal data at any time before the expiration of this period by sending a request to the email address dpo@gyncare.sk:  or by sending a request to the Controller’s address with the text “GDPR withdrawal of consent” on the envelope. The Controller declares that in the case of a written request of the Data Subject to terminate the processing of personal data before the specified deadline, the data will be deleted within 30 days from the delivery of the withdrawal of the consent.

  10. Marketing

    We process personal data about our clients for marketing purposes with the consent of the Data Subject in accordance with Article 6 (1) a) of the Regulation. The scope of personal data processed: name, surname, address, telephone number, e-mail and signature. Subsequently, the data is stored for 2 years. Your personal data related to marketing can be provided to our partners, who perform partial activities of personal data processing for the operator, especially in the field of marketing and satisfaction survey.

  11. Keeping of the records on the representatives of suppliers and customers

    The processing of personal data of suppliers and customers shall be carried out in accordance with the legitimate interests of the Controller, in accordance with Article 6 (1) f) of the Regulation. The scope of the processed personal data: title, name, surname, job position, seniority, functional classification, employee’s personal number, professional department, place of work, telephone number, fax number, e-mail address and identification data of the employer. The data is then kept for 10 years after the termination of the contract or business relationship.

5. Rights of the data subject

  1. The right to withdraw consent – in cases where we process your personal data on the basis of your consent, you have the right to withdraw this consent at any time. You may withdraw your consent electronically, at the address of the data protection officer, in writing, by notice of withdrawal of consent or in person at the registered office of our company. Withdrawal of consent does not affect the lawfulness of the processing of personal data that we were processing about yourself on the basis of said consent.
  2. The right of access – you have the right for provision of a copy of the personal data we have about you as well as the information about how we use your personal data. In most cases, your personal data will be provided to you in writing in hardcopy version, unless you require another method of provision. If you have requested this information using digital channels, the information will be provided to you in digital form, if technically feasible.
  3. The right to rectification – we take reasonable steps to ensure the accuracy, completeness
    and timeliness of the information we have about you. Should you believe that the data we keep is inaccurate, incomplete or out of date, please do not hesitate to ask us to rectify, update or complete this information.
  4. The right to erasure (the right to be forgotten) – you have the right to request erasure of your personal data, for example if the personal data we have obtained about yourself is no longer needed to fulfil the original purpose of the processing. However, this right must be assessed while considering all relevant circumstances. For example, we may have to fulfil certain legal and regulatory obligations, which means that we may not be able to comply with your request.
  5. The right to restrict processing – in certain circumstances, you have the right to request us to stop using your personal data. For example, these may be the cases when you think the personal information we hold about you may be inaccurate or when you think we no longer need to use your personal information.
  6. The right to data portability – under certain circumstances you have the right to require us to transfer the personal data you have provided to another third party of your choice. However, the right to data portability only applies to personal data that we have obtained from you with your consent or under a contract to which you are a party.
  7. The right to object – you have the right to object to the processing of data which is based on our legitimate interests. Unless we have a compelling legitimate and justified reason to process and you file objection, we will discontinue processing of your personal data.

Should you believe that any personal information we hold about you is incorrect or incomplete, please get in touch with us.

If you want to file an objection concerning the way we process your personal data, please contact our data protection officer supervising the processing of personal data by e-mail at: dpo@gyncare.sk or in writing at:

GYNCARE, s. r. o.
Magnezitárska 2/C
040 13 Košice

Our data protection officer will investigate into your objection and work with you to resolve the issue.

Should you believe that your personal data is processed unfairly or illegally, you my file a complaint with the Supervisory Authority, i.e. the Office for Personal Data Protection of the Slovak Republic at: Úrad na ochranu osobných údajov Slovenskej republiky, Hraničná 12, 820 07 Bratislava 27; phone number: +421 2 323 132 14; e-mail: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk.

We help couples fulfill their dream of having a baby. 20 years of experience in assisted reproduction.

Book a consultation appointment and we will help you as well.

We will be glad to welcome you to our Gyncare assisted reproduction clinics in Nitra or Košice

BOOK A CONSULTATION APPOINTMENT 0800 300 000 / Po-Pia: 7.30-15.300800 300 000 Po-Pia: 7.00-15.30 BOOK A CONSULTATION APPOINTMENT
Gyncare logo
Je nám ľúto, web gyncare.sk nie je možné prezerať cez váš internetový prehliadač.

Pravdepodobne používate už nepodporovanú verziu. Z tohto dôvodu vám odporúčame nainštalovať si najnovšiu verziu Microsoft Edge, Google Chrome alebo Firefox. Prostredníctvom týchto prehliadačov si užijete náš web v celej kráse.

stiahnuť prehliadač google chrome
Gyncare Vyhľadávanie