Privacy Policy

Notice on the Collection and Processing of Personal Data

pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”), effective from 01.07.2021.

Introduction

The company Medirad s.r.o. as the Controller, with its registered office at Ružinovská 42, Bratislava – Ružinov 821 03, Company ID: 53581733 (hereinafter the “Controller”) hereby informs its clients (patient, client, legal representative, or authorized representative of the patient) and business partners about the collection and processing of their personal data.

Privacy Principles

We process your personal data only on the basis of legal conditions specified in the Regulation or by law. As the controller, we are responsible for the protection of your personal data that we have obtained or are obtaining in accordance with the Regulation and the law. In case of questions, you may contact us in person or by post at our registered office address, or by email at: info@medirad.sk.

Your personal data will be stored and backed up securely, in accordance with our security policy, and only for the period specified below.

Source of Personal Data

We obtain your personal data primarily directly from you, when you voluntarily provide them in connection with an inquiry or request for our services — in person, by phone, in writing by post, or electronically through forms on the website www.medirad.sk.

Necessity of Providing Personal Data

The patient, client, legal representative, or authorized representative of the patient is obliged to provide personal data for the purpose of providing healthcare in the required scope; otherwise, the consequence of not providing personal data may be the refusal to provide healthcare.

Recipients of Personal Data

All your personal data will be stored in our internal systems. Recipients of personal data may include:

  • supervisory, regulatory, and other state authorities in the performance of their duties,
  • courts and law enforcement authorities,
  • health insurance companies of the data subjects, other healthcare providers,
  • National Health Information Centre,
  • contracted service providers (IT infrastructure, postal services, financial services),
  • other recipients under specific legislation (auditors, legal advisors, accounting advisors).

Purpose of Processing Personal Data

We will collect and further process your personal data for the following purposes:

  • Patient scheduling — processing is necessary for the purpose of scheduling a patient for an examination (Art. 6(1)(b) of the Regulation).
  • Provision of healthcare — processing is necessary for the purpose of preventive occupational medicine and provision of healthcare (Art. 6(1)(c) of the Regulation).
  • Accounting — administration and invoicing pursuant to Act No. 431/2002 Coll. on Accounting.
  • Mail records and registry management — pursuant to Act No. 395/2002 Coll. on Archives and Registries.
  • Exercise of data subject rights — legal obligation of the controller.
  • Information protection and security — legitimate interest of the controller.

Personal Data Retention Periods

Health-related personal data of clients are retained pursuant to Section 22 of Act No. 576/2004 Coll. for 20 years from the last provision of healthcare. Voice recordings from the answering service are automatically deleted after 30 days.

Your Rights

  • Right of access to personal data (Art. 15 of the Regulation)
  • Right to rectification of personal data (Art. 16 of the Regulation)
  • Right to erasure — “right to be forgotten” (Art. 17 of the Regulation)
  • Right to restriction of processing (Art. 18 of the Regulation)
  • Right to data portability (Art. 20 of the Regulation)
  • Right to object to processing (Art. 21 of the Regulation)
  • Right to lodge a complaint with a supervisory authority (Art. 77 of the Regulation)

You may file a complaint with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; tel.: +421 /2/ 3231 3214; email: statny.dozor@pdp.gov.sk.

You may exercise your rights in person or by sending a written request by post to our company’s registered office address, or by email to: info@medirad.sk.

We reserve the right to change, modify, and update this privacy notice at any time.