Information about personal data processing

 

Proper processing of your personal data is very important for us and we believe its protection is a must so we would like to inform you about the processing of your personal data.

If anything is still unclear after you have read this document or if you are not sure about something, we will be glad to explain any term or part hereof if you contact us by sending an e-mail to nestak@nestak.sk or in writing using the Controller´s address stated below.

Please also read the personal data protection documentation available at www.prohealth.sk.

 

Who processes your personal data?

Your personal data is processed by ProHealth, a.s., Digital Park II, Einsteinova 25, 851 01 Bratislava, Company ID No. (IČO) 43 765 513 as a controller (hereinafter referred to as “Controller”).

You may contact the data protection officer responsible for the proper processing of your personal data at any time by sending an e-mail to nestak@nestak.sk.

 

What personal data do we process?

The Controller processes mainly the following data about you in paper or electronic form: your name, surname, date of birth, domicile, e-mail address, telephone number, signature, data about your health insurance company, products and services purchased in the past, dates of appointments with relevant healthcare providers, health-related data.

 

For what purpose does the Controller process your personal data and on what legal basis?

The Controller processes your personal data to the necessary extent:

a) when performing the service provision and healthcare management contract of which you are a contracting party (legal basis is performance of the contract);

  • for the purpose of identification of a client when concluding, performing and terminating the contract;
  • for the purpose of performance of the Controller´s contractual obligations resulting from the contract.

Provision of your personal data is fully voluntary for such purposes but it is necessary for concluding a contract on comprehensive client management and for its subsequent performance. Without such data we would not be able to conclude the contract with you, nor perform any rights and obligations resulting from such;

b) when performing legal obligations based on special legislation (legal basis is performance of contractual obligations);

  • for the purpose of compliance with the basic principles of personal data processing, implementation and compliance with technical and organisational security measures including, but not exclusively, for preventing any unauthorized access to systems and information, investigating suspected or known security breaches and reporting such breaches to individuals and authorities, processing and replying to requests and complaints of data subjects;
  • for the purpose of dealing with inspections and requests of public authorities;

c) for the purpose of the Controller´s legitimate interests (legal basis is legitimate interest/s) that include

  • protection of the Controller´s property or the health of employees;
  • protection of public order and security;
  • administration of information related to the contractual relationship;
  • identification, execution and defence of the Controller´s legal entitlements.

d) On the legal basis of consent granted by you, we process your personal data related to health exclusively in cases where the processing of such data is necessary for us to be able to arrange a healthcare appointment for you with a relevant healthcare provider.

Granting consent is voluntary but without it we will be unable to arrange certain examinations for you.

 

Will your personal data be provided to other recipients?

Your personal data may be disclosed to healthcare providers for the purpose of arranging your healthcare appointment, providers of IT services, attorneys, auditors, archival and other persons providing services to the Controller with whom the Controller has concluded a personal data processing contract.
Will your personal data be transferred to third countries?

The transfer of your personal data to third countries is not intended.

 

How long will your personal data be processed for such purpose?

The Controller will keep your personal data throughout the period of duration of your contractual relationship with the Controller and after its termination until settlement of all obligations resulting from or related to it, or until the end of the Controller´s legitimate interest in the processing of such data.

When processing your personal data based on your consent, we will process it only during the consent’s validity period.

When processing personal data the Controller applies a minimisation principle, i.e. after the end of the period during which the Controller is obliged to keep personal data, the Controller will immediately anonymize your personal data from databases and information systems. ProHealth has implemented strict internal rules for keeping personal data which ensure that information is not kept longer than the Controller is authorized or obliged to.

 

What are your rights related to such processing?

Based on a written request you are entitled to: (i) request access to your personal data; (ii) request correction of your personal data; (iii) request erasure of your personal data; (iv) request limitation of processing; (v) object to processing; (vi) request the transfer of your personal data; and (vii) lodge a complaint to the Office for Personal Data Protection, Hraničná 12, Bratislava.

 

Does the processing of your personal data involve automated decision-making including profiling?

The processing of your personal data does not involve automated decision-making, including profiling.