Jump over menu

Privacy protection policy

Protection of personal data
Exercise of rights of the persons concerned


The protection of personal data in the Slovak Republic is governed by Act no. 122/2013 Coll. on the Protection of Personal Data as amended by Act no. 84/2014 Coll. (hereinafter referred to as "Act on Protection of Personal Data"). Supervision of protection of personal data is carried out by the Office of Personal Data Protection of Slovakia (hereinafter referred to as "Office"), a government body with nationwide coverage.

I. Terms related to the protection of personal data


For easier understanding of the text on the rights of persons concerned in terms of protection of personal data, here is an explanation of basic terms:

Personal data – data relating to an identified or identifiable natural person, while such person is one, who can be identified directly or indirectly, in particular by a general identifier, or by one or more features or attributes, which constitute its physical, physiological, psychological, mental, economic, cultural or social identity.

Operator – anyone who, alone or jointly with other, defines the purpose of processing the personal data, defines the conditions of their processing and processes the personal data in its own name.

Responsible person – person authorized by the operator to exercise supervision over compliance with the statutory requirements in processing of personal data.

Person concerned – every natural person, whose personal data are processed.

Authorized person – every natural person who comes into contact with personal data within its employment relationship, civil service, service relationship, member relationship, under a mandate, election or appointment, or in the exercise of public office, and who processes personal data to the extent and in the manner specified in the instruction.

Recipient – everyone who is provided with the personal data or with access to them, while the recipient may also be a third party.

Consent of the person concerned – any freely given explicit and articulate declaration of will, by which the person on the basis of provided information consents to the processing of their personal data. Proof of consent particularly includes data on who gave the consent, to whom it is given, for what purpose, list or extent of personal data and the period of the validity of the consent. A written consent is invalid, without the handwritten signature of the person who gave the consent.

Purpose of the processing of personal data – previously clearly defined or determined intent of the processing of personal data, which binds to a particular activity.

Information system – system, in which any organized set of personal data accessible according to the specified criteria, is systematically processed or to be processed for the pre-defined or pre-determined intent.

Processing of personal data – performing of operation or set of operations with personal data (manipulation), especially their obtaining, recording, remaking or changing, searching, using, blocking, their cross-border transferring, providing, accessing, publishing, liquidation, etc.

II. The position of the Ministry of Foreign and European Affairs of the Slovak Republic in processing of personal data


The basic objective of the Ministry of Foreign and European Affairs of the Slovak Republic (hereinafter referred to as “MFEA SR”) in the field of protection of personal data, is the implementation of provisions under the Act on Protection of Personal Data, consequent legislation as well as international treaties, by which the Slovak Republic is bound. In these are, among others, reflected the principles of the common policy of EU countries.

The MFEA SR, as a central government body in the field of foreign policy and the relations of the Slovak Republic to the other states and international organizations, is the operator of information systems under the Act on Protection of Personal Data. In those are, among other things, processed the personal data of the citizens of the Slovak Republic, as well as citizens of other states, who, for whatever reason, turned to the MFEA SR and its representative bodies abroad. Documents, containing personal data of the persons concerned, are by standard procedures delivered to the relevant public authorities for further processing according to individual types of agendas (e.g. registers – Act no. 420/2006 Coll. on registers and on amendments to certain Acts, travel documents – Act no. 647/2007 Coll. on travel documents and on amendments to certain Acts, stay of foreigners in Slovakia – Act no. 404/2011 Coll. on stay of foreigners, etc.).

Personal data are processed by authorized persons. Each authorized person was demonstrably informed about its rights and obligations before any processing operation of personal data. The guidance is provided by the MFEA SR through the responsible person. The MFEA SR keeps a proven record of the guidance.

III. Protection of rights of the persons concerned


According to § 28 of the Act on Protection of Personal Data, every person is entitled to request in writing from the operator of information systems (MFEA SR) the following:

a) confirmation of whether or not the respective personal data are processed,

b) information in generally comprehensible form on processing of respective personal data in information system in the scope of § 15 section 1 letter a) to e) second to sixth point of the Act on Protection of Personal Data,

c) accurate information in generally comprehensible form on source, from which the respective personal data for processing were received,

d) list of the respective personal data in generally comprehensible form, which are subject to processing,

e) correction of inaccurate, incomplete or outdated respective personal data, which are subject to processing,

f) liquidation of respective personal data, which purpose for the processing has ended; if the subject to processing are official documents containing personal data, respective person may request their return,

g) liquidation of respective personal data, which are subject to processing, if there has been a violation of the law,

h) blocking of respective personal data due to the withdrawal of agreement before the expiry of its validity period, if the operator processes the personal data on the basis of the consent of the person concerned.

The right of the person concerned may be restricted only if such restriction results from special law, or when its application would violate the protection of the person concerned, or would violate rights and freedoms of others.

The person concerned has upon written request or personally, if the matter is urgent, the right to object at any time by the operator against the processing of personal data in cases pursuant to § 10 section 3 letter a), e), f) or g) of the Act on Protection of Personal Data by stating the legitimate reasons or by submitting evidence of infringement of rights and legitimate interests, which are or may be damaged in particular case by such processing of the personal data; unless precluded by legal grounds and when it is established that the objection of the person concerned is legitimate, the operator is obliged to block and dispose of the personal data, which processing was objected by the person concerned, without undue delay and as soon as circumstances permit.

The person concerned has upon written request or personally, if the matter is urgent, also the right to object at any time by the operator and not to obey decision, which would have legal effects or significant impact, if such decision is made solely on the basis of automatic processing of respective personal data. The person concerned has the right to request the operator to review the decision made by a method other than the automatic processing, while the operator is obliged to comply with the request of the person concerned in such a way that the decisive role in reviewing the decision will have an authorized person; the operator shall inform the person concerned about the method of reviewing and its result, within the period according to § 29 section 3 of the Act on Protection of Personal Data. The person concerned does not have this right only when established by a special law that governs the measures to ensure the legitimate interests of the person concerned or if within the pre-contractual relations, or during the existence of contractual relations the operator issued a decision to satisfy the request of the person concerned, or if the operator took other appropriate measures under the contract to ensure the legitimate interests of the person concerned.

If the person concerned exercises its right:
a) in writing and the content of the request indicates that the person exercises its right, the request is considered submitted according to the Act on Protection of Personal Data; the person concerned will deliver a request submitted by e-mail or fax in writing within three days from the send date,
b) personally in oral form to the minutes, from which it must be clear who exercised the law, what is the claim and when and who created the record, his/her signature and signature of person concerned; the operator is obliged to submit the minutes to the person concerned,
c) by an intermediary under letter a) or letter b), he/she is obliged to submit this request or minutes to the operator without undue delay.

If the person concerned suspects that its personal data are processed without authorization, he/she can submit a proposal to initiate the proceeding on protection of personal data to the Office of Personal Data Protection.

If the person concerned does not have legal capacity in full, its rights may be exercised by a legal representative (under Civil Code).

If the person concerned is deceased, its rights arising under the Act on Protection of Personal Data may be exercised by a close person (under Civil Code).

The provision of information to the person concerned under § 29 of the Act on Protection of Personal Data:
a) the request of person concerned under § 28 section 1 letter a) to c), e) to h) and section 3 to 5 of the Act on Protection of Personal Data, will be processed by the operator for free,
b) the request of person concerned under § 28 section 1 letter d) of the Act on Protection of Personal Data, will be processed by the operator for free, except the payment of an amount, which may not exceed the amount of purposefully incurred material costs associated with making of copies, providing of data carriers and with sending the information to the person concerned, unless a special law provides otherwise,
c) the operator is obliged to process the request of the person concerned in writing under § 29 sections 1 and 2 within 30 days from the receipt of the request.

In case of restriction of rights of the person concerned under § 28 section 2 of the Act on Protection of Personal Data, the operator will immediately and in writing notify the person concerned and the Office of Personal Data Protection.

IV. Guidance on the rights of persons concerned


Visa application

In the case of a visa application, the person concerned consents to the processing of its personal data by signing the visa application. The text of the consent stated in the visa questionnaire is as follows:

″I am aware of following facts and consent to them: provision of the data that are required in this form, photographing and potential taking of fingerprints are mandatory in assessment of the visa application, and all personal data concerning me, which are listed in the visa application, as well as my fingerprints and photographs, will be provided to the competent authorities of the Member States and processed by those authorities for the purposes of a decision on my visa application.

These data, along with data concerning the decision on my application, or decision declaring the granted visa as invalid, its revoking or prolongation, will be entered into the Visa Information System (VIS), where they will be stored for a maximum period of five years. During this period, they will be accessible to the visa authorities and the authorities carrying out checks of visa at external borders within the Member States, to immigration and asylum authorities in the Member States in order to verify, whether the conditions for the legal entry into the territory of the Member States and stay thereon were met, as well as for identification of persons, who do not meet these conditions or no longer fulfil them, for the assessment of the asylum application and to determine who is fit for such assessment. Under certain conditions, these data will be accessible to designated authorities of the Member States and the Europol for the purposes of prevention of terrorist offenses and other serious criminal offenses, their detection and investigation. The authorities of the Member State responsible for the data processing are: The Ministry of Foreign and European Affairs of the Slovak Republic, Hlboká cesta 2, 833 36, Bratislava, and the Ministry of Interior of the Slovak Republic, the Office of Border and Foreign Police Presidium of the Police Force, Ružinovská 1/B , 812 72 Bratislava 1.

I am aware, that in all the Member States I have the right to be informed of the data concerning my person, which are recorded in VIS, as well as to be informed of the Member State that entered these data, and I have the right to request the correction of inaccurate data concerning my person and deletion of unlawfully processed data concerning my person. At my express request, the Office assessing my application will inform me how I can exercise my right to control my personal data, and how I can achieve their correction or deletion, including the related remedies in accordance with the national law of the State concerned. Complaints concerning the protection of personal data will be handled by national supervisory authority of this Member State: The Office of Personal Data Protection of Slovak Republic, Hraničná 12, 820 07, Bratislava.

I declare to the best of my knowledge that the data provided are correct and complete. I am aware that any false statements will lead to the rejection of my application, or cancellation of previously granted visa, and may also render me liable to prosecution under the legislation of the Member State, which processed the application. If I am granted the visa, I undertake to leave the territory of the Member States before it expires. I have been informed that the visa is only one of the prerequisites for entry into the territory of the Member States. If I fail to comply with the relevant provisions of Article 5 section 1 of the Schengen Borders Code, and consequently will be denied entry, even though I was granted a visa, I have no claim for damages. The prerequisites for entry will be checked again on entry into the European territory of the Member States.”

V. Responsible person and its role in relation to the exercise of rights of the persons concerned


In accordance with the § 23 of the Act on Protection of the Personal Data, a person responsible for the supervision of the protection of personal data was appointed by the MFEA SR. This person, among other tasks, ensures the processing of requests of the persons concerned, related to the exercise of their rights under § 28 to 30 of the Act on Protection of the Personal Data. The operator is obliged under the § 29 section 3 of the Act on Protection of Personal Data, to process the request of the person concerned in writing within 30 days from receipt of the request. In the case that the person concerned is not satisfied with the course and manner of the processing, he/she has the right to contact the Office of Personal Data Protection.
You can send the requests relating to the exercise of your rights in writing or electronically to:

The Ministry of Foreign and European Affairs of the Slovak Republic
Hlboká cesta 2
811 04, Bratislava
Slovak Republic
Phone: + 421 2 5978 1111
E-mail: informacie@mzv.sk

VI. The Office of Personal Data Protection


More detailed information regarding the protection of personal data in the Slovak Republic, including the Act on Protection of Personal Data and the European rules of law, as well as frequently asked questions, can be found on the website of the Office: www.dataprotection.gov.sk, or contact the Office:

The Office of Personal Data Protection of the Slovak Republic
Hraničná 12
820 07, Bratislava
Slovak Republic
Tel.: + 421 2 502 39 418
e-mail: statny.dozor@pdp.gov.sk


Last updated: 02/10/2015