Privacy protection policy
Personal Data Processing and its Protection
The Ministry of Foreign and European Affairs of the Slovak Republic (MFA SR) processes and protects personal data of the data subjects on the basis of obligations arising from legislation and its specific tasks.
The Ministry of Foreign and European Affairs of the Slovak Republic respects and fulfils its obligations in relation to the protection of personal data, which are set out in the General Data Protection Regulation – GDPR (EU) 2016/679 and in the Personal Data Protection Act no. 18/2018 on personal data protection and amending and supplementing certain Acts.
What personal data does the MFA process?
The scope of the processing of personal data is defined in the relevant legislation or in the purpose of personal data processing. Its extent is part of the specific forms, which are being used for the processing of personal data.
What is the legal basis for personal data processing at the MFA?
MFA processes personal data on the following legal basis:
- Legal obligation: act that imposes an obligation to process personal data, or
- Consent: the consent of the data subject; or
- Contract: the performance of a contract to which the data subject is party
Personal data are processed to the extent and for the time necessary for fulfilling the given purpose. Personal data is stored for the time necessary to achieve the purpose, which is determined by legal requirements, the duration of the consent or until its withdrawal, or for the time necessary to fulfil the contract. If personal data are processed in the framework of a registry record, their deletion shall be governed by the registry rules. If the personal data are not part of the registry record, the MFA deletes it immediately after fulfilling the purpose for which it was provided. The MFA may also store personal data for a longer period of time, eg. for scientific and historical purposes. MFA may provide processed personal data to law enforcement authorities or other state authorities.
What are the rights of the data subjects?
In case, that MFA processes your personal data, you have special rights, such as the right to access your data (including the purpose of the processing and its scope), the right to rectify it (if it is inaccurate or incomplete). You also have the right, under certain circumstances, to block or object to processing. At the same time, if the personal data were provided by the MFA to a third party, you have the right to be informed of any changes. The MFA does not process personal data by an automated process that would be performed exclusively by machines. You have the right to retrieve your personal data in a standardized format in case you want to transfer it to another controller and you have the right to file a complaint if you believe that your privacy rights have been violated. If personal data has been provided by consent, you have the right to withdraw that consent.
How to exercise your rights?
If the MFA processes your personal data and you would like to exercise some of the rights under the GDPR or the Data Protection Act, you can submit a written request addressed to the Data Protection Officer DPO via e-mail email@example.com or you can send it by standard post to the Ministry of Foreign and European Affairs of the Slovak Republic, Hlboká cesta 2, 833 36, Bratislava.
The MFA cannot accept the request made by phone call because of the complex process of identifying the data subject.
When exercising one or more rights, your request should include a detailed and accurate description of the data to which the request relates. Should the MFA have any doubts about the identity of the applicant, the applicant may be asked to resubmit a copy of a document that will help to verify the identity of the data subject.
Who do we provide your personal information to?
We provide your personal data to the third parties solely on a legal basis resulting from the relevant legislation, contractual relationship, or consent to the processing of personal data.
What are the requirements for transferring personal data to a third country (outside the EU)?
Transferring of personal data from MFA to the Slovak Embassy abroad is not considered as a transfer to a third country. Likewise, a transfer within the institutions and bodies of the Member States of the European Union is not considered as a transfer to a third country. Such transmission is neither restricted nor prohibited. The MFA may transfer personal data to another international organization and countries outside the EU only when certain conditions of GDPR are met.
Your personal data and website of the MFA
The MFA website is one of its most important communication tools. It is being used mostly to inform the public about the MFA’s activities.
Some of the services offered on the website require the processing of your personal data, which are processed for the purpose of the user authentication, accessing the website and finding language preferences. The MFA never shares your personal information for the marketing purposes.
The MFA uses social networks to present its activities. The ideas, opinions and information of the MFA expressed through social networks are purely informative and are not legally binding.
Rights of data subjects with regard to personal data processing in the Visa information System (hereinafter referred to as ”VIS“)
Purpose of personal data processing: To improve the implementation of the common visa policy, consular cooperation and consultation between central visa authorities by facilitating the exchange of data between Member States on applications and on the decisions relating thereto within the meaning of Article 2 of Regulation (EC) No 767/2008 of the European Parliament and of the Council concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (hereinafter referred to as the “VIS Regulation“).
Categories of personal data processed: the alphanumeric data on the applicant and on the visa for which an application has been filed, on the issued, rejected, annulled, revoked and extended visas referred to in Article 9 (1) to (4) and in Articles 10 to 14 of the VIS Regulation; the photograph referred to in Article 9 (5) of the VIS Regulation; the dactyloscopic data referred to in Article 9 (6) of the VIS Regulation; the connections with the other applications referred to in Article 8 (3) of the VIS Regulation.
Rights of data subjects:
- The right of access to data recorded in the VIS concerning it and the right to information on the Member State which transferred the data to the VIS. Such access to data may only be granted by a Member State.
- The right to require the rectification of data concerning it if they are incorrect.
- The right to erasure of data concerning it if they have been recorded illegally.
- The right to lodge a complaint or action with the competent authorities or courts of a Member State that has denied its right of access or the right to the rectification or erasure of data concerning it. Under the conditions of the Slovak Republic, the data subject should lodge a complaint with the Office for Personal Data Protection of the Slovak Republic which is the national supervisory authority.
The method of exercising the rights of data subjects: The data subject may exercise its rights personally, by written request in paper form or by electronic request signed by a guaranteed electronic signature.
Contact details of the Member State authorities responsible for data processing:
Bureau of Border and Foreign Police of the Presidium of the Police Force, Ružinovská 1/B, 812 72 Bratislava, the Slovak Republic;
Ministry of Foreign and European Affairs of the Slovak Republic, Hlboká cesta 2, 833 36 Bratislava, the Slovak Republic; the contact details of the data protection officer: +421 2 5978 2025, firstname.lastname@example.org.
Contact details of the national supervisory authority:
Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, the Slovak Republic
Last Update Date: 12.11.2019 Create Date: 10.2.2015