Home / Privacy Policy

Privacy Policy

SANOMED s.r.o., Grösslingova 4, 811 09 Bratislava – Staré Mesto district
Business ID: 51914735

As the operator of an information system, we hereby publish this Personal Data Protection Policy to ensure fairness and transparency toward data subjects, in accordance with Article 13 and the relevant recitals of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation") and Act No. 18/2018 Coll. of the Slovak Republic on the protection of personal data and on amendments to certain laws (hereinafter referred to as the "Personal Data Protection Act").

The purposes of personal data processing are the reasons for which the personal data of data subjects (employees, clients) are processed in our information systems on precisely defined legal grounds. These purposes are specifically determined, explicitly stated, and justified, while adhering to the principle of lawfulness under Article 6 and 9 of the Regulation (individual purposes and legal bases are listed in the appendix to this Personal Data Protection Policy).

Data subjects whose personal data are processed in our information systems for specific purposes may exercise the following rights in writing or electronically:

a) Right of access to personal data – The right to obtain confirmation as to whether your personal data are being processed, as well as the right to access such data, including the purposes and duration of processing, categories of personal data, recipients, and details of any automated processing, including its consequences. As the controller, we reserve the right to take reasonable measures to verify the identity of the data subject requesting access, particularly in relation to online services and identifiers (Article 15, Recitals 63, 64 of the Regulation).

b) Right to rectification of inaccurate or incomplete personal data (Article 16, Recital 65 of the Regulation).

c) Right to erasure ("right to be forgotten") – The right to request the deletion of personal data that are no longer necessary for the purposes for which they were collected, where consent has been withdrawn, where processing is unlawful, or where data were collected in relation to the offer of information society services (for children), provided the conditions under Article 17, Recitals 65, 66 of the Regulation are met.

d) Right to restriction of processing – This right may be exercised if you, as a data subject, contest the accuracy of your personal data or other conditions under Article 18, Recital 67 of the Regulation. This may involve temporarily moving selected data to another processing system, restricting user access, or temporarily suspending processing.

e) Right to data portability – The right to receive your personal data provided to our information systems based on consent or contract in a structured, commonly used, and machine-readable format, where technically feasible, in accordance with Article 20, Recital 68 of the Regulation. This right does not affect Article 17 of the Regulation. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the controller.

f) Without prejudice to any other administrative or judicial remedy, you, as a data subject, have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic under Article 77 of the Regulation if you believe that the processing of your personal data violates the Regulation or the Personal Data Protection Act.

You also have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, including profiling based on legitimate interests pursued by us as the controller or a third party (except where such interests are overridden by your fundamental rights and freedoms, especially if the data subject is a child).

SANOMED s.r.o., Grösslingova 4, 811 09 Bratislava – Staré Mesto district, as the operator of the information system, has implemented all appropriate personnel, organizational, and technical measures to ensure the maximum protection of your personal data and minimize the risk of misuse, leakage, or similar incidents.

In accordance with our obligation under Article 34 of the Regulation, we hereby inform you, as data subjects, that in the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

NOTICE: To comply with the principle of data minimization, all personal data you provide are either legally or contractually required to fulfill the purpose of processing. Failure to provide mandatory data necessary for contract formation may result in the inability to establish a contractual relationship.

For any questions regarding the protection of your personal data, including the exercise of your rights under the Regulation and the Personal Data Protection Act, please contact us or our designated responsible person (if applicable):

Contact details:
Email: office@sanomed.sk
Phone: +421 948 205 083

Appendix to the Personal Data Protection Policy

1. EMPLOYEE PERSONNEL AND PAYROLL RECORDS

Purpose of processing: Fulfillment of employer obligations related to employment, civil service, or similar relationships (e.g., agreements on work performed outside employment), including pre-contractual relationships.
Information system name: Employee Personnel and Payroll Records
Legal basis: Constitution of the Slovak Republic, Labor Code (Act No. 311/2001 Coll.), Act on Public Interest Work (No. 552/2003 Coll.), State Service Act (No. 312/2001 Coll.), Income Tax Act (No. 595/2003 Coll.), Social Insurance Act (No. 461/2003 Coll.), Health Insurance Act (No. 580/2004 Coll.), and related regulations.
Categories of recipients: Payroll processors, occupational safety providers, public authorities, health insurance companies, pension funds.
Cross-border data transfer: Not applicable
Data retention periods (after employment termination):

  • Employee personal file (payroll documents, appointment decrees, etc.) – 70 years (from birth),

  • Leave records – 3 years,

  • Attendance records – 3 years,

  • Payroll sheets – 50 years,

  • Employee welfare records – 5 years,

  • Work agreements – 5 years,

  • Workplace accident records – 5 years,

  • Training documentation – 5 years.
    Automated decision-making/profiling: Not applicable

2. FINANCIAL AND ACCOUNTING RECORDS

Purpose of processing: Processing orders, invoices, banking transactions, cash management, inventory, and accounting.
Legal basis: Accounting Act (No. 431/2002 Coll.), VAT Act (No. 222/2004 Coll.), Civil Code, Commercial Code.
Data retention: 5 years (tax documents, payroll records).
Automated decision-making/profiling: Not applicable