Processing of personal data
The Ministry of Foreign and European Affairs of the Slovak Republic, hereinafter referred to as the "Ministry", processes the personal data of natural persons when carrying out its duties and specific tasks. The Ministry is fully aware of its obligations, which arise from the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in the processing of personal data and on the free movement of such data (general data protection regulation), hereinafter referred to as the "general data protection regulation" or “regulation” and Act no. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws as amended, hereinafter referred to as the "Act on the Protection of Personal Data".
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified (directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person);
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the controller;
‘data subject’ is an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘data protection officer/DPO’ is a person designated by the controller or processor, either compulsorily or voluntarily. Performs tasks according to the General Data Protection Regulation and the Personal Data Protection Act. The responsible person is the cornerstone of accountability, and identifying them can facilitate compliance and give businesses a competitive advantage. In addition to facilitating compliance by introducing accountability tools (such as facilitating data protection impact assessments and conducting or facilitating audits), responsible persons act as intermediaries between relevant stakeholders (e.g. supervisory authorities, data subjects and departments within the organization). DPO do not bear personal responsibility for non-fulfillment of obligations arising from the general regulation on data protection, this is borne by the controller or processor, who must be able to prove the fulfillment of their obligations to the supervisory authority.
General Data Protection Regulation
Act no. 18/2018 on personal data protection and amending and supplementing certain Acts
Controller general contact
The Ministry of Foreign and European Affairs of the Slovak Republic
Seat/address: Hlboká cesta 2, 833 36 Bratislava, Slovak republic
General contact phone: +421 2 5978 1111,
+421 90607 2222,
Phone contact: +421 2 5978 2052/2053
Post address of the controller:
Hlboká cesta 2,
833 36 Bratislava,
Purposes and legal basis of personal data processing
The Ministry, as the controller, in the sense of processing personal data, always processes them on an adequate legal basis, most often based on special laws, i.e. the processing follows from special legal regulations. Ministry always processes personal data within the framework of the legal basis according to Art. 6 par. 1 of the general regulation, if the subject of processing is a special category of personal data, then Art. 9 par. 2 of the general regulation adequately.
Scope of processed personal data
The Ministry processes personal data in accordance with the relevant legal regulations and the purpose of processing specified therein. When processing personal data according to special legal regulations, as well as according to other legal bases, the Ministry proceeds in accordance with the principles of personal data processing according to Art. 5 of the general regulation.
Source of personal data
The Ministry processes personal data that was obtained directly from the data subject or from other public authorities based on special regulations or international treaties to which the Slovak Republic is bound.
Obligations of the data subject to provide personal data
The data subject is obliged to provide their personal data if their processing is necessary in connection with the fulfillment of the legal obligation of the controller. If the data subject does not provide the necessary established personal data, the controller cannot fulfill its obligations and legal requirements.
The data subject is also obliged to provide personal data in cases where their provision is necessary for the fulfillment of contractual or pre-contractual relations, if he is a party to the contract. In the event that the data subject does not provide the personal data necessary for the conclusion of the contract or its fulfillment, it will prevent the formation of a contractual relationship.
Period of storage of personal data
Personal data are stored in a form that enables identification of the data subject only for the duration of the purpose for which personal data is processed in accordance with the approved Registration Plan and the Ministry's Registration Regulations. After the end of the purpose of processing, personal data are further processed for archiving purposes, for scientific, research or statistical purposes, if this is in accordance with a special regulation.
Category of recipients
Personal data processed by the Ministry may be provided to recipients who have the status of independent controllers and to whom, based on a special regulation, an international treaty to which the Slovak Republic is bound, or the consent of the data subject, the Ministry is obliged or authorized to provide them.
Cross-border processing of personal data and data transfer to third countries and international organizations
Cross-border processing is the processing of personal data that takes place in the Union in the context of the activities of the establishments of the controller or intermediary in more than one Member State, while the controller or intermediary is established in more than one Member State; or it is the processing of personal data that takes place in the Union in the context of the activities of a single establishment of the controller or intermediary in the Union, but which significantly affects or is likely to significantly affect data subjects in more than one Member State. Free movement of personal data takes place within the member states of the European Union and within the countries of the European Economic Area.
The Ministry thus operates on the territory of the Slovak Republic. Geographically, it has its places of work, in terms of international agreements, also in other countries of the world, where it carries out its activities as a representative office, general consulate, or permanent mission or representation. The processing of personal data at these workplaces is not considered cross-border processing of personal data, nor the transfer of personal data to a third country, as according to international agreements these workplaces are the territory of the Slovak Republic.
Considering the activity of the controller in accordance with Act no. 575/2001 Coll. on the organization of the activities of the government and the organization of the central state administration, personal data may be the subject of transfer to third countries, which are mainly the states in which the embassies of the Slovak Republic are located and the states with which the Slovak Republic has concluded international agreements and contracts. Under certain conditions, the Ministry can also transfer personal data to another international organization.
Automated decision-making, including profiling
The Ministry does not perform automated decision-making, including profiling.
Rights of the data subject
The data subject has the following rights:
a) Right of access by the data subject: the right to obtain confirmation from the Ministry as to whether her personal data are processed in the Ministry's information systems; in the event that the Ministry processes the personal data of the data subject, it has the right to obtain, in particular, information on:
- processing purposes,
- category of affected personal data,
- recipients or categories of recipients to whom personal data was provided,
- storage period,
- on the rights of affected persons,
- about the source of personal data, if they were not obtained directly from the data subject,
- on the existence of automated individual decision-making, including profiling,
- on adequate guarantees regarding cross-border transmission.
b) Right to rectification: the right to request the correction of data relating to her if they are incorrect and the right to supplement personal data if they are incomplete.
c) Right to erasure: the right to delete data (liquidation of data) of the data subject, including the right to forget the data, if the purpose of the processing has ended, or the data subject has withdrawn consent, or if the data subject has objected to the processing, or in the case of illegal processing according to Art. 17 of the General Data Protection Regulation.
d) Right to restriction of processing: the right to limit processing according to Art. 18 of the General Data Protection Regulation.
e) The right to data portability in a structured, commonly used and machine-readable format and has the right to transfer this personal data to another controller, if it is technically possible and if the personal data is processed on the basis of the consent of the data subject or on the basis of a contract or the processing is carried out by automated means.
f) The right to object to the processing of personal data if they are processed for purpose of fulfilling a task carried out in the public interest or for the purpose of the legally protected interest of the controller.
g) Right to object and automated individual decision-making: the right not to be subject to a decision based solely on the automated processing of personal data, including profiling according to Art. 22 of the General Data Protection Regulation.
h) If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw it at any time, while the withdrawal of consent does not affect the processing of personal data during the duration of the consent.
Methods of exercising the rights of the data subject by he controller
The data subject can exercise his/her rights by submitting a request, namely:
a) by sending an email (request) to the e-mail address firstname.lastname@example.org, while the electronic exercise of rights applies mainly to cases where personal data was provided electronically and communication with the affected person was mainly in electronic form;
b) by electronic submission (application) through an electronic mailbox and eID;
c) in writing via registered mail to the address of the ministry, or in person, if possible.
Procedure for processing a request to exercise the rights of the data subject
The Ministry may request the data subject, if necessary, to provide additional information necessary to verify his identity. Requests are handled free of charge, only if they are demonstrably unfounded or disproportionate, especially due to their recurring nature, will the Ministry consider the possibility of demanding a reasonable fee or refusing to act on the request.
The Ministry informs the data subject about the method of processing the request immediately, but no later than within one month from the date of receipt of the request. In justified cases, this period can be extended by another two months. The data subject is informed of each extension of the deadline together with the reasons for its extension.
The Ministry responds to the request in writing in paper or electronic form, usually by the same means by which the request was delivered. In the event that the Ministry did not process the request and did not take measures based on the request of the data subjects, it shall inform the data subjects of this fact and the reasons for not acting immediately, no later than within one month of the receipt of the request. At the same time, it informs the data subjects about the reasons for not acting, about the possibility to file a complaint with the supervisory authority and the possibility to apply a judicial remedy in accordance with the general regulation on data protection, or the possibility to submit a proposal to initiate proceedings on the protection of personal data in accordance with the Act on the Protection of Personal Data.
The Ministry will notify each recipient to whom it has provided personal data of any correction, deletion or restriction of processing of personal data, unless this proves impossible or requires disproportionate effort. The controller informs the data subject about these recipients if the data subject requests it.
The data subjects´ rights in the visa information system (VIS)
Contact of the data protection supervisory authority
The Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, Slovak republic.