Privacy Policy
General information on processing of personal data
General information on processing of personal data
The Controller
Bratislava, the Capital City of the Slovak Republic, registered office at Primaciálne námestie 1, 814 99 Bratislava, Company ID no. 00 603 481 (hereinafter referred to as the City or the "Controller") processes your personal data solely in accordance with the legal terms and conditions pursuant to the Regulation ↗︎ and the Data Protection Act ↗︎.
When processing personal data, you are the data subject, i.e. the person whose personal data are being processed.
Information on Data Protection Officer
The City has appointed Bruno Konečný to be the Data Protection Officer. Contact details: [email protected]
With regard to compliance with legal obligations, this refers to compliance with obligations laid down in specific laws and regulations in accordance with Article 6(1)(c) of the Regulation. Where data are processed in the public interest, this means the performance of tasks and authorisations where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller pursuant to specific legislation in accordance with Article 6(1)(e) of the Regulation.
Your personal data will be stored securely, in accordance with the security policy of the Controller and only for the duration necessary to fulfil the purpose of the processing. Access to your personal data will only be granted to persons authorised by the Controller to process your personal data. Your personal data are backed up, in accordance with the retention policy. Your personal data will be fully erased from the back-up storage as soon as possible according to the said back-up rules.
The City, as the Controller, has a legal obligation to provide your personal data for inspection or supervisory purposes or upon request by authorised public authorities or institutions, where required by special regulations, for example Act No. 171/1993 Coll. on the Police Force ↗︎, Act No. 18/2018 Coll. on the protection of personal data ↗︎.
In accordance with the Regulation and the Data Protection Act, the Data Controller will process your personal data to the extent and under the conditions laid down in the special regulations, on the basis of the statutory conditions set out in Article 6 of the Regulation. Your personal data are not processed by means of automated individual decision-making, including profiling with legal or similarly significant effect. Your personal data will not be transferred to third countries that do not guarantee an adequate level of data protection.
Data Processing Declaration
General purposes
Bratislava, the Capital City of the Slovak Republic, registered office at Primaciálne námestie 1, 814 99 Bratislava, Company ID no. 00 603 481 (hereinafter referred to as the City or the "Controller") processes your personal data solely in accordance with the legal terms and conditions pursuant to the Regulation ↗︎ and the Data Protection Act ↗︎.
When processing personal data, you are the data subject, i.e. the person whose personal data is being processed.
Your personal data will not be transferred to third countries that do not guarantee an adequate level of protection and will not be processed through automated individual decision-making.
Detailed purposes for processing personal data
Registry management, including mail records
To comply with our legal obligations in connection with the public interest, your personal data will be processed in accordance with the following laws and regulations:
- Act No. 395/2002 Coll. on archives and registers, as amended; related implementing regulations
- Act No 305/2013 Coll. on the electronic form of exercising the powers of public authorities (e-Government Act), as amended
The registration data will be stored for the duration of three (3) years; the data contained in documents subject to registry management will be kept in accordance with the periods laid down for each purpose. Personal data may be provided to the Ministry of the Interior of the Slovak Republic, the National Archives of the Slovak Republic, and other authorised public authorities.
Research agenda - Access to archive documents
To comply with our legal obligations in connection with the public interest, your personal data will be processed in accordance with the following laws and regulations:
- Act No. 395/2002 Coll. on archives and registers, as amended; related implementing regulations
- Act No 305/2013 Coll. on the electronic form of exercising the powers of public authorities (e-Government Act), as amended
Personal data related to the disclosure conditions (requests, communications, etc.) will be retained for a period of ten (10) years. Personal data may be provided to the Ministry of the Interior of the Slovak Republic, the National Archives of the Slovak Republic, other authorised public authorities, the originator, legal successor and owner of the documents, the regional government, local authorities, individuals and legal entities in connection with their activities as required by a specific law.
Handling and registration of exercised rights of data subject
The Controller has a legal obligation to ensure that requests from data subjects are duly processed in accordance with
- Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (GDPR)
- Act No. 18/2018 Coll. on the protection of personal data as amended
The personal data will be stored for the duration of five (5) years from the date of the request and will be disclosed to the data subject, to the competent national authority and, to the extent necessary, to another controller under the notification obligation
Requests for access to information under the Freedom of Information Act
The Controller is legally obliged to process requests for access to information, including appeals proceedings, pursuant to Act No. 211/2000 Coll. on Free Access to Information as amended (Freedom of Information Act) and Act No. 71/1967 Coll. on Administrative Proceedings (Administrative Procedure Code) as amended.
The personal data will be processed for the duration of five (5) years from the date of application/termination of the procedure and may be disclosed to the applicant and to other authorised national authorities (competent court, another controller, if relevant to the request).
Public procurement
The Controller has a legal obligation to carry out public procurement for the supply of goods, provision of services and performance of works in accordance with the law:
- Act No. 343/2015 Coll. on Public Procurement,, as amended, - Act No. 431/2002 Coll. on Accounting, as amended
- Act No. 222/2004 Coll. on Value Added Tax, as amended
- Act No. 40/1964 Coll. Civil Code, as amended
- Act No. 513/1991 Coll. Commercial Code, as amended
- Act No. 71/1967 Coll. on Administrative Procedure (Administrative Procedure Code), as amended - Act No. 595/2005 Coll. on Income Tax, as amended
Personal data will be processed for the duration of five (5) years (sub-limit contract) or ten (10) years (over-limit contract) and may be disclosed to the Public Procurement Office, to the extent appropriate, published on the website (legal obligation) and disclosed to another authorised public authority.
Structural Fund projects
There is a legal obligation in connection with the public interest to process the documentation necessary for the settlement of payroll expenses and supporting documents related to the participation in the Structural Funds in accordance with the following laws and regulations:
- Act No. 292/2014 Coll. on the Contribution from the European Structural and Investment Funds and, as amended
- REGULATION (EU) No 1303/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ↗︎
- REGULATION (EU) No 1304/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ↗︎
- Contractual or pre-contractual relationship
Personal data will be processed for the duration of ten (10) years, payrolls for fifty (50) years and are made available to the executive body, the auditing body, the certifying body, the European Commission, other authorised bodies, project participants and contractors to a limited extent.
Handling of complaints under the Complaints Act
The Controller is legally obliged to ensure that complaints are handled in accordance with Act No. 9/2010 Coll. on Complaints, as amended
Personal data will be processed for the duration of ten (10) years after the complaint has been processed and are provided to the complainant, the persons concerned by the complaint, or another authorised public authority.
Handling petitions
The Controller has a legal obligation to ensure that petitions are duly handled in accordance with the following laws and regulations:
- Act No. 85/1990 Coll. on the Petition Right, as amended,
- other special laws that may provide for the elements of a petition (in particular Act No. 171/2005 Coll. on Gambling, as amended, Act No. 369/1990 Coll. on Municipal Establishment, as amended)
Personal data will be stored for the duration of ten (10) years and provided to the Ministry of the Interior and other authorised state authorities.
Litigation, enforcement of legal claims and jurisdiction and out-of-court settlements
Purpose compatible with the original purpose of processing personal data pursuant to Article 6(4) of the Regulation, which is in the public interest (protection of the interests of the state, efficient management of funds from the state budget), in accordance with the following laws and regulations:
- Act No. 162/2015 Coll., the Administrative Procedure Code,
- Act No 160/2015 Coll., the Code of Civil Adversarial Procedure
- Act No 523/2004 Coll. on Budgetary Rules of Public Administration
- Act No. 278/1993 Coll. on the Administration of State Property, Article 9(2)(c) GDPR, if personal data of a special category pursuant to Article 9 GDPR are the subject of legal claims, - Act No. 233/1995 Coll. on the Execution Procedure Code, - Act No. 233/1995 Coll. on the Enforcement Procedure Code
Personal data will be processed for the duration of twenty (20) years and made available to the competent court, law enforcement authorities, parties, subjects of proceedings or other authorised state authorities
Economic agenda and its processing, accounting
The Controller will process personal data in accordance with the regulations in the performance of its legal obligations:
- Act No. 413/2002 Coll. on Accounting, as amended
- Act No 222/2004 Coll. on VAT, as amended
- Act No 283/2002 Coll. on Travel Allowances, as amended
- Act No 40/1964 Coll., the Civil Code, as amended
- Act No 152/1994 Coll. on the Social Fund, as amended
- Act No 595/2013 Coll. on Income Tax, as amended
- Act No 552/2003 Coll. on the Performance of Work in the Public Interest, as amended
- Act No 311/2001 Coll., the Labour Code, as amended
- Act No 211/200 Coll. on Free Access to Information
- Act No 513/1991 Coll., the Commercial Code, as amended
- Act No 145/1995 Coll. on Administrative Fees, as amended
- Act No 91/2010 Coll. on the Promotion of Tourism
Personal data will be processed for the duration of ten (10) years and provided to the relevant tax authority, or other authorised state authority. Purchase orders, invoices and contracts will be published on the website and in the Central Register of Contracts.
Investigation of reported whistleblowing activities
The Controller is legally obliged to investigate the complaints and to ensure the legal procedure for their investigation in accordance with Act No. 54/2019 Coll., the Act on the Protection of Whistleblowers, as amended.
Personal data will be processed for the duration of five (5) years from the conclusion of the proceedings and will be provided to the parties to the proceedings, the Office for the Protection of Whistleblowers, the Ministry of Justice, and any other authorised state authority.
Collecting and providing contact details
It is in the public interest for the Controller to ensure proper and timely communication which involves the collection of personal data of persons with whom it communicates, employees (employees of service providers, state and public administration bodies), other contact data within the scope of statutory activities. The processing is carried out in accordance with the specific legislation governing the activities of the Controller, imposing tasks and obligations in conjunction with Section 78 of Act No. 18/2018 Coll. on the Protection of Personal Data and Regulation 2016/679 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of Such Data.
The personal data will be stored for the duration of ten (10) years or for as long as the data subject is registered as a contact and/or for the duration of the contractual relationship. Personal data will be provided to the parties to the contract, the communication partners.
Rights of data subjects
Bratislava, the Capital City of the Slovak Republic, registered office at Primaciálne námestie 1, 814 99 Bratislava, Company ID no. 00 603 481 (hereinafter referred to as the City or the "Controller") processes your personal data solely in accordance with the legal terms and conditions pursuant to the Regulation ↗︎ and the Data Protection Act ↗︎.
When processing personal data, you are the data subject, i.e. the person whose personal data are being processed.
As a data subject, you may exercise your rights concerning the processing of personal data. If necessary, the Controller may ask you to provide additional information concerning your identity, in accordance with Article 12(6) of the Regulation. The purpose of identity verification is to prevent unauthorised persons from accessing personal data.
Your rights under the Regulation and the Data Protection Act
Right of access to personal data
You have the right of access to your personal data and the right to obtain confirmation of whether your personal data are being processed. If your personal data are being processed, you have the right to be informed to the extent of this policy and to access your personal data. You have the right to be provided with a copy of the personal data we hold about you, as well as information on how we use your personal data. In most cases, your personal data will be provided to you written in paper form, unless a different method of disclosure is requested. If you request this information electronically, it will be provided to you electronically wherever technically possible. If you repeatedly request the provision of your personal data to the same extent, the Controller may charge you a reasonable fee corresponding to the administrative costs.
Right to rectification
You have the right to rectify the personal data processed about you if the data are incorrect or inaccurate. It is essential for the Controller to have the correct information about you. Therefore, if you find that the information we hold about you is incorrect, inaccurate or incomplete, please notify us and request that your data be rectified (e.g. change of residence, change of contact, change of surname in case of marriage, etc.). We will then correct/complete the data without undue delay.
Right to erasure
If we process your personal data in an unlawful manner, e.g. for a longer period of time than necessary or unjustifiably, you have the right to have your personal data erased ("right to be forgotten").
Restriction of processing
If you request the rectification of your personal data or object to the erasure of your personal data, if the processing is unlawful, or if the Controller no longer needs the personal data for its purposes but you may need them to prove or to defend your legal claims, or if you have objected to the processing of your personal data on other grounds, we will restrict the processing of your personal data for as long as is possible to resolve the matter.
Right to object
If you deem that the Controller does not have the right to process your personal data, or if you wish to have an automated decision reviewed, you may object to the processing. In such cases, we may only continue to process your data if we can demonstrate compelling legitimate grounds that outweigh your interests, rights and freedoms. However, we may process your personal data whenever necessary for the establishment, exercise or defence of legal claims.
Right to withdraw consent
You have the right to withdraw your consent at any time. We will inform you of the conditions for withdrawing your consent upon obtaining it. Withdrawal of consent does not affect the lawfulness of the processing of personal data until its withdrawal. The withdrawal of consent does not automatically imply the destruction of personal data (see right to erasure).
Right to lodge a complaint
If you wish to lodge a complaint about the way in which your personal data are processed, including the exercise of the rights detailed above, please contact us at the address indicated in the header of this document. We will duly investigate all your requests and complaints. You have the right to lodge a complaint with the supervisory body, which is the Data Protection Office of the Slovak Republic.
You can exercise your rights at the address of the Controller and/or by contacting the Data Protection Officer.