Grafická verzia

Rýchla navigácia:

Preskočiť rýchlu navigáciu

Hlavná navigácia:

Preskočiť hlavnú navigáciu

General information

Protection of personal data (GDPR)

Identification data for the controller;

 

Sociálna poisťovňa
Ul. 29. augusta 8 a 10, 813 63 Bratislava
Organisation reg. No: 30807484

 

The Social Security Agency (‘SSA’) is a public-law institution established to provide social security on the basis of Act No 461/2003 on Social Security, as amended. The SSA provides social security, which includes sickness insurance, pension insurance – retirement and invalidity, injury, guarantee and unemployment insurance. The Social Security Agency also carries out activities in the area of retirement pension savings – in particular, it collects contributions, transfers them to pension management companies and registers retirement pension savings contracts on the basis of Act No 43/2004 on retirement pension savings.

 

Data protection officer

In order to supervise the processing of personal data, the Social Security Agency has appointed a data protection officer, who can be contacted by email at zodpovedna.osoba@socpoist.sk or by post at Zodpovedná osoba, Sociálna poisťovňa, ústredie, Ul. 29. augusta 8 a 10, 813 63 Bratislava, with ‘DO NOT OPEN’ marked on the envelope.

 

Data subject

Data subject means the natural person who the processing of personal data concerns. In relation to the Social Security Agency, it is any natural person about whom information is kept in the SSA IT system, in particular, insured persons, beneficiaries, insurance payers – SEP, retirement pension savers, legal representatives, authorised persons, SSA employees, etc.

 

Processing of personal data

The SSA processes personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (‘GDPR’) and Act No 18/2018 on the protection of personal data and amending certain acts (‘the Act’) for the purpose of providing social security and carrying out activities in the area of retirement pension savings.

The SSA, as the controller, processes personal data about data subjects within the meaning of Article 6(1)(c) of the Regulation to the extent pursuant to specific legislation on the basis of Act No 461/2003 on social security, as amended, and Act No 43/2004 on retirement pension savings. The data subject is required to provide the personal data processed under that legislation for the purpose of providing social security.

The SSA may provide, transfer or disclose personal data collected and processed on the basis of those laws to third parties, e.g. to other public authorities or bodies designated by specific regulations.

For the provision of social security, the SSA acts as the competent institution, the institution of the place of residence, the institution of the place of abode, the liaison body and the contact institution for communication between the relevant institutions and recipients of benefits, and between the institutions of the Member States of the European Union, the institutions of the countries party to the Agreement on the European Economic Area and that of the Swiss Confederation.

The SSA also processes personal data within the meaning of Regulation 883/2004 of the European Parliament and of the Council of 29 April 2004 on the coordination of social security systems and Regulation (EC) No 987/2009 of the European Parliament and of the Council of 16 September 2009 laying down the procedure for implementing Regulation (EC) No 883/2004 on the coordination of social security systems. The purpose of the processing of personal data is to provide social security for data subjects who have moved or move between EU Member States. On the basis of an international agreement concluded for the implementation of the abovementioned EU legislation, the SSA also acts as an interconnection point for all relevant authorities in the Slovak Republic that are obliged to exchange the specified data within the EU Member States.

Other legal bases under which the SSA processes personal data as the controller:

 

A) within the meaning of Article 6(1)(a) GDPR and Section 13(1)(a) of the Act for the purpose of:

  • keeping a jobseekers register,

  • surveying client satisfaction with the services provided;

B) within the meaning of Article 6(1)(b) GDPR and Section 13(1)(b) of the Act for the purpose of carrying out a selection procedure to fill a post;

C) within the meaning of Article 6(1)(f) GDPR and Section 13(1)(f) of the Act for the purpose of contacting a client in connection with the provision of social security;

D) within the meaning of Article 6(1)(f) GDPR and Section 13(1)(f) of the Act for ensuring the safety of employees and clients, and protection of their property for the purpose of:

  • keeping records of visits when entering protected areas. Records are kept in visitors’ books in electronic or paper form,

  • capturing and storing videos. SP captures and stores records of the movement of persons by means of a video surveillance system that only stores a simple video without the possibility of adding further information, editing or modifying the stored videos from individual cameras.

Where data subjects withdraw their consent to the processing of personal data pursuant to A) or object to the processing under C) or D), the SSA will terminate the processing immediately.

 

Categories of processed personal data

 

When carrying out its activities, the SSA may process various categories of personal data, depending on the purpose of the processing. Such categories of personal data are, in particular: 

  • identifying information (in particular, name, surname, maiden or bachelor name, birth ID number, ID card or passport number, gender, permanent address, temporary residence if the person has one, contact address and nationality);
  • other data (e.g. contact details such as telephone, fax, email, mobile, bank account number) related to social security within the scope of the documentation kept by the SSA under specific legislation;
  • videos and audio recordings (e.g. the operator’s video recordings);
  • health data (e.g. medical reports and health assessments);
  • other relevant data (e.g. data on litigation, probate proceedings, enforcement proceedings, bankruptcy and data related to the fulfilment of the data subject’s legal obligations).

Provision of personal data to recipients

Personal data processed by the SSA may be provided to recipients who have the status of separate controllers and to whom, on the basis of specific legislation, an international treaty by which the Slovak Republic is bound or your consent, the SSA is obliged or entitled to provide it.

Processing of personal data may be carried out by a SSA within the meaning of Article 28 of the Regulation through a processor, on the basis of a contract or other legal act binding the processor in relation to the controller and specifying the subject matter and duration of the processing, the nature and purpose of the processing, the list or scope of the personal data, the categories of data subjects and the obligations and rights of the controller. In the context of the above, as the controller, the SSA uses, in particular, the following categories of processors for the processing of personal data:

  • an intermediary providing support for information and communication technologies, systems or data transmission;
  • an intermediary for the delivery of benefits (monetary);
  • an intermediary providing physical and object security.

At the request of the data subject, the SSA will transfer personal data to third countries on the basis of bilateral social security treaties concluded between the Slovak Republic and the third country concerned.

 

Retention of personal data

The SSA respects the principle of minimising the retention period for personal data. At the same time, the SSA’s activities are subject to specific rules laying down the retention period for certain data.

The SSA keeps personal data processed for the purposes of social security pursuant to Act No 461/2003 and Act No 43/2004 for a period of 20 years from the end of the social security or the death of a natural person, or from the date when a natural person is declared dead, whichever happens first, unless specific legislation provides for a longer period in a specific case.

The SSA stores, deletes and destroys personal data in accordance with generally binding legislation, in particular Act No 395/2002 on archives and registers, as amended, and the approved SSA Registry Plan. The SSA physically destroys personal data according to its own internal rules.

 

RIGHTS OF DATA SUBJECTS

Right of access to personal data

Data subjects have the right to obtain confirmation as to whether personal data relating to them is being processed and to obtain access to that personal data from the controller.

 

Right to correction of personal data

Data subjects have the right to the correction of inaccurate personal data concerning them by the controller without undue delay. The data subject is entitled to have any incomplete personal data supplemented, including by means of a supplementary statement, with respect to the purposes of the processing.

 

Right to deletion of personal data

Data subjects have the right to have personal data relating to them deleted without undue delay. The SSA is obliged to delete personal data when it is no longer necessary for the purposes for which it was collected or otherwise processed, in accordance with the statutory conditions. If a data subject who has gave the SSA consent to process data requests the deletion of that data, the SSA shall do so without delay and at the latest within 30 days from the date of receiving the withdrawal of consent under the specified conditions. The SSA is not entitled to delete a data subject’s personal data which it processes on the basis of specific legislation.

 

Right to restriction of personal data processing

The data subject has the right to restrict the processing of personal data by the SSA where the data subject has contested the accuracy of the personal data for a period of time allowing the controller to verify the accuracy of the personal data, or where the processing is unlawful, or where the SSA, as the controller, no longer needs the data subject’s personal data for the processing purpose for which it was collected.

 

Right to object to the processing of personal data

Data subjects have the right to object, at any time, to the processing of personal data concerning them carried out on the basis of Article 6(1)(e) or (f) of the Regulation for reasons concerning their particular situation. They have the right to object to the processing of their data for the purpose of direct marketing, including profiling.

 

Right to transferability of personal data

Data subjects have the right to obtain personal data concerning them that they have provided to the controller and the right to transfer that personal data to another controller, where technically possible.

 

Right to withdraw consent to the processing of personal data at any time

Where the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw that consent at any time and in the same way as it was granted.

 

The data subject is entitled to lodge a complaint regarding the processing of personal data with the supervisory authority, the Office of the Slovak Republic for the Protection of Personal Data – Úrad na ochranu osobných údajov Slovenskej republiky, Hraničná 12, 820 07 Bratislava.

The data subject may claim the above rights from the data protection officer (‘DPO’) by email to zodpovedna.osoba@socpoist.sk, by post to Zodpovedná osoba, Sociálna poisťovňa,

ústredie, Ul. 29. augusta 8 a 10, 813 63 Bratislava, with ‘DO NOT OPEN’ marked on the envelope. The DPO may also be notified of any leak of personal data or other serious facts relating to the processing of personal data by the Social Security Agency.