Privacy Policy

Information on the Processing of Personal Data

  1. Basic Provisions
    1. In accordance with Act No. 18/2018 Coll. on Personal Data Protection and Amendments to Certain Acts (hereinafter referred to as the “Personal Data Protection Act”), the operator of the website, responsible for processing the personal data, is BRATISLAVA BY HEART, s. r. o., ICO: 50 257 153, DIC: 2120273023, with registered office at Nam. Hraniciarov 1, Bratislava, 851 03, Slovak Republic, registered in the Commercial Register of the Municipal Court Bratislava III, Section: Sro, Insert No. 110244/B, email address: info@bratislavabyheart.com, telephone number: +421 910 920 925 (hereinafter referred to as the “Operator”).
    2. For the purposes of this Privacy Policy, the data subject is any natural person whose personal data is being processed and who has entered into a contract with the Operator (hereinafter referred to as the “Data Subject”).
    3. This Privacy Policy is available on the Operator’s website.
    4. Prior to concluding the contract, the Data Subject shall confirm that they have read this Privacy Policy.
  2. Processing of Personal Data, Purpose, Legal Basis, and Scope
    1. If the natural person has chosen to use the Operator’s services, their personal data, including their name, surname, address, telephone number, and email address, will be processed in the “IS Services” information system for the following purposes:
      Provision of Services: This is to fulfil contracts, which includes the contracting process, fulfilment of contractual obligations, and storage of relevant documents for the duration of the contract.
      The information that the Operator collects is used in particular, for the purposes of managing orders, administering information, and collecting customer feedback. The legal basis for this processing is in accordance with § 13, paragraph 1, letter b) of the Personal Data Protection Act, which states that processing is necessary for the performance of a contract to which the data subject is a party, or for taking steps at the request of the data subject prior to entering into a contract.
    2. The Operator is entitled to process the personal data of the Data Subject without their consent based on a directly enforceable legally binding act of the European Union or an international treaty to which the Slovak Republic is a party, provided that such acts allow for it.
    3. If the personal data of the Data Subject is not processed based on a special law, a directly enforceable legally binding act of the European Union, or an international treaty, it will be processed based on a contract between the Data Subject and the Operator, on the basis of legal acts that establish pre-contractual relations, or based on the demonstrable consent of the Data Subject. The content of such consent must also specify the duration for which the consent was granted.
    4. The Operator is authorized to process personal data without the consent of the Data Subject in other cases and under the conditions specified in the Personal Data Protection Act.
    5. The Operator stores and processes personal data for the period established by a special law, or if it is personal data processed on the basis of the consent of the Data Subject, during the period for which the consent was granted, if it is a contractual relationship with the Data Subject, during its validity. After this period has expired, the Data Subject may request a new consent for a further period, or the contractual relationship may be extended by a written amendment. In the event that the Data Subject does not give their consent for a further period, or requests the termination of the processing of their personal data in the Operator’s information systems, the Operator shall immediately terminate the processing of such personal data and dispose of their data in a secure manner (except the case when the retention of personal data is mandated by a special law).
  3. Authorised Persons
    1. On behalf of the Operator, personal data is processed by authorized persons, defined as natural persons who come into contact with personal data within the framework of their employment relationship or other authorized arrangements.
  4. Providing, Making Available, Publishing, and Cross-Border Transfer of Personal Data
    1. The Operator is authorized to provide personal data of the Data Subject to the Operator’s contractual partners, including, if applicable, those in other EU countries, directly based on the concluded contract and the Data Subject’s consent. The Operator does not transfer personal data outside of EU countries.
    2. Without the Data Subject’s consent, the Operator is obligated to provide or make the Data Subject’s personal data available to third parties or recipients if this is required by a special law. Upon written request, the Operator must provide such information to:
      1. a court, including a notary as a court commissioner for the purposes of civil court proceedings in which the Data Subject is a party or whose property is the subject of the proceedings,
      2. a law enforcement agency or a court for the purposes of criminal proceedings,
      3. a tax authority, a customs authority or a tax administrator, which is a municipality, in matters of tax proceedings or a customs authority in matters of customs proceedings in which the Data Subject is a participant according to a special regulation, including recovery of tax arrears in tax enforcement proceedings or recovery of customs debt in customs enforcement proceedings,
      4. financial control reports in the performance of financial control according to a special regulation,
      5. a court bailiff authorized to carry out enforcement according to a special regulation, or the Slovak Chamber of Bailiffs for the purpose of ensuring the audit of the accounting and enforcement proceedings of a bailiff whose performance of duties has ceased according to a special regulation,
      6. a state administration body for the purpose of enforcing a decision imposing an obligation on the Data Subject to pay monetary compensation,
      7. criminal police services and financial police services of the Police Force for the purposes of detecting crimes, identifying their perpetrators, and searching for them, as well as for the purposes of the tasks of the financial police according to special regulations regarding the proving of the origin of property,
      8. the competent state authority for the purpose of fulfilling obligations from an international agreement to which the Slovak Republic is bound, if fulfilment of obligations under this agreement cannot be refused due to the protection of bank secrecy,
      9. the National Security Office, the Slovak Information Service, Military Intelligence, and the Police Force for the purpose of carrying out security checks within their scope according to special regulations.
      10. the Office for the Protection of Personal Data for the purpose of conducting inspections pursuant to a special law.
      11. the Supreme Control Office of the Slovak Republic for the purposes of control under a special law.
    3. The Operator will not make personal data available to, or provide it to, other third parties or recipients, except in cases where such an obligation is imposed by law, a directly enforceable legally binding act of the European Union, or an international treaty to which the Slovak Republic is bound. Additionally, we may provide access to or disclose personal data if it is contractually agreed upon with the Data Subject.
  5. Instruction on the Rights of the Data Subject
    1. The rights of the Data Subject in the processing of personal data are regulated under § 28 of the Personal Data Protection Act.
      1. The Data Subject has the right to demand from the Operator, based on a written request:
        1. Confirmation of whether or not personal data about them is being processed.
        2. Information, in a generally comprehensible form, regarding the processing of personal data in the information system of the Operator, which includes: identification data of the Operator, identification data of the intermediary, purpose of processing personal data, list or scope of processed personal data. Additional information: Instructions on voluntariness or obligation to provide personal data, legal basis for processing personal data, third parties, range of recipients, form of disclosure, and third countries.
        3. Precise information, in a generally comprehensible form, about the source from which their personal data for processing was obtained.
        4. A list, in a generally comprehensible form, of their personal data that is the subject of processing.
        5. Correction or disposal of any incorrect, incomplete, or out-of-date personal data that is the subject of processing.
        6. Disposal of their personal data once the purpose of processing has ended. If the subject of processing is official documents containing personal data, they can request their return.
        7. Liquidation of their personal data that is the subject of processing if there has been a violation of the law.
        8. Blocking of their personal data due to the withdrawal of consent before the expiration of its validity period, if the Operator processes personal data based on the consent of the Data Subject.
      2. The right of the Data Subject according to points 1.e) and 1.f) can be restricted only if such restriction results from a special law or if its exercise would violate the protection of the Data Subject, or if the rights and freedoms of other persons would be violated.
    2. Further terms and conditions of personal data processing are regulated by the applicable laws.
  6. Security of Personal Data
    1. When processing personal data, the Operator pays attention to security and implements measures to prevent accidental or illegal destruction, loss, alteration, unauthorized disclosure during transfer, storage, or processing, as well as unauthorized access to the data.
    2. Any person acting on behalf of the Operator and having access to personal data processes this information solely in accordance with the Operator’s instructions.
  7. Final Provisions
    1. If the Data Subject has any queries or concerns about the processing of their data available to the Operator, they may email at info@bratislavabyheart.com. The Operator will address the inquiry or concern with due care, in a time manner and in accordance with applicable laws.
    2. This Privacy Policy shall come into effect on April 1, 2025.