Notification fulfilling the information obligation

The protection of personal data is very important to us. For this reason, we continuously analyze all processes of personal data processing and ensure their compliance with the General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter „GDPR“, which is binding on all Member States of the European Union, as well as with Act no. 18/2018 Coll. on Personal Data Protection and Amendments to Certain Acts (hereinafter referred to as the “Act”).


1. What are our contact details?

To apply all and any of your privacy rights regarding the protection of personal data, we would like to provide you with our contact details:

Slovenská akreditačná agentúra pre vysoké školstvo

Slovak Accreditation Agency for Higher Education
Nám. Slobody 6943/11, 811 06 Bratislava

If you have a question that is unanswered in these Privacy Terms and Conditions, or if you would like more detailed information on any of these points, or would like to apply any of your privacy rights, please do not hesitate to contact us:

A. for postal communication, please use the following contact details:

Slovak Accreditation Agency for Higher Education, Nám. Slobody 6943/11, 811 06 Bratislava

B. for electronic communication, please use the following contact details:

e-mail contact: info@saavs.sk

C. for telephone communication, please use the following contact details:

telephone number: +421 948 181 367


2. What is the extent, purpose and legal basis of data processing? Lawfuless of processing

We only process personal data to the extent necessary.

We process personal data for purposes related to our activities, but only to a minimal extent, to comply with the principle of minimizing the purpose of personal data processing set out in the GDPR, according to which the operator may obtain personal data only for specifically identified, explicit and legitimate purposes.

We process personal data lawfully, and only within the legal bases set out in Art. 6 Sec. (1) GDPR (to put it simply, we can only process your data if  this is one of the following reasons [1]). In this case, we emphasize that the legal bases in question, based on which it is possible to process your data, also include giving your person’s consent to the processing of personal data, but only if there is no other legal basis, is not required for this case. also your specific consent to the processing of personal data).

In this way we would like to inform you that, as the controller, we only and exclusively process your data for the following purposes and based on the following legal bases:

List PurposeLegal basis
Name, surname, title(s), phone number, email address, date of birth, citizenship, nationality, address (street, registration number, city, postcode, state) Keeping the records of applicants for inclusion in the Slovak Accreditation Agency for Higher Education   § 18 of the Act
no. 269/2018 Coll.

We process the personal data of the subject to the extent described above. The processing of such data is eligible under the Regulation of European Parlament and the Council of EU (GDPR) if it is necessary for the performance of the data subject’s contract (Art. 6 letter b) and the needs of authorized state control bodies or third parties (Art. 6 letter e) and f), the operator is obliged to provide this information to the control authorities.

Personal data shall only be processed by the persons who have been duly authorized and instructed.


3. To whom is your personal data provided?

We protect personal data and we do not disclose or provide it to third parties or entities. If such an obligation arises from a law or a decision of a public authority, your personal data may also be provided to a public authority or other entity.


4. Do we transfer your personal data outside the European Union?

The operator would like to inform you that your data is not transferred outside the European Union to third countries or international organizations.


5. How long do we keep your personal data for?

We must retain personal data, the retention of which is necessary for the fulfillmnt of all our obligations under the legal regulation, for the period specified by the relevant regulation. For tax and accounting documents this period is usually 10 years.

Upon expiry of the retention period, we provide for the deletion or anonymization of data in full compliance with GDPR.


6. What are your rights in the field of data protection?

As a data subject, GDPR gives you several rights which we would like to draw your attention to in this way, namely:

6.1 Right of access by the data subject

You have the right to request confirmation from us whether we process personal data that concerns you and, if so, you have the right to gain access to this personal data as well as the right to basic information about the processing of your personal data. For this purpose, you can contact us at any time by using the contact details provided in Section 1: „What are our contact details?“

6.2 Right to rectify data and complete data

You have the right to require us to rectify incorrect data concerning you, as well as the right to add incomplete data without undue delay. For this purpose, you can contact us at any time by using the contact details provided in Section 1: „What are our contact details?“

6.3 Right to get your data deleted

You have the right to request the immediate deletion of your personal data only if:

  • personal data are no longer necessary for the purposes for which they were obtained or otherwise processed;
  • you withdraw the consent based on which the processing is carried out and there is no other legal basis for processing;
  •  you object to processing and there are no legitimate reasons for processing;
  • personal data were processed illegally;
  • personal data must be deleted to fulfill a legal obligation under European Union law or the law of the Member State to which we are subject;
  • personal data were obtained in connection with the offer of information society services under Art. 8 Sec. 1 of GDPR.

For this purpose, you can contact us at any time by using the contact details provided in Section 1: „What are our contact details?“ and we will then consider whether there are exceptions in your case where your data does not need to be deleted even if any of the above conditions are met ( eg it is necessary to assert legal claims).

6.4 Right to restrict processing of data

You have the right to restrict processing of your data (eg only to store your data but not otherwise process it) if:

  • you have challenged the accuracy of your personal data;
  • the processing is illegal and you object to the deletion of personal data and ask instead to restrict their use;
  • we no longer need your personal data for processing, but you need it to prove, claim or defend legal claims;
  • you object to processing.

For this purpose, you can contact us at any time by using the contact details provided in Section 1: „What are our contact details?“ and we will then consider whether there are exceptions to your personal data that may be processed in any other way, not just by storage.

6.5 Right to object to processing of data

You have the right to object to processing of your personal data if the legal basis for the processing of your personal data is:

  1. the necessary fulfillment of a task carried out in the public interest or the exercise of official authority or
  2. processing is necessary for legitimate interests pursued by our company or a third party, except where such interests outweigh the interests or fundamental rights and freedoms of your person which require the protection of personal data, in particular if the data subject is a child.

If your data is being processed or will be processed for direct marketing purposes, you have the right to object to processing of personal data at any time to the extent that it relates to such direct marketing.

For this purpose, you can contact us at any time by using the contact details provided in Section 1: „What are our contact details?“

We may only process your personal data if we establish the necessary legitimate reasons for processing that outweigh the interests, rights and freedoms or or the reasons for proving, asserting or defending legal claims.

6.6 Right to data portability

If the processing of your personal data is carried out by automated means, with your consent or for the purposes of performing the contract, you have the right to obtain the personal data concerning you and which you have provided to us in a structured, commonly used and machine-readable format; you have the right to transfer this data to another person (operator). For this purpose, you can contact us at any time by using the contact details provided in Section 1: „What are our contact details?“

6.7 Right to withdraw consent to processing data

Last but not least, you have the right to withdraw your consent to processing of personal data concerning you at any time. Withdrawal of consent shall not affect the lawfulness of processing data based on consent before its revocation. For this purpose, you can contact us at any time by using the contact details provided in Section 1: „What are our contact details?“

6.8 Right to lodge a complaint with a supervisory authority

In this way, we also inform you that if you consider that the rights of individuals have been violated in processing data or the GDPR Regulation has been violated, you may file a motion to initiate proceedings on the protection of data, namely the Office for Personal Data Protection of the Slovak Republic. A sample proposal is published on the website of the Office for Personal Data Protection of the Slovak Republic www.dataprotection.gov.sk.


7. What basic technical and organizational measures have we taken to protect your data?

In order to protect your personal data, we have implemented the following safeguards in the processing data and have taken the following technical and organizational measures in particular:

  • we have internal documentation relating to the processing and protection of personal data, which is fully consistent with GDPR and the Act;
  • we have instructed all persons who have access to your personal data on our behalf and process these personal data based on our authorization and GDPR-compliant instructions;
  • we periodically train people who process your personal data based on our authorization;
  • we carry out regular monitoring of personal data protection legislation;
  • access to the operating system of individual personal computers and laptops is limited and conditioned by entering a special unique password. Upon leaving the workplace, each person ensures logout from the operating system of the relevant personal computer and laptop and at the same time it also turns off and locks the entrance door to the premises;
  • all sites and applications that store your personal data are protected by a password and encryption;
  • personal computers and laptops containing electronic data of the information system are exclusively equipped with legal and approved software that protects against viruses and spyware, respectively other possible hacker attacks. The extent of access and the method of assigning passwords, periodic changes and password updates are laid down in an internal directive. The most important documents, respectively the files contained in the information systems are also protected by a password created and held only by the author of the document or other authorized persons, especially the persons to whom the document is addressed;
  • we dispose of documents in printed form using a document shredder in such a way that discarded documents and folders cannot be reconstructed for reuse in any way at regular intervals;
  • we dispose of electronic documents and data in such a way that the documents and data are permanently deleted from the hard disk of the server computer.

8. What is the other related information?

These privacy terms may change from time to time, but we will not restrict your rights under these terms without your explicit consent. Any changes to the privacy policy will be posted on the site www.saavs.sk. Users will be informed of any significant changes to the privacy policy in advance (this also applies to e-mail notification in particularly severe cases).

These conditions are valid from 11 November 2018