Notice fulfilling the reporting obligation

We hereby inform you about the method and conditions of processing your personal data as well as about your rights that are associated with it.

The personal data protection is a matter of great importance to us. Owing to this fact, we continuously analyze all the processes related to personal data processing and ensure their compliance with the GDPR regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “GDPR“), binding on all the EU member states, and with the Act No. 18/2018 Coll. on personal data protection, amending and supplementing certain Acts (hereinafter as “the Act“).

1. Who is the controller in relation to your personal data?

The controller in regard to your personal data is Slovenská akreditačná agentúra pre vysoké školstvo (Slovak Accreditation Agency for Higher Education), Nám. Slobody 6943/11, 811 06 Bratislava – mestská časť Staré Mesto.

For exercising any and all your rights related to personal data protection, we would like to provide you with our contact details:

Slovenská akreditačná agentúra pre vysoké školstvo

(Slovak Accreditation Agency for Higher Education)

Nám. Slobody 6943/11

811 06 Bratislava – mestská časť Staré Mesto

If you have any question regarding personal data protection the answer to which is not available in these terms and conditions, if you would like to have a more detailed information on any of these points or if you would like to exercise any of your rights to personal data protection, do not hesitate to contact us:

A. for postal communication, please, use the following contact details:

Slovenská akreditačná agentúra pre vysoké školstvo

(Slovak Accreditation Agency for Higher Education)

Nám. Slobody 6943/11

811 06 Bratislava – mestská časť Staré Mesto

B. for e-mail communication, please, use the following contact details:

e-mail: gdpr@saavs.sk

2. Who is responsible for fulfilling the obligations?

Due to the fact that the obligation in question arises from the legislation, we have a designated person responsible for personal data protection whose contact details are listed in point 1.

3. What is the scope, purpose and legal basis for processing of personal data?

We process personal data only to the extent necessary.

We process personal data for purposes related to our activities, but only to a minimal extent so as to comply with the principle of minimizing the purpose of personal data processing stated in the GDPR, according to which the controller may collect personal data only for specific, explicit and legitimate purposes.

We process personal data lawfully and only within the legal bases stated in Article 6 (1) of the GDPR (simply put, we are allowed to process your personal data only in one of the following cases[1]). In this regard we emphasize that the legal bases in question, on the ground of which it is allowed to process your personal data, also include giving your person’s consent to the processing of personal data, but only if there is no other legal basis. Your specific consent to the processing of personal data is not required in this case.

We hereby inform you that, as the controller, we process only and solely your personal data for the following purposes and on the ground of the following legal bases:

ListPurposeLegal basis
Name, surname, academic degree, address, bank account number, company registration number, VAT ID, business address, billing address, bank details – based on the contractKeeping accounting records: payroll accounting, accounting statements, banks, county court, special-purpose savings, writ of executionLegislation in force
Name, surname, residence country, e-mail address, telephone numberKeeping records of contractual relationships with third parties, including natural or juridical personsLegislation in force
Name, surname, academic degrees, telephone number,
e-mail address, date of birth, citizenship, nationality, address (street, number, town/city, postcode), bank details – based on the contract, CV
Keeping reviewers’ recordsConsent
Name, surname, academic degrees, address, telephone number, e-mail address, image of face and figure, place of recordingOrganizing conferences, training workshops and coursesLegitimate interest/consent
Name, surname, date of birth, birth certificate number, ID number, address, e-mail address, telephone number, signatureProcessing public procurementLegislation in force
Degree, name, surname, address, e-mail address, signatureProviding information, exercising the rights of data subjects, reporting in accordance with legislationLegislation in force
Degree, name, surname, address, e-mail address, signatureHandling complaintsLegislation in force
Name, surname, address (street, number, town/city, postcode)Storing and archiving documents, management of personal files, payslips and subsequent issuance of certificates of credit for years of work, payroll dataLegislation in force

We process personal data of the data subject to the extent mentioned above. Personal data are processed only by designated persons who have been duly authorized and instructed.

4. To whom are your personal data provided?

We protect your personal data and we do not make them available or provide them to third parties or entities. If such an obligation arises from law or from a decision of a public authority, your personal data may also be provided to a public authority or other entity.

5. Do we transfer your personal data outside the European Union?

The controller would like to inform you that your personal data are not transferred outside the European Union to third countries or international organizations.

6. For how long do we keep your personal data?

Personal data, the storage of which is necessary for the fulfillment of all our obligations under the legal regulation, must be kept for the period specified by the relevant legal regulation, regardless of your consent. For tax and accounting documents, this period is usually 10 years.

After the expiration of the storage period, we ensure their deletion or anonymization in full compliance with the GDPR.

7. What are your rights against the agency in the field of personal data protection?

As the data subject, you are entitled to several rights on the ground of the GDPR. We hereby draw your attention to the following rights:

7.1 The right to request access to personal data

You have the right to request us to confirm whether we process your personal data, and if so, you have the right to access these personal data as well as the right to be informed about the processing of your personal data. For this purpose, you can contact us at any time using the contact details provided in the “What are our contact details?” section.

7.2 The right to request correction and/or completion of personal data

You have the right to request correction of the incorrect personal data concerning you without undue delay as well as the right to request completion of the incomplete personal data. For this purpose, you can contact us at any time using the contact details provided in the “What are our contact details?” section.

7.3 The right to request deletion of personal data

You have the right to request the immediate deletion of your personal data only if:

  • personal data are no longer needed for the purposes for which they were obtained or otherwise processed;
  • you withdraw the consent on the basis of which the processing of personal data is carried out and there is no other legal basis for the processing;
  • you object to the processing and there are no prevailing legitimate reasons for the processing;
  • personal data were processed illegally;
  • personal data must be deleted in order to comply with a legal obligation under the European Union law or the law of the member state to which we are subject;
  • personal data were obtained in relation to the offer of information society services pursuant to Article 8 (1) of the GDPR.

For this purpose, you can contact us at any time using the contact details provided in the “What are our contact details?” section. We will then assess whether there are exceptions in your case and your data need not be deleted even if any of the above conditions are met (e.g. it is necessary for the exercise of legal claims).

7.4 The right to restrict the processing of personal data

You have the right to restrict the processing of your personal data (i.e. only storing your data, but not processing them in any other way), if:

  • you have contested the accuracy of your personal data;
  • the processing is illegal and you object to the deletion of your personal data and ask to restrict their use instead;
  • we no longer need your personal data for processing purposes, but you need them to prove, exercise or defend legal claims;
  • you object to the processing.

For this purpose, you can contact us at any time using the contact details provided in the “What are our contact details?” section. We will then assess whether there are exceptions in your case and your data can be processed in other ways, not just by storage.

7.5 The right to object to the processing of personal data

You have the right to object to the processing of your personal data if the legal basis for the processing of the data is:

a) the necessary performance of a task carried out in the public interest or in the exercise of public authority; or

b) the necessary processing for the purposes of legitimate interests pursued by our company or a third party, except where such interests are outweighed by the interests or fundamental rights and freedoms of your person which require the protection of personal data, in particular if the data subject is a child.

If your data are or will be processed for the purposes of direct marketing, you have the right to object to the processing of personal data to the extent related to such direct marketing at any time.

For this purpose, you can contact us at any time using the contact details provided in the “What are our contact details?” section.

We may process your personal data only if we demonstrate the necessary legitimate reasons for the processing, which would outweigh the interests, rights and freedoms, or the reasons for proving, exercising or defending legal claims.

7.6 The right to data portability

If the processing of your personal data is carried out by automated means, with your consent or for the purposes of the contract, you have the right to obtain the provided personal data concerning you in a structured, commonly used and machine-readable format and you have the right to transmit this data to another person (controller). For this purpose, you can contact us at any time using the contact details provided in the “What are our contact details?” section.

7.7 The right to withdraw consent to the processing of personal data at any time

Last but not least, you have the right to withdraw your consent to the processing of personal data concerning you at any time. The withdrawal of your consent does not affect the lawfulness of the processing of personal data based on the consent prior to its withdrawal. For this purpose, you can contact us at any time using the contact details provided in the “What are our contact details?” section.

7.8 The right to lodge a complaint with a supervisory authority

We hereby also inform you that if you consider the rights of a natural person to be violated when processing your personal data or if you consider the GDPR regulation to be violated, you may lodge a complaint regarding the personal data protection with the Office for Personal Data Protection of the Slovak Republic. A sample proposal is available on the website of the Office for Personal Data Protection of the Slovak Republic at www.dataprotection.gov.sk.

8. Are you obliged to provide us with your personal data?

The provision of your personal data is in principle voluntary, but some of your personal data are required for the proper performance of the contract, fulfillment of legal obligations, and therefore if they are not provided, it will not be possible for us to properly perform obligations related to the delivery of goods or services, or to the e-shop or loyalty programme registration.

9. Do we collect your personal data from sources other than you?

No, all personal data we process come solely from you. We do not collect your personal data from other sources. In the case of children who have not reached the age of sixteen (16), we obtain their personal data from their legal representatives.

10. What basic technical and organizational measures have been taken to protect your data?

In order to maximize the protection of your personal data, we have implemented the following safeguards within the personal data processing and have taken mainly the following technical and organizational measures:

  • we have developed internal documentation concerning the processing of personal data and their protection which is fully compliant with the GDPR and the law;
  • we have instructed all the persons who have authorized access to your personal data and these persons process your personal data on the basis of our instructions which are in accordance with the GDPR;
  • we regularly train the persons who are authorized to process your personal data;
  • we carry out regular monitoring of legal regulations in the field of personal data protection;
  • we select our partners also in regard to the guarantee of their reliability and professional care in the processing of personal data of our clients, while these entities are bound by confidentiality and the obligation to take appropriate technical and organizational measures to ensure that the personal data processing meets the GDPR requirements;
  • your personal data are processed on personal computers and laptops located in lockable premises, while the access by third parties to these premises is limited and monitored at the same time;
  • access to the operating system of individual personal computers and laptops is limited and conditioned by entering a special unique password. Upon leaving the workplace, each person will ensure logging out from the operating system of the relevant personal computer or laptop. At the same time, each person will also ensure turning off the personal computer or laptop and locking the entrance door to the premises;
  • all websites and applications on which your personal data are stored are password-protected and encrypted;
  • personal computers and laptops, which contain electronic data of the information system, are equipped exclusively with legal and approved software that provides protection against viruses and spyware or other possible attacks by computer hackers. The scope of access and the method of assigning passwords, regular changes and updates of passwords are regulated by an internal directive. The most important documents or files that are located in information systems are also password-protected by a password created and administered by the author of the document or by other authorized persons, in particular the persons to whom the document is addressed;
  • we ensure the disposal of documents in printed form on a regular basis by means of a shredding machine in such a way that the discarded documents and folders cannot be reconstructed for re-use in any way;
  • we ensure the disposal of electronic documents and data in such a way that the given documents and data are permanently and irreversibly deleted from the hard disk of the server computer.

11. Do we implement automated decision-making, including profiling?

We do not implement automated decision-making, including profiling.

12. Other related information

These privacy terms and conditions are liable to occasional changes. However, your rights under these terms and conditions will not be restricted without your express consent. Any changes to the terms and conditions of personal data protection will be posted and available on this website. Users will be informed of any significant changes in advance (this also applies to e-mail notifications in particularly serious cases).


[1] The controller is allowed to process personal data only if:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.