Unilabs Slovensko, s. r. o., with its registered seat at Záborského 2, 036 01 Martin, Company ID: 31 647 758, a company registered in the Commercial Register of the District Court of Žilina, Sec.: Sro, Insert No. 63112/L (hereinafter referred to as “Unilabs Slovensko, s. r. o.” and/or the “Data Controller”), follows the "CARE BIG" principles of personal data protection. The latter means we always treat your personal data with the highest level of security and in accordance with the relevant data protection legislation. Where personal data processing is entrusted to a Third Party, we do so with utmost care to ensure that our data processors are subject to the due diligence regarding data protection enforceable by contractual provisions.

We consider the security and accurate processing of personal data to be of the utmost importance and therefore provide you with the following information on how your personal data are processed with regards to the Data Controller's e-commerce at https://sk.unilabs.online (hereinafter referred to as “Unilabs Online”).

1. Your Personal Data Controller’s identity and contact details, Data Subject.

Your personal data you have provided or will provide to us as the Data Subject (when you register and create a user account on Unilabs Online), and as a Customer, and the personal data of a Third Party you have provided or will provide to us as a legal representative of the Third Party, the personal data that you have provided or will provide to us as a potential receiver of marketing communications and newsletters (hereinafter referred to as the “Personal Data” or “Your Personal Data”) will be processed by the Data Controller detailed below, in accordance with the relevant legislation on personal data protection: Unilabs Slovensko, s. r. o., with its registered seat at Záborského 2, 036 01 Martin, Company ID: 31 647 758, registered in the Commercial Register of the District Court of Žilina, Section: Sro, insert No. 63112/L.

Unilabs Slovensko, s. r. o. has appointed a person responsible for personal data processing, available at any time via the e-mail address: dpo@unilabs.com. The responsible contact person may be contacted to assist you to exercise your data protection rights, and to answer any questions, requests or suggestions regarding your personal data protection.

You and the Third Party that appointed you to be its legal representative are the Data Subject because Unilabs Slovensko, s. r. o. will process your personal data.

The Unilabs Online e-shop was not designed for users younger than 16-years-old, and the website sk.unilabs.online may not be used by them. However, the services offered through Unilabs Online may also be provided to clients younger than 16-years-old, subject to the consent of the child’s representatives.

2. Personal data processing

The Controller processes your personal data in accordance with the applicable data protection legislation, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the Protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “General Data Protection Regulation”), and Act 18/2018 Coll. on Personal Data Protection, and on amendments and supplements to certain Acts, as amended, (hereinafter referred to as the “Data Protection Act”).

3. Scope of collected and processed data

The Data Controller processes all personal data in the printed and digital format provided by you, in particular:

a) name, surname, birth certificate number, date of birth, age, sex, nationality, post address or business address (including the street, street number, town/city, post code, country), billing address (street, street number, town/city, post code, optionally the Company ID, Tax ID, VAT ID), email address, telephone number, history of purchased products and services, and

other data provided when you register your user account and for the Third Party’s account, to be used for the laboratory diagnostics services at Unilabs Online;

b) information about your health condition and the health condition of the Third Party’s you legally represent, especially the test results, treatment and other relevant health-related facts, as well as data related to the healthcare procedure, the scope of provided healthcare, data on provided healthcare services, and relevant epidemiological data.

Unilabs Slovensko, s. r. o. receives your personal data directly from you. In particular, the personal data (i) contact form completed on our website, or (ii) included in contracts you sign with us, or (iii) sent or communicated by you in the correspondence we exchange, or (iv) derived by us from other data you provide to us.

4. The purpose and legal regulations for your personal data processing by the Data Controller

The Data Controller processes the personal data only to the extent strictly necessary to create and use your user account or a Third Party’s account, especially to book services, to conclude a contract on laboratory diagnostic services between you, the Customer, and the Data Controller, the Provider, on the website Unilabs Online, and to fulfil such contract on laboratory diagnostic services, healthcare and related services. The Data Controller process the personal data you provide, especially:

A. to create, manage and use your user account and the Third Party’ s account on Unilabs Online, namely to:

• identify when your Unilabs Online user account is created and used;

• identify the Third Party which your legally represent, when you create a Third Party’s account under your Unilabs Online account;

• to maintain, register, manage and administer your user account and the account of the Third Party you legally represent;

Legal Basis:

The processing of personal data for purposes explained in par. A) is conditioned by your voluntary consent to the processing of your personal data, necessary to create, manage and use your user account and a Third Party’s account. To create and validate your user account and a Third Party’s account it is necessary to book a test via Unilabs Online, and to have the booking accepted and completed.

You grant your consent by providing your personal data and ticking the personal data consent box. The consent may be withdrawn at any time. Please note that by withdrawing your consent your user account and the Third Party’s account will be cancelled and you will not be able to place an order on the Unilabs Online website. A withdrawn consent does not affect the legal grounds for personal data processing based on your previous consent.

B. To perform the contract on laboratory diagnostic services, with the Customer (you) and the Data Collector as parties thereto, especially:

B1) to conclude and perform the contract, especially to:

• identify you and the Third Party you legally represent, as the party(ies) to the concluded contract, to perform and terminate the contract;

• to perform the Data Controller's obligations and duties under such contract;

• to prove, enforce, or defend the Data Controller's legal claims related under such contract;

• to discuss how the contract is to be complied with;

B2) to fulfil the Data Controller’ s legal obligation established by the contract, especially to:

• record and provide information on the provision or delivery of healthcare or related services under the contract;

• provide healthcare in compliance with the obligations under the contract;

• fulfil obligations under the regulations on the National Healthcare Information System;

• comply with tax and accounting regulations;

• fulfil the obligation to report security incidents to individuals and authorities, or other competent bodies;

• provide mandatory inspections and requests from public authorities;

• process and respond to requests and complaints filed by Data Subjects, and related duties;

Legal Basis:

For the purpose referred to in par. B), your consent to provide your personal data and the personal data of the Third Party is voluntary, but necessary for the proper performance of the contract and the rights and obligations arising therefrom, and related appropriate healthcare services. To process personal data for the purpose defined in par. B), your consent is not required. The legal regulations which allow the processing of your personal data:

1) the contract on laboratory diagnostic services;

2) generally binding legal regulations, in particular Act 576/2004 Coll. on Healthcare and Related Healthcare Services, and on amendment and supplementation to certain Acts, and other generally binding acts related to the contract;

C. To fulfil the Data Controller ’ s legal obligations under specific legal regulations, in particular to

• deal with check-ups, inspections and requests from the relevant public authorities;

• to comply with the basic principles on the processing of personal data and with the regulations, and to ensure

• personal data protection, to process it securely, to prevent data loss, destruction or unauthorised disclosure.

Legal Basis:

The legal basis for your personal data processing under par. C) is the specific legal regulation. In this case, your consent to the processing of your personal data is not required.

D. To exercise the Data Controller’ s legitimate interest, in particular:

• to protect the Data Controller's property and/or the health of its employees;

• to protect public order and safety;

• to report to Unilabs Online’s Controller;

• to record, administer and manage information about the booking and the contract;

• to update the database with the data to send contract-related communications;

• communication via web formular;

• to exercise any of the Data Controller’s legal claims under the contract;

• for direct marketing, to know your (Customer’s) satisfaction with the quality and level of laboratory diagnostic and healthcare services provided by the Data Controllers, and its Unilabs Online activities, and to inform you about news, offers and business notifications on the Unilabs Online website.


Legal Basis:

The legal basis for your personal data processing under par. D) is the Data Controller’s legitimate interest. In this case, your consent to the processing of your personal data is not required.

Please note that, in your role of Data Subject, you have the right to object at any time to having your personal data processed for direct marketing.

E. For the purpose of marketing communication, especially:

• to inform you (i) about content; (ii) to send you questions and customer survey questionnaires to valuate the Data Controller, its products and services; (iii) to send advertisements and emails;

Legal Basis:

The processing of personal data for the purposes explained in par. E), unless there is a legitimate interest, your consent to the provision and processing of your personal data is voluntary, but necessary in order to be informed by the Data Controller about its latest products, services, promotions or other commercial offers.

This consent is granted when you provide your personal data and tick the consent box to have your personal data processed for marketing purposes. You may withdraw your consent at any time by clicking the unsubscribe link at the end of each commercial email, or by sending an email to info.sk@unilabs.online. A withdrawn consent does not affect the legal grounds for personal data processing before such consent is withdrawn.


F. To send electronic newsletters, especially:

• to send (i) general advertisements, promotions and news, offers, information about the Data Controller’s products, products offered by its partners (general newsletter); (ii) personalized ads (targeted newsletter);


Legal Basis:

Regarding the processing of personal data for purposes explained in par. F), unless there is a legitimate interest, your consent to provide and have your personal data processed is voluntary, but necessary in order to be informed by the Data Controller about products, services, events, healthcare news, medicines, or other of the Data Controller’s offers and activities made available after you subscribe to the newsletter.

You can withdraw your consent at any time by clicking the unsubscribe link at the end of each newsletter, or by sending an email to info.sk@unilabs.online. A withdrawn consent does not affect the legal grounds for personal data processing based on your previous consent.


CONSENT TO NEWSLETTERS AND MARKETING CONTENT

By registering, you grant the Data Collector your consent to receive the newsletter in addition to a personalised newsletter. You also grant the Data Collector your consent to profiling - the collection and analysis of your personal data, by which we try to get as close to what you requested as possible and may be of interest to you, to address you with information tailored to you based on the creation of a personalised customer profile for a targeted newsletter (hereinafter referred to as ‘personalized newsletter’). The Customer may also object to this data processing at any time by clicking the unsubscribe link included in each newsletter or by contacting us at dpo@unilabs.com.

The Data Controller will create a profile based on the personal data you provide to us while using the services, or data the company obtains while using its services, or data you explicitly provide to us for this purpose specified in the wording of the consent, e.g. in a questionnaire, particularly the following personal data: name, surname, date of birth, contact details (correspondence address, e-mail address), purchase order history, reactions to previous orders, your interests and preferences, online identifiers and customer activity on the company website (e.g. use of cookies consented by customers), etc. This profile is the customer profile, which outlines the process of ‘classifying’ customers into several groups with similar profiles for the purposes of customised profiling, based on data processed by the Data Controller (i.e., it profiles its customers).

The primary goal of developing a customer profile, followed by classification into customer groups with similar profiles (i.e., customer segmentation) is to (i) enable Unilabs Slovensko, s. r. o. to deliver advertising content to you with a personalised newsletter tailored to the preferences of a specific customer, taking into account the customer's real needs and corresponding interests, and to (ii) develop products and services aligned with the preferences of our customers.

In this case, however, we do not use your data for profiling, which consists of automated decisions that may affect your legal situation (i.e., we do not use algorithms to adopt decisions affecting your individual claims).

The data collected for the purposes of profiling for the personalised newsletter will be kept for the duration of your consent with the newsletter subscription.

The Unilabs Online website allows you to subscribe to newsletters and marketing emails by clicking “Confirm”. In order to send this information, we need your consent to process your personal data, namely your email address, first name and surname. You may provide us with a phone number and address, which are optional data. You grant your consent by ticking the box.

After submitting the completed form with all mandatory data, such as name, surname and email address, we will send you an email with a confirmation link (the double opt-in). If you click on the link in the confirmation email within 2 days of the date of its receipt, you will be subscribed to the newsletter/marketing emails. Unfortunately, we cannot send you the newsletter/marketing emails without your consent - expressed by a ticked Consent box or activated confirmation link.

You can withdraw your subscription to newsletters/marketing emails in the future at any time by clicking the unsubscribe link in one of the newsletters/marketing emails you receive. Afterwards, we will no longer send newsletter/marketing emails to you, and your personal data as a recipient that we had processed up to then based on your granted consent will be immediately blocked and deleted without undue delay.

Your IP address, name and surname, phone number and address, and the date and time of your consent will be recorded with your consent to receive the newsletter/marketing emails, to process the personal data required therefore.

Your consent to having your personal data processed to receive newsletters/marketing emails is recorded by Unilabs Online and our internal back-end system Venalio, also used to send newsletters/marketing emails.


G. In order to provide services related to the Live & CARE loyalty program, in particular to:

• your identification when obtaining membership in the Live & CARE club;

• maintaining, keeping, recording, managing, and administering your Live & CARE Club membership account;

• to identify you for the purpose of providing benefits and discounts under the Live & CARE loyalty program.

Legal Basis:

The legal basis for the processing of personal data for the purpose set out in (G) above, is your consent to the provision and processing of your personal data, which is voluntary but necessary for obtaining and maintaining your membership of the Live & CARE Club. This consent is given by submitting your personal data and checking the appropriate box to consent to the processing of personal data for the purpose of providing services related to the Live & CARE loyalty program. This consent can be revoked at any time by sending an e-mail to info.sk@unilabs.online. Please note that by withdrawing your consent, your membership in the Live & CARE Club will be cancelled. Withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal.

5. Categories of recipients of your personal data

Your personal data and the personal data of a Third Party may be disclosed and made available to the following recipients who comply with the Data Protection Policy:

• The Data Controller’s authorised employees mainly (but not exclusively) responsible for laboratory tests, IT, marketing and commercial activities;

• subcontractors (e.g. subsidiaries) who act on behalf of the Operator to provide laboratory diagnostic services;

• subcontractors who provide services to the Data Controller under contract on the processing of personal data signed with the Data Controller (e.g. providers of IT services and applications, lawyers, auditors, etc.),

• providers of standard software, cloud or hosting services (e.g. Microsoft), databases, analytics and software systems (Blueweb, s.r.o.) and tools (e.g. Google, Meta), as acknowledged by you.


6. Data retention period

The Data Controller will store the Data Subject’s personal data for the period strictly needed to achieve the relevant purpose of personal data processing:

a. should personal data be processed for pre-contractual measures based on a request by the Data Subject and/or to fulfil the contract, based on the provisions of Cl. 6 par. 1 b), GDPR, especially the personal data you provided to the Data Controller upon creation of a user account and registration to your and the Third Party’s account, and personal data provided by you associated, related or interlinked with orders and bookings of laboratory diagnostic services, the contract signed with the Data Controller – the Unilabs Online Provider - and compliance therewith, will be stored by the Data Controller until the contract is valid and in force, and until all claims and requests induced by or related to such contract are settled after the contract has been terminated, if required and strictly necessary to fulfil the purpose for which the data were processed, especially for billing, receipt and recording of payments, to solve complaints, and to claim rights and enforcement of duties under GDPR and the Act on Personal Data Protection, and specific legal regulations.

b. should personal data be processed to comply with the Data Controller’s legal obligation, based on legal grounds established by Cl. 6 par. 1(c) of GDPR, personal data will be processed for the period of the Data Controller’s legal obligation defined by the General Data Protection Regulation, the Personal Data Protection Act, specific regulations or an international treaty by which the Slovak Republic is bound, i.e. especially your personal

data obtained while you are being provided with healthcare services, will be processed and stored by the Data Controller for this purpose for 20 years from when you receive medical care.

c. should personal data be processed based on the legitimate interests pursued by the Data Controller, based on the provisions of Cl. 6 par. 1 f) of GDPR, personal data will be processed until a legitimate interest expires, until the reason for data processing is no longer applicable, i.e., for example, when legal claims are presented under the contract, your personal data will be processed until the maximum possible prescription period to exercise the right granted by the contract expires. The prescription period begins from the first entitlement to exercise the right. In the event that court, administrative, liquidation, or other proceedings are begun, and the Data Controller claims its rights against the Data Subject therein, the retention period of the Data Subject's personal data shall not expire before such proceedings end;

d. in case personal data are processed for marketing emails and electronic newsletter (to send business notifications, ads and offers, notifications about events and the Data Controller’s news), based on legal grounds established by Cl. 6 par. 1 a), GDPR, i.e. on the basis of the Data Subjects’ separate consent to have their personal data processed for this purpose, provided that the Data Subject granted such consent to the Data Controller, the personal data will be processed until the date when the Data Subject’s consent is withdrawn, or for a specified period of time, whichever occurs sooner, i.e. the personal data provided by you for marketing emails and newsletter subscription are stored until the date your consent is withdrawn by clicking the unsubscribe link or by sending an email to: info.sk@unilabs.online or by a written request sent to the Data Controller’s registered seat; but for a maximum of 5 years from the date when the consent was given.

The personal data provided by you and collected by the Data Controller will thus always be stored within the scope and period:

i. set out in generally binding legal regulations (e.g. tax and accounting rules, healthcare regulations, etc.),

ii. is strictly needed and necessary to fulfil the individual purposes for which the personal data were collected, adhering to the principle of minimizing, which means the Data Controller does not store your personal data for longer than for a mandatory and justifiable period of time.

When this personal data becomes unnecessary or the retention period expires, the data is removed from the Data Controller's databases and information systems without undue delay, or destroyed if in written form.


7. Automated processing of personal data

Your personal data are primarily processed electronically by Unilabs Slovensko, s. r. o. in automated information systems operated by the Data Controller or its business partners - providers of analytical services.

If you use our website for informational purposes only, i.e. if you do not register, make purchases in the online shop, do not use any other services where you need to enter your personal data, and if you do not sell your personal data to us in any other way, we may nevertheless collect your personal data that is automatically transmitted to us by your browser. With the help of third-party data and analytics service providers, certain data are collected when you visit our website. We use these data to analyse how visitors use and navigate our website. Collected data include your IP address, the geographic location of your device, browser type, browser language, your request date and time, the duration of your visits, page views, and the page components (e.g. links) you click on.

We may use cookies, pixel tags, web beacons, transparent GIF files or similar tools on our website or emails to help us collect and analyse that information. The information is used to provide better and more relevant content on our website, to identify and troubleshoot problems, and to improve the overall impression of our website.

If you do not wish to have your data collected by these technologies, most browsers have a simple option to automatically block many of them, or your browser gives you the option to reject or accept them. Notwithstanding the tools mentioned in the previous sentence, if the regulations require your consent to the processing of your personal data using automated systems, we will always only process personal data after obtaining your consent. Further information on this regarding the use of cookies may be found below.

Automated individual decision-making. Profiling

‘Profiling’ means any form of automated personal data processing that uses personal data to evaluate certain personal aspects related to a natural person, in particular, the analysis or prediction of aspects of the Data Subject, such as work performance, property, health, personal preferences, interests, reliability, behaviour, location, or movement.

In such cases, the Data Controller shall primarily inform the Data Subject about the procedure, the significance, and the likely consequences of such processing of the Data Subject's data.


Cookies

Our website uses cookies. Cookies are small text files stored by the internet browser in the operating system of personal computers (PCs), tablets and smartphones. If we are obligated to ask for your consent to use cookies on our websites, you will always have the option to choose to give us such consent and manage your cookie preferences on the website. You can consent to the use of cookies by ticking the appropriate box in the bar that will automatically appear when you visit the website. You can prevent the storage of cookies by adjusting your browser settings. However, some specific cookies are necessary for the basic functioning of the website and therefore you cannot disable them. For more information on the terms and conditions of their use, please see the Cookies section.

WHAT WE USE COOKIES FOR

I. Mandatory cookies:

These cookies are absolutely necessary for the proper functioning of the website and for the use of our services, and cannot be deactivated. For example, to make navigation work, to store your products in the shopping cart until your next visit, etc.

This involves the collection of data and information using cookies for:

• Unilabs Slovensko – provided by: Unilabs Slovensko, s. r. o., Záborského 2, 036 01 Martin.

• List of cookies:

o PHPSESSID – These are HTML cookies generated by PHP-based applications. This is a universal identifier used to maintain user session variables. It is generally a randomly generated number; the way it is used can be site specific, though a good example is to enable a user to remain logged in between pages. They are processed for a period of 3 months and 1 day.

II. Functional cookies:

Functional cookies guarantee functions without which you would not be able to use the website as intended and they significantly improve your browsing experience on this website. For example, they are used to store your settings.

This involves the collection of data and information using cookies for:

• Unilabs Slovensko, Záborského 2, 036 01 Martin.

• List of cookies:

o nette-browser – An HTTP cookie used by the Nette framework for session monitoring purposes. They are processed for the duration of your visit to the site sk.unilabs.online.

III. Analytical cookies:

The Controller uses third-party cookies on sk.unilabs.online for analytical purposes. This involves the collection of data and information to evaluate the use of sk.unilabs.online and generate reports on your activity as a visitor to sk.unilabs.online, in the form of statistics, in order to improve the Controller's services and to provide other services related to its use. The collected data on traffic and activities on sk.unilabs.online are evaluated in an anonymous form. This enables us to improve our online shop and to improve the quality of the Controller's services.

This involves the collection of data and information using cookies for:

• Google Analytics – provided by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,

→ Google's data protection statement is published at: http://www.google.com/intl/sk/policies/privacy/.

→ You can also prevent the recording of cookie data relating to your use of the site by installing a browser module via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

• List of cookies:

o _ga –HTTP cookie. This cookie name is associated with Google Universal Analytics – which is a major update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning them a randomly generated number as a client identifier. It is incorporated in every page request on the website and is used to calculate visitor, session and campaign data for website analytics reports. It is processed for a period of 2 years.

o _gat_UA-38716852-1 – HTTP cookie. This is a type of cookie set by Google Analytics where the pattern element in the name contains a unique identifier for the account or website to which it relates. It is a variation

of the _gat file, which is used to limit the amount of data recorded by Google on websites with a high volume of traffic. It is processed for 1 minute.

o _gid– HTTP cookie. This cookie is set by Google Analytics. It stores and updates a unique value for each page visited and is used to count and track page views. The cookie is used for a period of 1 day.

IV. Marketing cookies:

Cookies for marketing purposes, which the Controller uses to store information about the pages on

sk.unilabs.online that you have visited and the advertising campaigns that you have seen and clicked on.

Online advertising tracking cookies show you online advertisements based on what you have viewed and clicked on, and also based on the pages of our website that you have visited. We use them to tailor offers and ads directly to you.

This involves the collection of data and information using cookies for:

Meta pixel – provided by: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

o Meta´s data protection statement is published at: https://www.facebook.com/privacy/policy

• List of cookies:

o _fbp – HTTP cookie. It is used by Meta to deliver a range of advertising products, such as real-time bidding from third-party advertisers. It is processed for a period of 3 months.

Google Ads – provided by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

→ Google's data protection statement is published at: https://www.google.com/policies/privacy/

• List of cookies:

o IDE – This cookie is set by the company Doubleclick (which is owned by Google) and carries information about the end user's use of the website and any advertising that the end user may have seen prior to

visiting that website. It is processed for a period of 1 year.

o test_cookie – This cookie is set by the company Doubleclick (which is owned by Google) with the aim of determining whether the website visitor's browser supports cookies. It is processed for a period of 15 minutes.

o VISITOR_INFO1_LIVE – This cookie is set by Youtube to track user preferences for Youtube videos embedded on the website. It can also determine whether a website visitor is using a new or old version of the Youtube interface. It is processed for a period of 6 months.

o YSC – This cookie is set by YouTube to track views of embedded videos. It is processed for the duration of your visit to sk.unilabs.online.

The legal basis for the processing of personal data obtained through cookies is:

(i) as regards the essential cookies, Article 6(1), first sentence, point (f) of GDPR applies. Our legitimate interest is always to maintain and optimize our services and to provide a functional and comfortable website.

(ii) as regards functional, analytical and marketing cookies, Article 6(1), first sentence, point (a) of GDPR applies. Your consent as a data subject. Once consent has been given, you can revoke it at any time with effect for the future in the cookie settings in your browser. Withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of your consent until revocation.

Browsing data stored according to the cookie settings are not stored in our systems. The length of time these files are stored may vary. Some cookies are deleted as soon as you close the browser window, others remain stored on your device for several days or months, depending on your browser and cookie settings, or until you delete the cookies yourself. The Controller has no responsibility for the storage of cookies on third-party websites or for the use of cookies stored on the user's terminal electronic device by third parties. We store the information we associate with cookie data according to the consent you have given us or according to the duration of the contractual relationship between you and us.

We regularly update information about which cookies we use so that you always have accurate and up -to-date information.


8. Personal data transfer abroad

Due to the international activities which the Unilabs Group, the Data Controller, participates in, your personal data may be transferred outside the European Union.

No additional safeguards are required for the transfer of personal data to non -EU countries approved by the European Commission as countries with data protection legislation essentially equivalent to EU data protection legislation (an adequate level of personal data protection), e.g. Switzerland, are where the headquarters of Unilabs are located, etc.

In the event that personal data are transferred to non-EU countries not approved by the EU as having an adequate level of data protection, we make every effort to ensure, to the extent possible, appropriate safeguards are in place to ensure the same level of protection of your personal data they would receive in the EU, and we protect your personal data by appropriate contractual clauses or other applicable mechanisms approved by the EU (by signing a data transfer agreement based on clauses to contracts issued by the European Commission). To obtain copies of such documents (contracts), please write to dpo@unilabs.com.


9. Rights of Data Subjects

You have the following rights related to your personal data:

• the right to access your data, which you can exercise by requesting a copy of your personal data;

• the right to request to be informed about which personal data are processed;

• the right to have your personal data corrected, if inaccurate or incomplete, and the right to request their processing be limited;

• the right to have your personal data deleted should your personal data be processed with your consent,

• the right to data transfer when your personal data are processed on the basis of your consent and/or to fulfil a contract you concluded;

• the right to object to the processing of your personal data, on grounds relating to your particular situa tion when your personal data are processed based on the Data Controller’s legitimate interests;

• the right to be informed about profiling and its possible consequences and the right to object to personalization and automated decision-making. The Data Subject shall have the right to be excluded from decisions based solely on automated processing, including profiling, that produces legal effects for the Data Subject or similarly and significantly affects the Data Subject.


10. Enforceable rights and complaints

You can exercise the rights referred to in Section 9 above by contacting the responsible person in writing by sending an email to: dpo@unilabs.com, or by sending your request to the Data Controller's registered address.

The same procedure – an email sent to the responsible person at dpo@unilabs.com applies if you believe that the Data Controller has breached your rights by breaching GDPR and personal data protection regulations when your personal data were processed. You also have the right to file a complaint with the Data Protection Authori ty either in your Member State of habitual residence, place of work or at the place of the alleged GDPR breach.

The Company hereby informs the Data Subject that the personal data protection regulatory body in the Slovak Republic is the Data Protection Authority, Hraničná 12, 820 07 Bratislava (https://www.dataprotection.gov.sk).

The Policy entered into force on 15. 9. 2023 in Bratislava.