Data Protection Policy

Unilabs Slovensko, s. r. o., with its registered seat at Záborského 2, 036 01 Martin, Company ID: 31 647 758, a company registered in the Commercial Register of the District Court of Žilina, Sec.: Sro, Insert No. 63112/L (hereinafter referred to as “Unilabs Slovensko, s. r. o.” and/or the “Data Controller”), follows the "CARE BIG" principles of personal data protection. The latter means we always treat your personal data with the highest level of security and in accordance with the relevant data protection legislation. Where personal data processing is entrusted to a Third Party, we do so with utmost care to ensure that our data processors are subject to the due diligence regarding data protection enforceable by contractual provisions.

We consider the security and accurate processing of personal data to be of the utmost importance and therefore provide you with the following information on how your personal data are processed with regards to the Data Controller's e-commerce at https://sk.unilabs.online (hereinafter referred to as “Unilabs Online”).

1. Your Personal Data Controller’s identity and contact details, Data Subject

Your personal data you have provided or will provide to us as the Data Subject (when you register and create a user account on Unilabs Online), and as a Customer, and the personal data of a Third Party you have provided or will provide to us as a legal representative of the Third Party, (hereinafter referred to as the “Personal Data” or “Your Personal Data”) will be processed by the Data Controller detailed below, in accordance with the relevant legislation on personal data protection: Unilabs Slovensko, s. r. o., with its registered seat at Záborského 2, 036 01 Martin, Company ID: 31 647 758, registered in the Commercial Register of the District Court of Žilina, Section: Sro, insert No. 63112/L.

You and the Third Party that appointed you to be its legal representative are the Data Subject because Unilabs Slovensko, s. r. o. will process your personal data.

The Unilabs Online e-shop is not designed for users younger than 16-years-old, and the website sk.unilabs.online may not be used by them. However, the services offered through Unilabs Online may also be provided to clients younger than 16-years-old, subject to the consent of the child’s representatives.

2. Personal data processing

The Controller processes your personal data in accordance with the applicable data protection legislation, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the Protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “General Data Protection Regulation”), and Act 18/2018 Coll. on Personal Data Protection, and on amendments and supplements to certain Acts, as amended, (hereinafter referred to as the “Data Protection Act”).

3. Scope of collected and processed

The Data Controller processes all personal data in the printed and digital format provided by you, in particular:

a) name, surname, birth certificate number, date of birth, age, sex, nationality, post address or business address (including the street, street number, town/city, post code, country), billing address (street, street number, town/city, post code, optionally the Company ID, Tax ID, VAT ID), email address, telephone number, history of purchased products and services, and other data provided when you register your user account and for the Third Party’s account, to be used for the laboratory diagnostics services at Unilabs Online;

b) information about your health condition and the health condition of the Third Party’s you legally represent, especially the test results, treatment and other relevant health-related facts, as well as data related to the healthcare procedure, the scope of provided healthcare, data on provided healthcare services, and relevant epidemiological data.

Unilabs Slovensko, s. r. o. receives your personal data directly from you. In particular, the personal data: (i) contact form completed on our website, or (ii) included in contracts you sign with us, or (iii) sent or communicated by you in the correspondence we exchange, or (iv) derived by us from other data you provide to us.

4. The purpose and legal basis for your personal data processing by the Data Controller

The Data Controller processes the personal data only to the extent strictly necessary to create and use your user account or a Third Party’s account, especially to book services, to conclude a contract on laboratory diagnostic services between you, the Customer, and the Data Controller, the Provider, on the website Unilabs Online, and to fulfil such contract on laboratory diagnostic services, healthcare and related services. 

The Data Controller process the personal data you provide, especially:

A. To perform the contract on laboratory diagnostic services, with the Customer (you) and the Data Collector as parties thereto, especially:
A1) to create, manage and use your user account and the Third Party’ s account on Unilabs Online, namely to:
• identify when your Unilabs Online user account is created and used;

• identify the Third Party which your legally represent, when you create a Third Party’s account under your Unilabs Online account;

• to maintain, register, manage and administer your user account and the account of the Third Party you legally represent;

A2) to conclude and perform the contract, especially to:
• identify you and the Third Party you legally represent, as the party(ies) to the concluded contract, to perform and terminate the contract;

• to perform the Data Controller's obligations and duties under such contract;

• to prove, enforce, or defend the Data Controller's legal claims related under such contract;

• to discuss how the contract is to be complied with;

A3) to fulfil the Data Controller’ s legal obligation established by the contract, especially to:
• record and provide information on the provision or delivery of healthcare or related services under the contract;

• provide healthcare in compliance with the obligations under the contract;

• fulfil obligations under the regulations on the National Healthcare Information System;

• comply with tax and accounting regulations;

• fulfil the obligation to report security incidents to individuals and authorities, or other competent bodies;

• provide mandatory inspections and requests from public authorities;

• process and respond to requests and complaints filed by Data Subjects, and related duties;

Legal Basis:
For the purpose referred to in par. A), your consent to provide your personal data and the personal data of the Third Party is voluntary, but necessary for the proper performance of the contract and the rights and obligations arising therefrom, and related appropriate healthcare services. To process personal data for the purpose defined in par. A), your consent is not required. 

The legal regulations which allow the processing of your personal data:
1) the contract on laboratory diagnostic services;
2) generally binding legal regulations, in particular Act 576/2004 Coll. on Healthcare and Related Healthcare Services, and on amendment and supplementation to certain Acts, and other generally binding acts related to the contract;

B. To fulfil the Data Controller ’ s legal obligations under specific legal regulations, in particular to
• the fulfilment of the Controller´s obligations under regulations on the national health information system;

• the fulfilment of the Controller´s obligations pursuant to Act No.355/2007 on the protection of public health;

• dealing with controls, inspections and requests from the competent public administration authorities;

• compliance with the basic principles of personal data processing, complying with the rules and ensuring the protection and security of processing personal data against loss, destruction or other unauthorised disclosure;

Legal Basis:
The legal basis for your personal data processing under par. B) is the specific legal regulation. In this case, your consent to the processing of your personal data is not required.

C. To exercise the Data Controller’ s legitimate interest, in particular:
• to protect the Data Controller's property and/or the health of its employees;

• Management, development and bug fixing of the Unilabs Online platform;

• to record, administer and manage information about the booking and the contract;

• to update the database with the data to send contract-related communications;

• communication via web formular;

• to exercise any of the Data Controller’s legal claims under the contract;

• for direct marketing, if you are our Customer - to know your satisfaction with the quality and level of laboratory diagnostic and healthcare services provided via survey satisfaction and user review, and to inform you about news, offers and business notifications on the Unilabs Online website.

Legal Basis:
The legal basis for your personal data processing under par. C) is the Data Controller’s legitimate interest. In this case, your consent to the processing of your personal data is not required.

Please note that, in your role of Data Subject, you have the right to object at any time to having your personal data processed for direct marketing.

D. For the purpose of marketing communication, especially:
• sending (i) information about possible competitions; 

• (ii) advertising messages and e-mails; (iii) commercial announcements, promotions and information about the Operator's news, offers and products (general newsletter); (iv) user-tailored commercial announcements (targeted newsletter).

Legal Basis:
The legal basis for the processing of personal data for the purpose referred in par. D) is your consent to the provision and processing of your personal data, which is voluntary, but necessary in order to be informed by the Controller about the latest products, services, promotions or other commercial offers, information in the field of health, medicine and health care or other offers of the Controller.

This consent is granted when you provide your personal data and tick the consent box to have your personal data processed for marketing purposes. You may withdraw your consent at any time by clicking the unsubscribe link at the end of each commercial email, or by sending an email to info.sk@unilabs.online. A withdrawn consent does not affect the legal grounds for personal data processing before such consent is withdrawn.

To subscribe to the newsletter, you can opt-in by checking the box for consent to receive marketing communications either:
- during the registration process in your profile;
- by providing your email on the homepage at sk.unilabs.online.

Consent for the processing of personal data for the purpose of sending marketing communications/newsletters is recorded through Unilabs Online and the Brevo system, which we use for sending marketing communications. To record consent and process the necessary personal data, your email, the language version under which you are registered, the date and time of granting or withdrawing consent, and the type of consent will be recorded. If you are a registered customer, for the purpose of sending marketing communications, we process your name, surname, number of orders, purchase value, and the number of your product reviews.

You can withdraw your consent to receive the newsletter/marketing communications at any time by clicking the unsubscribe link in the sent newsletter.

E. In order to provide services related to the Live & CARE loyalty program, in particular to:
• your identification when obtaining membership in the Live & CARE club;

• maintaining, keeping, recording, managing, and administering your Live & CARE Club membership account;

• to identify you for the purpose of providing benefits and discounts under the Live & CARE loyalty program.

Legal Basis:
The legal basis for the processing of personal data for the purpose set out in par. E) above, is your consent to the provision and processing of your personal data, which is voluntary for obtaining and maintaining your membership of the Live & CARE Club. This consent is given by submitting your personal data and checking the appropriate box to consent to the processing of personal data for the purpose of providing services related to the Live & CARE loyalty program. This consent can be revoked at any time by sending an e-mail to info.sk@unilabs.online. Please note that by withdrawing your consent, your membership in the Live & CARE Club will be cancelled. Withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal.

F. For the purpose of interpreting laboratory results by a consulting partner:
• an evaluation of laboratory results.

Legal basis:
The legal basis for processing personal data for the purpose mentioned under par F) is your voluntary consent to provide and process your personal data. Based on your consent, we provide the consulting partner with personal data to the extent of your name, surname, contact phone number, and email. 

5. Categories of recipients of your personal data

Your personal data and the personal data of a Third Party may be disclosed and made available to the following recipients who comply with the Data Protection Policy:
• The Data Controller’s authorised employees mainly (but not exclusively) responsible for laboratory tests, IT, marketing and commercial activities;

• subcontractors who provide services to the Data Controller under contract on the processing of personal data signed with the Data Controller, providers of IT services and applications (Blueweb, s.r.o., EMARK);

• consulting partner - providing the service of interpretation of laboratory results (uLékaře.cz Health Care, s.r.o., based in Českomoravská 2408/1a, Libeň, 190 00 Praha 9, ID No.: 09664777);

• providers of standard software, cloud or hosting services (e.g. Microsoft, Slovak Telekom, a.s.), databases, and analytic systems and tools (e.g. Google, Meta, Brevo);

• institutions authorised to be provided with information under the relevant laws (e.g. National Health Information Centre, Public Health Authority).

6. Data retention period

The Data Controller will store the Data Subject’s personal data for the period strictly needed to achieve the relevant purpose of personal data processing:

a. should personal data be processed for pre-contractual measures based on a request by the Data Subject and/or to fulfil the contract, based on the provisions of Cl. 6 par. 1 b), GDPR, especially the personal data you provided to the Data Controller upon creation of a user account and registration to your and the Third Party’s account, and personal data provided by you associated, related or interlinked with orders and bookings of laboratory diagnostic services, the contract signed with the Data Controller – the Unilabs Online Provider - and compliance therewith, will be stored by the Data Controller until the contract is valid and in force, and until all claims and requests induced by or related to such contract are settled after the contract has been terminated, if required and strictly necessary to fulfil the purpose for which the data were processed, especially for billing, receipt and recording of payments, to solve complaints, and to claim rights and enforcement of duties under GDPR and the Act on Personal Data Protection, and specific legal regulations.

b. should personal data be processed to comply with the Data Controller’s legal obligation, based on legal grounds established by Cl. 6 par. 1(c) of GDPR, personal data will be processed for the period of the Data Controller’s legal obligation defined by the General Data Protection Regulation, the Personal Data Protection Act, specific regulations or an international treaty by which the Slovak Republic is bound, i.e. especially your personal data obtained while you are being provided with healthcare services, will be processed and stored by the Data Controller for this purpose for 20 years from when you receive medical care.

c. should personal data be processed based on the legitimate interests pursued by the Data Controller, based on the provisions of Cl. 6 par. 1 f) of GDPR, personal data will be processed until a legitimate interest expires, until the reason for data processing is no longer applicable, i.e., for example, when legal claims are presented under the contract, your personal data will be processed until the maximum possible prescription period to exercise the right granted by the contract expires. The prescription period begins from the first entitlement to exercise the right. In the event that court, administrative, liquidation, or other proceedings are begun, and the Data Controller claims its rights against the Data Subject therein, the retention period of the Data Subject's personal data shall not expire before such proceedings end;

d. in case personal data are processed based on legal grounds established by Cl. 6 par. 1 a), GDPR, i.e. on the basis of the Data Subjects’ consent to have their personal data processed for the purpose, the personal data will be processed until the date when the Data Subject’s consent is withdrawn, or for a specified period of time, whichever occurs sooner, i.e. the personal data provided by you for marketing emails and newsletter subscription are stored until the date your consent is withdrawn by clicking the unsubscribe link or by sending an email to: info.sk@unilabs.online or by a written request sent to the Data Controller’s registered seat; but for a maximum of 5 years from the date when the consent was given.

The personal data provided by you and collected by the Data Controller will thus always be stored within the scope and period:

i. set out in generally binding legal regulations (e.g. tax and accounting rules – 10 years, healthcare regulations – 20 years, etc.),

ii. is strictly needed and necessary to fulfil the individual purposes for which the personal data were collected, adhering to the principle of minimizing, which means the Data Controller does not store your personal data for longer than for a mandatory and justifiable period of time.

When this personal data becomes unnecessary or the retention period expires, the data is removed from the Data Controller's databases and information systems without undue delay, or destroyed if in written form.

7. Automated processing of personal data

We do not currently make automated decisions in connection with our relationship with you. If this changes, we will inform you in advance.

8. Cookies

Our website uses cookies. Cookies are small text files stored by the internet browser in the operating system of personal computers (PCs), tablets and smartphones.

If you use our website for informational purposes only (i.e. if you do not register, make purchases in the online shop, do not use any other services where you need to enter your personal data, and if you do not provide us your personal data to us in any other way), we may collect your personal data that is automatically transmitted to us by your browser. With the help of third-party data and analytics service providers, certain data are collected when you visit our website. We use these data to analyse how visitors use and navigate our website. Collected data include your IP address, the geographic location of your device, browser type, browser language, your request date and time, the duration of your visits, page views, and the page components (e.g. links) you click on.

We may use cookies, pixel tags, web beacons, transparent GIF files or similar tools on our website or emails to help us collect and analyse that information. The information is used to provide better and more relevant content on our website, to identify and troubleshoot problems, and to improve the overall impression of our website.

If you do not wish to have your data collected by these technologies, you may refuse them in your browser.

If we are obligated to ask for your consent to use cookies on our websites, you will always have the option to choose to give us such consent and manage your cookie preferences on the website. You can consent to the use of cookies by ticking the appropriate box in the bar that will automatically appear when you visit the website. You can prevent the storage of cookies by adjusting your browser settings. However, some specific cookies are necessary for the basic functioning of the website and therefore you cannot disable them. For more information on the terms and conditions of their use, please see the Cookies section.

WHAT WE USE COOKIES FOR

I. Mandatory cookies:
These cookies are absolutely necessary for the proper functioning of the website and for the use of our services, and cannot be deactivated. For example, to make navigation work, to store your products in the shopping cart until your next visit, etc. This involves the collection of data and information using cookies for:

• Unilabs Slovensko – provided by: Unilabs Slovensko, s. r. o., Záborského 2, 036 01 Martin.

II. Functional cookies:
Functional cookies guarantee functions without which you would not be able to use the website as intended and they significantly improve your browsing experience on this website. For example, they are used to store your settings. This involves the collection of data and information using cookies for:

• Unilabs Slovensko, Záborského 2, 036 01 Martin.

III. Analytical cookies:
The Controller uses third-party cookies on sk.unilabs.online for analytical purposes. This involves the collection of data and information to evaluate the use of sk.unilabs.online and generate reports on your activity as a visitor to sk.unilabs.online, in the form of statistics, in order to improve the Controller's services and to provide other services related to its use. The collected data on traffic and activities on sk.unilabs.online are evaluated in an anonymous form. This enables us to improve our online shop and to improve the quality of the Controller's services. This involves the collection of data and information using cookies for:

• Google Analytics – provided by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4. 

Google's data protection statement is published at: http://www.google.com/intl/sk/policies/privacy/.

IV. Marketing cookies:
Cookies for marketing purposes, which the Controller uses to store information about the pages on sk.unilabs.online that you have visited and the advertising campaigns that you have seen and clicked on. Online advertising tracking cookies show you online advertisements based on what you have viewed and clicked on, and also based on the pages of our website that you have visited. We use them to tailor offers and ads directly to you. 

This involves the collection of data and information using cookies for:
a) Meta pixel – provided by: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Meta´s data protection statement is published at: https://www.facebook.com/privacy/policy

b)Google Ads – provided by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google's data protection statement is published at: https://www.google.com/policies/privacy/

The legal basis for the processing of personal data obtained through cookies is:

(i) as regards the mandatory cookies, Article 6(1), first sentence, point (f) of GDPR applies. Our legitimate interest is always to maintain and optimize our services and to provide a functional and comfortable website.

(ii) as regards functional, analytical and marketing cookies, Article 6(1), first sentence, point (a) of GDPR applies. Your consent as a data subject. Once consent has been given, you can revoke it at any time with effect for the future in the cookie settings in your browser. Withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of your consent until revocation.

Browsing data stored according to the cookie settings are not stored in our systems. The length of time these files are stored may vary. Some cookies are deleted as soon as you close the browser window, others remain stored on your device from 1 to 365 days, or until you delete the cookies yourself. The Controller has no responsibility for the storage of cookies on third-party websites or for the use of cookies stored on the user's terminal electronic device by third parties. We store the information we associate with cookie data according to the consent you have given us or according to the duration of the contractual relationship between you and us.

9. Personal data transfer abroad

Due to the international activities which the Unilabs Group, the Data Controller, participates in, your personal data may be transferred outside the European Union.

No additional safeguards are required for the transfer of personal data to non -EU countries approved by the European Commission as countries with data protection legislation essentially equivalent to EU data protection legislation (an adequate level of personal data protection), e.g. Switzerland, are where the headquarters of Unilabs are located.

In the event that personal data are transferred to non-EU countries not approved by the EU as having an adequate level of data protection, we make every effort to ensure, to the extent possible, appropriate safeguards are in place to ensure the same level of protection of your personal data they would receive in the EU, and we protect your personal data by appropriate contractual clauses or other applicable mechanisms approved by the EU (by signing a data transfer agreement based on clauses to contracts issued by the European Commission). To obtain copies of such documents (contracts), please write to dpo@unilabs.com.

10. Data Subjects´Rights

You have the following rights related to your personal data:
• the right to access your data, which you can exercise by requesting a copy of your personal data;

• the right to request to be informed about which personal data are processed;

• the right to have your personal data corrected, if inaccurate or incomplete, and the right to request their processing be limited;

• the right to have your personal data deleted should your personal data be processed with your consent,

• the right to data transfer when your personal data are processed on the basis of your consent and/or to fulfil a contract you concluded;

• the right to object to the processing of your personal data, on grounds relating to your particular situa tion when your personal data are processed based on the Data Controller’s legitimate interests;

• the right to be informed about profiling and its possible consequences and the right to object to personalization and automated decision-making. The Data Subject shall have the right to be excluded from decisions based solely on automated processing, including profiling, that produces legal effects for the Data Subject or similarly and significantly affects the Data Subject.

11. Responsible person

If you wish to exercise your rights, you can do so by using the form available at this link or by sending an email to dpo@unilabs.com.

Exercising your rights is free of charge.

You can also contact the person responsible with any questions, requests and suggestions regarding the processing of your personal data or if you believe that the Controller has violated the GDPR Regulation and data protection regulations in the processing of your personal data and thus violated your rights.

12. Enforceable rights and complaints

If you are dissatisfied with the way in which we have processed your personal data or with any question or request concerning the protection of personal data that you have submitted to us and you have not received a satisfactory answer from us and/or our data protection officer, you have the right to lodge a complaint with the data protection authority of the Member State in which you reside, where you work or where the alleged infringement took place.

The supervisory authority in the Slovak Republic is:

Data protection office of Slovak Republic
Seat: Hraničná 12, 820 07 Bratislava 27
IČO: 36 064 220
DIČ: 2021685985
Phone: + 421 2 32 31 32 14, + 421 2 32 31 32 49
Email: statny.dozor@pdp.gov.sk

You can seek for more information on its website www.dataprotection.gov.sk.

The Policy entered into force on 20. 1. 2025 in Bratislava.