Privacy policy

Protection of privacy and personal data IS Slovensko v mobile mID and ePUSH module 

The joint controllers (hereinafter referred to as "we" or "Controller") are the National Agency for Network and Electronic Services (hereinafter referred to as "NASES") with registered office at Kollárova 8, 917 02 Trnava, ID No.: 42 156 424 and the Ministry of Investments, Regional Development and Information Technology of the Slovak Republic with registered office at Štefánikova 15, 811 05 Bratislava, ID No.: 50349287. The Controllers declare that they have taken appropriate technical and organizational measures to ensure the protection of the rights of the data subjects, which declare the security of your personal data. Furthermore, controllers have put in place a transparent system for recording security incidents and any queries from the data subject as well as others.  

IS Slovensko v mobile is intended for all natural persons over 18 years of age (NP) who have decided to use the possibility of NP authentication using a mobile device. After launching, the application will enable them to create technical means for NP authentication using a mobile device and these means will be used when authenticating a person when using the electronic services of the state, which allow such NP authentication method.  

The processing of personal data is governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR Regulation") and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts, as amended (hereinafter referred to as the "Act on the Protection of Personal Data"). 

Visit the Web Portal Slovensko v mobile: 

We record and store the IP address of your computer in order to send the content of our website to your computer in accordance with Article 6 Subsection 1 Point e) of the GDPR. We also process this data to identify and report any abuse. The legal basis in this case is Art. 6 Subsection 1 Point e) of the GDPR. In this context, it is in our interest, as far as the processing of personal data is concerned, to ensure the proper functioning of our website and the provision of services carried out through our website. 

Insofar as we process your data, as stated above, for the purpose of ensuring the functionality of our website, it is on a legal basis pursuant to Act No. 305/2013 Coll. on the electronic form of exercising the powers of public authorities and on amendment and supplementation of certain acts ("e-Government Act"). 

The mID module will allow login with the mobile key for natural persons. By logging into the module, you consent to the processing of your personal data. All personal data will be processed in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and in accordance with Act No 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts, as amended and in force. 

The "Slovensko v mobile" application uses the camera of your mobile device to scan QR codes. To use the application properly, you need to allow the application to access your camera in your phone's settings. It is not possible to scan the QR code without granting access to the camera. The "Slovensko v mobile" application does not create and store any photos during QR code acquisition, it only analyzes the code. 

The legal basis for the processing of personal data is Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC and all related implementing acts of the European Commission. 

Disclosure of data to third parties 

We will not transfer your data to third parties or disclose it in any other way for commercial purposes. 

We have the right to disclose your personal data to law enforcement authorities without your explicit consent if this is necessary to investigate unlawful use of our services or to pursue legal claims. However, such a transfer will only take place if there is concrete evidence of illegal conduct or abuse. The transfer of your data may also take place if it contributes to the enforcement of terms of use or other agreements. We also have a legal obligation to provide information to certain public authorities on request.  

The transfer of this data is based on our legitimate interest to prevent misuse, to enable the prosecution of criminal offences and to ensure the exercise of our rights, where our interests outweigh your interests and rights to the protection of your personal data in accordance with Art. 6 Subsection 1 Point f) of GDPR. 

What personal data do we collect, for what purpose and by what technical means? 

The Controller collects and processes identification and other personal data only to the extent  and for the purpose specified in the eGovernment Act. 

The purpose of collecting and processing personal data on the website is: 

  • the use of electronic services and directly related activities, 

  • exercise of public authority electronically by public authorities, 

  • the inclusion of such identification and other personal data as well as user information in the relevant databases of the controller,  

  • in connection with the exercise of the rights of the controller, the provision of identification data and other personal data to third parties. 

The website controller shall ensure appropriate measures for the protection of identification and other personal data, as well as information about the user in accordance with generally binding legal regulations and, except in the cases provided for by these regulations or agreed with the user, shall not disclose them to third parties without the user's consent. 

The Controller does not provide personal data for the purpose of direct marketing. 

Who has access to your data and to whom is it provided? 

When providing information and personal data from the website, the controller always follows the e-Government Act, the Personal Data Protection Act. 

If incorrect, incomplete or outdated personal data or unlawful provision or disclosure of personal data occurs, the controller shall, without undue delay, inform the recipients of the personal data to whom such personal data have been provided or disclosed. 

How do we protect and secure your data? 

In accordance with the provisions of Section 29 of the Personal Data Protection Act, the Controller is responsible for the security of personal data. For this purpose, appropriate technical, organisational and personnel measures have been taken, corresponding to the way in which personal data is processed, to help protect your personal data against unauthorised access, use and disclosure. 

We verify the effectiveness of our data protection measures and continuously improve them in line with technological developments. The personal data entered is encrypted during transmission using a secure encryption process. 

How long do we keep your data? 

The period of collection and processing of information, to the extent specified in the general terms and conditions of the controller, coincides with the period of existence of the user's electronic mailbox. In the case of the exercise of the rights of the controller of the central website, the period of collection and processing of information shall continue after the termination of the user's identity. The Controller is not entitled to destroy the User's personal data until the expiry of the deadlines specified in special regulations. 

Data from the website is regularly backed up by the controller to ensure proper system recovery. 

Your rights related to processing of your personal data 

Right to access 

Upon request, you have the right to obtain from us information about the personal data concerning you that we have processed within the scope defined in Art. 15 of GDPR. You can send your request by mail or e-mail to the addresses below. 

Right to rectification 

You have the right to request that we rectify any inaccuracies in your personal data concerning you without undue delay (Article 16 of GDPR). For this purpose, please contact the address below. 

Right to erasure 

If you have valid legal reasons defined in Art. 17 of GDPR, you have the right to immediately delete ("the right to be forgotten") personal data concerning you. These legal grounds include: the personal data is no longer necessary for the purposes for which it was processed or you withdraw your consent and there are no other legal grounds for processing; the data subject objects to the processing (and there are no overriding legitimate grounds for processing - does not apply to objections to direct marketing). To exercise your right, please contact the contact address below. 

Right to restriction of data processing 

If the criteria defined in Art. 18 of GDPR are met, you have the right to restriction of data processing as stated in the previous article of GDPR. Pursuant to this Article, a restriction of processing may be requested, in particular where the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use, or the data subject objects to the processing pursuant to Art. 21 Subsection 1 of GDPR, if it is not clear whether our legitimate interest exceeds the interest of the data subject. To exercise your right, please contact the contact address below. 

Right to data portability 

You have the right to data portability as defined in Art. 20 of GDPR. This means that you have the right to obtain the personal data concerning you that you have provided to us in a structured, commonly used machine-readable format and have the right to transmit these data to another controller. It is a prerequisite that the processing is based on consent or a contract and is carried out by automated means. To exercise your right, please contact the contact address below. 

Right to object 

Pursuant to Art. 21 of GDPR, you have the right to object at any time to the processing of personal data concerning you, which is based on Article 6 Subsection 1 Point e) or f) of GDPR, for reasons related to your specific situation. We will refrain from processing your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or unless the purpose of the processing is to establish, exercise and defend legal claims. To exercise your right, please contact the contact address below. 

Right to lodge a complaint with a supervisory authority 

If you believe that the processing of personal data concerning you that we have carried out is illegal or inadmissible, you have the right to lodge a complaint with the competent supervisory authority. This body can be contacted at: 

Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky) 
Hraničná 12 
820 07 Bratislava 27 
Slovak Republic 
Company ID: 36064220 
www.dataprotection.gov.sk 

Telephone consultations in the field of personal data protection:
Tuesday and Thursday from 8:00 to 12:00 +421 232 313 220

Contact information 

You can contact us at: 

National Agency for Network and Electronic Services (Národná agentúra pre sieťové a elektronické služby) 
Kollárova 8,  
917 02 Trnava,  
Company ID: 42 156 424  

Contact data of the person in charge  

Any questions regarding the processing of your personal data, requests for information and the exercise of data subjects' rights should be addressed directly to our GDPR – DPO, who is at your disposal: 

Data Protection Officer (hereinafter referred to as "DPO") (the responsible person of the Controller within the meaning of GDPR):  

Controller:  

Responsible person according to GDPR 
National Agency for Network and Electronic Services (Národná agentúra pre sieťové a elektronické služby)  
Kollárova 8,  
917 02 Trnava, 

Telephone (+421 232 780 771) E-mail: dpo@nases.gov.sk