Privacy Policy

PRIVACY NOTICE FOR DATA SUBJECTS

For the company AIVIL s.r.o., Nádražná 2491/66, 900 28 Ivanka pri Dunaji, Company ID: 36800368, VAT ID: 2022409873, protecting personal data in accordance with valid legislation is a top priority. We adhere to Regulation (EU) 2016/679 (GDPR) and Act No. 18/2018 Coll. on Personal Data Protection.

We hereby provide the following information to data subjects:

1. DEFINITIONS

• Personal Data: Any information relating to an identified or identifiable person (e.g., name, location, online identifiers).

• Data Subject: A natural person whose personal data is processed.

• Controller: Entity that determines purposes and means of processing.

• Processor: Entity that processes data on behalf of the Controller.

• Processing: Any operation performed on personal data.

• Recipient: Any party to whom data is disclosed.

• Third Party: Any entity other than the Data Subject, Controller, or Processor.

• Profiling: Automated evaluation of personal characteristics.

• Purpose of Processing: The reason for data processing.

• Special Categories of Data: Sensitive data (e.g., health).

• Restriction of Processing: Limiting the processing of stored data.

• Data Protection Officer: Person designated to oversee data handling.

2. CONTROLLER CONTACT DETAILS

• Controller: AIVIL s.r.o.

• Address: Nádražná 2491/66, 900 28 Ivanka pri Dunaji

• Company ID: 36800368

• VAT ID: 2022409873

• Facility: SERENITY – BODY & SOUL & MIND, Nádražná 66

• DPO: Ing. arch. Jana Szokolayová

• Email: jszokolayova@serenitybsm.sk

3. PURPOSES OF PROCESSING

• Provision of Ayurvedic center services (massages, therapies, rituals, yoga, doctor consultations)

• Health consultations, including blood draws and lab results (in cooperation with UniLab)

• Marketing (newsletters, offers)

• Administration and accounting

• Customer records and service quality assurance

• Legal obligations

4. CATEGORIES OF PERSONAL DATA

• Identification Data: Name, surname, title, date of birth

• Contact Data: Phone, email, address

• Health Data: Medical history, diagnoses, lab results

• Payment Data: Billing and transaction info

• Service History: Appointments, massage types

5. LEGAL BASIS FOR PROCESSING

• Contractual necessity: To provide ordered services

• Legal obligations: Health and accounting regulations

• Consent: Required for special categories, such as health records

6. DATA RECIPIENTS

• UniLab (for lab testing)

• IT and marketing partners

• Healthcare professionals

• State authorities (e.g., health insurance, public health offices)

7. DATA SUBJECT RIGHTS

• Access: To confirm and review your data

• Rectification: To correct inaccurate data

• Erasure: Right to deletion (right to be forgotten)

• Restriction: To limit processing in certain cases

• Objection: Against legitimate interest or direct marketing

• Data Portability: Transfer data to another controller

• Withdraw Consent: Without affecting previous lawful processing

8. RETENTION PERIODS

• Duration of the contract

• As required by law (e.g., 10 years for accounting records)

• Until consent is withdrawn (for marketing)

9. LEGITIMATE INTERESTS

• Contract management

• Direct marketing (if allowed by law)

• Legal claims

• Network and information security

• Facility safety

• Customer satisfaction surveys

10. RETENTION PERIODS

• As long as needed to fulfill processing purpose

• At least 10 years for accounting/tax documents

• Until consent withdrawal (marketing)

11. SUPERVISORY AUTHORITY CONTACT

• Office for Personal Data Protection of Slovakia

• Hraničná 12, 820 07 Bratislava 27

• Email: statny.dozor@pdp.gov.sk

• Web: www.dataprotection.gov.sk

12. VOLUNTARY NATURE OF PROVIDING DATA

Providing personal data is voluntary. However, without essential data, services may not be provided. Refusal will be interpreted as disinterest in our services.

13. AUTOMATED DECISION-MAKING

We use automated systems (e.g., profiling, camera systems, newsletters) to improve service quality.

Data Subjects have the right not to be subject to decisions based solely on automated processing with legal or significant effects. Upon request, we will manually review such decisions within 30 days.

Exceptions: processing necessary for contract, legal requirements, or with explicit consent.

14. FINAL PROVISIONS

This notice is available on our website and in physical form at our facility. For questions, contact us using the details in section 2.

Effective from: January 15, 2025