|
 |
- On 29 August 1997, the Law on the Protection of Personal Data was
adopted. It stipulates that everybody has the right to the protection of his/herpersonal data. The law defines the principles of proceeding while processing personal
data, and the rights of physical persons whose personal data are or may be
processed in data bases.
- It is forbidden to process, among other things, data on health condition, genetic
code, addictions or sexual life with the exception of when a person whose data are
concerned expresses a written consent thereto, unless the cancellation of these data
is the purpose. Processing is admitted also when it is run to protect the health
condition, to render medical services or to treat patients by people who perform in
the professional capacity of a physician or render other medical services, for management
of medical services, whereby full guarantees of personal data protection
are set up.
- According to article 32 of the Law on the Protection of Personal Data data subject has a right to control the processing of his/her personal data contained in the filing systems, and in particular he/she has the right to:
1) obtain extensive information on whether such system exists and to establish the controller’s identity, the address of its seat and its full name, and in case the controller is a natural person to obtain his/her address and his/her full name,
2) obtain information as to the purpose, scope, and the means of processing of the data contained in the system,
3) obtain information since when his/her personal data are being processed and communication to him/her in an intelligible form of the content of the data,
4) obtain information as to the source of his/her personal data, unless the controller is obliged to keep it confidential as a state, trade or professional secrecy,
5) obtain information about the means in which the data are disclosed, and in particular about the recipients or categories of recipients of the data,
5a) obtain information about the prerequisites of taking the decision referred to
in Article 26a paragraph 2,
6) demand the data to be completed, updated, rectified, temporally or permanently suspended or erased, in case they are not complete, outdated, untrue or collected with the violation of the act, or in case they are no longer required for the purpose for which they have been collected,
7) make a justified demand in writing, in cases referred to in Article 23 paragraph 1 point 4 and 5, for the blocking of the processing of his/her data, due to his/her particular situation,
8) object to the processing of his/her personal data in cases referred to in Article 23 paragraph 1 point 4 and 5, should the controller intend to process the data for marketing purposes or to object to the transfer of the data to another controller,
9) make a demand to a controller for reconsidering of the individual case settled in contravention of article 26a paragraph 1.
Top |
|
|
|