CU Družba DormitoriesComenius University Bratislava

Personal data processing information

According to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation), "GDPR”

The controller who processes your personal data isUniverzita Komenského v Bratislave (Comenius University Bratislava), with registered office at Šafárikovo námestie 6, P.O.BOX 440, 814 99 Bratislava, ID number: 00397865 (“we”, “us” or “Comenius University”), which is considered the controller in instances where your personal data is processed by a Comenius University faculty and / or part of Comenius University.

Providing your personal data is required to conclude an accommodation agreement. We process your personal data to provide accommodation and catering on the following legal grounds: fulfilment of statutory obligations (Art. 6 (1)(c) GDPR) and tasks in the public interest (Art. 6 (1)(e) GDPR) in particular in connection with §89 (1) and (2) of Act 131/2002 on Universities, or under an agreement with the data subject (Art. 6 (1)(b) GDPR). We will retain your personal data in the accommodation agenda for 10 years after the end of accommodation and accommodation and catering payment information in the accounting agenda for[1] 10 years. Our employees trained in personal data protection will process your data and this data may be provided to law enforcement. A complete list of recipients is provided here: https://uniba.sk/oou.

CCTV system monitoring

Dormitory areas are monitored with a CCTV system. This is considered processing of your personal data. This processing is permitted under Art. 6 (1)(f) GDPR which allows us to process your personal data due to Comenius University’s legitimate interest in such processes, which exceeds your right to privacy protection. This legitimate interest and the purpose of the processing of your personal data is the protection of property, order and security. The following areas in particular at Družba UK are monitored: the area at the entrance and exit barriers to the parking lot in front of block D1, the area at the entrance barrier to block D2, the road to the parking lot at D2, the entrance area to blocks D1 and D2 and the entrance to the "Švédske domky" dormitory area. CCTV system recordings are retained for 7 days. Our employees trained in personal data protection will process your data and this data may be provided to law enforcement.

COVID-PASS checks

When entering dormitories, in the event of an unfavourable epidemiological situation, based on general binding legislation, you may be asked to present proof of vaccination against COVID-19 or confirmation of a valid negative test for the presence of the SARS-COV-19 virus ("COVID-PASS"). When checking personal data from COVID-PASS, we are performing a specific task in the public interest, which in this case is the protection of public health and enhancing prevention with respect to the spread of infectious disease. The legal basis for the processing of personal data is Art. 6 (1)(b) and (e) GDPR, and an exception under Art. 9 (2)(g) and (i) GDPR with respect to health-related data. We will process personal data over the duration of any such unfavourable epidemiological situation under the terms of the relevant generally binding legislation.

“You have the right to object to the legitimate interest we are following.*

If you object, we may not continue to process your personal data if we are unable to demonstrate the necessity of the legitimate interest to process your personal data, which must supersede your rights or interests, or reasons for exercising such legal right.

Where can you exercise your right to object to the processing of your personal data?

This right is exercised upon request using a request form, or electronically or in writing with the designated data protection officer at Comenius University, who is responsible for supervising the processing of personal data. They may be reached at:

e-mail: dpo@uniba.sk

mailing address:                             DPO / Responsible person under GDPR

                                                            Univerzita Komenského v Bratislave (Comenius University Bratislava)

                                                            Centrum informačných technológií (Information Technology Centre)

                                                            Šafárikovo námestie 6, P.O.BOX 440

                                                            814 99 Bratislava 1

As a data subject, you have other rights under GDPR with respect to the processing of your personal data:

1)       Right to request access to personal data we process about you under Article 15 GDPR . This right includes the right to confirmation if we process your personal data, the right to access this information, and the right to a copy of the personal data we process about you, if technically feasible;

2)    Right to correction and amendment of personal data under Article 16 GDPR, if we are processing incorrect or incomplete personal data;

3)        Right to deletion (right to be forgotten) of your personal data under Article 17 GDPR;

4)        Right to restrict processing of personal data under Article 18 GDPR

5)        Right to data portability under Article 20 GDPR;

6)        Right to object to a legitimate or public interest we follow under Article 21 GDPR.

7)        As a data subject, you also have the right to file a complaint with the supervising authority, which in this case is the Office for Personal Data Protection of the Slovak Republic under §100 of the Personal Data Protection Act. More information is available at https://dataprotection.gov.sk/uoou/sk/content/konanie-o-ochrane-osobnych-udajov.

Information on other purposes of processing your personal data and more details of your specific rights can be found in our privacy protection public on our website at: https://uniba.sk/oou.


[1] accounting and tax purposes, legal basis: fulfilment of statutory obligations (Art. 6 (1)(c) GDPR)