TRILANTICServicesSectorsPartnersResourcesAbout UsContact Us
Case StudiesTRILANTIC NewsletterFree Trial with your DataCost Savings CalculatorAsk The Experts
Document Library
Industrial Links
Glossary
News ReleasesFeatured Articles
Media KitForthcoming EventsEuropean Data Protection Rules

What Needs to be Done Prior to Shipping


Transborder Personal Data Flow

Section 23

Transfer of Personal Data to Third Countries


(1) If the third country ensures an adequate level of protection of personal data, the personal data may be transferred to this country only under condition that the data subject was provided with the information under Section 10 Paragraph 1 or 2, or any of the conditions under Section 10 Paragraph 3 was fulfilled.

(2) The adequacy of the level of protection of personal data shall be assessed in the light

of all the circumstances surrounding the transfer. Particular consideration shall be given to the respective legal regulations in the country of final destination with respect to the nature of the personal data, the purpose and duration of the processing.

(3) Personal data may be transferred to the third country, which does not ensure an adequate level of protection only based on a decision of the European Commission or if any of the conditions under Paragraph 4 is fulfilled.

(4) Where the country of final destination does not ensure an adequate level of protection, the transfer may be executed only under condition that

a) the data subject gave a written consent to it, while knowing that the country of final destination does not ensure an adequate level of protection,

b) it is necessary for performance of a contract between the data subject and the controller or for establishment of pre-contractual measures upon request of the data subject,

c) it is necessary for entering into, or performance of, a contract concluded by the controller in the interest of the data subject with another entity,

d) it is necessary for performance of an international treaty binding for the Slovak Republic or resulting from the laws due to an important public interest or for proving, filing or defending a legal claim,

e) it is necessary for protection of vital interests of the data subject; or

f) it concerns the personal data, which constitutes a part of the lists, registers or files and are kept and publicly accessible pursuant to special Acts or are available, under these Acts, to the persons which prove a legal claim and fulfill the conditions prescribed by law for making them available.

(5) If the controller decides to transfer personal data to the third country, which does not

ensure an adequate level of protection after their obtaining, he shall notify the data subject before the transfer of the personal data of the reason of his decision and advise the data subject about his right to refuse such transfer under Section 20 Paragraph 5, provided that the transfer is to be executed under the condition referred to in Paragraph 4 Subparagraph a); the controller shall be entitled to execute the proposed transfer of personal data only after obtaining a written consent of the data subject.

(6) If the controller authorizes an entity residing abroad for the processing of personal data on the controller’s behalf, this entity shall be entitled to process the personal data only in the extent and under conditions agreed upon with the controller in a written contract. The scope of the contract must be elaborated in accordance with the standard contractual terms stipulated for the transfer of personal data by an entity residing abroad processing them on the controller’s behalf.

(7) A consent of the Office shall be necessary for transfer of personal data under Paragraph 6.

(8) The person executing transfer of personal data shall ensure their security (Section 15 Paragraph 1) also during the transit.

(9) Protection of personal data transferred to the territory of the Slovak Republic from the entities with registered office or permanent residence abroad shall be executed in accordance with this Act.

(10) In the case of doubts whether a transborder personal data flow may be executed,

a decision shall be made by the Office. The decision of the Office shall be binding.


Section 23a


Transfer of Personal Data within Member States of the European Union


(1) A free flow of personal data between the Slovak Republic and the Member States of the European Union shall be ensured; the Slovak Republic shall not restrict or prohibit transfer of personal data for the reasons of protection of fundamental rights and freedoms of natural persons, in particular their right to privacy in respect of processing of their personal data.

(2) The controller with the registered office or permanent residence on the territory of the

Slovak Republic who simultaneously processes personal data by means of his organizational unit or several organizational units on the territory of one or several Member States of the European Union shall be obliged to take measures and ensure that each of his organizational units processes personal data in accordance with the laws in force in the Member State, where the respective organizational unit has its registered office.

(3) The controller, who does not have his registered office or permanent residence on the territory of a Member State of the European Union and for the purposes of processing of personal data he uses fully or partially automated or other than automated means of processing located on the territory of the Slovak Republic, while these means of processing are not used solely for the transfer of personal data through the territory of Member States of the European Union, shall be obliged to appoint, before commencement of the processing of personal data, his representative with a registered office or permanent residence on the territory of the Slovak Republic; this shall not affect the domestic law of the third country, in which the controller has his registered office or permanent residence. The controller’s representative shall be obliged to prove to the Office anytime upon its request an original of the document confirming his appointment for the controller’s representative. Authenticity of signatures and the print of the controller’s stamp on the original document must be verified by the authority competent for its verification or by a notary in the respective State, while the verification must bear a stamp of the authority representing the Slovak Republic in this State.


Please see The Office for Personal Data Protection for the Slovak Republic website for further details on the statute


© TRILANTIC - All rights reserved. | Disclaimer | Client Login