OnePractix
    Book consultation

    Privacy Policy

    This Privacy Policy explains how OnePractix processes personal data when you visit our website, contact us, book consultations, or make payments through our website.

    Last updated: 2026-02-22

    1. Data Controller

    OnePractix s. r. o.
    Company ID (IČO): 56 527 454
    Registered office: Tolstého 5, 811 06 Bratislava – Staré Mesto, Slovak Republic
    Registered in the Commercial Register of the City Court Bratislava III, Insert No. 181632/B
    Email: [email protected]

    ("OnePractix", "we", "us")

    Privacy contact: [email protected]

    Our services are directed exclusively at professional healthcare organisations and business clients. We do not target consumers.

    Data Protection Officer (DPO):

    We have assessed the requirements under Art. 37 GDPR. Based on our current activities, we believe we are not required to appoint a Data Protection Officer at this time. If this changes, we will publish the relevant contact details in this Privacy Policy.

    2. Role Clarification: Controller and Processor

    2.1 Website and Business Communication (Controller)

    For personal data processed in connection with our website, enquiries, consultation bookings, and business development communications, OnePractix acts as the controller.

    2.2 Client Platforms and Infrastructure (Processor)

    Where OnePractix provides digital platforms, websites, dashboards, or hosted infrastructure for healthcare clients, OnePractix acts solely as a processor pursuant to Art. 28 GDPR.

    Such systems may involve processing of special categories of personal data under Art. 9 GDPR (e.g., health-related data).

    In those cases:

    • the respective healthcare organisation remains the controller,
    • the client determines purposes and means of processing,
    • OnePractix processes data only on documented instructions,
    • a separate Data Processing Agreement (DPA) is concluded.

    This Privacy Policy does not govern data processing within client systems. For such processing, the client's own privacy notices and the DPA concluded between the client and OnePractix apply.

    Contractual documents: Terms about services and contractual conditions are set out in our Terms & Conditions. This Privacy Policy addresses data protection information only.

    3. Categories of Personal Data (Website)

    3.1 Data Provided Directly

    • Full name
    • Practice or organisation name
    • Business email address
    • Telephone number
    • Message content / form submissions
    • Business information voluntarily shared

    We do not request patient medical records or treatment data via our website. If special category data is transmitted unintentionally, it will be deleted without undue delay unless legal retention is required.

    3.2 Data Collected Automatically

    • IP address (minimised or anonymised where feasible)
    • Browser and device information
    • Date and time of access
    • Referring URL
    • Technically necessary cookies

    We apply the principle of data minimisation under Art. 5 GDPR.

    4. Purposes of Processing (Website)

    We process personal data for the following purposes:

    • responding to enquiries
    • conducting consultations
    • preparing offers, taking pre-contractual steps, and performing contracts
    • payment processing (where you pay through our website)
    • ensuring IT security, preventing abuse, and maintaining system stability
    • complying with legal obligations (e.g., accounting and tax retention)

    4.1 No automated decision-making within the meaning of Art. 22 GDPR

    We do not sell personal data.

    Where automated or AI-assisted functionalities are used in the context of our services, they serve organisational purposes only. No solely automated decision producing legal effects concerning an individual or similarly significantly affecting an individual takes place within the meaning of Art. 22 GDPR.

    5. Legal Basis

    Depending on the context, processing is based on:

    • Art. 6(1)(a) GDPR – consent
    • Art. 6(1)(b) GDPR – pre-contractual steps / contractual necessity
    • Art. 6(1)(c) GDPR – legal obligation
    • Art. 6(1)(f) GDPR – legitimate interests

    Our legitimate interests (Art. 6(1)(f) GDPR) include in particular:

    • secure and professional operation of our website,
    • prevention of misuse/attacks,
    • stability and troubleshooting of systems,
    • efficient handling of B2B enquiries and communications.

    5.1 Requirement to Provide Data (Art. 13(2)(e) GDPR)

    Providing personal data may be necessary to respond to enquiries, schedule and conduct consultations, and to take pre-contractual steps or perform a contract. If required data is not provided, we may be unable to provide the requested services.

    5.2 Withdrawal of consent

    Consent may be withdrawn at any time with future effect.

    6. Hosting, Service Providers, and International Transfers

    Core hosting and infrastructure services are generally located within the European Union, including European cloud and hosting infrastructures.

    Service provider categories include in particular hosting, cloud, communication, and infrastructure providers.

    All service providers engaged by us are bound by data processing agreements pursuant to Art. 28 GDPR and are contractually required to comply with applicable data protection laws.

    Where service providers outside the EU are involved, or where access from outside the EU cannot be excluded, appropriate safeguards under Art. 46 GDPR (e.g., Standard Contractual Clauses) are implemented.

    A copy of the relevant safeguards (e.g., Standard Contractual Clauses) can be made available upon request.

    6.2 Payment Processing (Stripe)

    We use external payment service providers to process payments. We currently use Stripe Payments Europe, Limited ("Stripe").

    Personal data (e.g., name, email address, billing/payment information, and transaction data) is transmitted to Stripe to the extent necessary for payment processing.

    Processing is based on Art. 6(1)(b) GDPR (contractual necessity).

    Payment providers may also process personal data as independent controllers, in particular for fraud prevention, risk management, and compliance with legal obligations (e.g., anti-money-laundering requirements).

    As a rule, we do not process full payment card details (such as a full card number) ourselves. Such details are typically processed directly by the payment provider; we may receive transaction and status information.

    Payment providers or involved service providers may be located outside the European Union. In such cases, transfers are safeguarded in accordance with Art. 46 GDPR (e.g., Standard Contractual Clauses).

    A copy of the relevant safeguards can be made available upon request.

    7. Cookies and Analytics

    We use technically necessary cookies and similar technologies to operate our website securely.

    Storing information on, or accessing information from, a user's device is governed by applicable ePrivacy rules. Non-essential cookies/technologies generally require consent unless a legal exception applies (e.g., strictly necessary for a service explicitly requested by the user).

    If analytics or measurement tools are implemented:

    • they will be activated only on a valid legal basis (including consent where required),
    • data will be minimised and anonymised where possible,
    • applicable ePrivacy and GDPR requirements will be observed.

    Where available, you can adjust your cookie preferences via the cookie banner/settings on our website and withdraw consent at any time with future effect.

    8. Data Retention

    • Enquiries and business contacts: up to 24 months
    • Contractual and billing data: according to statutory retention requirements
    • Technical logs (e.g., security/error logs): limited retention

    Data is deleted or anonymised when no longer necessary, unless statutory retention obligations require continued storage.

    9. Technical and Organisational Measures

    We implement appropriate measures under Art. 32 GDPR, including:

    • encrypted data transmission (SSL/TLS)
    • role-based access controls and permissions management
    • access restrictions based on need-to-know
    • secure hosting and infrastructure environments
    • confidentiality obligations

    Absolute security cannot be guaranteed.

    10. Your Rights

    Under GDPR, you have (as applicable) the right to:

    • access
    • rectification
    • erasure
    • restriction of processing
    • data portability
    • objection (in particular to processing based on legitimate interests)
    • withdrawal of consent

    To exercise your rights, contact: [email protected]

    We respond to requests without undue delay and in any event within one month in accordance with Art. 12(3) GDPR.

    11. Supervisory Authority

    Úrad na ochranu osobných údajov Slovenskej republiky (Office for Personal Data Protection of the Slovak Republic)

    You may also lodge a complaint with the supervisory authority in your EU country of residence.

    12. Children's Data

    Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children.

    13. Updates

    We may update this Privacy Policy when legally required or due to technical or operational changes. The current version is available on our website.

    Contact

    OnePractix s. r. o.
    Tolstého 5
    811 06 Bratislava – Staré Mesto
    Slovak Republic

    Email: [email protected]

    Questions about our services? Happy to help!

    OnePractix

    Digital Assistant

    Hello! 👋 How can I help you? I'm happy to answer questions about OnePractix or set up a callback for you.

    Cookie settings

    We use technically necessary cookies to ensure the secure operation of our website. Learn more in our privacy policy.