Dear data subject,

We would like to inform you about the way in which we handle your personal data within our company. We value your privacy; therefore, we have adopted appropriate technical and organisational measures to protect your personal data.

Based on regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Act No. 18/2018 Coll. on the protection of personal data and on amendments and additions to certain laws, we are obliged to be transparent when processing your personal data. The controller, Hotel Mlyn, PRAX s.r.o., Mlynská 10, Zavar, IČO: 47796685, in connection with its activity is processing personal data for different purposes. Processing of personal data may be based on various legal bases, which we inform you about within the individual purposes of personal data processing mentioned in the text below.

In the next part, you will find names of different information systems that are divided according to the purpose of personal data processing. Each of the, when clicked on, contains detailed information pursuant to Article 13 and/or 14 GDPR, which explains in detail why and how are your personal data processed by us.

Purposes of personal data processing

The controller is processing personal data of its potential clients, clients and website visitors in the below mentioned information systems:

1. ACCOUNTING DOCUMENTS,
2. REGISTRY ADMINISTRATION,
3. ACCOMMODATED GUESTS,
4. REPORTING STAY OF FOREIGNERS,
5. RESERVATION SYSTEM,
6. CONTACT FORM,
7. LITIGATION,
8. COMPLAINTS,
9. CCTV,
10. COOKIES.

The controller is processing personal data of its employees in the below mentioned information systems:

1. HUMAN RESOURCES AND PAYROL,
2. ACCOUNTING DOCUMENTS,
3. REGISTRY ADMINISTRATION,
4. CCTV,
5. LITIGATION.

Last but not least, we would like to inform you about your rights as data subjects.

Rights of the data subjects:

• The data subject shall have the right of access to its personal data. Based on the request of the data subject, the controller will issue a confirmation of whether personal data of the data subject are being processed. If the controller processes this personal data, the controller shall provide a copy of the personal data undergoing processing. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form, namely in the form of e-mail, unless the data subject explicitly requests another form of provision.
• The data subject shall have a right to rectification of personal data, if the controller records inaccurate personal data about him. The data subject shall have the right to have incomplete personal data completed. The data subject shall have the right to have incomplete personal data completed
• The data subject shall have the right to obtain form the controller the erasure of personal data concerning him (right to be forgotten), where one of the following grounds applies:
  • a. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • b. the data subject withdraws consent on which the processing is based;
  • c. the data subject objects to the processing;
  • d. the personal data have been unlawfully processed;
  • e. the personal data have to be erased for compliance with a legal obligation in Union or law of the Slovak republic to which the controller is subject;
  • f. the personal data have been collected in relation to the offer of information society services to a person younger than 16.
    
    The data subject´s right to erasure shall not apply to the extent that processing is necessary:
    
    
  • a. for exercising the right of freedom of expression and information;
  • b. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • c. for reasons of public interest in the area of public health;
  • d. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
  • e. for the establishment, exercise or defence of legal claims.

The controller shall perform erasure of personal data of data subjects upon their request and without undue delay; after evaluating the data subject´s request as reasonable.

• The data subject shall have the right to restriction of personal data processing, where one of the following applies:
  
  • a. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • b.the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • c. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • d. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.

• The data subject shall have the right to data portability, which means receiving the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or on a contract and the processing is carried out by automated means.
• The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him. The data subject shall object to processing of personal data on the following bases:
  • a. where personal data are processed for direct marketing purposes;
  • b. the legal title of the performance of tasks carried out in the public interest or in the exercise of public authority, or from the legal title of the legitimate interest of the controller;
  • c. processing carried out for the purposes of scientific or historical research or for statistical purposes.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

• The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling where the controller processes personal data based on profiling, or by a similar means based on automated individual decision-making.
• The data subject shall have the right to withdraw the consent given at any time, where the processing of personal data is based on such a legal base. The consent of the data subject shall be withdrawn in way stated in the consent itself or in an information. Where there is no such information, the consent shall we withdrawn by the means of contacting the controller with your request, in any form. The contact details of the controller are mentioned above. Legality of processing of personal data is not affected by the withdrawal.
• The data subject shall have the right to file a complaint/proposal to initiate proceedings to the supervisory authority – Personal data protection Office of the Slovak republic with its registered office Hraničná 4826/12, 820 07 Bratislava – Ružinov phone number: +421 /2/ 3231 3214; mail: , https://dataprotection.gov.sk, if it believes that its rights in the area of personal data protection have been violated. In the case of submission of the proposal in electronic form, it is necessary that it fulfils the requirements according to § 19 par. 1 of Act no. 71/1967 Coll. on administrative procedure (correct order).

The data subject may contact the controller with its comments and requests regarding the processing of personal data in written or electronic form, on the contact details mentioned above.