This privacy policy (hereinafter referred to as the “Policy”) contains information about the processing of your personal data by Ing. Rudolf Kaltenbach, with registered office at Potočná 16, 909 01 Skalica, ID No.: 11735091 , registered in the Trade Register of the Senica District Office, Trade Register No. 206-7056 (hereinafter referred to as the “Operator”), which occurs through the website https://en.penzionskalica.eu/domov/ and the Operator’s social media profiles and communication channels.

Through this Policy, the Controller provides you with information about why your personal data is processed, how it is processed, how long the Controller stores it, what your rights are in relation to the processing of your personal data and other relevant information about the processing of your personal data.

The Controller processes your personal data in accordance with Regulation 2016/679 of the European Parliament and of the Council of the European Union on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”), the relevant Slovak legislation, in particular Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts (hereinafter referred to as the “Act”) and other regulations on the protection of personal data (the Regulation, the Act and other regulations on the protection of personal data are hereinafter collectively referred to as the “Personal Data Protection Regulations”).

You can contact the Data Controller in matters relating to the processing and protection of personal data at Ing. Rudolf Kaltenbach, Potočná 16, 909 01 Skalica or by e-mail to rezervacia@penzionskalica.sk. The Controller has not appointed a responsible person in the area of processing and protection of personal data.

The Controller obtains your personal data directly from you via the website or social network profiles, if you provide it to the Controller yourself. The provision of personal data for all the personal purposes below is voluntary.

INFORMATION ON PROCESSING OPERATIONS (categories of personal data, purposes of processing, legal bases and retention periods)

The Controller processes your personal data exclusively in accordance with the principle of minimisation, which means that the Controller does not request personal data from you that is not necessary for the specific and justified purpose of the processing. The Data Controller processes personal data only if there is a legal basis for processing it and therefore it is processed in accordance with the principle of lawfulness. The specific purposes, including the legal basis and the retention period, for which the Controller processes your personal data can be found in the table below.

Za účelom zabezpečenia ochrany Vašich osobných údajov prijal Prevádzkovateľ primerané bezpečnostné opatrenia.

TO WHOM DOES THE CONTROLLER PROVIDE YOUR PERSONAL DATA?

In certain cases, the controller is obliged to provide your personal data to public authorities that are authorised to process your personal data, e.g. courts, law enforcement authorities as well as supervisory and oversight authorities (e.g. Slovak Trade Inspection) (third parties).

The Controller also provides your personal data to its processors, i.e. external entities that process your personal data on behalf of the Controller. The processors process personal data on the basis of a contract concluded with the Controller, in which they undertake to take appropriate technical and security measures for the purpose of secure processing of your personal data. The Controller’s processors include:

a company providing hosting services (including mail hosting services) (Websupport s.r.o.),
a company providing website and social media profile management services – online advertising services (Cread Digital, s.r.o.); and
a company providing an online reservation system (Cread Digital, s.r.o.).

The recipients of your personal data include Google Ireland Limited, which provides analytical and marketing services through the use of cookies, which are stored on your device by the website if you grant the Operator your consent to the storage of these files.

The recipients of your personal data also include the operator of the social networks Facebook and INSTAGRAM (Facebook Ireland Limited) in case you contact the Operator via a message on the Operator’s social networks, share the website or its content on social networks. The said company acts as a joint controller with the Controller when processing personal data and the processing of personal data in this case is governed by the joint controllers’ agreement within the meaning of Article 26 of the Regulation, according to which the Controller is the point of contact.

TRANSFER TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS

In some cases, your personal data may be transferred to third countries, to the USA:

Facebook, Inc. (parent company of the European operator of the social networks Facebook and INSTAGRAM), in the handling of your messages received by the Controller on social networks and in the use of marketing cookies on the Controller’s website (online marketing services in case of your consent); and
Google, LLC, when using analytics and marketing services and tools using cookies.
The transfer is carried out in accordance with the Data Protection Regulations, on the basis of standard contractual clauses (which are part of the terms and conditions of use of the above services) and the Operator fulfils all obligations associated with the transfer.

The Controller does not use profiling when processing your personal data and does not process personal data in any form of automated individual decision-making, which would involve the evaluation of your personal aspects.

WHAT ARE YOUR RIGHTS IN RELATION TO THE PROCESSING OF PERSONAL DATA?

You have the following rights as a data subject in relation to the processing of your personal data:

The Controller will provide you with an answer to the exercise of your rights free of charge. In the event of a repeated, unfounded or unreasonable request for the exercise of your rights, the Controller is entitled to charge a reasonable fee for the provision of information. The Controller shall provide you with a reply within 1 month from the date on which you exercised your rights. In certain cases, the Controller is entitled to extend this period, in the event of a high number and complexity of requests from data subjects, but not more than 2 months. The Controller will always inform you of the extension of the time limit.

SOCIAL NETWORKS AND LINKS TO OTHER WEBSITES

In order to promote marketing and advertising, you will find links to various social networks, such as Facebook and INSTAGRAM, on the website of the Controller. The Operator hereby wishes to inform you that once you click on the add-on on the website and go to the social network, the privacy policy of the social network operator will become applicable, except in cases where you contact the Operator via a message on the social network (in which case the processing of your personal data is also governed by this Policy and your personal data is processed by the Operator in accordance with the information provided above).

For more information on the processing of your personal data by social network operators, please refer to the following links: (i) Facebook: https://sk-sk.facebook.com/policy.php and (ii) Instagram: https://www.facebook.com/help/instagram/155833707900388.

FULL

This Policy is valid and effective as of 01.05.2022. As the information on the processing of personal data contained in this Policy may need to be updated in the future, the Controller is entitled to update this Policy at any time. In such case, however, the Controller will notify you of this in an appropriate manner in advance.