(hereinafter referred to as "terms and conditions")
Our company Finerg International, s.r.o., 059 60 Stará Lesná 157, . ID No.: 36511391 (hereinafter referred to as "we" or "operator") registered in the Commercial Register of the District Court of Prešov, sec. Sro, insert 16837/P, we pay due attention to the protection of personal data. In these terms and conditions you will find information about what personal data we process, how we collect information about our customers and users of our website, on what legal grounds, for what purposes we use it, to whom we may pass it on and what rights you have in connection with the processing of your personal data.
We process the following personal data:
a) identification data, which means in particular first and last name, personal document number , residential address, insurance claim (if any) or your employer's contribution to the use of our services;
b) contact data, more specifically defined as personal data that allows us to contact you, in particular your email address, telephone number and your contact on social networks;
c) your preferences, which are understood to be the data in your account, in particular your saved email address and newsletter settings;
d) your order details, in particular details of the services you order from us, payment details including your payment account number and complaints details;
e) data about your health, which is in particular information about health limitations related to the use of our services, medical disabilities or pregnancy;
f) data from your evaluation of the services offered by us, which means the information you provide in the hotel review on our website and the photographs you attach to the review;
g) data about your behaviour on the website, including when you view it via our mobile app, the goods and services you view, the links you click, the way you move around our website, your screen scrolling and also data about the device from which you view our website, such as the IP address and the location derived from it, the identification of the devices, their technical parameters such as the operating system and its version, screen resolution, the browser and browser versions used, as well as data obtained from cookies and similar technologies to identify the device;
h) data about your reading behaviour in the messages we send you, in particular the opening times of the messages and also data about the device on which you read the messages, such as the IP address and the location derived from it, the identification of the device, its technical parameters such as the operating system and its version, the 2/16 screen resolution, the browser used and its versions, as well as the data obtained from cookies and similar technologies;
(i) Derived data, which means personal data derived from your preferences, data about the services you order from us, data about your behaviour on the web and data about your behaviour when reading the messages we send you; this includes in particular data about your gender, age, financial situation, purchasing behaviour and data on a per service and per product basis;;
In the course of our business, we process personal data for different purposes and to different extents, either:
a) without your consent for the performance of a contract, our legitimate interest or to comply with a legal obligation.
b) on the basis of your consent.
c) the processing of personal data is necessary pursuant to a special regulation or an international treaty to which the Slovak Republic is bound
The processing of personal data without your consent depends on the purpose of the processing and your position vis-à-vis us - whether you are just a visitor to our website or you register with us, place an order or enter into a contractual relationship.
If the processing of personal data is based on the data subject's consent, the data subject has the right to withdraw this consent at any time via gdpr@hotellesna.sk.
3.1. Lawfulness principle
Personal data may only be processed in a lawful manner and in such a way that the rights of the data subject are not infringed
3.2. Purpose limitation principle
Your personal data may only be collected for a specifically identified, explicitly stated and legitimate purpose and may not be further processed in a way that is incompatible with that purpose. Further processing of personal data for archiving purposes or for statistical purposes, provided that it is in accordance with a specific regulation and that adequate safeguards to protect the rights of the data subject are observed, shall not be considered incompatible with the original purpose.
3.3. Principle of minimisation of personal data
The processing of your personal data must be proportionate, relevant and limited to the extent necessary for the purpose for which it is processed.
3.4. Accuracy principle
Your personal data processed must be accurate and kept up to date as necessary, reasonable and effective measures must be taken to ensure that personal data which is incorrect in relation to the purpose for which it is processed is erased or rectified without undue delay.
3.5. Principle of minimising retention
Your personal data must be kept in a form which permits identification of the data subject at the latest for as long as is necessary for the purpose for which the personal data are processed.
3.6. Integrity and confidentiality principle
Your personal data must be processed in a way that ensures, through appropriate technical and organisational measures, adequate security of the personal data, including protection against unauthorised processing of personal data, unlawful processing of personal data or damage to personal data
3.7. The principle of accountability
As an operator, we are responsible for compliance with the basic principles of personal data processing, as well as for the compliance of the processing of personal data with the principles of personal data processing, and we are obliged to demonstrate such compliance upon request by the Authority..
In the individual cases described in the section Why we process personal data and what authorises us to do so, we, as the controller, process your personal data. This means that we determine the purposes for which we collect your personal data, determine the means of processing and are responsible for the proper performance of these purposes.
We may also transfer your personal data to other entities that are in the role of controller, namely:
a) in connection with the fulfillment of your order by our partners involved in such fulfillment, as set out in the If you place an order with us section, namely: o partners operating payment systems for the purpose of securing payment, in particular in connection with card payments, in particular OTP banka Slovensko , a.s.; travel agencies, event agencies and other third parties who provide additional services to your goods or services, if this is necessary for the fulfillment of your order (unless we act as an agent for that third party).
b) on the basis of your consent, to advertising and social networking companies, as described in the Use of Cookies and Other Technologies section, transferring your data to advertising and social networking companies, namely:o Google Ireland Limited (registration number: 368047), based at Gordon House, Barrow Street, Dublin 4, Ireland; the privacy policy of this company is available here: https://policies.google.com/technologies/ads, Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland; the company's privacy policy is available here: https://cs-cz.facebook.com/about/privacy
We also use the services of other processors to process personal data, who process personal data only on our instructions and for the purposes described in Why we process personal data and what entitles us to do so. Such processors are:
a) Cloud service providers and other technology and support vendors such as Microsoft Google and Wellnes time
b) operators of marketing tools such as Google within GoogleAnalytics and HotJar (HotJarLtd, with registered office at 3 EliaZammitStreet, St. Julians STJ 1000, Malta), Slovak Telekom a.s. ID No.: 35 763 469, Orange Slovensko a.s. No.: 35697270, AssecoSolutions, a.s. ID No.: 00602311,
Availpro S.A. - 14-16 BlvdPoissonnière - 75009 Paris - France FR 86435318, HOTELTIME SOLUTIONS a.s. Vinohradská 1899/112, Vinohrady (Praha 3), 130 00 Praha PIN 26710382, TheRocketScienceGroup, LLC675 PoncedeLeonAve NESuite 5000Atlanta, GA 30308 USA, Facebook Menlo Park, California, United States of America
In most cases, we process personal data that you provide to us in the context of ordering services, creating and using an account, or when communicating with us, for example by calling the reception. We also obtain personal data directly from you by monitoring your behaviour on our website and when reading messages and CCTV footage of our premises. We may also obtain your personal data from a third party, for example when they book a tour for you with us. If you place an order with us, we may receive additional information about your orders from banks, our payment system partners, installment sales providers, such as your account number or successful payment in connection with the performance of a purchase contract.
As part of the transfer of data to our processors listed in the section "Who processes your personal data and to whom we transfer it" We may also transfer your data to third countries outside the European Union or the 4European Economic Area, which, however, ensure an adequate level of protection of personal data.
Just as we have rights and obligations when processing your personal data, you also have certain rights when processing your personal data. These rights include:
7.1 The right of access
Put simply, you have the right to know what data we process about you, for what purpose, for how long, where we obtain your personal data, to whom we transfer it, who processes it outside of us, and what other rights you have in relation to the processing of your personal data. However, if you are unsure which personal data we process about you, you can ask us to confirm whether or not the personal data relating to you is being processed by us and, if so, you have the right to access that personal data. As part of your right of access, you may ask us for a copy of the personal data we are processing, and we will provide you with the first copy free of charge and subsequent copies at a charge.
7.2 Right to rectification
If you discover that the personal data we process about you is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay.
7.3 Right to erasure
In some cases, you have the right to have your personal data erased. We will delete your personal data without undue delay if one of the following reasons is met:
a) We no longer need your personal data for the purposes for which we processed it,,
b) you withdraw your consent to the processing of your personal data, the data is data for which your consent is necessary for processing and we have no other reason why we need to continue to process the data;
c) you exercise your right to object to processing (see 'Right to object to processing' below) in respect of personal data that we process on the basis of our legitimate interests and we find that we no longer have any such legitimate interests that would justify such processing; or
d) you believe that the processing of personal data carried out by us is no longer in accordance with generally applicable law.
Please note that even if it is one of these reasons, it does not mean that we will immediately delete all of your personal data. This is because this right is not permitted as the processing of your personal data is still necessary for compliance with our legal obligation or the establishment, exercise or defence of legal claims (see Why do we process personal data and what entitles us to do so?).
7.4 Right to restriction of processing
In some cases, in addition to the right to erasure, you may exercise the right to restrict the processing of personal data. This right allows you in certain cases to request that your personal data be marked and not be subject to any further processing operations - in this case, however, not forever (as in the case of the right to erasure), but for a limited period of time. We must restrict the processing of personal data when:
a) you deny the accuracy of the personal data while we agree what data is correct;
b) we process your personal data without a sufficient legal basis (e.g. beyond what we need to process), but you would prefer only to restrict such data before erasing it (e.g. if you expect to provide us with more such data in the future);
c) we no longer need your personal data for the purposes of the processing but you require it for the establishment, exercise or defence of legal claims; or
d) you object to processing. The right to object is described in more detail below under the heading Right to object to processing. We are obliged to restrict the processing of your personal data for as long as we are investigating whether your objection is justified.
7.5 Right to portability
You have the right to obtain from us all your personal data which you yourself have provided to us and which we process on the basis of your consent and for the performance of a contract. We will provide you with your personal data in a structured, commonly used and machine-readable format. To enable us to easily transfer the data at your request, it may only be data that we process automatically in our electronic databases.
7.6 Right to object to processing
You have the right to object to the processing of your personal data that is based on our legitimate interest (see Why do we process personal data and what entitles us to do so?). If it is for marketing activities, we will stop processing your personal data without further action; in other cases, we will do so if we do not have compelling legitimate grounds for continuing such processing.
7.7 Right to lodge a complaint
The exercise of your rights as set out above is without prejudice to your right to lodge a complaint with the relevant supervisory authority. In particular, you may exercise this right if you believe that we are processing your personal data unlawfully or in breach of generally applicable law. You can lodge a complaint against the processing of your personal data by us with the Office for Personal Data Protection, which is located at Hraničná 12, 820 07 Bratislava 27.
You can contact our Customer Service Centre for all matters relating to the processing of your personal data, whether it is a question of exercising a right, lodging a complaint or anything else. We will deal with your request without undue delay and within a maximum of one month. In exceptional cases, in particular due to the complexity of your request, we are entitled to extend this period by a further two months. We will, of course, inform you of any extension and the reasons for it.
In addition to the reception of the individual premises, our responsible person is at your disposal in all matters relating to the processing of your personal data. The person responsible can be contacted by any of the following means: director@hotellesna.sk, gdpr@hotellesna.sk
1If you visit our website:
1.1. When you visit our website, we store small files such as cookies on your device and then read them from your device. A cookie is a small set of letters and numbers that we store in your internet browser or on your computer's hard drive. Some cookies allow us to link your activities while viewing our site from the moment you open your web browser window to the moment you close it. The moment you close your browser window, these cookies are deleted. Others remain on your device for a set period of time and are activated each time you visit the website that created the particular cookie. We also use pixel tags (also known as web beacons), which are small images that have a similar function to cookies. Compared to cookies, which are stored on your computer's hard drive, pixel tags are a fixed part of a website. For simplicity, we will refer to all of these technologies as cookies later in this document. We not only store cookies on your device, but we also read those cookies that our website has placed on your device. Hereafter in this document we will refer to storage only for simplicity. Some cookies are placed on your device directly by our website. These cookies help us to:
a) to identify you when you navigate between pages of our website and on return visits, for example, so that we can remember your login from a particular device and not ask you repeatedly for your email and password, or to save which version of our website to show you if the website offers more than one version at any given time;
b) to record that you have given us your consent under this document, or if you have offered to take part in a particular survey, for example;
c) to ensure security, for example to check whether someone has abused your connection to our website and is acting instead of you;;
d) to record, investigate and troubleshoot malfunctions and non-functioning components of our website,,
e) track traffic to our site, its individual pages, generate statistics and reports and measure the effectiveness of advertising;
f) show you different variations of our site when we are testing new functionality. Such cookies and other files are necessary for the operation of our website. If you block these cookies in your browser, our website may not function properly and we may not be able to provide you with our products and services. Next to your device:
g) We store cookies from our website that allow us to tailor the content of our website for you, for example to show you preferentially products and services you have already viewed and to show you other tailored offers on our website;
h) we allow cookies to be stored by third parties who may use them to collect data about your behaviour on our website and on other websites, to display tailored offers and targeted advertising within advertising and social networks on websites other than our website, to link to social networks such as Facebook, including automatically logging you in, providing features such as a "Like" button or sending you notifications related to an order you have made through Messenger 4/16, and displaying customized offers and targeted advertising on those social networks and websites other than our website. In order to display customized offers and targeted advertising within advertising and social networks on websites other than our website, we also transmit data about your web behavior to advertising and social networks. However, we do not provide your personally identifiable information to such partners. For a list of the social and advertising networks we use, please see Who processes your personal data and to whom we transfer it. If you do not turn off the use of third-party cookies and the transfer of your data to advertising and social networks in the Privacy Settings section, click anywhere on our site (outside of the notification panel) after we notify you, or click on the "I understand" button included in the notification, we will assume that you agree to the use of these cookies and the transfer of your data to advertising and social networks. You can withdraw your consent at any time by turning this feature off in the Privacy Settings section.
1.2 If you visit websites owned by our company (www.hotellesna.sk, www.hotelforton.sk, www.residencelesna.sk, www.lesna-residence.sk), we process data about your behaviour on the basis of our legitimate interest (i.e. without your consent) for the following purposes:
a) to obtain information on the basis of which we can improve the website for you in the future, as our legitimate interest is to improve our services to you;
b) compiling statistics and reports, in particular tracking traffic to our website, its individual pages and measuring the effectiveness of advertising; we have a legitimate interest in measuring the effectiveness of our website and advertising spend; we may collect other derived data from your behaviour on the website and use it for this purpose;
c) testing new features and applications prior to deployment, in particular to prevent problems with the functionality of these new features in actual operation that could impair your experience of ordering from us; our legitimate interest is the smooth operation of our services for you;
d) preventing attacks on our website and compromising its functionality and the security of your data; our legitimate interest here is the smooth functionality of our services for you and the security of your data. We do not only collect data about your behaviour on the site from cookies. We also supplement it with data:
We use personal data for these purposes for a maximum period of 36 months. You have the right to object to this processing.
We also process data about your behaviour on the website on the basis of our legitimate interest (i.e. without your consent) in order to create tailored offers and targeted advertisements that we display to you on the website. Our legitimate interest here is to make the most personalised and effective offer to you. We also enrich the named data for this purpose by means of analysis and derive derived data from it. According to this data, we also divide our users into different groups, where each group receives its own specific offer. If you subsequently order something from us, we additionally use your order data for this purpose. Thus, if you have viewed an offer for a good or service on our website, we may display this good or service on the first page of our website on your next visit. We may also be able to infer which customer group you belong to based on the product you have viewed and offer you additional services on the site that we think may be of interest to you. We use personal data for these purposes for a period of 2 years. You can turn this feature off at any time in the privacy settings section
1.3 In order to register, you must visit our website, so you are subject to the processing described in the section If you visit our website. If you register, then we additionally carry out the following processing:
1.3.1 Processing based on the performance of a contract.
If you create an account on the sites from section 1.2 of this document, we process your identification and contact data, your settings and your order data (if you later order a service from us), on the basis of the performance of a contract with you (without your consent), in order to be able to maintain your user account. The contract on which our processing is based is created when your account is created. We use personal data for this purpose for as long as your account exists, which you can cancel at any time in the Privacy Settings
1.3.2 Processing based on legitimate interest
If you create an account on the sites from section 1.2, we process your identification and contact data, your settings, your order data (if you later order a service from us) and data about your behaviour on the site and your behaviour when reading messages also on the basis of our legitimate interest (i.e. without your consent), for the purpose of:
In order to make a tailored offer to you, we analyse the above data and extract other derived data from it, which we use for this purpose. In this way, we may also use data about your behaviour on the site that we collected before you registered (if you have not previously turned off site personalisation in your Privacy Settings) and we may collect data about your behaviour on the site even if you do not log in (e.g. when we identify you using cookies). We also categorise our users into different groups according to this data, where each group receives its own specific offer.
So if you have viewed an offer for a product or service on our website or clicked on it in an email we sent you, we may show you that product on the first page of our website on your next visit or email you an offer for that product. We may also be able to tell which customer group you belong to based on the product you have viewed and offer you other services that we think may be of interest to you on the site or by email.
We will also use your order data (if you order our services) in order to create customized offers and targeted advertisements that we display to you on the Site, as described in If you visit our Site. You can turn this feature off at any time in the Privacy Settings section.
Based on our legitimate interest (i.e., without your consent), we will also use your settings to test new features and applications before deployment, as described in the If You Visit Our Site section. We use personal information for these purposes for as long as your account exists. You have the right to object to this processing
1.3.3 Processing based on consent
If you create a hotel review within your account on the sites listed in section 1.2, we process your identification data and the data from your evaluation of the services offered by us, including the photos you have uploaded, also on the basis of your consent to the processing, for the purpose of sharing information about your satisfaction with the services offered by us with other visitors to our website. We use personal data for this purpose until you withdraw your consent to processing.
1.4. If you create an order (or enquiry) with us on the Sites, the processing described in the section If you visit our site applies to you. If you create an order with us, then we additionally carry out the following processing:
1.4.1 Processing on the basis of the performance of a contract
If you place an order with us as an individual, we process your personal data for the purpose of processing your order your identification, contact and order data. If you have a user account with us, we may also use your settings for this purpose.
If you purchase from us as a representative of a legal entity, we process the same data for the same purpose based on our legitimate interest to enter into and perform a contract with the person you represent. The fact that we use this data for the purpose of processing your order means that we will use it in particular:
a) to enable you to complete your order on the site, for example, to ensure that you do not delete data from a pending order;
b) to communicate with you about your order, for example to send you a confirmation of your order;
c) for the purpose of payment for goods; in this context, we may also pass your data to our partners operating payment systems, as described in the section Who processes your personal data and to whom we pass it;
1.4.2 Processing on the basis of legitimate interest
If you place a binding order with us, we will store your identification, contact and order data on the basis of our legitimate interest (without your consent) in order to protect legal claims and our internal records and controls. Our legitimate interests are the protection of legal claims and the control of the proper provision of our services. In this context, we may also process your biometric data on the basis of necessity for the protection of our legal claims for this purpose if you sign a contract with us via a signpad at our branch.
In the case of order creation, we further process your identification and contact data, your preferences (if you have an account with us) and your order data on the basis of our legitimate interest (i.e. without your consent) for the following purposes:
a) obtaining information on the basis of which we can improve our services to you in the future, in particular to determine your satisfaction with our services; our legitimate interest is to improve our services to you
b) providing tailored offers and targeted advertising, which we may send to you by email, text message, social media, communicate to you by telephone or other electronic means or send to you by post; our legitimate interest is the effective promotion of our services. In order to be able to make a tailored offer to you, we analyse the above-mentioned data (i.e. your identification, contact and order data) and extract further derived data from it, which we use for this purpose. According to this data, we also classify our users into different groups, where each group receives its own specific offer. If you do not register with us, we do not use data about your behaviour on the site to prepare the offers we make to you. So if you have booked a service or goods with us, we may approach you with a targeted offer for comprehensive travel insurance. We may also infer from your order which customer group you belong to and accordingly send you an offer for related services that may be of interest to you. If you do not have an account with us, we will not tailor offers according to what goods you have viewed on our website or which links in the offers you have opened.
In order to protect legal claims and our internal records and controls, we process data for the duration of the limitation period (3 years) and one year after its expiration with respect to claims made at the end of the limitation period. In the event of the commencement of judicial, administrative or other proceedings, we process your personal data to the extent necessary for the duration of such proceedings and for the remainder of the limitation period after its conclusion. For the other purposes mentioned above, we use the personal data for a period of 3 years after the order has been placed.
You have the right to object to such processing carried out on the basis of our legitimate interest
1.4.3 Processing for compliance with legal obligations
We also have to comply with certain legal obligations. If we process your personal data for this reason, we do not need to obtain your consent for such processing. We process your identification, contact and order data on this legal basis in order to comply with the following laws in particular:
1.4.4 Processing by consent
If you give us your consent when ordering a service, we may also process in order to process your order:
a) your health data so that we can record your health limitations in the provision of the service and ensure that these limitations are respected in the provision of our services; this consent must be explicit on your part;
b) your national insurance number for the purpose of securing a contribution from your employer, if your employer makes such a contribution through us. We process this data for as long as is necessary to process your order, or to fulfil a contractual requirement such as a claim, or until your consent is withdrawn. In selected cases, we may retain your data even after you withdraw your consent, if this is necessary to protect our legal claims. We will then retain this data for the period described above under Processing based on legitimate interest.
1.5 If you book insurance with us
If you order insurance from us, we will also process your identification data and data about your order as a data controller in order to process your order. As an intermediary, we may collect your personal identification number for the insurance company. We pass this data to the insurer as described in Who processes your personal data and to whom we pass it on .
1.6 If you are a fellow traveller or a participant in another service that is booked with us
If you are a fellow passenger or a participant in another service that is booked with us, we process your identification and contact data:
a) on the basis of our legitimate interest for the processing of our customer's order. This order processing is also our legitimate interest;
b) on the basis of our legitimate interest to obtain information on which to improve our services in the future or information for the creation of our statistics and reports; our legitimate interest is to improve our services to our customers;
c) for the purpose of complying with legal obligations, in particular pursuant to Act No. 222/2004 Coll. on value added tax and Act No. 431/2002 Coll. on accounting;
d) on the basis of our legitimate interest in order to protect legal claims and our internal records and controls; our legitimate interests are the protection of legal claims and the control of the proper provision of our services.
e) with your consent if it is necessary to process your personal identification number or health data in order to process your order; such consent may also be given on your behalf by the person placing the order with us;
For the preparation, conclusion and performance of a contract with our customer, we use personal data for the time necessary to process the order. After this period, we will continue to store the data on the basis of our legitimate interest for the purpose of protecting legal claims and our internal records and control, for the duration of the limitation period (3 years) and one year after its expiry with regard to claims made at the end of the limitation period. In the event of the commencement of judicial, administrative or other proceedings, we process your personal data to the extent necessary for the duration of such proceedings and for the remainder of the limitation period after its conclusion. Our legitimate interests are the protection of legal claims and the control of the proper provision of our services. We use personal data for a period of 10 years for the purpose of fulfilling our legal obligations. You have the right to object to this processing on the basis of a legitimate interest
1.7 If you communicate with us through different channels
If you communicate with us through different channels, in particular via a phone call from reception, email, chat tools and social networks, we will process your identification and contact data and records of the communication made, including call recordings, on the basis of our legitimate interest (i.e. without your consent) for the purposes of ::
a) to process your requests; if you have placed an order with us and your request relates to an order, we may carry out this processing on the basis of the performance of a contract with you;
b) keeping a record of your requests so that you can check that we are fulfilling them properly and in a timely manner;
c) proving that we have received and processed your request, for example when you order something from us or make a claim;
d) analysing them to improve the quality of our service.
For these purposes, we keep personal data for 1 year after the end of the services we provide. You have the right to object to processing based on our legitimate interest
1.8 If you subscribe to our newsletter
If you subscribe to our newsletter, we will process your contact data or your preferences based on your consent to processing for the purpose of sending you our offers. We use personal data for this purpose until you withdraw your consent to processing, i.e. until you unsubscribe from the newsletter.
1.9 If you visit our establishment
If you visit our premises, we will process the CCTV footage on which you may be captured based on our legitimate interest (i.e. without your consent) in order to protect our property and your property and persons in and around the premises, which is also our legitimate interest. For this purpose, we retain personal data for a maximum period of 1 month. You have the right to object to this processing
This privacy statement applies to you and your personal data because you are applying for employment with the controller or are in an employment relationship with the controller.
1. What personal data we process
When you apply for employment with us or are an employee of our company we will collect the following personal data from you:
a) personal contact details
b) work contact data
c) information from your CV
d) information from your cover letter
e) declaration of fitness for work, including a declaration of integrity
f) information about your family members and dependants
g) Payment information
h) information concerning remuneration, pension and social security
i) information relating to hours worked, holidays and time off
j) information relating to education, training and career development
k) entrusted assets (e.g. entrusted company phone, laptop, etc.)
l) details of company correspondence and communications
m) digital access rights
n) information relating to security ( e.g. your access card number, etc.)
We will only process your personal data for purposes related to the proper performance of our duties as your (future) employer and to the extent permitted or required by applicable law in the Slovak Republic.
Furthermore, we will process the following sensitive personal data of yours:
a) data about your health for the purpose of fulfilling an obligation arising from a specific regulation, where the legal basis will be the fulfillment of a legal obligation
b) convictions or criminal offences - this is a one-off processing in the form of a consultation for those data subjects who enter into a contractual relationship for the selected job positions
c) personality tests - we may, with your consent, subject you to personality tests if you are applying for selected jobs
2. What is the purpose of the processing of personal data
As the controller, we will process your personal data for the following purposes:
a) payment of wages and provision of other benefits - the legal basis is a contractual relationship in which you are one of the parties to the contract
b) tax and social insurance - the legal basis is the legal obligation of your party to the contract
c) HR management - ensuring that positions are properly filled - the legal basis is the contractual relationship in which you are a party
d) HR administration - we keep personal records of all our employees - the legal basis is the contractual relationship in which you act as one of the contracting parties
e) Communications and information technology provision - we provide you with the software and hardware equipment and services you need to perform your duties - the legal basis is the contractual relationship to which you are a party
f) Performance management and training - the legal basis is the contractual relationship in which you act as one of the contracting parties and the legitimate interest of the controller
g) Creating a healthy and safe workplace - the legal basis is the contractual relationship in which you are a party and the legitimate interest of the controller
h) Recruitment - we process your personal data to assess whether we have a suitable job in our company
i) Dispute resolution and investigation of offences - we may process your personal data for the purposes of dispute resolution, complaint or legal proceedings or where we suspect an offence. The legal basis is the legitimate interest of the controller.
j) Compliance with the law - we may need to process your personal data to comply with the law or to comply with a court order. The legal basis for this processing is to comply with a legal obligation.
Who processes your personal data and to whom we pass it on
In the individual cases described in the section Why we process personal data (Article I, point 2) and what entitles us to do so, we as the controller process your personal data. This means that we determine the purposes for which we collect your personal data, determine the means of processing and are responsible for the proper performance of the processing.
We may also transfer your personal data to other entities that are in the role of controller, namely:
a) VWe may share your personal data with other third parties acting on our behalf (e.g. a payment service provider). In such cases, third parties may only use your personal data for the purposes described above and only in accordance with our instructions
b) our personal data will be accessed by our employees. In this case, access will only be granted if it is necessary for the purposes described above and only if the employee is bound by a duty of confidentiality.
c) If required by law or court order, we may share your personal information with tax authorities, social security offices, law enforcement or other governmental authorities. Retention of Personal Information
Retention of personal data
Your personal data will be located exclusively within the European Union and the European Economic Area. All data collected will be retained for a limited period of time and will be deleted when no longer required for processing purposes. We will delete your personal data in accordance with a specific legal regulation and we will delete those that are not specified in this regulation no later than 2 years after the end of your employment. We may also process your personal data for a longer period in the event of an ongoing legal dispute. In some cases, we may ask for your consent to process your personal data. In this case, you have the right to withdraw your consent at any time.
This policy applies to the processing of your personal data as a representative of our current or prospective client, supplier or business partner
1. Why we have access to your data and why we process it
In order to enter into and perform a contract with you or the company you represent, it is necessary to process your personal data. We may also process personal data about visitors to our website or physical locations, depending on how you choose to interact with us.
We will only process your personal data if we have a legal basis to do so. This means that the processing must be necessary for the performance of a contract to which you or the company you represent is a party or to enable action to be taken on request before the contract is concluded. In accordance with our legitimate interest, we may also use your data to provide you with information about our services, prospects, analyses, events, training that may be in your best interest.
We have a legal obligation to disclose your personal data when inspected by authorised institutions and for the prevention, monitoring and proof of fraud, combating money laundering and other crimes Your data will be securely stored in accordance with data protection legislation.
2. What personal data we process and why
We hold information necessary to manage a contractual or business relationship. In order to communicate with you and ensure secure and truthful identification, we need your name, job title and contact details such as telephone number and email. Unless we have a legal obligation to retain personal data, we will remove it after a period of 15 days.
3. Sharing and transferring personal data
We may share your personal data with our suppliers who arrange or provide part of our services (e.g. printing, mailing services, legal representation). Our employees will also have access to your personal data. In this case, access will only be granted if it is necessary for the purposes described above and only if the employee is bound by a duty of confidentiality.
Your personal data will be located exclusively within the European Union and the European Economic Area.
4. How long we keep your personal data
We retain all data collected for the time necessary to fulfil the purpose of the processing and this will be deleted when it is no longer necessary for the purpose of the processing.
We have a legal obligation to disclose your personal data when inspected by authorised institutions and for the prevention, monitoring and proof of fraud, the fight against money laundering and other crimes Your data will be stored securely in accordance with data protection legislation.
Your personal data will not be used in automated decision making
5. Who processes your personal data and to whom we transfer it
In the individual cases described in the section Why we process personal data and what entitles us to do so, we as the controller process your personal data. This means that we determine the purposes for which we collect your personal data, determine the means of processing and are responsible for the proper performance of these purposes.
We may also transfer your personal data to other entities that are in the role of controller, namely:
a) in connection with the fulfillment of your order by our partners involved in such fulfillment, as set out in the If you place an order with us section, namely: o partners operating payment systems for the purpose of securing payment, in particular in connection with card payments, in particular OTP banka Slovensko , a.s.; travel agencies, event agencies and other third parties who provide additional services to your goods or services, if this is necessary for the fulfillment of your order (unless we act as an agent for that third party)
b) on the basis of your consent, to advertising and social networking companies as described in the Use of cookies and other technologies section, to transfer your data to advertising and social networking companies, namely:o Google Ireland Limited (registration number: 368047), with registered office at Gordon House, Barrow Street, Dublin 4, Ireland; the privacy policy of this company is available here: https://policies. google.com/technologies/ads o Facebook Ireland Limited, whose registered office is at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland; the privacy policy of this company is available here: https://cs-cz.facebook.com/about/privacy
We also use the services of other processors to process personal data, who process personal data only on our instructions and for the purposes described in Why we process personal data and what entitles us to do so. Such processors are:
a) cloud service providers and other technology and support vendors, such as Microsoft Google and Wellnes time
b) operators of marketing tools such as Google within Google Analytics and HotJar (HotJar Ltd, with registered office at 3 Elia Zammit Street, St. Julians STJ 1000, Malta), T-Mobile Slovensko a.s., registration number : ... ; LinuxBox.cz, s.r.o., registration number 25862782; e) providers of SMS communication and chat tools, in case they process personal data for the purpose of mediating our communication with you: AXIMA SMS SERVICES s.r.o.; f) providers of accounting services, A-ENTER UCETNI s.r.o. and Stengl Beratung, s.r.o.
6. From what sources we obtain personal data
In most cases, we process personal data that you provide to us in the context of ordering services, creating and using an account, or when you communicate with us, for example by calling the reception. We also obtain personal data directly from you by monitoring your behaviour on our website and when reading messages and CCTV footage of our premises. We may also obtain your personal data from a third party, for example when they book a tour for you with us. If you place an order with us, we may receive additional information about your orders from banks, our payment system partners, installment sales providers, such as your account number or successful payment in connection with the performance of a purchase contract.
7. Transmission of data outside the EU
In the context of transferring data to our processors, as listed in the section "Who processes your personal data and to whom do we transfer it?" We may also transfer your data to third countries outside the European Economic Area, but which ensure an adequate level of data protection.
8. What rights do you have in the processing of your personal data
Just as we have rights and obligations when processing your personal data, you also have certain rights when processing your personal data. These rights include:
11.1 Right of access
Put simply, you have the right to know what data we process about you, for what purpose, for how long, where we obtain your personal data, to whom we transfer it, who processes it outside of us, and what other rights you have in relation to the processing of your personal data. However, if you are unsure which personal data we process about you, you can ask us to confirm whether or not the personal data relating to you is being processed by us and, if so, you have the right to access that personal data. As part of your right of access, you may ask us for a copy of the personal data we are processing, and we will provide you with the first copy free of charge and subsequent copies at a charge.
11.2 Right to repair
If you discover that the personal data we process about you is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay..
11.3 Right to erasure
In some cases, you have the right to have your personal data erased by us. We will delete your personal data without undue delay if one of the following reasons is met:
a) we no longer need your personal data for the purposes for which we processed it,
b) you withdraw your consent to the processing of your personal data, which is data for which your consent is necessary for the processing and we have no other reason why we need to continue to process the data;
c) you exercise your right to object to processing (see below under Right to object to processing) for personal data that we process on the basis of our legitimate interests and we find that we no longer have any such legitimate interests that would justify such processing; or
d) you believe that the processing of personal data by us is no longer in accordance with generally applicable law.
Please note that even if it is one of these reasons, it does not mean that we will immediately delete all of your personal data. This is because this right is not permitted as the processing of your personal data is still necessary for compliance with our legal obligation or the establishment, exercise or defence of legal claims (see Why do we process personal data and what entitles us to do so?).
11.4 Right to restriction of processing
In some cases, in addition to the right to erasure, you may exercise the right to restrict the processing of personal data. This right allows you in certain cases to request that your personal data be marked and not be subject to any further processing operations - in this case, however, not forever (as in the case of the right to erasure), but for a limited period of time. We must restrict the processing of personal data when:
a) you dispute the accuracy of the personal data while we agree what data is correct;
b) we process your personal data without a sufficient legal basis (e.g. beyond what we need to process), but you would prefer to restrict such data before erasing it (e.g. if you expect that you would still provide us with such data in the future);
c) we no longer need your personal data for the stated purposes of processing but you require it for the establishment, exercise or defence of your legal claims; or
d) you object to the processing. The right to object is described in more detail below under the heading Right to object to processing. We are obliged to restrict the processing of your personal data during the period we are investigating whether your objection is justified.
11.5 Right of portability
You have the right to obtain from us all your personal data which you yourself have provided to us and which we process on the basis of your consent and for the performance of a contract. We will provide you with your personal data in a structured, commonly used and machine-readable format. To enable us to easily transfer the data at your request, it may only be data that we process automatically in our electronic databases.
11.6 Right to object to processing
You have the right to object to the processing of your personal data that is based on our legitimate interest (see Why do we process personal data and what entitles us to do so?) If it is for marketing activities, we will stop processing your personal data without further action; in other cases, we will do so if we do not have compelling legitimate grounds for continuing such processing.
11.7 Right to lodge a complaint
The exercise of your rights as set out above is without prejudice to your right to lodge a complaint with the competent supervisory authority. In particular, you can exercise this right if you believe that we are processing your personal data unlawfully or in violation of generally applicable law. You can lodge a complaint against the processing of your personal data by us with the Office for Personal Data Protection, which is located at Hraničná 12, 820 07 Bratislava 27.
9. How to exercise individual rights
In all matters related to the processing of your personal data, whether it is a question of exercising a right, filing a complaint or anything else, you can contact our Customer Service Centre. We will deal with your request without undue delay and within a maximum of one month. In exceptional cases, in particular due to the complexity of your request, we are entitled to extend this period by a further two months. We will, of course, inform you of any extension and the reasons for it.
Responsible person
In addition to the reception of the individual premises, our responsible person is at your disposal in all matters relating to the processing of your personal data. The person responsible can be contacted by any of the following means: director@hotellesna.sk, gdpr@hotellesna.sk
HOTEL LESNÁ****
Stará Lesná 157, 059 52 Stará Lesná
+421 52 4761 000
+421 910 998 827
Resort
