Privacy Policy

1) Principles of personal data processing

The Company Smart Business Group, s.r.o.with registered office Nový Smokovec 41, 062 01 Vysoké Tatry, IČO 46933981 (hereinafter referred to as “Controller”) pursuant to Regulation 2016/679 GDPR on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “Regulation”) and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter referred to as the “Act”) has developed security measures, which are regularly updated. They shall define the scope and manner of security measures necessary to eliminate and minimise threats and risks affecting the information system in order to ensure:

- availability, integrity and reliability of management systems using the latest information technologies,

- protect personal data from loss, damage, theft, modification, destruction
and preserve their confidentiality,

- identify potential problems and sources of disruption and prevent them.

Contact person in charge: recepcia@hotelgreenwood.sk.

2) Privacy Policy

Your personal data will be kept securely, in accordance with the data retention policy and only for the time necessary to fulfill the purpose of the processing. Access to personal data is available only to persons authorised by the controller to process personal data, who process them on the basis of the controller's instructions. Your personal data will be backed up in accordance with the data controller's retention policy. Personal data stored on backup repositories serve to prevent security incidents, which could arise in particular from security breaches or damage to the integrity of the processed data.

3) Definitions

3.1. “personal data”means any information relating to an identified or identifiable natural person ('the data subject'); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or by reference to one or more elements that are specific to a physical, physiological, genetic the mental, economic, cultural or social identity of that natural person

3.2. 'processing'means an operation or set of operations involving personal data or sets of personal data, such as obtaining, recording, arranging, structuring, storing, processing or changing, searching, browsing, using, transmitting, disseminating or otherwise providing, rearranging or combining, restricting, deleting or disposing of, whether or not performed by automated or non-automated means

3.3. “bLimitation of processing”is an indication of the personal data stored in order to limit their processing in the future;

3.4. “profiling”means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or anticipate aspects of the natural person concerned related to performance at work, property, health, personal preferences, interests, reliability, behaviour, location or movement;

3.5. “Pseudonymisation”is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that such additional information is kept separately and relates to technical
and organisational measures to ensure that personal data are not attributed to an identified or identifiable natural person;

3.6. “information system”means any structured set of personal data that is accessible according to specified criteria, regardless of whether the system is centralised, decentralised or distributed on a functional or geographical basis;

3.7. 'operator'means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are provided for in Union law; or
in the law of a Member State, the controller or the specific criteria for its designation may be determined in Union law or in the law of a Member State;

3.8. “Intermediary”means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;

3.9. “third party”means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, on the basis of the direct authorisation of the controller or processor, are entrusted with the processing of personal data;

3.10. 'consent of the person concerned'means any freely given, specific, informed and unambiguous expression of the will of the data subject by which he or she expresses his or her consent to the processing of personal data concerning him or her in the form of a declaration or an unequivocal affirmative act;

3.11. “breach of privacy”is a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorised provision of, or access to, personal data transmitted, stored or otherwise processed;

3.12. 'cross-border processing'is either:

(a) the processing of personal data that takes place in the Union in the context of the activities of the establishment of the controller or processor in more than one Member State, where the controller or processor is established in more than one Member State; or

(b) processing of personal data which takes place in the Union in the context of the activities of a single establishment of the controller or processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State;

3.13. 'Relevant and reasoned objection'is an objection to the draft decision whether there has been
an infringement of this Regulation or whether the measure envisaged in relation to the controller or processor is in accordance with this Regulation, which must clearly demonstrate the seriousness of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free movement of personal data within the Union;

3.14. “information society service”the service is defined in point (b) of Article 1 (1) of Directive (EU) 2015/1535 of the European Parliament and of the Council;

4) Purposes of processing personal data

4.1. Performance of a contract to which the data subject is a party or, at the request of the data subject, measures taken prior to the conclusion of the contract

We process personal data that we process about our customers on the basis of a contract within the meaning of Article 6 (1) (b) and Article 6 (1) (c) of the Regulation pursuant to Act No. 404/2011 Coll. on the Movement of Foreigners and on Amendments to Certain Acts. Scope of personal data processed: title, first name, surname, address, country, date and place of birth, payment card number and its expiration date, identity document number, telephone, e-mail, purpose of stay. Subsequently, they are kept in accordance with Law No. 395/2002 Coll. on archives and registries.

4.2. Reservation of accommodation

We process the personal data we process about our customers on the basis of a contract within the meaning of Article 6 (1) (b) of the Regulation. Scope of personal data processed: title, name, surname, telephone, email, date and time of booking, IP address. Subsequently, they are stored for 10 years in accordance with Law No. 395/2002 Coll. on archives and registries.

4.3. Service reservations

We process the personal data we process about our customers on the basis of a contract within the meaning of Article 6 (1) (b) of the Regulation. Scope of personal data processed: title, name, surname, telephone, email, date and time of booking. Subsequently, they are stored for 1 year.

4.4. Order goods/services (e-shop) → purchase contract

We process the personal data we process about our customers on the basis of a contract within the meaning of Article 6 (1) (b) of the Regulation. Scope of personal data processed: Title. Name, Surname, Phone, Email. Subsequently, they are kept in accordance with Law No. 395/2002 Coll. on archives and registries.

4.5. Newsletters

If you wish, you can subscribe to our newsletter newsletter, which is located on our website www.hotelgreenwood.sk. Personal data will only be processed to send newsletter messages to the e-mail address you have entered. By subscribing to the newsletter you agreewith the processing of personal data. We process personal data within the meaning of Article 6 (1) (a) of the Regulation. Your email address will be processed until you unsubscribe. You can unsubscribe by clicking on the “unsubscribe” link that appears in every newsletter message you receive from us. After unsubscribing, you will no longer receive any newsletter messages. Scope of personal data processed: e-mail address. Personal data is processed by the operator.

4.6. Processing of accounting documents

The processing is necessary to comply with a legal obligation of the controller within the meaning of Article 6 (1) (c) of the Regulation. Scope of personal data processed: Title, First name, Surname, Address, Date of birth, Type and number of identity document. Account number, Signature. Subsequently, they are kept in accordance with Law No. 395/2002 Coll. on archives and registries.

4.7. Monitoring of premises for the purpose of asset protection

The monitoring of premises shall be carried out in the light of the legitimate interest of the operator within the meaning of Article 6 (1) (f) of the Regulation. Records from the monitored area are kept for 7 days.

4.8. Complaints

In the case of complaints, personal data are processed within the meaning of Article 6 (1) (c) of the Regulation. Scope of processed personal data: Title, Name, Surname, Address, Telephone,
Email. Subsequently, they are kept in accordance with Law No. 395/2002 Coll. on archives and registries.

4.9. Debt collection

In the case of recovery of claims, personal data shall be processed within the meaning of Article 6 (1) (c) of the Regulation. Scope of processed personal data: Title, Name, Surname, Address, Telephone,
Email. Subsequently, they are kept in accordance with Law No. 395/2002 Coll. on archives and registries.

4.10. Executions

The processing of personal data is necessary to fulfil a legal obligation of the controller within the meaning of Article 6 (1) (c) of the Regulation. Scope of personal data processed: Title, Name, Surname, Birth Number, Address,. Subsequently, they are kept in accordance with Law No. 395/2002 Coll. on archives and registries.

4.11. Register of representatives of suppliers and customers

The processing of personal data of suppliers and customers is carried out in accordance with the legitimate interests of the controller, in accordance with Article 6 (1) (f) of the Regulation. Scope of personal data processed: title, first name, surname, job classification, job titles, functional assignment, personal number of the employee, professional department, place of work, telephone number, fax number, e-mail address to the workplace and identification data of the employer. Subsequently, they are stored for 1 year after the end of the purpose.

4.12. Registration of job seekers

The processing of personal data of job applicants is carried out on the basis of “Consent”with the processing of personal data within the meaning of Article 6 (1) (a) of the Regulation provided by the tenderer. The operator will contactOnly successful candidates.

Transfer of personal data to a third country does not carry out. Personal data they will notused for automated individual decision-making, including profiling.

Personal data is stored for 12 months from the date of consent. You have the right to revoke your consent to the processing of personal data at any time before the expiration of the specified period by sending a request to the email address: recepcia@hotelgreenwood.sk or by sending a request to the address of the Controller with the text “GDPR revocation of consent” on the envelope. The Controller declares that in the event of a written request by the data subject to terminate the processing of personal data before the said deadline, they will be deleted within 30 days of receipt of the withdrawal of consent.

5) Rights of the data subject

5.1. Right to withdraw consent- in cases where we process your personal data on the basis of your consent, you have the right to withdraw this consent at any time. You can withdraw your consent electronically, at the address of the responsible person, in writing, by notice of withdrawal of consent or in person at the registered office of our company. Withdrawal of consent does not affect the lawfulness of the processing of personal data that we have processed about you on its basis.

5.2. Right of access- you have the right to provide a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written form, unless you request another method of providing it. If you have requested the provision of this information by electronic means, it will be provided to you electronically, if technically feasible.

5.3. Right to rectification- we take reasonable measures to ensure the accuracy, completeness and timeliness of the information we have about you. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or supplement this information.

5.4. Right to erasure(to be forgotten) - you have the right to ask us to delete your personal data, for example if the personal data we have collected about you is no longer necessary for the fulfilment of the original purpose of the processing. However, your right must be assessed in the light of all relevant circumstances. For example, we may have certain legal and regulatory obligations, which means that we will not be able to comply with your request.

5.5. Right to restriction of processing- in certain circumstances, you have the right to ask us to stop using your personal data. For example, these are cases where you believe that the personal data we hold about you may be inaccurate or when you think that we no longer need to use your personal data.

5.6. Right to data portability- under certain circumstances, you have the right to ask us to transfer the personal data you have provided to Walls to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you on the basis of consent or under a contract to which you are a party.

5.7. Right to object- you have the right to object to data processing that is based on our legitimate legitimate interests. If we do not have a compelling legitimate legitimate reason for the processing and you object, we will no longer process your personal data.

If you believe that any personal information we hold about you is incorrect or incomplete, please contact us.

If you wish to object to the way in which we process your personal data, please contact our responsible person by email or in writing to Operator. Our responsible person will review your objection and work with you to resolve the matter.

If you believe that your personal data is being processed unfairly or illegally, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27; tel.: +421 /2/ 3231 3214; e-mail: statny.dozor@pdp.gov.sk, https://dataprotection.gov.sk.

In the High Tatras on 1.6.2019

‍