Statement
on the protection of personal data in the provision of accommodation and other related services to the company Čerešňový sad s.r.o., ID No.: 53254261, registered office: Čremošné 43, 039 01 Turčianske Teplice, registered in the Commercial Register of the District Court of Žilina, sec. Sro, vl.č.13745/L.
- INTRODUCTORY PROVISIONS
- Čerešňový sad s.r.o., with registered office at Čremošné 43, 039 01 Turčianske Teplice, registered in the Commercial Register of the District Court of Žilina, sect. Sro, File No. 75647/L (hereinafter referred to as the “Provider”), ID No.: 53254361, VAT No.: 2121332378, VAT No.: SK2121332378, contact e-mail: rezervacie@ceresnovysad.sk, is the provider of services:
- private accommodation services,
- accommodation services in accommodation establishments with the operation of hospitality activities in these establishments,
- and other related services.
(hereinafter individually also referred to as “Service” or collectively as “Services”) according to the objects of business registered in the Commercial Register.
- The subject of this declaration is the regulation of the mutual rights and obligations of the Provider and the User. This declaration is an integral part of the Contract concluded between the Provider and the User.
- This Declaration applies exclusively to the provision of those Services to the User which are specified herein and, together with all other written contractual documents and oral agreements concluded between the Provider and the User in connection with the provision of the Services, define the content of the binding relationship between the Provider and the User.
- The terms and expressions defined or used in this Declaration shall be used and have the same meaning in all binding legal relationships between the Provider and the User relating to the Services, unless otherwise provided by generally applicable law or expressly agreed in writing by the Parties.
- By paying the Price for the ordered Service, the User confirms that he/she has read the wording of this Declaration.
- COLLECTION OF USER INFORMATION, PROTECTION OF PERSONAL DATA
- The User, who is a natural person, by signing the Contract or sending the Order, confirms that the personal data provided by him/her in the scope of name, surname, residential address, e-mail address, telephone number, date of birth, nationality, visa, passport number, ID card number or other identification document, billing data (ID number, VAT number, VAT ID number) are accurate and true. The processing of the aforementioned personal data is carried out on a legal basis: the processing of personal data is necessary for the performance of the Contract to which the User is a party or for the performance of a pre-Contractual measure at the request of the User within the meaning of Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”). The purpose of processing personal data is the collection, storage, and processing of personal data by the Provider and their use for billing purposes, accommodation purposes, purposes given by applicable laws (providing data to the municipal/city authorities, foreign police, etc.) and other actions related to the ordered and provided Service, including subsequent communication with the User (complaints, withdrawal from the contract, etc.), as well as for the Provider’s own marketing purposes, to offer the Services, sending information about products, including by electronic means (e-mail, sms, telemarketing). The User bears full responsibility for damages caused by the incorrectness or outdatedness of the personal data provided.
- The Provider is entitled to process personal data related to the online provision of services in the form of cookies, IP address, pixel tag, and browser. This information is used to improve the intranet services, for example, to display relevant advertising, to detect location (e.g. to adapt the map to the traffic), for statistical purposes, and the like. For statistical purposes, the Provider may use third-party services such as Google Analytics or other counters whose data is hosted on third-party servers, but which do not connect directly to the User, unless otherwise specified for a particular Service.
- The Provider is entitled to process personal data beyond the scope specified in clauses 2.1 and 2.2 of these GTCs and whose processing is not compatible with the legal basis specified in clauses 2.1 and 2.2 of these GTC, only on the basis of prior consent provided by the User voluntarily and for a predetermined purpose, scope and duration. The User has the right to withdraw the consent given at any time in writing. Withdrawal of consent is effective on the date of its delivery to the Provider.
- The Provider undertakes not to use or disclose personal data beyond the scope necessary to operate the ordered Service and ensure its operation. Personal data shall not be disclosed to any third parties, except for the disclosure of data to third parties designated by applicable laws or products and services for which the contrary is expressly stated. However, in such a case, the Provider is obliged to agree in the contractual relationship with the third party on the protection of personal data within the meaning of applicable law, in particular the Personal Data Protection Act, and at the same time is obliged to inform the User in the Contract that the provision of personal data to the third party is necessary for the performance of the Contract and otherwise the Service cannot be provided. For these purposes, it is necessary for the Provider to obtain the User’s consent.
- All personal data is protected in accordance with applicable law, in particular the Personal Data Protection Act.
- The Provider undertakes to take all steps to ensure the highest security of the User’s personal data, as well as to secure all of the User’s data, database, and mail files from loss, damage, or destruction.
- The Provider shall act as an Intermediary in relation to the User’s customer pursuant to the provisions of Article 28 of the GDPR. For this reason, the Contract between the Provider and the User shall be governed by the following:
7.1 The Provider may not entrust the processing of personal data to another processor without the prior specific written consent of the User. In the case of the User’s written consent, the Provider is obliged to impose on the additional processor in a contract or other legal act the same obligations regarding the protection of personal data as those set out in this Agreement, with the Provider being liable to the User if the additional processor fails to fulfill its obligations regarding the protection of personal data.
7.2 The Provider undertakes to process personal data only for the purpose of providing the Services.
7.3 The Provider shall process personal data for the entire duration of the validity and effectiveness of the Contract between the Provider and the User.
7.4 The Provider shall process personal data to the identical extent as the User.
7.5 The data subjects are the customers of the User.
7.6 The Provider is entitled to carry out only the processing operations necessary for the fulfillment of the purpose of the processing, in particular: acquisition, collection, storage, and destruction.
7.7 The Provider is obliged to process personal data only to the extent necessary to achieve the purpose of the processing and only in accordance with the terms of this article of the GTC or the User’s written instructions, even if the transfer of personal data to a third country or an international organization is involved. If the transfer of personal data to a third country or an international organization is based on a special regulation or an international treaty to which the Slovak Republic is bound, the Provider is obliged to notify the User of this requirement prior to the processing of personal data in the event of such transfer, unless such notification is prohibited by a special regulation or an international treaty to which the Slovak Republic is bound for reasons of public interest.
7.8 The provider is obliged to protect the processed personal data against their damage, destruction, loss, change, unauthorized access and access, provision or publication, as well as against any other inadmissible methods of processing.
7.9 The Provider declares that it guarantees the security of processed personal data, while taking technical and organizational measures to ensure the protection of the rights and personal data of the User’s customers, especially against accidental or illegal destruction, loss, alteration or unauthorized provision of transmitted personal data, stored personal data or otherwise processed personal data, or unauthorized access, took into account the nature, scope, context and purpose of personal data processing, risks that are capable of disrupting the security of personal data protection and their severity.
7.10 The provider is obliged not to provide personal data to third parties, not to use personal data for a purpose other than the agreed upon, not to abuse it for its own benefit or the benefit of a third party, and not to dispose of personal data in violation of this article of the General Terms and Conditions.
7.11 The Provider and its employees are obliged to maintain the confidentiality of personal data obtained about the User’s customers. Personal data must not be used for personal use, they must not be published, provided or made available. They undertake to maintain this confidentiality even after the expiration and effectiveness of the Agreement. The provider is responsible for ensuring that confidentiality will also be maintained by its employees and other persons authorized by them, as well as any external collaborators.
7.12 The Provider is obliged to ensure that the collected personal data are processed in a form that enables the identification of the User’s customers only during the necessary time to achieve the purpose of processing.
7.13 The Provider undertakes to cooperate and provide cooperation to the User in ensuring compliance with the User’s obligations to respond to the requests of the User’s customers in the exercise of their rights according to the provisions of Chapter III of the GDPR, including the User’s notification of each written request for access that has been delivered to the Provider in connection with the User’s obligations under the GDPR , Act no. 18/2018 Coll. on the protection of personal data and on amendments to certain laws (hereinafter referred to as the “Act on the Protection of Personal Data”) and other related regulations.
7.14 The Provider undertakes to cooperate and provide cooperation to the User in ensuring compliance with obligations according to the provisions of Art. 32 to 36 GDPR, namely:
– ensure processing security;
– notify the Office for Personal Data Protection and the affected persons, if necessary, of any breach of personal data protection;
– if necessary, carry out an assessment of the impact on personal data protection, regarding the impact of processing on personal data protection;
– consult with the Office for the Protection of Personal Data before carrying out any processing, if the assessment of the impact on the protection of personal data shows that this processing would lead to a high risk if the User does not take measures to mitigate this risk.
7.15 The Provider undertakes to provide the User with all the information necessary to prove the fulfillment of the obligations stipulated in the provisions of Art. 28 of the GDPR and provide the User with cooperation in the audit of personal data protection and control by the User or an auditor authorized by the User.
7.16 The Provider is obliged to immediately notify the User if, in the Provider’s opinion, any instruction given by the User violates the Personal Data Protection Act, a special regulation or an international treaty to which the Slovak Republic is bound, which relate to the protection of personal data.
7.17 The Provider undertakes, after the expiration and effectiveness of the Agreement, based on the User’s decision, to delete personal data or return personal data to the User and to delete existing copies that contain personal data, if a special regulation or an international treaty to which the Slovak Republic is bound does not require the storage of these personal data data.
- The provider in accordance with the provisions of art. 13 GDPR informs the User as a data subject of the following information:
8.1 Identification data of the Provider: Čerešňový sad s.r.o., Čremošné 43, 039 01 Turčianske Teplice. The provider can be contacted at the e-mail address: rezervacie@ceresnovysad.sk or by phone at the number: +421 902 976 363;
8.2 Contact details of the responsible person: Čerešňový sad s.r.o., e-mail: Office@ceresnovysad.sk, phone: +421 902 976 903
8.3 The purpose, as well as the legal basis for the processing of personal data, is stated in point 2.1. of this article;
8.4 The list of personal data is given in point 2.1. of this article;
8.5 In special cases, if it is necessary for the Provider to provide the Service with personal data to a third party or to transfer personal data to a third country, the Provider will provide the User with information about this fact.
8.6 The Provider stores personal data for the entire period of service provision.
8.7 The User has the right to request from the Provider access to personal data concerning the person concerned, the right to correct personal data, the right to delete personal data or the right to limit personal data, the right to object to the processing of personal data, as well as the right to portability of personal data.
8.8 If the user suspects that his personal data is being processed without authorization, he may submit a proposal to the Office for the Protection of Personal Data of the Slovak Republic to initiate proceedings on the protection of personal data pursuant to § 100 of the Personal Data Protection Act.