Privacy Policy

IMPOZANT, s.r.o., Záborského 2, Martin 03645, ID No.: 44511612

as the Controller, in order to comply with the fairness and transparency towards the Data Subjects, provides the following notification to the Data Subject about the processing of personal data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and Section 19 of Act No. 18/2018 Coll. on the protection of personal data and on amendments and supplements to certain acts of the Slovak Republic under the name

PRIVACY POLICY

The purpose of processing of personal data in the Accounting and Tax Document Register:

The activity involves the processing of personal data in the processing of accounting documents and the agenda associated with its processing

Type of Data Subjects: natural persons – Guests, employees

List of personal data: name, surname, title, permanent address, temporary address, telephone number, e-mail address, date of birth, type and number of identity document, signature, bank account number of the natural person

Legal basis for the processing of personal data: Act No. 431/2002 Coll. on Accounting as amended, Act No. 222/2004 Coll. on Value Added Tax as amended, Act No. 40/1964 Coll. of the Civil Code as amended, Act No. 152/1994 Coll. on the Social Fund and on amendment and supplementation of Act No. 286/1992 Coll. on Income Taxes as amended, Act No. 311/2001 Coll. of the Labor Code as amended

Categories of recipients: social insurance, health insurance, tax authorities and bodies to which a special regulation confers the power to decide on the rights and obligations of natural persons: courts, law enforcement authorities and intermediaries: GEO – NET, s. r. o., Záborského 2 036 45 Martin, 36424706

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

accounting documents

10 years

Automated decision-making, including profiling, does not take place.

in order to comply with the principle of minimization, any personal data provided by you is a necessary legal requirement to fulfill the purpose of its processing.

 

Purpose of processing of personal data in the Incoming and Outgoing Mail Register and in the management of the registry:

The activity involves the processing of personal data in the registration of incoming and outgoing mail and acts related to the management of the registry

Concerned persons: natural persons – addressees, employees

List of personal data: name, surname, title, address, name of organization, job title, e-mail address, subject and content of mail

Legal basis for the processing of personal data: Act No. 395/2002 Coll. on archives and registers and on the amendment of certain acts, as amended

Categories of recipients: entities to which a specific provision confers competence to decide on the rights and obligations of natural persons: courts, law enforcement authorities

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

Ordinary correspondence 

3 years 

Automated decision-making, including profiling, does not take place.

in order to comply with the principle of minimization, any personal data provided by you is a necessary legal requirement to fulfill the purpose of its processing.

 

Purpose of processing personal data in the Register of Contracts:

The activity involves the processing of personal data, which is necessary for the performance of a contract to which the Data Subject is a party or for the performance of a pre-contractual measure at the request of the Data Subject

Type of Data Subjects: natural persons – Contracting Party

List of personal data: name, surname, title, permanent/temporary residence, account number of the natural person, name of the bank, ID card number, data related to the subject of the contract

Legal basis for the processing of personal data: Section 13, Par. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts

Categories of recipients: entities to which a specific provision confers competence to decide on the rights and obligations of natural persons: courts, law enforcement authorities

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

contracts

10 years

Automated decision-making, including profiling, does not take place.

in order to comply with the principle of minimization, any personal data provided by you is a necessary contractual requirement for the fulfilment of the purpose of its processing.

 

Purpose of processing of personal data – Accommodated guests:

Within the scope of the activity there is processing of personal data in the registration of hotel services, hotel guests, room reservation, registration of personal data in the hotel system in the guest bank and registration of guests – foreigners

Data Subjects: guests

List of personal data: name, surname, title, date and place of birth, nationality, permanent residence in home country, purpose of travel to the Slovak Republic, passport number, visa: type, number, validity, name and address of accommodation facility in Slovakia, accompanying children, length of stay in Slovakia

Legal basis for the processing of personal data: Act No. 40/1964 Coll. of the Civil Code, Act No. 455/1991 Coll. on trade licensing, Act No. 595/2003 Coll. Act No. 582/2004 Coll. on local taxes and local fee for municipal waste and small construction waste as amended, Act No. 222/2004 Coll. on value added tax, Act No. 404/2011 on the residence of foreigners and on amendment and supplementation of certain acts, Act No. 431/2002 Coll. on accounting, Act No. 496/2008 Coll. on the full text of Act No. 253/1998 Coll. on reporting the residence of citizens of the Slovak Republic and the register of residents of the Slovak Republic, as amended

Categories of recipients: entities to which a specific provision confers competence to decide on the rights and obligations of natural persons: courts, law enforcement authorities

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

Guest registration

10 years

Automated decision-making, including profiling, does not take place.

in order to comply with the principle of minimization, any personal data provided by you is a necessary legal requirement to fulfill the purpose of its processing.

 

 

Purpose of processing of personal data in the complaint register:

Within the scope of the activity, personal data is processed when registering persons for the purpose of making a claim.

Data Subjects: natural persons – Guests

List of personal data: name, surname, title, residence, telephone, e-mail and nature of the complaint

Legal basis for the processing of personal data: Act No. 40/1964 Coll. the Civil Code as amended, Act No. 250/2007 Coll. 372/1990 Coll. on offences, as amended, and other related generally binding legal regulations

Categories of beneficiaries: STIAct No. 128/2002 Coll. on state control of the internal market in matters of consumer protection and on amendment and supplementation of certain acts and entities to which a special regulation confers jurisdiction to decide on the rights and obligations of natural persons: courts, law enforcement authorities

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

complaints 

10 years

Automated decision-making, including profiling, does not take place.

in order to comply with the principle of minimization, any personal data provided by you is a necessary legal requirement to fulfill the purpose of its processing.

 

 

Purpose of processing personal data – Booking system:

The activity involves the processing of personal data for the records associated with the booking of the services provided.

Data Subjects: Individuals – customers / Guests

List of personal data: title, name, surname, phone number, email, date and time of booking

Legal basis for the processing of personal data: Consent of the Data Subject

Categories of recipients: entities to which a specific provision confers competence to decide on the rights and obligations of natural persons: courts, law enforcement authorities

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

Contract

10 years

Automated decision-making, including profiling, does not take place.

The Data Subject shall have the right to withdraw consent to the processing of personal data concerning him or her at any time. The withdrawal of consent shall not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal; the Data Subject shall be informed of this fact before consent is given. The Data Subject may withdraw consent in the same way as he or she gave consent.

 

Purpose of processing personal data – Loyalty program:

The processing of personal data for the purpose of providing discounts, bonuses, loyalty programs.

Type of Data Subjects: natural persons – customers/Guests

List of personal data: title, name and surname, card number

Legal basis for the processing of personal data: Consent of the Data Subject

Categories of recipients: entities to which a specific provision confers competence to decide on the rights and obligations of natural persons: courts, law enforcement authorities

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

personal data

for the duration of the purpose

Automated decision-making, including profiling, does not take place.

The Data Subject shall have the right to withdraw consent to the processing of personal data concerning him or her at any time. The withdrawal of consent shall not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal; the Data Subject shall be informed of this fact before consent is given. The Data Subject may withdraw consent in the same way as he or she gave consent.

  

Purpose of processing personal data – Consumer competition:

The activity involves the processing of personal data for the purpose of organizing consumer competitions.

Type of Data Subjects: natural persons – customers/Guests

List of personal data: name, surname, address, date of birth, ID number, email, phone and prize.

Legal basis for the processing of personal data: Consent of the Data Subject

Categories of recipients: entities to which a specific provision confers competence to decide on the rights and obligations of natural persons: courts, law enforcement authorities

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

personal data of competitors

for the duration of the purpose

Automated decision-making, including profiling, does not take place.

The Data Subject shall have the right to withdraw consent to the processing of personal data concerning him or her at any time. The withdrawal of consent shall not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal; the Data Subject shall be informed of this fact before consent is given. The Data Subject may withdraw consent in the same way as he or she gave consent.

  

Purpose of processing personal data – Photographs:

The activity includes publishing photographs on the operator’s website and on social networks for the purpose of presenting

Data Subjects: employees, guests and event participants 

List of personal data: photo

Legal basis for the processing of personal data: consent of the Data Subject

Categories of recipients: entities to which a specific provision confers competence to decide on the rights and obligations of natural persons: courts, law enforcement authorities

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

photos

for the duration of the consent

Automated decision-making, including profiling, does not take place.

The Data Subject shall have the right to withdraw consent to the processing of personal data concerning him or her at any time. The withdrawal of consent shall not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal; the Data Subject shall be informed of this fact before consent is given. The Data Subject may withdraw consent in the same way as he or she gave consent.

 

 

 

Purpose of processing personal data in Marketing:

The processing of personal data in members’ records for the purposes of sending marketing offers, newsletters, product information and news

Circle of Data Subjects: natural persons

List of personal data: e-mail

Legal basis for the processing of personal data: consent of the Data Subject

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

marketing

13 months

Automated decision-making, including profiling, does not take place.

The Data Subject shall have the right to withdraw consent to the processing of personal data concerning him or her at any time. The withdrawal of consent shall not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal; the Data Subject shall be informed of this fact before consent is given. The Data Subject may withdraw consent in the same way as he or she gave consent.

 

 

Purpose of processing personal data – Contact form:

In the framework of the activity, personal data in the Guest records are processed for the purpose of sending the answer to the question

Data Subjects: natural persons – Guests

List of personal data: title, name and surname, telephone number, e-mail, content of the message

Legal basis for the processing of personal data: consent of the Data Subject

Categories of recipients: entities to which a specific provision confers competence to decide on the rights and obligations of natural persons: courts, law enforcement authorities

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

contact form 

maximum 6 months (in the case of compliance with the legal obligations or legal claims of the Controller under the applicable legislation)

Automated decision-making, including profiling, does not take place.

The Data Subject shall have the right to withdraw consent to the processing of personal data concerning him or her at any time. The withdrawal of consent shall not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal; the Data Subject shall be informed of this fact before consent is given. The Data Subject may withdraw consent in the same way as he or she gave consent.

 

 

Purpose of processing personal data in the camera information system:

The processing of personal data for the purpose of protecting public order and security, detecting crime, protecting health and property

Circle of Data Subjects: persons present in the area monitored by the CCTV system

List of personal data: footage from cameras

Legal basis for processing personal data: legitimate interest of the Controller

Categories of recipients: entities to which a specific provision confers competence to decide on the rights and obligations of natural persons: courts, law enforcement authorities

Personal data is not transferred to third countries.

Time limits for the erasure of personal data:

audio/video recording

7 days

Automated decision-making, including profiling, does not take place.

The main legitimate interest is the protection of the property, financial and other interests of the Controller, as well as the protection of the property, life and health of the Data Subjects.

 

 

Data subjects about whom personal data are processed for specified purposes may exercise the following rights:

The right to request access to your personal data – The right to rectification of your personal data – The right to erasure of your personal data The right to restriction of the processing of your personal data The right to object to the processing of your personal data The right to transfer your personal data – The right to lodge a complaint with the supervisory authority, i.e. the Office for Personal Data Protection of the Slovak Republic

The rights of the Data Subject are specified in Articles 15 to 21 of the Regulation. The Data Subject shall exercise those rights in accordance with the Regulation and other relevant legislation. The Data Subject may exercise his or her rights vis-à-vis the Controller by means of a written request or by electronic means. In case the Data Subject requests the oral disclosure of information, the information may be provided on the expectation that the Data Subject has demonstrated his/her identity.

 

IMPOZANT, s.r.o. has taken all appropriate personal, organizational and technical measures in order to protect your personal data as much as possible in order to reduce the risk of its misuse. Pursuant to our obligation under Article 34 of the Regulation, we hereby notify you as Data Subjects that, if a situation arises where we, as the Controller, breach the protection of your personal data in a way that is likely to result in a high risk to the rights and freedoms of natural persons, we will notify you without undue delay.

Legislation and the related processing of your personal data may change. If we decide to update this policy, we will post the changes on our website and notify you of the changes. In cases where there is to be a major change to this policy, or where we are required to do so by law, we will inform you in advance. We ask that you read this policy carefully and check this policy regularly when you communicate with us or use our website.

 

 

If you have any questions regarding the processing of your personal data, including the exercise of the above rights, you can contact our Data Protection Officer provided by EuroTRADING s.r.o. (www.eurotrading.sk), by email at zo@eurotrading.sk.  We will properly investigate all your suggestions and complaints and send you a statement.

 

If you are not satisfied with our response, or if you believe that we are processing your personal data unfairly or unlawfully, you may file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, https://dataprotection.gov.sk, Hraničná 12, 820 07 Bratislava 27; telephone number: +421 /2/ 3231 3214; E-mail: statny.dozor@pdp.gov.sk.

 

Changes in the Processing of Cookies in the Light of the New Electronic Communications Act

The changes take effect from 01.02.2022.

 

Cookies

What are cookies?

Cookies can be characterized as a text file that is stored on the end device (computer or mobile device) of the website visitor. The file is stored locally when you visit the website. Cookies also allow us to analyze the use of our website. It must not include any personal data and you cannot be identified through it on third-party websites – including those of analytics providers. Consent is required.

 

What cookies we use based on different criteria:

We only use essential cookies that enable our website to function properly.

We divide them into:

temporary (session) cookies (they are automatically deleted when the web browser is closed)

persistent cookies (they remain stored on the disk even after the web browser is closed)

third party cookies, which are created by a party other than the website operator

first party cookies – used for website analytics (statistical evaluation of website traffic)

 

Such data processing takes place in accordance with Section 55 Par. 5 of Act No. 351/2011 Coll. on Electronic Communications (the Act is valid until 31.1.2021). From 01.02.2022 enters into force the new Act 452/2021 Coll. on electronic communications. Where Section 109, Par. 8 imposes an obligation to have demonstrable consent to obtain information from the end device of the website visitor.

 

Consent pursuant to Art. 6, Par. 1 (a) of the Regulation is necessary for the processing of cookies in the following cases:

  • which are used for the technical storage of or access to data;
  • the purpose of which is to transmit or facilitate the transmission of a message over a network;
  • which are necessary for the information society service provider to provide the information society service explicitly requested by the user
  • must keep proof of the visitor’s consent to the selected group of cookies

 

It is possible to use cookies (e.g. statistical cookies) without the consent of the website visitor. Technical cookies must be used continuously, otherwise the website would not work (chat window) therefore the operator does not need consent for them. Technical cookies include tracking the number of visitors to the site without further identification.  

 

The Data Subject shall have the right to withdraw consent to the processing of personal data concerning him or her at any time. The Data Subject may withdraw consent in the same way as he or she gave consent. Consent shall not be deemed to have been freely given where the Data Subject does not have a free choice to give consent. Consent cannot be predefined, it must be granted actively by the user. We do not recommend collecting other cookies on the basis of the so-called legitimate interest of the Controller.  

 

A cookie bar is not necessary if the website does not process any data.

 

General Rules on the Use of Cookies:

Step 1

  • It is necessary for the operator to examine the website, e.g. what cookies it processes, what it uses them for and also for what purpose it uses them.
  • When analysing the use of cookies on a given website, we recommend that you evaluate the necessity and benefits of each type of cookie. A simple rule of thumb is that if certain cookies are not even needed by the operator, it is preferable to remove them from the website altogether.

 

Step 2

You need to create a cookie bar on the website, which should include:

  • Close the cookie bar with a cross.
  • It should not block web browsing.
  • When visiting a website, the cookie bar should not annoy the website visitor.
  • The visitor should accept cookies or refuse cookies at the first opportunity.
  • The website administrator (IT technician) can create his own cookie bar or proceed to purchase a ready-made software solution.
  • Option to go into the cookie settings and choose which cookies to accept/which not to accept, if we provide cookies to third parties, e.g. Facebook (Facebook pixel is used), it is necessary to obtain consents not only for the purposes in question, but also for third parties
  • The website visitor must be able to return to the consent granted for the use of cookies and change it at any time (the website visitor can change the decision in the browser settings).
  • In the event of an effective withdrawal of consent to the processing of a category of cookies, the processing of these cookies must be stopped immediately. The consent granted must be revocable at any time and revocation should be as easy as obtaining it – i.e. if one click is set to obtain consent, the same number of clicks should be set to revoke consent.
  • In the event of any changes to the processing of personal data via cookies, consent to processing must be requested again.
  • On the first layer of the cookie bar, the website operator must have the (A) “EDIT OPTIONS” x “ACCEPT ALL” x “REJECT ALL” buttons;
  • If the website is managed or personal data is processed by an external company/business, it is necessary to have an intermediary agreement with this entity.

Step 3

Information obligation in the light of the GDPR:

  • what cookies will be processed on the website of the Controller.
  • what is the purpose of the processing.
  • legal basis.
  • the processing period (we recommend that processing is minimised) is limited to a maximum of 13 months from the date of the last visit.
  • recipients.
  • contact details of the operator.
  • rights of the Data Subject.

 

 

Conclusion:

  1. The Office for Regulation of Electronic Communications and Postal Services may fine a legal or natural person (entrepreneur) who violates Section 109 of Act 452/2021 Coll. from EUR 200 to 10% of the turnover under paragraph 6 for the preceding accounting period within the meaning of Section 124, Par. 1 of this Act.

 

  1. The Data Protection Authority may impose a fine for non-compliance with the cookie regulation obligations (in particular consent to cookie processing and transparent information on cookie processing) of up to €20,000,000 or 4% of the total annual turnover of the group.

 

 

Follow us
on social media