PERSONAL DATA PROCESSING POLICY
(“Terms and Conditions”)

 

Definitions Used:

Data Controller:
Hotel Modena***, Vlčie hrdlo 1/A, 824 12 Bratislava (hereinafter referred to as the “Hotel”)
Restaurant Maranello, Vlčie hrdlo 1/A, 824 12 Bratislava (hereinafter referred to as the “Restaurant”)
Customer: A natural or legal person using the services of the data controller

Regulation:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR), and Act No. 18/2018 Coll. on the Protection of Personal Data

GENERAL PROVISIONS

  1. The purpose of this policy is to ensure the processing of personal data of customers obtained in the course of the business activities of the Hotel and Restaurant, and to define the obligations to maintain confidentiality regarding the obtained data, in the scope and under the conditions set by this policy.
  2. The Hotel and Restaurant, in accordance with these terms, undertake to process the personal data of customers. These terms reflect the rights and obligations related to data processing as per the relevant legal regulations, particularly the GDPR and Act No. 18/2018 Coll. on Personal Data Protection.

RIGHTS, OBLIGATIONS AND CONFIDENTIALITY

  1. The Hotel and Restaurant undertake to adopt the necessary technical, personnel, and other measures to prevent unauthorized or accidental access to personal data, its alteration, destruction, loss, unauthorized transmission, or any other unauthorized processing and misuse.
     
  2. In the context of providing accommodation services, the Hotel and Restaurant are required to process guests’ personal data.
    The following individuals work with this data:
          1. Hotel receptionists
          2. Hotel and restaurant managers
          3. Accountant
          4. Restaurant staff
     
  3. These individuals have been instructed about the sensitivity of personal data and process it strictly within the scope of services provided by the Hotel and Restaurant. Neither the Hotel nor its staff sell personal data to third parties. Additional data processors include:
           1. Hotel software system Ellipse cloud
           2. Accounting firm EkonexGroup
     
  4. The conditions for processing and handling personal data are governed by data processing agreements between the Hotel, Restaurant, and the above processors.

CUSTOMER INFORMATION

The Hotel and Restaurant are legally obliged to store certain personal data of their guests, such as name, surname, date of birth, address, length of stay, ID number and type, visa (if applicable), and purpose of stay. This obligation arises from the Act on the Stay of Foreigners in the Slovak Republic (404/2011) and the Act on Local Fees (582/2004). These laws require that such data be stored for **6 years**.

  1. Customers may request an overview of their stored personal data at any time. This data is stored in: (i) the guest card in the hotel system, (ii) the house book, and (iii) the guest register, which are physically stored in a locked room. If a guest requests deletion of their data, the Hotel and Restaurant will delete the guest card and shred the house and guest books. However, the data cannot be deleted before the legal retention period expires.

TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

The Hotel and Restaurant undertake to technically and organizationally secure the processing of personal data to prevent unauthorized or accidental access, alteration, destruction, loss, unauthorized transmission or other misuse. Throughout the data processing period, all obligations of the data controller under legal regulations, especially the GDPR, will be upheld.

Security measures include:

                 1. Access to personal data is limited to authorized personnel, each with a unique identifier and defined processing scope.

                2. Data is processed in controlled areas accessible only to authorized persons or sub

                3. Preventing unauthorized reading, copying, transmission, modification, or deletion of personal data records.

                4. Implementing procedures to track and verify who accessed, processed, altered, or deleted data.

The Hotel and Restaurant will ensure through internal rules or special contractual provisions that employees and other processors only handle data as instructed and are bound by confidentiality—even after the end of employment or services.

CAMERA SYSTEM

  1. The Hotel and Restaurant use a camera system for the protection of their customers and property. The recordings are not actively processed or shared with third parties.

Date of last update: 25 May 2018