Privacy and personal data protection policy

Privacy policy

PERSONAL DATA PROCESSING POLICY

(“Terms”)

Used Terms:

Data Controller:

• Hotel Modena***, Vlčie hrdlo 1/A, Bratislava 821 07 (hereinafter "Hotel")
• Restaurant Maranello, Vlčie hrdlo 1/A, Bratislava 821 07 (hereinafter "Restaurant")

Customer: A natural or legal person using the services of the operator

Regulation: Regulation (EU) No. 2016/679 of the European Parliament and Council of April 27, 2016, General Data Protection Regulation, and the provisions of Act No. 18/2018 Coll. on the Protection of Personal Data

GENERAL PROVISIONS

1. The subject of these terms is the assurance of processing the personal data of customers collected within the business activity of the Hotel and Restaurant, including the obligation to maintain confidentiality about this collected information, within the scope and under the conditions set forth by these terms.
2. The Hotel and Restaurant, in accordance with these terms, undertake to process the personal data of customers. These terms are drawn up in accordance with the rights and obligations that arise from the applicable legal regulations, primarily Regulation (EU) No. 2016/679 of the European Parliament and Council of April 27, 2016, General Data Protection Regulation (the “Regulation”) and the provisions of Act No. 18/2018 Coll. on the Protection of Personal Data

RIGHTS, OBLIGATIONS, AND CONFIDENTIALITY

1. The Hotel and Restaurant undertake to take all necessary technical, personnel, and other measures to ensure the protection of personal data against unauthorized or accidental access, changes, destruction, loss, unauthorized transfer, as well as other unauthorized processing and misuse.
2. In connection with the provision of accommodation services, the Hotel and Restaurant are obligated to process personal data of guests. The following personnel are involved in processing these data:
   • Hotel receptionists
   • Hotel and restaurant managers
   • Accountants
   • Restaurant service staff
3. The aforementioned users have been informed about the sensitivity of personal data. They handle personal data exclusively within the scope of services provided by the Hotel and Restaurant. Neither the Hotel nor its employees sell personal data to other entities. Other processors of the guests’ personal data include:
   • Hotel System Ellipse
   • Accounting firm EkonexGroup
4. The conditions for processing and handling guests’ personal data are regulated by a data processing agreement between the Hotel and Restaurant and the respective processor.

CUSTOMER INFORMATION

The Hotel and Restaurant have a legal obligation to store certain personal data about their guests, including the name, surname, date of birth, address, accommodation period, document number and type, visa (if applicable), and purpose of stay. This obligation is governed by the Act on the Stay of Foreigners in the Slovak Republic (404/2011) and the Act on Local Fees (582/2004). According to these legal provisions, the Hotel and Restaurant must store personal data about customers for 6 years.

1. The customer has the right to request an overview of their personal data at any time from the Hotel and Restaurant. This information is stored in:

·     the guest card in the hotel system,

·     the guestbook,

·     the registration book,

all of which are kept in printed form in a locked room. If a request for the deletion of personal data is made, the Hotel and Restaurant will delete the guest card and shred the guestbook and registration book. However, the Hotel must comply with the provisions of the above-mentioned laws. The listed personal data can only be deleted after the statutory period has passed.

TECHNICAL AND ORGANIZATIONAL MEASURES FOR PERSONAL DATA PROTECTION

1. The Hotel and Restaurant undertake to technically and organizationally ensure the protection of processed personal data in such a way that no unauthorized or accidental access to data, changes, destruction, or loss, unauthorized transfer, or other unauthorized processing or misuse can occur, and that all obligations of the data controller arising from legal regulations, especially the Regulation, are continuously ensured throughout the data processing period.
2. The Hotel and Restaurant undertake to ensure data processing primarily through the following means:
3. Only authorized persons from the Hotel and Restaurant will have access to personal data, under the conditions and scope of data processing set by the Hotel and Restaurant, and each person will access personal data under their unique identifier.
4. Personal data will be processed in areas of the Hotel and Restaurant that are only accessible to authorized persons or their suppliers (subcontractors) bound by the same obligations.
3. The Hotel and Restaurant will prevent unauthorized reading, creating, copying, transferring, modifying, or deleting records containing personal data.
4. Measures will be implemented to allow the identification and verification of to whom personal data were transferred, and who processed, modified, or deleted them.
5. The Hotel and Restaurant undertake, through their internal regulations or special contractual agreements, to ensure that their employees and other individuals processing personal data will do so only under the conditions and within the scope determined by the Hotel and Restaurant and in compliance with the instructions of the Hotel and Restaurant. In particular, they will themselves (and will impose this obligation on the mentioned individuals) maintain confidentiality about personal data and security measures whose disclosure could endanger the security of personal data, even after the end of employment or relevant work at the Hotel and Restaurant.

VIDEO SURVEILLANCE SYSTEM

1. The Hotel and Restaurant use a video surveillance system for the protection of their customers, their property, and the property of customers. The Hotel and Restaurant declare that they do not process the recordings in any way, nor do they provide them to third parties or entities.