Company AVANS, s.r.o. with its registered office in Holubyho 1 811 03 Bratislava, ID No. 31 318 967 (hereinafter referred to as "Controller") in accordance with Regulation 2016/679 GDPR on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation") and Act No. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts (hereinafter referred to as "the Act") has developed security security measures, which are regularly updated. They define the scope and method of the security measures required to eliminate and minimise threats and risks to the information system in order to ensure: - the availability, integrity and reliability of management systems using state-of-the-art information technology, - protect personal data against loss, damage, theft, modification, destruction and preserve it confidentiality, - identify and prevent potential problems and sources of breaches.
Your personal data will be kept securely, in accordance with the data retention policy and only for as long as necessary to fulfil the purpose of the processing. Only persons authorised by the controller to to process personal data and who process it on the basis of the controller's instructions. Your personal data will be backed up in accordance with the retention policy of the controller. Personal data stored on back-up storage sites are used to prevent security incidents, which could arise in particular from security breaches or damage to the integrity of the processed data.
3.1. "personal data" is any information relating to an identified or identifiable physical persons (hereinafter referred to as "data subject"); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, an online identifier, or by reference to one or more elements that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person; 3.2. "processing" is an operation or set of operations with personal data or sets of personal data, for example, retrieving, recording, organizing, structuring, storing, processing or modify, search, browse, exploit, provide by transmission, dissemination or otherwise providing, rearranging or combining, limiting, deleting or disposal, regardless of whether they are carried out automated or non-automated means; 3.3. "restriction of processing" is the designation of stored personal data with the aim of limiting their processing in the future; 3.4. "profiling" is any form of automated personal data processing that consists of from the use of this personal data to evaluate certain personal aspects related to physical person, especially analysis or prediction of related aspects of the natural person concerned with performance at work, property conditions, health, personal preferences, interests, reliability, behavior, position or movement; 3.5. "information system" is any organized set of personal data that is accessible according to specified criteria, regardless of whether the system is centralized, decentralized or distributed on a functional or geographic basis; 3.6. "operator" is a natural or legal person, public authority, agency or other entity that alone or together with others will determine the purposes and means of personal data processing; in the event that the purposes and means of this processing are determined in the law of the Union or in the law of a member state, maybe operator or specific criteria for its determination to be determined in Union law or in member law of the state; 3.7. "intermediary" is a natural or legal person, public authority, agency or other entity, which processes personal data on behalf of the operator; 3.8. "third party" is a natural or legal person, public authority, agency or entity other than affected person, operator, intermediary and persons who are on the basis of direct authorization operator or intermediary entrusted with the processing of personal data; 3.9. "consent of the person concerned" is any freely given, specific, informed and unequivocal expression of will of the person concerned, which he expresses in the form of a statement or a clear confirming act consent to the processing of personal data concerning her; 3.10. "breach of personal data protection" is a breach of security that leads to accidental or illegal destruction, loss, alteration, unauthorized provision of personal data that transmit, store or otherwise process, or unauthorized access to them; 3.11. "relevant and justified objection" is an objection to the draft decision, whether there has been a violation of this regulation, or whether the planned measure is in relation to the operator or intermediary in in accordance with this Regulation, which must clearly demonstrate the seriousness of the risks posed by the proposal decisions regarding the basic rights and freedoms of the persons concerned and possibly the free movement of persons data within the Union
4.1. Fulfillment of the contract to which the affected person is a party, or that, based on the affected person's request, persons took measures before concluding the contract The personal data we process about our customers is processed on the basis of a contract in accordance with the article 6 par. 1 letter b) and Art. 6 par. 1 letter c) regulations pursuant to Act no. 404/2011 Coll. on the movement of foreigners and on the amendment of some laws. Scope of processed personal data: title, name, surname, address, country, date and place of birth, payment card number and its expiry date, number identity document, telephone, e-mail, purpose of stay. Subsequently, they are stored in accordance with the law no. 395/2002 Coll. about archives and registries. 4.2. Accommodation reservation The personal data we process about our customers is processed on the basis of a contract in accordance with the article 6 par. 1 letter b) of the regulation. Scope of processed personal data: title, first name, last name, telephone, email, date and time of reservation, IP address. Subsequently, they are stored for 10 years in accordance with the law no. 395/2002 Coll. about archives and registries. 4.3. Reservation of services The personal data we process about our customers is processed on the basis of a contract in accordance with the article 6 par. 1 letter b) of the regulation. Scope of processed personal data: title, first name, last name, telephone, email, date and time of reservation. They are then stored for 1 year. 4.4. Processing of accounting documents Processing is necessary to fulfill the legal obligation of the operator in accordance with Article 6, paragraph 1 letter c) regulations. Scope of processed personal data: title, first name, last name, address, telephone, number account, e-mail and signature. Subsequently, they are stored in accordance with Act No. 395/2002 Coll. about archives and registries. 4.5. Complaints In the case of complaints, personal data is processed in accordance with Article 6, paragraph 1 letter c) regulations. Range processed personal data: title, first name, last name, address, telephone, e-mail. They are then stored in accordance with Act no. 395/2002 Coll. about archives and registries. 4.6. Debt collection In the case of debt collection, personal data is processed in accordance with Article 6 para. 1 letter c) regulations. Scope of processed personal data: name, surname, social security number, address, telephone, e-mail. Subsequently, they are stored in accordance with Act No. 395/2002 Coll. about archives and registries. 4.7. Executions The processing of personal data is necessary to fulfill the legal obligation of the operator in terms of of article 6 par. 1 letter c) regulations. Scope of processed personal data: ordinary personal data, other personal data found or provided during the procedure. Subsequently, they are stored in accordance with by law no. 395/2002 Coll. about archives and registries. 4.8. Record of job applicants The processing of personal data of job applicants is carried out on the basis of "Consent" with processing of personal data in accordance with Article 6 paragraph 1 letter a) of the regulation, which will be provided by the applicant. The operator will contact only successful applicants. Personal data is processed for 3 years from the granting of consent. Personal data is not transferred to a third country. Personal data will not be used for automated individual decision-making, including profiling. You have the right to withdraw your consent to the processing of personal data at any time before the expiry of the specified period data by sending a request to the email address: reservations@grandcastle.sk or by sending a request to the address Operator with the text "GDPR withdrawal of consent" on the envelope. The operator declares that in the case of a written request by the person concerned to terminate the processing of personal data before the aforementioned period, these will be deleted within 30 days of receiving the withdrawal of consent. 4.9. Newsletter If you wish, you can subscribe to our informative newsletter, which is located at our website www.grandcastle.sk. Personal data will only be processed for sending newsletter to the e-mail address you entered. By subscribing to the newsletter, you agree to processing of personal data. We process personal data in accordance with Article 6, paragraph 1 letter a) regulations. Your email address will be processed until you unsubscribe. After unsubscribing, you will no longer receive any newsletter messages from us. Range processed personal data: e-mail address. Personal data is processed by the operator: Holubyho 1 811 03 Bratislava ID: 31 318 967 operation - GrandCastle 4.10. Monitoring of premises for the purpose of property protection Our facility is equipped with a camera information system that monitors the exterior and internal premises of the operator for the purpose of protecting property in terms of legitimate interest operator in accordance with Article 6 par. 1 letter f) regulations. There are no recordings from the camera system provided to third parties. They are made available only to authorized persons of the operator and IT specialists who perform maintenance on them. Personal data obtained by the camera system is used for the protection of property and when taking evidence in administrative proceedings in cases where there is personal data obtained by the camera system used as evidence in ongoing administrative proceedings. If executed the recording is not used for the purposes of criminal or misdemeanor proceedings, the recording is done automatically liquidates, by program activity within 7 days from the day following the day on which the recording was made executed. Protection of personal data - information obligation 4.11. Records of representatives of suppliers and customers The processing of personal data of suppliers and customers is carried out in terms of legitimate interests operator, in accordance with Article 6 par. 1 letter f) regulations. Scope of processed personal data: title, first name, last name, job classification, service classification, functional classification, personal employee number, professional department, place of work, telephone number, fax number, address e-mail to the workplace and identification data of the employer. Subsequently, they are stored after for a period of 10 years after the end of the contract or business relationship.
5.1. You have the right to withdraw your consent - in cases where we process your personal data based on your consent the right to revoke this consent at any time. You can revoke your consent electronically, at the address of the authorized person, in writing, by notification of withdrawal of consent or in person at our company headquarters. The appeal does not have consent impact on the legality of the processing of personal data that we processed about you on the basis of it. 5.2. Right of access - you have the right to be provided with a copy of the personal data we hold about you available, as well as for information on how we use your personal data. In most cases you your personal data will be provided in written document form, unless you request another method provision. If you requested this information by electronic means, it will be provided to you provided electronically if technically possible. 5.3. Right to correction - we take reasonable measures to ensure accuracy, completeness and the timeliness of the information we have about you. If you think that the data we have is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct this information, updated or supplemented. 5.4. Right to deletion (to be forgotten) - you have the right to ask us to delete your personal data, for example, if the personal data we have obtained about you is no longer necessary for fulfillment original purpose of processing. However, your right needs to be assessed from the point of view of all relevant parties circumstances. For example, we may have certain legal and regulatory obligations that mean we will not be able to comply with your request. 5.5. Right to restrict processing - in certain circumstances you are entitled to ask us to stop use your personal data. These are, for example, cases where you believe that the personal data we have about you may be inaccurate or when you think we no longer need to use your personal data. 5.6. The right to data portability - in certain circumstances you have the right to ask us to transfer personal data, provided to the walls to another third party of your choice. However, the right to portability only applies personal data that we have obtained from you on the basis of consent or on the basis of a contract to which you are a party from the contracting parties. 5.7. Right to object - you have the right to object to data processing based on our legitimate legitimate interests. In the event that we do not have a compelling legitimate legitimate reason for processing and you file an objection, we will not process your personal data further.