Principles of Personal Data Processing
We appreciate the confidence you have placed in us by entrusting your Personal Data to our company and we are determine to protect them and make you feel safe with us. In this document we would like to familiarize you with the way we handle your Personal Data, how you can contact us in case of any questions related to the processing of your Personal Data or other important information on the processing of your Personal Data. Such information can be amended time to time, but their current wording can be found at our web site.
Your Personal Data is processed in the compliance with Act No. 18/2018 Coll. on Personal Data Protection and on the amendment of certain other Acts (hereinafter referred to as “Act”) and with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and related provisions.
Who we are
We are the Controller of the processing of your Personal Data:
DIAMOND HOTELS SLOVAKIA, s.r.o.
with registered office at Hodžovo námestie 2, 816 25 Bratislava
Company registration number: 35 838 833
The company registered at the business register of the District Court Bratislava I, section: Sro, file No.: 26832/B
What type of Personal Data we process:
We process the following categories of your Personal Data:
- common Personal Data such as first name, surname, date and place of birth, address, nationality, passport or ID card number, visa number, e-mail, telephone number;
- Special category of Personal Data – data related to health (e.g. if you mention them when choosing a special diet or a room (not required)).
Purpose, legal basis for the processing of Personal Data and their retention
- Career
Purpose and legal basis:
Selection procedure: Personal Data to carry out selection procedure are processed upon your job application (pre-contractual relationship).
Keeping of applicant database: If you give us your Consent to the processing of Personal data for the purpose of keeping your data in our applicant database, we include you into our database for job applicants in order to contact you repeatedly. Personal Data used in the applicant database are processed upon your consent.
Retention period:
We shall store your Personal Data until the selection procedure is completed. If you gave us your consent to include you into the applicant database, we shall process your Personal Data and store them for 1 year.
- Accommodation:
Purpose, legal basis and the period of retention:
Booking of accommodation: We process your Personal Data in order to book accommodation and provide other related services pre-contractual relationship). Your personal data are stored until the accommodation and related services are provided.
Accommodation services: We process your Personal Data in order to provide accommodation and related services (performance of a contract). We store your Personal Data until the purpose of data processing and the time-limit for making possible claims are fulfilled. Accounting documents related to the provided services must be stored for 10 year after the year of their issue.
Faster and easier accommodation services: Personal Data you provide with your first check-in are stored in our information system and can be updated through the system when you visit our hotel again, so you shall not need to provide your Personal data repeatedly with your new check-in. The processing of the personal data is executed based on the legitimate interest of the Hotel. This lies in increase of the satisfaction and comfort of the guest with their new check-in, since it can make the check-in process faster and easier. Your Personal Data are stored in our information system as long as the data are to be retained and no longer than it is necessary in order to provide accommodation services.
Data provided for the purpose of in Loyal Rewards programme: You can express your consent to the processing of the Personal Data for IHG Company by ticking the box during your registration into the Loyalty Rewards program IHG® Rewards Club. When you provide your Personal Data to IHG company, they shall be disposed of without undue delay.
- Camera system
Purpose and legal basis:
Safety, protection of health and property Your Personal Data are processed on the basis of our legitimate interest.
Retention period:
Visual record from camera systems is stored for 14 days since the day of producing the record.
- Marketing
Purpose and legal basis:
Making contact in order to provide news and our special, personalized offers. In case you give your consent, your Personal Data shall be also processed in order to contact you and provide you with information on news and our special, personalized offers by phone or and e-mail.
Retention period: Personal Data for marketing purposes are stored for 5 years.
- Contractual relations:
Purpose and legal basis:
Performance of the contract:
If you have concluded a contract with us, processing of your Personal Data can be unnecessary to fulfil the subject matter of the contract and this processing shall be performed under this contract.
Your Personal Data may be processed in order to perform the contract even if you are not a contractual party of the given contract, but this contract is otherwise related to you, e.g. you are a contact person (an employee) of our contractual party (your employer) mentioned in the contract so your Personal Data shall be processed upon our legitimate interest.
Retention period:
Your Personal Data are stored until the purpose of this processing (the subject of the contract) is fulfilled and until the end of the period defined for making possible claims. Accounting documentation related to the contracts must be stored for 10 years since the year they relate to.
- Communication:
Purpose and legal basis:
Mutual communication: In case you contact us in with any problem, by means of any communication canal (mail, e-mail or phone) your Personal Data shall be processed in order to communicate with you. Personal Data enabling communication with you are processed upon your request. Registration of incoming and dispatched mail is processed in compliance with the special law.
Retention period:
Your Personal Data shall be stored for the time needed for dealing with your request. Registration of incoming and dispatched mail shall be stored for 10 years following the year it is related to.
Complying with legal obligations
Altogether with the processing of your Personal Data for special purposes, they are also processed in compliance with various general provisions, giving us various obligations such as storing data in the accounting records or disclosing them to national and other authorities which supervise our activities, resolve disputes or implement decisions. Such specific regulations are e.g. Act 40/1964 Coll. Civil Code, Act No. 102/2004 Coll. Consumer Protection Act, and Act No. 222/2004 Coll. On Value Added Tax, Act No. 431/2002, Coll. On Accounting, Act No. 582/2004, Coll. on Local Taxes and Local Fee for Municipal Waste and Minor Construction Waste, Act No. 404/2001 Coll. On Residence of Aliens.
Retention period:
Retention period shall depend on our duty we are obliged to meet in compliance with a specific regulation.
Necessity to provide Personal Data
If the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to conclude a contract, the data subject is obliged to provide Personal Data. In other case it would not be possible to fulfil the purpose of Personal Data processing intended by the Controller in case that Personal Data in question would be provided.
Provision and disclosure of your Personal Data
In general, we can disclose and/or provide your Personal Data to other subjects such as tax office, governmental authority, public authority executing inspection and supervision (such as labour inspectorate), courts and law enforcement institutions, accountants, auditors, solicitors and barristers, IT systems and support suppliers and other external professional advisers and companies providing us with products and services. We are not responsible for appropriate protection of your Personal data provided and/or disclosed to other subjects in the position of a Processor.
Transfer of Personal Data to the third country or an international organisation
In some cases, your Personal Data can be transferred to a country outside the European Union, or the European Economic Area, particularly to the USA to InterContinental Hotels Group (IHG). This company complies with obligations given by US-EU Privacy Shield and thus protects your Personal Data in an appropriate way.
Automated decision-making including profiling
Processing of Personal Data for the purposes laid down above does not include any automated decision-making or profiling.
Your rights as a data subject while processing Personal Data
- The Right of Access
To put it simply, you have the right to know which of your Personal Data we process, for what purpose, how long, where we obtain them, to whom they are provided, who else processes them and what are your other rights related to the processing of your Personal Data. However, if you are not sure which of your Personal Data are processed, you may request a confirmation on whether Personal Data related to you are or are not processed in our company, and if so, you have the right to gain access to these Personal Data. Within the Right of Access you can request a copy of the processed Personal Data, whilst the first copy shall be provided free of charge, but other copies shall be charged. However, this right does not restrict the rights of the third parties.
- The Right of Rectification
Personal Data must be correct, up-to-date and truthful. If you find out that Personal Data we process are inaccurate or incomplete, you have right to have them corrected or completed without undue delay. Execution of this right shall help us to keep your Personal Data correct and up-to-date.
- The Right of Erasure
In some cases, you have the right to have your Personal Data erased. Your Personal Data shall be erased without undue delay, if any of the following reasons are fulfilled:
- Your Personal Data are no longer needed for the purposes they had been processed;
- You withdraw your consent to the processing of your Personal Data and the processing of these data requires your consent and we do not have any other basis or reason for further processing;
- You exercise your right to object against Personal Data processing, which have being processed on the basis of our legitimate interests and we find out that no such legitimate reasons overweight your legitimate reasons or
- you believe that the processing of Personal Data we provided was carried out unlawfully.
Please note that even if one of these reasons occur, it does not mean that we shall erase all you Personal Data immediately. Nonetheless, this right is not allowed, if the processing of your Personal Data is still necessary for the fulfilment of your legitimate obligation, realization or to defend our legal claims.
- The Right to Restrict the Processing
Apart from the right of erasure, you can also use the right to Restrict the Processing in some cases. This right sometimes enables you to request some of your Personal Data to be marked so they are not going to be the subject of any further processing – however, in this case not forever (as it is in case of the right of erasure), but only for a restricted period of time. The processing of personal data must be restricted if:
- you deny correctness of Personal Data during the period we can verify their correctness;
- we process your Personal Data unlawfully, but you prefer restriction rather than erasure of such data;
- your Personal Data are no longer needed for the purposes laid down above, but you request them to prove, exercise or defend your legal claims, or
- raise an objection
- The right to data portability
You have the right to acquire all Personal Data you provided and we process. Your Personal Data shall be provided for you in a structured, commonly used and machine-readable format. In this context you can exercise your right for such data transfer to another Controller under the condition that such transfer is technically possible. To transfer data on your request easily, the data transferred must be processed automatically in our electronic databases. However, this right does not restrict the rights of the third parties.
- Right to Object to the Processing
You have the right to object to the Personal Data processing which is conducted based on the Company’s lawful interest any time. The Company shall not keep processing of such personal data unless the lawful reasons which prevail over your interests, rights and freedoms or the reasons for claiming, exercising and defending legal entitlements can be proved. You have the right to object to the processing of your Personal Data, if they are processed for the purposes of direct marketing. In such case we immediately cease processing of your Personal Data for the purposes of direct marketing.
- The Right to Lodge a Complaint
In case you believe that your Personal Data are processed unjustifiably or contrary to generally binding legislative measures and you have the right to lodge a complaint with the Office for Personal Data Protection of The Slovak Republic, with registered office at Hraničná 12, 820 07 Bratislava, against the undertaken processing of Personal Data.
- The Right to Withdraw Consent
You have the right to withdraw the consent to the processing of personal data at any time, if the Personal Data are processed according to this law.
Where and how you can exercise your rights
In case of any questions related to this document or the use of your Personal Data, or if you wish to exercise the rights mentioned above, you may use an e-mail address: gdpr@cpbratislava.sk,, or write to our company address, or contact us personally at our reception.
Your request related to the processing of Personal Data shall be responded without undue delay and in any event within one month after receipt of the request. In specific cases, this period can be extended by two months, but we shall inform you on the reasons of the extension within one month after receipt of the request. Information are provided free of charge. If your requests are inappropriate or too frequent, we can require an appropriate administrative charge in connection with the processing of your request.
Security
The Company shall adopt required statutory, organisational, substantive and technical measures to protect personal data to abide effective laws on data security and privacy protection. If the Company provides and/or discloses personal data to a third person who shall render services necessary to fulfil some of the purposes for Personal Data processing, such third person being a Processor will have to adopt appropriate measures to protect the confidentiality, integrity and security of personal data. We have also taken necessary steps to ensure that your Personal Data we process are reliable, accurate and complete for their intended use.