The purpose of these principles is to demonstrate that the processing of personal data by the operator is carried out in accordance with the currently valid legislation, in particular Act 18/2018 Coll. on the protection of personal data (hereinafter referred to as the “new GDPR Act”) and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR Regulation”) ). The new legal regulation obliges the operator, taking into account the nature, scope and purpose of the processing of personal data and the risks of varying probability and severity for the rights of a natural person, to take appropriate technical and organizational measures to ensure and prove that the processing of personal data is carried out in accordance with new legislation. The operator is obliged to update the measures taken as necessary.
This document is the result of an assessment of the processing of personal data by the operator for the purposes of legal standards governing the protection of personal data. By introducing standardized personal data protection based on the principles listed here, the risk of personal data protection violations is minimized.
OPERATOR:
Business name: CITY GROUP s.r.o.
Registered office: Nová Koziarka 50, Bratislava 830 00, Slovak Republic
Legal form: Limited liability company
ID: 36 652 806
Registration: company registered in the Commercial Register of the City Court Bratislava III,
department: Sro, insert 41452/B
Statutory body: Andrej Balga
(further on in the policy text only as “operator”)
CONTACT INFORMATION:
If you want to contact us during the processing of your personal data, you can contact us at:
Phone: +421 905 105 555
Mail: [email protected]
LEGAL REASON FOR PROCESSING PERSONAL DATA:
The legal basis for the processing of personal data by the operator about affected persons of all categories is the following provisions of the GDPR, respectively. of the new ZOOÚ Act:
a) the processing of personal data is necessary for the performance of a contract (order) to which the affected person is a party, or for the implementation of measures prior to the conclusion of the contract based on the request of the affected person, – according to § 13 par. 1 letter b) ZOOÚ, or Art. 6 letters b) GDPR. (orders, handover protocols, accommodation vouchers, accommodation books…)
b) processing of personal data is necessary according to a special regulation or of the international agreement by which the Slovak Republic is bound, – according to § 13 par. 1 letter c) ZOOÚ, or Art. 6 letters c) GDPR (Cadastral Act, Commercial Code, Labor Code, Health Insurance Act, Social Insurance Act, Income Tax Act…)
c) the person concerned has expressed explicit consent to the processing of this personal data for one or more specified purposes, with the exception of cases where the law of the Union or the law of a member state stipulates that the prohibition referred to in paragraph 1 cannot be canceled by the person concerned; – according to Art. 9 par. 2, letter a) of the GDPR regulation
d) the processing of personal data is necessary for the purpose of the legitimate interests of the operator or a third party, except in cases where these interests are overridden by the interests or rights of the data subject requiring the protection of personal data, especially if the data subject is a child, – according to § 13 par. 1 letter f) ZOOÚ, or Art. 6 letters f) GDPR
e) further processing of personal data for the purpose of archiving, for scientific purposes, for the purpose of historical research or for statistical purposes, if it is in accordance with a special regulation and if adequate guarantees for the protection of the rights of the person concerned are observed.
STATEMENT:
We declare that, as the operator of your personal data, we fulfill all legal obligations required by applicable legislation, in particular the Personal Data Protection Act and the GDPR, and therefore that:
the new ZOÓU Act and the GDPR regulation.
PERSONS CONCERNED:
PURPOSES OF PROCESSING:
We process personal data that you entrust to us yourself for the purposes of fulfilling the following purposes:
The company CITY GROUP s.r.o. is the operator of the personal data obtained in connection with the services it provides to its customers.
Your personal data:
are processed for the purpose of:
HOW LONG WE WILL COLLECT YOUR PERSONAL DATA:
The operator guarantees that the personal data provided by the affected person will be processed in information systems in accordance with the principle of minimization of storage, and in the event that the purpose of processing ceases to exist, the operator guarantees to delete the personal data. In the event that said personal data will be processed for a purpose other than that specified above in this article, the person concerned will be informed about this purpose as well as about the legal basis of such processing even before such processing.
SECURITY AND PROTECTION OF PERSONAL DATA:
We protect personal data to the maximum extent possible. We protect them as if they were our own. We have implemented all possible technical and organizational measures that prevent misuse, damage or destruction of your personal data.
TRANSFER OF PERSONAL DATA TO THIRD PARTIES
(INTERMEDIARIES, BENEFICIARIES):
Authorized persons authorized by the operator, who are bound by confidentiality and trained in processing security, have access to your personal data. We manage most of the processing operations ourselves and do not need 3rd parties for them. In order to ensure some specific processing operations that we cannot ensure on our own, we use the services of intermediaries who specialize in the given processing and are bound by an intermediary agreement in accordance with the GDPR. They are providers of the following platforms and services:
TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION:
We process data exclusively in the European Union or in countries that ensure the level of protection based on the decision of the European Commission.
YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA:
You have several rights in connection with the protection of personal data. If you would like to exercise any of these rights, please contact us via the above email address. You have the right to information that is already fulfilled by these personal data processing principles. – information obligation Thanks to the right of access, you can challenge us at any time and we will provide you with proof within 30 days of what personal data we process and why. If something changes for you or if you find any of your personal data out of date or incomplete, you have the right to supplement and change your personal data. You can use the right to restrict processing if you believe that we are processing your inaccurate data, you think that we are processing illegally, but you do not want to delete all data, or if you object to the processing.
You can limit the scope of personal data or processing purposes. Right to erasure (to be forgotten): Your other right is the right to erasure, in the event that there is no statutory legal basis that entitles us or a legal obligation that orders us to process your personal data. In this case, we will delete all your personal data from our system, as well as from the system of all sub-processors and backups within the statutory period. Complaint to the Office for Personal Data Protection: If you feel that we are not handling your data in accordance with the law, you have the right to contact the Office for Personal Data Protection at any time with your complaint. We will be very happy if you first inform us about this ripening, so that we can do something about it and correct the possible error.
SILENCE
We would like to assure you that as the operator, as well as our employees, collaborators and intermediaries who will process your personal data, they are obliged to maintain confidentiality about personal data, the provision of which would jeopardize the security of your personal data. This confidentiality continues even after the end of the relationship with us. Without your consent, your personal data will not be provided to a third party.
These principles of personal data processing apply from 1 July 2023 and replace the previous Personal Data Protection.
