Terms of protection of personal data
I. Basic provisions
Controller of personal data according to Art. 4 point 7 of the Regulation of the European Parliament and the Council (EU) 2016/679 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) is DITY EU s.r.o., ID: 51814536 with registered office: Klincová 35 821 08 Bratislava – Ružinov district
The contact details of the operator are:
Address:Klincová 35 821 08 Bratislava – Ružinov district
Personal data are data relating to an identified natural person or an identifiable natural person who can be identified directly or indirectly, in particular on the basis of a generally applicable identifier, another identifier such as a name, surname, identification number, location data, or an online identifier, or on based on one or more characteristics or signs that make up its physical identity, physiological identity, genetic identity, psychological identity, mental identity, economic identity, cultural identity or social identity.
The controller of personal data has not appointed an intermediary for the protection of personal data.
II. Sources and categories of processed personal data
The operator processes personal data that you have provided to him or personal data that the operator has obtained based on the fulfillment of your order.
The operator processes your identification and contact data and data necessary for the performance of the contract.
III. Legal reason and purpose of personal data processing
The legal reason for processing personal data is
performance of the contract between you and the operator according to Art. 6 par. 1 letter b) GDPR,
the operator’s legitimate interest in providing direct marketing (especially for sending business offers and newsletters) according to Art. 6 par. 1 letter f) GDPR,
processing is necessary for the performance of a contract to which the affected person is a party, or to take measures prior to the conclusion of the contract based on the request of the affected person.
The purpose of personal data processing is
fulfillment of your request and performance of rights and obligations arising from the contractual relationship between you and the operator; when filling out the contact form, personal data are required, which are necessary for the successful processing of the request (name and address, contact)
sending business offers and performing other marketing activities.
On the part of the operator, there is no automatic individual decision-making in the sense of Art. 22 GDPR. You have given your express consent to such processing.
IV. Data Retention Period
The operator stores personal data
for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the operator and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
for the period until consent to the processing of personal data for marketing purposes is revoked, a maximum of 15 years if personal data is processed based on consent.
After the personal data storage period has expired, the operator will delete the personal data.
V. Recipients of personal data (subcontractors of the operator)
Recipients of personal data are persons
involved in receiving messages from contact forms and reservations,
providing marketing services.
The operator does not intend to provide personal data to a third country (a country outside the EU) or an international organization.
Services provided, providing marketing and support services
Google analytics – records cookies and website usage
Google Adwords – records cookies and website usage
VI. Your rights
Under the conditions set out in the GDPR, you have
the right to access your personal data according to Art. 15 GDPR,
the right to correct personal data according to Art. 16 GDPR, or restriction of processing according to Art. 18 GDPR.
the right to erasure of personal data according to Art. 17 GDPR.
the right to object to processing according to Art. 21 GDPR a
the right to data portability according to Art. 20 GDPR.
the right to withdraw consent to processing in writing or electronically to the address or email address of the operator listed in art. III of these conditions. You can revoke consent at any time in your own customer account.
You have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
VII. Terms of security of personal data
The operator declares that he has taken all appropriate technical and organizational measures to secure personal data.
The operator has taken technical measures to ensure data storage and storage of personal data in paper form, secure / encrypted access to the website, encryption of customer passwords in the database, regular system updates, regular system backups.
The operator declares that only persons authorized by him have access to personal data.