Protection of Personal Data

When processing your personal data, we proceed in a lawful manner, in accordance with the applicable legislation, the Personal Data Protection Act and the EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

1. 1. IDENTIFICATION AND CONTACT DETAILS

COMPANY: OCEAN TOUR, s.r.o.

FACILITY NAME: Hotel Mousson****

ID: 36 576 450

Address: T. J. Moussona 1,

071 01 Michalovce

Data Protection Officer and Personal Data Controller: Ing. Slávka Fellegiová

Email: info@hotelmousson.sk

This document describes how the controller OCEAN TOUR, s.r.o., T. J. Moussona 1, 071 01 Michalovce, ID No.: 36 576 450, registered in the Companies Register at the Košice I District Court. Section X.: Sro, file no.: 14589/V (the “Controller”) processes personal data. We process your personal data in accordance with the requirements of the GDPR, Act no. 18/2018 on the protection of personal data and on the amendment of certain acts, as amended, and other generally binding legal regulations.

2. 2. PERSONAL DATA CONTROLLER 

The controller of personal data is:

Personal data is any information relating to an identified or identifiable natural person; An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as a name, an identification number, address, a national ID number, a telephone, an e-mail containing a first name or surname, location data, a network identifier, etc. of that natural person.

3. 3. RECIPIENTS OF PERSONAL DATA

Recipients or categories of recipients to whom the data may be disclosed/notified:

Public authorities, health insurance companies and others where applicable legislation exists, external contractors in accordance with Section 11 of the BDSG, external service providers, affiliates and internal departments for the purpose stated in point 5.

WebSupport s. r. o., Karadžičova 12, 821 08 Bratislava

MI:SU Design, s. r. o., Prostějovská 115/A, 080 01 Prešov

4. 4. SOURCES AND CATEGORIES OF PERSONAL DATA PROCESSED

The Controller processes the personal data that you have provided to the Controller or the personal data that the Controller has obtained on the basis of the fulfilment of your order.

The Controller processes your identification and contact data and data necessary for the performance of the contract.

The Controller is entitled to process in particular the following personal data of the Data Subject:

• • address and identification data used for the unambiguous and unmistakable identification of the Data Subject (e.g. first name, surname, title, permanent residence address, business address, delivery address, company registration number, VAT no.) and contact details for the Data Subject (e.g. Contact address, telephone number, e-mail address, etc.),
• • descriptive data (e.g. Bank details, order history),
• • photos, thumbnails, banners, and videos,
• • data provided beyond the scope of applicable laws processed within the framework of the consent granted by the Data Subject (e.g. the use of personal data for the purpose of personnel management, the use of personal data for the purpose of promotion, etc.),
• • personal settings (preferences), including settings regarding marketing and the use of cookies by the Data Subject,
• • other data necessary for the performance of the contract,
• • other personal data provided by the Data Subject to the Controller.

5. 5. PURPOSES OF PERSONAL DATA PROCESSING

The Controller processes the personal data of the Data Subject for the purposes of:

1. 1. performance of a contract, on the basis of Article 6(1)(b) of the GDPR,
2. 2. compliance with the Controller’s legal obligation stipulated by a generally binding legal regulation, on the basis of Article 6(1)(c) of the GDPR (e.g. the Controller’s obligation to keep accounting and tax documents),
3. 3. determination, exercise or defence of the Controller’s legal claims, based on Article 6(1)(f) of the GDPR,
4. 4. sending commercial communications, on the basis of Article 6(1)(f) of the GDPR due to the existence of a legitimate interest of the Controller in direct marketing,
5. 5. other marketing purposes of the Controller associated with the offer of products and services; sending information about news (products, technologies, showrooms), company presentations (fairs, exhibitions), services, etc. (e.g. in the form of sending newsletters, telemarketing); contacting you for market research and marketing research; contacting for the purpose of greetings for important public holidays and sending gift vouchers, etc. on the basis of Article 6(1)(a) of the GDPR.

6. 6. PERSONAL DATA RETENTION PERIOD

OCEAN TOUR, s.r.o. will destroy the stored data after the expiry of the period specified by law, the consent granted or if it no longer needs them. Personal data will be processed only for the period that is necessary with regard to the purpose of processing. With the above in mind:

• • for the purpose referred to in letter A) above, personal data will be processed until the termination of the obligations arising from the contract (this is without prejudice to the possibility of the Controller to subsequently further process the personal data – to the extent necessary),
• • for the purpose referred to in letters B), C), D) and/or E) above,
• • for the purpose referred to in letter B) above, personal data will be processed for the duration of the relevant legal obligations of the Controller,
• • for the purpose referred to in letter C) above, personal data will be processed until the expiry of the 4th calendar year following the end of the guarantee period under the contract (if a quality guarantee has been agreed in the contract), but at least until the expiry of the 5th calendar year following the termination of the obligations under the contract,
• • in the event of the initiation and duration of judicial, administrative or other proceedings in which the rights or obligations of the Controller in relation to the relevant Data Subject are resolved, the period of personal data processing will not end
• • for the purpose referred to in letter C) above before the end of such proceedings,
• • for the purpose of sending commercial communications under letter D) above, personal data will be processed until the Data Subject expresses his/her disagreement with such processing,
• • for the purposes referred to in letter E) above, personal data will be processed for the period for which the Data Subject has given consent to the Controller under a separately agreed consent to the processing of personal data. In this case, the Data Subject acknowledges that before the expiry of this period, the Controller may contact him in order to renew his consent.

7. 7. USE OF SOCIAL MEDIA LINKS

Our website may contain the social networking functions Facebook and Instagram. Related services are provided by Facebook Inc. and Instagram (“Providers”).

Facebook is operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. An overview of Facebook buttons and their appearance can be found at: https://developers.facebook.com/docs/plugins

Instagram is operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. An overview of Instagram plugins and their appearance can be found at: https://developers.facebook.com/docs/instagram/embed-button

The link tells the provider which of our websites you have visited. If you are logged into your Facebook or Instagram user account while browsing our website, the provider is able to obtain information about your interests, i.e. information that you can access via your user account. By using any of the linking functions (e.g. clicking on the “Like” button, leaving a link), this information will also be transferred by the browser directly to the provider for storage.

For more information on the collection and use of data by Facebook or Instagram, your rights and the options available to protect your privacy in the following cases, please refer to the provider’s data protection/privacy notice:

Facebook’s data protection/privacy notice:

http://www.facebook.com/policy.php

Instagram Provider’s Data Protection/Privacy Notice:

https://privacycentre.instagram.com/policy/?section_id=18-LegalBasisInformationConsent

If you want to prevent Facebook or Instagram from linking your visit to our site to your user account, you must log out of the relevant user account before accessing our site.

8. 8. YOUR RIGHTS

1. 1. Subject to the conditions laid down in the Act, you have:

• • the right to access your personal data under Section 21 of the Act,
• • the right to rectification of personal data under Section 22 of the Act, or restriction of processing under Section 24 of the Act,
• • the right to erasure of personal data under Section 23 of the Act,
• • the right to object to processing under Section 27 of the Act;
• • the right to data portability under Section 26 of the Act;
• • the right to withdraw consent to processing in writing or electronically to the address or email of the Controller.

You have the right to withdraw your consent to the processing or use of your personal data at any time with effect for the future. Send an e-mail to info@hotelmousson.sk or a letter to T. J. Moussona 1, 071 01 Michalovce.

2. 2. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

9. 9. CONCLUSION

You agree to these terms and conditions by ticking the consent box using the online form. By ticking the box, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in their entirety.

These rules apply in relation to Data Subjects, unless otherwise agreed between the third party and the Controller. The Controller reserves the right to change these terms and conditions for the protection and processing of personal data in any way and at any time, while the current status will always be posted on the hotelmousson.sk website.