GDPR
Overview of the visitors´ personal data processing (persons entering the premises of the operator)
according to the Regulation of the European Parliament and the Council (EU) 2016/679 on the protection of physical bodies in the processing of personal data and on the free movement of such data (hereinafter referred to as the "GDPR Regulation") and Act No. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws (hereinafter referred to as the "Law on Personal Data").
The aim of this overview is to provide you with basic information about the processing of your personal data when you enter and move around our premises.
Complete information is available at the contact address below.
Identification and contact data
The operator processing your personal data is Fitak s.r.o.,/limited company/ address: Liptovsky Jan 2079, 032 03 Liptovsky Jan district (hereinafter referred to as the "operator")
In case of ambiguities, questions regarding the processing of your personal data, suggestions, or complaints, if you believe that we process your personal data illegally or unfairly, or in case of applying any of your rights, you can contact us at any time by sending an email to: info@ fitakhotel.sk, or in writing to the operator's address.
Basic overview of processing activities
We may process your personal data as part of the following processing activities (IS):
|
Name and description of the processing activity - purpose and legal basis, other important fact |
Categories of affected persons |
Categories of personal data |
Deadline for erasure of personal data |
Category of recipients (external) |
|
Camera system - if you move in our monitored premises, which are marked with a camera pictogram at the entrance, you will be recorded on a camera recording, the purpose of which is to maintain safety (including crime detection), protect life, health, property and financial interests of the operator and protection of life, health and property of physical bodies who move in the monitored area. We respect your right to privacy and do not monitor with cameras the zones where you expect privacy - these are mainly spaces intended for rest and relaxation (kitchen, toilets, dressing rooms, dayroom - rest room...). The records can be used to infer responsibility towards you in case of violation of internal regulations, if we have ensured your familiarization with them, and/or legal regulations related to threats or damage to property, life, health, safety, or financial interests. Processing is a legitimate interest of the operator or the third party. |
persons moving in the monitored space. |
• personal data (ordinary - captured on the camera). |
7 days. |
(1.5) police force, other authorized entity, |
|
Technical and organizational measures – with the aim of maintaining your and our security (including your personal data), proving the fulfilment of our legal obligation and proving, applying, defending our legal claims or the claims of the third parties, we may process records with your personal data. If necessary, it can be for example: - records of your consent to data processing, - records of the fulfilment of our information obligation towards you, - records of the processing of your request, - records of permitted/allocated access and assets and their use, if we have permitted/allocated them to you, - records that are necessary as part of the investigation of security incidents and violations of personal data protection, - records (confirmations) if we trained you, - records, if you have undertaken to maintain confidentiality, - records if you were part of our control activity, audit, - other records related to the performance of adopted technical and organizational measures. The processing is in the legitimate interest of the operator and at the same time an obligation arising from the GDPR regulation. The records can be used to infer responsibility towards you and as evidence to demonstrate, apply or defend the legal claims of the operator or the third party (especially in connection with a threat/violation of security, including the protection of human life and health, property, financial or property damage, interruption of activity, damage to the reputation, know-how leak, etc.). |
employees, a responsible person, applicants for the application of the rights, persons towards whom the operator fulfils obligations arising from the GDPR regulation, persons involved in or resolved within security incident, intermediaries, other external entities (such as if persons were invited to the resolved issue - consultants, auditors, lawyers,) employees of the bodies on the basis of special legal regulations (e.g. employees of a supervisory body as part of consulting, control activities) and so on.
|
• personal data (ordinary - identification, contact data, which, however, may be supplemented with other necessary data of a different nature, depending on the nature of the matter - e.g. login data, data related to the behaviour of the user/perpetrator (e.g. logs of logins, logouts, activities), data necessary to verify the identity of the person who requested the application of the rights, data resulting from violations of internal regulations (e.g. circumvention of security settings, etc.) and so on
|
According to the chapter "record keeping, archiving" of the Personal Data Protection Policy and the Personal Data Security Policy (most records are kept for 3 years or less, records on deletion or containing contracts for 5 years, some records are permanent - e.g. related to the resolution of security incidents, impact assessments, informing affected persons, etc.). |
(1a,5) responsible person, Personal Data Protection Office of the Slovak Republic, (1b,5) Police, Prosecutor's Office of the Slovak Republic, courts of the Slovak Republic, (1c) other authorized entity. |
Data from some of the above-mentioned processing operations may be used in the applicable case and to the extent necessary to prove, apply or defend our legal claims, or the legal claims of the third party (for example, providing data to law enforcement authorities, bailiffs, lawyers, etc.),
as a part of judicial or extrajudicial proceedings, debt collection, etc. Some personal data obtained (e.g. confirmations, records, other documents confirming the given fact, etc.) may be stored and used as "the evidence" for the purposes of audits, control activities by the third parties, as a part of the verification of the proper operator's obligations fulfillment in terms of legislative requirements, or other requirements (contractual, sectoral, etc.).
Your rights
As a data subject about whom we process personal data, in accordance with the GDPR regulation and the Act on Personal data protection, you have rights in connection with the processing of personal data, namely the right to request from the operator access to the personal data that is processed about you, the right to correction (or addition) of personal data, the right to delete or limit the processing of personal data, the right to object to the processing of personal data, the right to the ineffectiveness of automated individual decision-making, including profiling, the right to portability of personal data, the right to withdraw the consent to the processing of personal data. If you decide to apply some of your rights, you can use our request form, which is available in the complete information on the processing of your personal data. In case you are not satisfied with our answer, or you believe that we have violated your rights, or we are processing your personal data unfairly, illegally, etc. you have the opportunity to file a complaint - a proposal to initiate proceedings to the supervisory authority, which is the Personal Data Protection Office of the Slovak Republic.
