General Terms and Conditions for Gift Vouchers valid and effective from 1.11.2022

Historic Hotels of Slovakia, a civic association, with its registered office at Prístavná 11, 921 01 Piešťany, ID No.: 42 158 125 (hereinafter referred to as “HHS” or “HHS Association”), which operates the website www.historickehotelyslovenska.sk, issues these General Terms and Conditions of the www.historickehotelyslovenska.sk portal in accordance with § 273(1) of Act No. 513/1991 Coll. of the Commercial Code, as amended:

  1. Introductory Provisions
    1.1 HHS is a civic association registered in the list of civic associations maintained by the Ministry of the Interior of the Slovak Republic. The aim of HHS is to promote the development of tourism and to present Slovakia as a culturally and historically attractive destination both domestically and abroad. HHS is authorized to conduct business in the field of intermediary services.
    1.2 As part of its activities, HHS has created the project “Association of HISTORIC HOTELS OF SLOVAKIA.” The HHS Association is a unique collection of hotels located in historic buildings, castles, and manor houses across Slovakia. The aim of the project is to preserve values such as the history of Slovak architecture, traditions, and the culture of the Slovak nation, and above all, to provide quality services and an unforgettable experience for every moment spent in one of the member hotels.
    1.3 The General Terms and Conditions of the www.historickehotelyslovenska.sk portal (hereinafter referred to as “GTC”) govern every contractual relationship between HHS and a third party, the subject of which is to provide the mediation of accommodation services in the member hotels through gift vouchers issued by HHS.
    1.4 The current version of the GTC is available on the website www.historickehotelyslovenska.sk. HHS reserves the right to unilaterally change or replace these GTCs with new ones, with any such change taking effect and becoming valid on the date of their publication on the website.
  2. Definition of Basic Terms
    2.1 A member hotel is a legal entity or natural person authorized to provide accommodation services, is a valid member of HHS, and has committed, based on a written agreement with HHS, to provide accommodation services at its premises for gift vouchers issued by HHS, and this information is published on the website.
    2.2 A client is a natural or legal person who purchases a gift voucher on the website.
    2.3 A holder is a natural person who presents a gift voucher at a member hotel to pay for accommodation services, stay packages, or parts thereof.
    2.4 The website refers to the HHS Association’s website www.historickehotelyslovenska.sk.
    2.5 A gift voucher is a gift voucher issued by the HHS Association.
    2.6 The nominal value of a gift voucher is the monetary value stated on the gift voucher. HHS issues gift vouchers in the values of 100 EUR, 200 EUR, 300 EUR, 400 EUR, 500 EUR, and 750 EUR.
    2.7 HHS accepts orders from clients via the website www.historickehotelyslovenska.sk and the ordering and billing system FAPI. By placing an order on the website, the client agrees to the provisions of the GTC in effect at the time of the order. The order for the purchase of a gift voucher is binding on the client only from the moment of payment of the price for the gift voucher as stated on the website.
    2.8 The client pays the price via bank transfer by entering the payment details from their payment card directly into the order form.
    2.9 HHS is obliged to issue and deliver the ordered gift vouchers to the client only after the agreed price has been paid. Delivery is carried out electronically to the buyer’s email address.
    2.10 The holder may use the gift voucher to pay for accommodation services or stay packages only in the member hotels that are listed on the website on the date of the voucher’s use.
    2.11 The holder is obliged to inform the member hotel in advance that they will be using a gift voucher for the payment of accommodation services; the client undertakes to inform the holder of this obligation as well as other obligations arising from the GTC.
    2.12 The holder is not entitled to request monetary compensation from the member hotel for a presented gift voucher. If the price of the accommodation service is lower than the nominal value of the gift voucher, the holder is not entitled to a refund of the difference between the price of the service provided and the nominal value of the gift voucher. If the price of the service provided exceeds the nominal value of the gift voucher, the holder is obliged to pay the amount exceeding the nominal value of the gift voucher by another form of payment.
    2.13 The client acknowledges and agrees that HHS is not responsible for the quality of the services provided at the member hotels.
    2.14 HHS undertakes to allow the holder to use the purchased gift vouchers in the member hotels. HHS will take appropriate measures to expand the number of member hotels and regularly update their list published on the website.
    2.15 HHS is not entitled to a commission from the client for the mediation of accommodation services in the member hotels.
  3. Gift Vouchers
    3.1 A gift voucher is valid for one year from the date of payment of the voucher price.
    3.2 A gift voucher is used to pay for accommodation services or stay packages at a member hotel in the nominal value stated on it.
    3.3 A gift voucher is issued in electronic form according to the client’s order.
    3.4 Each gift voucher is marked with a nominal value. The validity period as well as the unique code of the gift voucher may be added to the voucher by the purchaser after printing it (if deemed appropriate).
    3.5 HHS will send the gift voucher immediately after the payment is credited to the account, by electronic mail to the purchaser’s email address specified in the order form.
  4. Contractual Terms and Conclusion of the Purchase Contract
    4.1 The provisions of the terms and conditions are an integral part of the purchase contract. The purchase contract and the terms and conditions are drawn up in the Slovak language. The purchase contract can be concluded in the Slovak language.
    4.2 The wording of the terms and conditions may be changed or supplemented by the seller. This provision does not affect the rights and obligations arising during the validity period of the previous version of the terms and conditions.
    4.3 The seller is a VAT payer. The prices of the goods remain valid for the period they are displayed on the online store interface.
    4.4 To order gift vouchers, the buyer fills out the order form on the store interface. The order form contains mainly information about:
    4.4.1. the nominal value of the ordered gift vouchers (both in words and numerically, with the possibility to combine the required value of the gift vouchers),
    4.4.2. the method of payment of the purchase price for the gift vouchers (hereinafter referred to as the “order”).
    4.5 The buyer sends the order to the seller by clicking on the “Submit Order” or “Submit” button. The data provided in the order are considered correct by the seller. The seller will immediately confirm receipt of the order to the buyer by electronic mail to the buyer’s email address specified in the order (hereinafter referred to as the “buyer’s email address”).
    4.6 The contractual relationship between the seller and the buyer arises upon delivery of the accepted order (acceptance), which is sent by the seller to the buyer by electronic mail to the buyer’s email address.
    4.7 The buyer agrees to the use of remote communication means when concluding the purchase contract. The costs incurred by the buyer when using remote communication means in connection with the conclusion of the purchase contract (costs of internet connection, costs of phone calls) are borne by the buyer, and these costs do not differ from the basic rate.
  5. Price of Goods and Payment Terms
    5.1 The buyer can pay the price of the goods and any costs associated with the delivery of the goods under the purchase contract to the seller in the following ways:
    a) by bank transfer,
    b) or by entering their card number, expiration date, and CVC code found on the back of the payment card directly into the order form (this payment is made through the secure payment gateway Stripe).
    5.2 In the case of non-cash payment, the buyer is obliged to pay the purchase price of the goods together with the specified variable payment symbol. In the case of non-cash payments, the contractual obligation to pay the purchase price is fulfilled at the moment the relevant amount is credited to the seller’s account.
    5.3 Regarding payments made under the purchase contract, the seller issues a tax document – an invoice to the buyer. The seller is a VAT payer. The tax document – an invoice marked PAID is issued by the seller to the buyer after payment of the goods and sent in electronic form to the buyer’s email address.
  6. Other Rights and Obligations of the Parties
    6.1 The buyer acquires ownership of the goods by paying the full purchase price of the goods. In our case, the buyer acquires ownership of the gift voucher by paying the full purchase price of the gift voucher.
  7. Sending Commercial Communications and Storing Cookies
    7.1 The buyer agrees to receive information related to the goods, services, or the seller’s company to the buyer’s email address and further agrees to receive commercial communications from the seller to the buyer’s email address.
    7.2 The buyer agrees to the storing of cookies on their computer. If the purchase on the website can be made and the seller’s obligations under the purchase contract can be fulfilled without storing cookies on the buyer’s computer, the buyer may withdraw their consent under the previous sentence at any time.
  8. Complaints and Grievances
    8.1 If the client does not receive the gift voucher within the period specified in these GTCs, or if the gift voucher contains conditions other than those agreed upon, or if the gift voucher has other defects, the client may file a complaint via email at: shop@historickehotelyslovenska.sk. The complaint period is 48 hours from the delivery of the gift voucher in electronic form and 2 business days from the delivery of the gift voucher in paper form. If the gift voucher is not delivered, the complaint period is 3 business days from the expiration of the delivery period for the gift voucher. If the client does not file a complaint within the periods and in the manner stated above, their rights to file a complaint will expire.
    8.2 HHS is obliged to rectify defects within 5 business days of receiving the complaint. If the defect is not rectified within the specified period, the client is entitled to withdraw from the contract.
    8.3 Complaints and suggestions can be sent to the HHS headquarters.
  9. Processing of Personal Data
    9.1 In accordance with § 11 of Act No. 122/2013 Coll. on the Protection of Personal Data and on Amendments to Certain Acts, the client provides HHS as the controller (also referred to as the “controller”) with consent to process personal data within the scope of title, name, surname, address, email address, for the purpose of correct processing of the order.
    9.2 The client grants the controller consent to the processing of their personal data for a fixed period until the purpose of processing the client’s personal data is fulfilled.
  10. Delivery
    10.1 The gift voucher and unique codes will be delivered to the buyer’s email address.
  11. Withdrawal from the Contract
    11.1 The buyer has the right to withdraw from the purchase contract within fourteen (14) days of receiving the goods, which in the case of gift vouchers means the delivery of unique codes and relevant gift vouchers to the buyer’s email address. Withdrawal from the purchase contract must be sent to the seller within the period specified in the previous sentence. Withdrawal from the purchase contract may be sent to, among other addresses, the seller’s contact address or the seller’s email address.
    11.2 In the event of withdrawal from the contract under Article 4.2. of the terms and conditions, the seller will return the funds received from the buyer within fourteen (14) days of the withdrawal from the purchase contract in the same manner in which the seller received them from the buyer. If the buyer withdraws from the purchase contract, the seller is not obliged to return the received funds to the buyer before the buyer proves that the gift vouchers have not been redeemed.
  12. Final Provisions
    12.1 These GTCs are prepared in accordance with generally binding legal regulations of the legal system of the Slovak Republic, especially but not limited to the Civil Code, while the rights and obligations of HHS and the client established by these general terms and conditions but not explicitly regulated shall be governed mainly by this law and, if necessary, by the provisions of other applicable legal regulations of the legal system of the Slovak Republic.
    12.2 The purchase contract, including the terms and conditions, is archived by the seller in electronic form and is not accessible.
    12.3 Seller’s contact details: shop@historickehotelyslovenska.sk
  1. Security and Personal Data Protection (GDPR) 

Basic Information

Data Controller: Historické Hotely Slovenska, Civic Association, with registered office at Prístavná 11, 921 01 Piešťany, ID No.: 42 158 125, approaches your personal data responsibly. Therefore, in accordance with Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR Regulation”) and Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain acts (hereinafter referred to as the “Act”), it provides you as a data subject (a natural person whose personal data is processed) with necessary information on its website, including identification and contact details, as well as other necessary information available in the tabs on the left.

The Data Controller, following Article 24 of the GDPR Regulation and Section 31 of the Act, has implemented appropriate technical, organizational, personnel, and security measures and safeguards, which take into account, in particular:

  • principles of data processing, including lawfulness, fairness, transparency, purpose limitation, data minimization, pseudonymization, encryption, as well as integrity, confidentiality, and availability;
  • principles of necessity and proportionality (regarding the scope and quantity of processed data, retention period, and access to personal data of the data subject) concerning the processing purpose;
  • nature, scope, context, and purpose of the processing operation;
  • resilience and recovery of data processing systems;
  • training of authorized persons by the Data Controller;
  • prompt detection of personal data breaches and timely notification to the supervisory authority and Data Protection Officer;
  • measures to correct or delete incorrect data or exercise other rights of the data subject;
  • risks with varying probability and severity concerning the rights and freedoms of natural persons (such as accidental or unlawful destruction, loss, alteration, or misuse of personal data—unauthorized access or disclosure, and risk assessment considering the origin, nature, likelihood, and severity of the risk in connection with data processing, and identification of best practices for risk mitigation).

Information on the Purpose of Data Processing and Retention Period

Purpose of Processing Personal Data
One of the principles of data processing is purpose limitation. Under this principle, personal data must only be collected for specific, explicitly stated, and legitimate purposes and must not be further processed in a way incompatible with these purposes. The processing of personal data should be closely related to the purpose of data processing, particularly concerning the list or scope of personal data, which should be necessary to achieve the purpose. It is not appropriate to artificially or additionally expand the list or scope of personal data beyond the intended purpose. If the purpose and the list or scope of personal data are defined by law, it must be respected. If the Data Controller defines the list or scope of personal data, care should be taken not to expand it unnecessarily beyond the purpose.

The Personal Data Protection Act requires the Data Controller to provide the data subject with information about the purpose for which their data is being processed, even when the data is not collected directly from the data subject. This information should be provided to the data subject at the latest at the time of data collection or, if possible, in advance, clearly and understandably, so that the data subject can familiarize themselves with and understand the information.

We process your personal data to comply with legal obligations related to taxes and accounting, to fulfill your orders and services, for invoicing purposes, or to deliver orders to your contact address.

Data Processing Duration or Criteria for Its Determination:
Your personal data is processed for as short a time as possible. Generally, we securely dispose of all your personal data once we have fulfilled our contractual obligations or after you withdraw your consent to the processing of personal data, or after the expiration of a reasonable period as governed by the principle of data minimization under Article 5(1)(e) of the GDPR, which regulates data retention.

As the Data Controller, we ensure the deletion of personal data without undue delay after:

  • all contractual relationships between you and our company have ended; and/or
  • all your obligations to our company have been settled; and/or
  • all your complaints and requests have been resolved; and/or
  • all other rights and obligations between you and our company have been settled; and/or
  • all legal purposes for processing your personal data, or the purposes for which you provided consent, have been fulfilled; and/or
  • the consent period has expired, or you have withdrawn your consent; and/or
  • your request for deletion of personal data has been fulfilled, and one of the reasons justifying compliance with the request has been met; and/or
  • the relevant legal basis for ending the processing purpose has occurred, and the retention period has expired, considering the principle of data retention minimization.
  • At the same time, there is no further legitimate interest from our company, and all obligations imposed by general legal regulations that require the retention of your personal data (particularly for purposes such as archiving or tax audits) have been fulfilled. 

Should any personal data be accidentally obtained, it will not be processed systematically. When possible, the data subject will be informed about the accidental acquisition, and necessary assistance will be provided to regain control over their personal data. Once the situation has been resolved, all accidentally obtained personal data will be securely deleted without delay.

If you are interested in further details about the specific retention period of your personal data, please contact us via the contact information provided on our website.

Data Subject Rights

Rights of the Data Subject

Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR Regulation”) and Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain acts (hereinafter referred to as the “Act”), guarantee the following rights to you as a data subject:

  1. a) Right of access to personal data, which includes:
  • The right to obtain confirmation from the Data Controller whether or not personal data concerning you are being processed;
  • If personal data are processed, the right to access those personal data and the following information:
    • Information about the purposes of processing;
    • Information about the categories of personal data concerned;
    • Information about recipients or categories of recipients to whom personal data have been or will be disclosed, particularly recipients in third countries or international organizations;
    • Where possible, information about the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
    • Information about the existence of the right to request from the Data Controller the rectification or erasure of personal data, or restriction of processing of personal data, and the right to object to such processing;
    • Information about the right to lodge a complaint with a supervisory authority;
    • If the personal data were not collected from you, any available information as to their source;
    • Information about the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation, and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
  • The right to be informed about the appropriate safeguards under Article 46 of the Regulation relating to the transfer of personal data to a third country or international organization;
  • The right to obtain a copy of the personal data being processed, provided that the right to obtain a copy of personal data must not adversely affect the rights and freedoms of others.

The data subject’s right of access to personal data essentially means that the data subject has the right to obtain confirmation from us as to whether or not personal data concerning them is being processed, and if so, the right to access such personal data. Upon the data subject’s request, we will provide a copy of the personal data being processed. For any additional copies requested by the data subject, we may charge a reasonable fee based on administrative costs. If the data subject submitted their request electronically, the information will be provided in a commonly used electronic format, unless the data subject requests otherwise. Information must be provided without delay and at the latest within one month of the request. We have the right to extend the processing time by an additional two months if the request is complex or frequent. However, we must inform the data subject of the reason for the extension within one month. In the case of unfounded or excessive requests, we have the right to charge a fee corresponding to the administrative costs or to refuse the request. We must explain the reason for the refusal and inform the data subject of their right to lodge a complaint with the supervisory authority.

  1. b) Right to rectification of personal data, which includes:
  • The right to have the Data Controller, without undue delay, correct inaccurate personal data concerning you;
  • The right to have incomplete personal data completed, including by means of providing a supplementary statement.

The data subject’s right to rectification of personal data means that you can request us to correct or complete your personal data at any time if it is inaccurate or incomplete. The data subject has the right to have incomplete personal data completed, including by providing a supplementary statement.

  1. c) Right to erasure of personal data (right to be forgotten), which includes:
  • The right to obtain from the Data Controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:
    • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • You withdraw consent on which the processing is based, and there is no other legal ground for the processing;
    • You object to the processing pursuant to Article 21(1) of the Regulation, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2);
    • The personal data have been unlawfully processed;
    • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
    • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the Regulation.

The right of the data subject to have the Data Controller, who has made the data subject’s personal data public, take reasonable measures, including technical measures, considering available technology and the cost of implementation, to inform other controllers processing the personal data that the data subject requests the deletion of any links to, copies, or replicas of these personal data.

However, the right to erasure of personal data, as described in Article 17(1) and (2) of the Regulation does not apply where the processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation that requires processing under the law of the European Union or of a Member State to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  3. for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) of the Regulation, as well as Article 9(3) of the Regulation;
  4. for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes in accordance with Article 89(1) of the Regulation, in so far as the right referred to in Article 17(1) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise, or defense of legal claims.

The data subject’s right to erasure of personal data means that we are required to delete your personal data if they are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is unlawful, you object to the processing and there are no overriding legitimate grounds for the processing, or we are required to do so by legal obligation.

The data subject’s right to restriction of processing means that until any disputes regarding the processing of your personal data are resolved, we must restrict the processing of your personal data so that the data can only be stored and not further processed.

  1. e) The data subject’s right to notification obligation regarding recipients, which includes:
  • The right to have the Data Controller inform each recipient to whom personal data has been disclosed of any rectification, erasure, or restriction of processing carried out in accordance with Article 16, Article 17(1), and Article 18 of the Regulation, unless this proves impossible or involves disproportionate effort;
  • The right to have the Data Controller inform the data subject about these recipients, if the data subject requests it.

The right of the data subject to notification obligation regarding recipients means that the Data Controller is obliged to inform each recipient to whom the data subject’s personal data has been disclosed of any rectification, erasure, or restriction of processing. This obligation does not apply if such notification is impossible or requires disproportionate effort.

  1. f) The data subject’s right to data portability, which includes:
  • The right to receive personal data concerning the data subject, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format and the right to transmit those data to another controller without hindrance from the Data Controller, if:
    • The processing is based on the data subject’s consent pursuant to Article 6(1)(a) of the Regulation or Article 9(2)(a) of the Regulation, or on a contract pursuant to Article 6(1)(b) of the Regulation, and simultaneously;
    • The processing is carried out by automated means, and simultaneously;
    • The right to receive personal data in a structured, commonly used, and machine-readable format and the right to transmit those data to another controller without hindrance from the Data Controller will not have adverse effects on the rights and freedoms of others;
    • The right to have the personal data transmitted directly from one controller to another, where technically feasible.

The right to data portability means that you have the right to receive your personal data, which you have previously provided to us, in a structured, commonly used, and machine-readable format, and you have the right to request that we transmit your personal data to another controller, provided the legal conditions are met. Exercising this right does not affect your right to erasure of personal data. However, the right to data portability applies only to personal data that we have obtained from you based on a contract to which you are a party.

  1. g) The data subject’s right to object, which includes:
  • The right to object at any time, on grounds relating to the data subject’s particular situation, to the processing of personal data concerning them that is based on Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions of the Regulation;
  • The right, in the case of exercising the right to object at any time, on grounds relating to the data subject’s particular situation, to the processing of personal data concerning them that is based on Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions of the Regulation, to have the Data Controller no longer process the personal data of the data subject, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims;
  • The right to object at any time to the processing of personal data concerning the data subject for direct marketing purposes, including profiling to the extent that it is related to such direct marketing; in such cases, if the data subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes;
  • (In the context of the use of information society services) the right to object to the processing of personal data through automated means using technical specifications;
  • The right to object, on grounds relating to the data subject’s particular situation, to the processing of personal data concerning the data subject for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the Regulation, except where the processing is necessary for the performance of a task carried out for reasons of public interest.

The data subject’s right to object means that, as a data subject, you can object to the processing of your personal data that we process for direct marketing purposes or for legitimate reasons. We will immediately cease processing personal data for marketing purposes upon receiving an objection.

  1. h) The data subject’s right related to automated individual decision-making, which includes:
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects them, except in cases referred to in Article 22(2) of the Regulation [i.e., except in cases where the decision: (a) is necessary for entering into, or performance of, a contract between the data subject and the Data Controller, (b) is authorized by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (c) is based on the data subject’s explicit consent].

The data subject’s right related to automated individual decision-making means that, as a data subject, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In cases where such processing is necessary for entering into or performance of a contract, or based on the data subject’s explicit consent, the Data Controller will implement suitable measures to safeguard the rights, freedoms, and legitimate interests of the data subject, including the right to obtain human intervention from the Data Controller, to express their view, and to contest the decision.

The Data Controller shall provide the data subject with information on measures taken following a request under Articles 15 to 22 of the GDPR Regulation without undue delay and in any case within one month of receipt of the request. This period may be extended by a further two months if necessary, taking into account the complexity and number of requests. The Data Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. If the data subject submits a request by electronic means, the information shall be provided electronically, where possible, unless the data subject requests otherwise.

In the cases mentioned, the Data Controller may refuse to act on a data subject’s request to exercise their rights under Articles 15 to 22 of the GDPR Regulation only if it can demonstrate that it is not able to identify the data subject.

  1. i) The right of the data subject to file a complaint under Section 100 of the Personal Data Protection Act, which includes:
  • The right of a data subject who believes that their personal data is being processed unlawfully or has been misused to file a complaint with the Office for Personal Data Protection of the Slovak Republic (hereinafter referred to as the “Office”), requesting the initiation of personal data protection proceedings;
  • A complaint can be filed in writing, in person orally on record, electronically with a certified electronic signature, by telegraph, or by fax, but it must be supplemented in writing or orally on record within three days;
  • The complaint must include the following information under Section 100(3) of the Personal Data Protection Act:
    • The name, surname, permanent address, and signature of the complainant;
    • The identification of the entity against whom the complaint is directed; the name or surname, registered office, or permanent address, and, if applicable, legal form and identification number;
    • The subject of the complaint, specifying which rights the complainant believes were violated during the processing of personal data;
    • Evidence supporting the claims made in the complaint;
    • A copy of the document proving the exercise of rights under Section 28, if such a right could have been exercised, or reasons justifying special consideration;
  • The Office will decide on the complainant’s proposal within 60 days from the initiation of the proceedings. In justified cases, the Office may extend this period by up to six months. The Office will inform the parties involved in writing of the extension.

You can find a sample form for initiating personal data protection proceedings on the Office’s website (https://dataprotection.gov.sk/uoou/sites/default/files/vzor_navrhu_na_zacatie_konania_podla_noveho_zakona.docx).

Legal bases for processing personal data

The Data Controller processes your personal data in accordance with Article 6(1)(a) of the GDPR Regulation and Section 13(1)(a) of the Act—where the data subject has given consent to the processing of their personal data for one or more specific purposes; in accordance with Article 6(1)(b) of the GDPR Regulation and Section 13(1)(b) of the Act—where processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; and in accordance with Article 6(1)(c) of the GDPR Regulation and Section 13(1)(c) of the Act—where processing is necessary for compliance with a legal obligation to which the Data Controller is subject. This primarily includes the following legal regulations:

  • Act No. 395/2002 Coll. on Archives and Registries and on the Amendment of Certain Acts;
  • Act No. 431/2002 Coll. on Accounting, as amended;
  • Act No. 595/2003 Coll. on Income Tax;
  • Act No. 222/2004 Coll. on Value Added Tax;
  • and others.

 

Cookie Policy

Cookies are small text files that may be sent to your internet browser during a visit to a website and stored on your device. Cookies are stored in your browser’s file directory. Cookies generally contain the name of the website they come from and their creation date. Your browser retrieves the cookies during future visits to the site, sending the information back to the website that originally created the cookies.

The processing of cookies always requires your prior consent, in compliance with the GDPR Regulation, except for functional or technical cookies necessary for the website to function properly. Your consent to cookie processing is archived, and you have the right to withdraw it at any time.

For more details about the cookies used on the websites of Historické Hotely Slovenska, please refer to the company’s website.