GDPR

Privacy Policy

 

Article I

Introduction

 

  1. Your personal data is processed in accordance with all generally applicable laws in force in the Slovak Republic, in particular, but not exclusively, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR Regulation”) and in accordance with Act No. 18/2018 Coll. on the Protection of Personal Data, as amended (hereinafter referred to as the “Personal Data Protection Act”).

2. As used above, personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”).

 

  1. Please be advised that by providing our company, Patrik the Guide Ltd, with registered office at Turčianska 1161/34, 821 09 Bratislava – Ružinov district, ID no: 56 113 200, you provide some of your personal data, you express that you understand how your personal data is processed in the sense stated below, you acknowledge that our company is entitled to process your personal data provided by you by all operations and sets of operations that are necessary in connection with the purpose stated below, in particular, it may obtain, collect, record, organize, process, search, browse, rearrange, combine, move, use, store, block, dispose of. You also acknowledge that you are obliged to provide your personal data accurately and truthfully and to inform our company without undue delay of any changes to your personal data, and you confirm that the personal data provided is true, has been freely given and that you are responsible for its falsity.

 

  1. The provision of some of your personal data is a requirement that is necessary for the conclusion of a contract or for the performance of a contract, thus refusal to provide personal data may result in our company refusing to enter into a contractual relationship.

 

Article II

Operator of the personal data information system

 

  1. The operator of the personal data information system is our company:

Patrik the Guide s. r. o.

with its registered office at Turčianska 1161/34, 821 09 Bratislava – Ružinov district

ID No.: 56 113 200

registered in the Commercial Register of the Municipal Court of Bratislava III, Section: Sro, Insert No.: 176886/B

acting through its managing director: Patrik Rentka

Contact details:

+421 903 853 053

+43 650 311 6592

info@patriktheguide.com

(hereinafter referred to as the “Company” or the “Operator”).

 

Article III

Scope of processing of personal data

 

  1. The scope of the processing of personal data is determined depending on the purpose of the processing of personal data.

 

  1. The scope of the processing of personal data is therefore in particular, but not exclusively, as follows: first name, surname, residence, billing address, telephone contact, e-mail contact, bank account number and other personal data necessary for the purpose of processing.

 

Article IV

Purpose of processing personal data

 

  1. Our company processes data for the purpose of providing tourist guide services and acts directly or indirectly related thereto, marketing, fulfilling a contractual obligation under a contract to which our company and you as the data subject are parties, bookkeeping.


Article V

Legal basis for the processing of personal data

 

  1. Within the meaning of Art. 6(1)(a) of the GDPR Regulation – you, as the data subject, have consented to the processing of your personal data for the purpose set out above, for example for marketing purposes.

 

  1. Within the meaning of Art. 6(1)(b) of the GDPR Regulation – the processing is necessary for the performance of a contract to which you as the data subject are a party or to carry out pre-contractual measures at the request of you as the data subject.

 

  1. Within the meaning of Art. 6(1)(c) of the GDPR Regulation – the processing is necessary for compliance with a legal obligation of the Controller, for example, to keep accounting records.

 

  1. Within the meaning of Art. 6(1)(f) of the GDPR Regulation – processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, for example, in the case of improving the functioning of our company’s website.

 

Article VI

Retention period of personal data

 

  1. Retention period of personal data: in accordance with the relevant legislation on archiving. The personal data of you as a data subject shall be kept by our company for a maximum period of 10 (ten) years. In exceptional cases, if the circumstances so require, the retention period may be extended for the exercise, demonstration, defence and/or exercise of the rights, claims and legitimate interests of you as data subject or of our company.

 

Article VII

Identification of recipients and processing operations with personal data

 

  1. The third party that receives the personal data of the data subject are subcontractors of our company. The services of these subcontractors are necessarily related to the successful performance of the services of the tour guide. The subcontractors are, for example: Webnode AG (website system), Slovak post, Gmail / Google Mail, Google Analytics (website analysis).
  2. The personal data of you as a data subject will not be disclosed or transferred to a third country or international organisation.
  3. Our company does not use automated individual decision-making or profiling when processing your personal data for the purpose.

 

Article VIII

Information on the rights of the data subject

 

(1) You, as a data subject, have the right to:

(i) request access to your personal data from the Controller pursuant to Article 15 of the GDPR.

(ii) the right to rectification of personal data pursuant to Article 16 of the GDPR.

(iii) the right to erasure of your personal data (“right to be forgotten”) pursuant to Article 17 of the GDPR.

(iv) the right to restrict the processing of personal data pursuant to Article 18 of the GDPR.

(v) the right to data portability under Article 20 of the GDPR.

(vi) the right to object to the processing of personal data pursuant to Article 21 of the GDPR.

(vii) the right to refuse profiling pursuant to Article 22 of the GDPR Regulation.

(viii) the right to file a petition with the Office for Personal Data Protection of the Slovak Republic pursuant to Section 100 of the Personal Data Protection Act, if he or she believes that his or her rights in the area of personal data protection have been violated.

(ix) in the case of consent to the processing of personal data, the data subject shall have the right to revoke his or her consent at any time by writing to the address of the Controller’s registered office, our company, or electronically at the company’s e-mail address.

 

Article IX

Personal Data Processing Policy

 

  1. When processing your personal data, the Data Controller, our company, complies with the following principles of personal data processing:
  2. a) the principle of lawfulness, fairness and transparency

Personal data are processed in a lawful, fair and transparent manner.

  1. b) Purpose limitation principle

Personal data are collected for specifically identified, explicitly stated and legitimate purposes and may not be further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes shall not be considered incompatible with the original purposes.

(c) Data minimisation principle

Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

(d) Accuracy principle

Personal data must be accurate and kept up to date as necessary; all necessary measures must be taken to ensure that personal data which are inaccurate in relation to the purposes for which they are processed, are erased or rectified without delay.



(e) the principle of minimum retention

Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be retained for longer if they are to be processed solely for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, provided that appropriate technical and organisational measures are taken as required by the GDPR.

  1. f) Integrity and confidentiality principle

Personal data must be processed in a manner that ensures adequate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by means of appropriate technical or organisational measures.

  1. g) Accountability principle

The controller is responsible for the processing of personal data in accordance with the GDPR, the Data Protection Act and other relevant legislation. The controller must be able to demonstrate this compliance.

 

 

Article X

Confidentiality

 

  1. Employees of our company as well as co-workers who will process your personal data are obliged to maintain confidentiality about personal data and about security measures, the disclosure of which would jeopardize the security of your personal data.