Information on personal data processing

For information system: IS Accounting Documents

Information on personal data processing with regard to data subjects pursuant to § 19 and § 20 of Act No 18/2018 Coll., on the protection of personal data and amending certain acts (hereinafter referred to as the ‘Act’) and Articles 13 and 14 of Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to personal data processing and on the free movement of such data (hereinafter referred to as the ‘GDPR’)

The purpose of this information is to provide you with information about which personal data we process, how we treat such personal data, for which purposes we use the data, to whom we can provide it, where you can obtain information concerning your personal data and exercise your rights within the personal data processing.

Identification and contact details:

The data controller processing your personal data is HIMEX PLUS s.r.o., Mudrochova 2, 835 27 Bratislava, Business ID No: 35 837 187, email: sekretariat@hotelbaronka.sk (hereinafter referred to as the ‘Data Controller’).

  1. The purpose of personal data processing and legal basis of processing

The purpose of personal data processing is: to process the accounting documents of data subjects in implementing and performing pre-contractual and contractual relationships

Personal data is processed on the basis of: § 13(1)(b) of the Act, Article 6(1)(b) of the GDPR, the Civil Code, the Commercial Code, Act No 222/2004 Coll., on value added tax, as amended (§ 74), Act No 431/2002 Coll., on accounting, as amended.

Legitimate interests of the Data Controller or third party

Personal data processing for the legitimate interests of the Data Controller or a third party is not exercised.

  1. Identification of the processed personal data of data subjects

The data subjects whose personal data is processed are: the Data Controller’s clients/contractual partners

Scope of processed personal data: the name (and surname) of the taxable person, their registered office address, place of business, establishment, the place of residence or usual residential address and identification number for tax purposes under which the goods or services was provided, or the name (and surname) of the recipient of the goods or services, their registered office address, the place of business, establishment, their place of residence or usual residential address and identification number for tax purposes under which the goods or services were delivered or provided, business ID No., VAT ID No. of VAT payers, bank account number, signature

  1. Identification of recipients, categories of recipients

The Data Controller may provide personal data to the authorised entities such as institutions and organisations, authorised by a specific law, or contractors (especially data processors) who have undertaken to accept reasonable guarantees to maintain processed personal data protection as follows:

Tax office

 

Act No 595/2003 Coll., on income tax, as amended

Act No 222/2004 Coll., on value added tax, as amended

Act No 563/2009 Coll., on tax administration (Tax Procedure Code) and amending certain other acts, as amended

Other authorised entity general binding law in accordance with § 13(1)(c) of Act No 18/2018 Coll., on personal data protection and amending certain other acts
Contractual partner (based on the contract)

Arisan, s.r.o., Tabaková 2959/4, 811 07 Bratislava, Business ID No: 35 903 210

§ 34 of Act No 18/2018 Coll., on personal data protection and amending certain other acts

– processor of accounting documents

Personal data may be provided to other recipients with the data subject’s consent or by their order.

  1. Transfer of personal data to a third country/an international organisation

Transfer to the third countries or to the international organisations is not carried out.

  1. Identification of the source from which personal data was collected

Directly from the data subject (in person, by email, by phone).

  1. Term of keeping the personal data

The Data Controller processes personal data for the time necessary to fulfil the purpose, but no longer than 10 years.

  1. Profiling

The Data Controller does not process personal data by profiling or similar manners based on automated individual decision-making.

  1. The data subject’s rights

The data subject has the right to request access to the data processed data from the Data Controller, and also the right to personal data rectification, the right to erase or restrict personal data processing, the right to object to personal data processing, the right to ineffectiveness of automated individual decision-making, including profiling, the right to personal data portability, as well as the right to bring proceedings to the supervisory authority. If the Data Controller processes personal data with the data subject’s consent, the data subject has the right to withdraw their consent to personal data processing at any time. Withdrawal of the consent does not affect the lawfulness of personal data processing based on consent prior to its withdrawal. The data subject can exercise their rights by sending an email to gdpr@baronka.sk or in writing to the Data Controller’s address.

  1. Obligation to provide personal data

The provision of personal data is a legal requirement/contractual requirement or the requirement that is needed to conclude the contract. The data subject has an obligation to provide personal data; the Data Controller does not guarantee the processing of accounting documents if personal data are not provided.