The controller for the purposes of personal data processing is:
KF, s.r.o.
Moravská 36
952 01 Vráble
(hereinafter referred to as the “controller”)
Company ID: 36 798 291
VAT ID: SK2022406672
The company is registered in the Commercial Register of the District Court Nitra, Section Sro, Insert No. 20189/N.
Phone: +421 37 793 0131
Contact e-mail: recepcia@predium.sk
Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), and in accordance with Act No. 18/2018 Coll. on Personal Data Protection and on Amendments to Certain Acts, as amended and effective from 28 May 2018.
Purpose of Personal Data Processing
The purpose of personal data processing for the controller’s customers under the GDPR is to provide information about what personal data the controller processes about natural persons when providing services, selling goods to the controller’s customers, and during visits to the website predium.sk, for what purposes and for how long the controller will process and retain such personal data in accordance with applicable legal regulations, to whom and for what reason the data may be disclosed, and also to inform data subjects about their rights in connection with the processing of their personal data.
Personal data means any information relating to you on the basis of which you are identifiable to us as a natural person. This occurs in cases where we can identify you directly or indirectly, especially on the basis of a generally applicable identifier.
In connection with the business activities registered in the Commercial Register, the controller may process the following categories of personal data.
What Data We Process
You voluntarily enter your personal data into the booking forms on our website:
- first name and surname,
- e-mail,
- phone number.
During your visit to our website, we record the IP address assigned to you by your internet service provider, the websites from which you visited our website, how long you stay on our website, which specific subpages you view, and similar information. This information is considered personal data, as it constitutes your online identifier, and therefore we handle it with increased care.
Personal Data Entered in Reservation Forms
- First name and surname, e-mail, phone number – necessary for the purpose of providing the service, issuing invoices and related documents, as well as for customer care purposes. The legal basis for processing this personal data is the performance of a contract and the fulfilment of the controller’s legal obligations arising from tax laws, accounting regulations, the Civil Code, and other specific legal regulations. The retention period for the data is 5 to 10 years in accordance with legal requirements. If the controller does not have another legal basis, the processing of personal data requires the consent of the data subject.
- E-mail and phone number – for communication with the customer regarding order processing, delivery of the order, and delivery of additional information related to the order by the supplier or the controller. The legal basis for processing this personal data is the performance of a contract.
Retention Period of Personal Data
Personal data is retained by the controller for the stated purposes for the duration of order processing or contract performance, including the securing of warranty claims, until the data subject unsubscribes or objects to the processing, whichever occurs first, unless specific legal regulations (tax, labour, archiving, accounting) provide otherwise, i.e. require a longer processing period.
During the period from the granting of consent until its withdrawal or until an objection is raised against legitimate interest or profiling, the processing of your personal data is lawful, even if you later withdraw your consent or object to the controller’s legitimate interest or profiling.
Security of Personal Data
It is our priority that your personal data remains secure. We have implemented various security systems to protect data. As technologies improve, we also improve these security systems, using virus detection, antivirus software, and a multi-level firewall. At the same time, persons – processors – who come into contact with your data are duly instructed about their duty of confidentiality.
Our website is equipped with a secure protocol; the data we store about you is protected on servers by password and encryption, and secure backups are created. We also regularly update records of processing activities in accordance with legal regulations in the field of personal data protection and European standards. Furthermore, lists of our customers in paper form are stored in a locked office in a protected building. We do everything possible to ensure that your data is safe even outside computer systems.
If our systems were to be attacked by hackers or otherwise compromised and there were even a risk of data leakage and damage to your rights, you would be informed by our support within 72 hours about the measures taken, and within the same period we would also communicate with the supervisory authority for personal data protection in the Slovak Republic – the Office for Personal Data Protection.
Rights of the Data Subject
As a data subject, i.e. a person whose personal data is being processed, you have the right to be informed about the controller, i.e. the entity processing your data.
You have the right to access the data we process about you. If you wish to know which specific data we hold about you, we will gladly provide it to you upon request in written form as a complete electronic file sent to your e-mail. The controller may refuse to provide a copy of the personal data it processes if such provision could adversely affect the rights and freedoms of others.
As a data subject, you have the right to rectification of the data provided, or to its completion in the event of any inaccuracies or incompleteness.
After the purpose for which the personal data was provided has been achieved, i.e. after the service has been provided, you have the “right to be forgotten”, i.e. the right to erasure of the data provided. The right to erasure of the personal data provided also applies if you withdraw your consent to the processing of your personal data.
In cases where we process your personal data on the basis of your consent, you have the right to withdraw this consent at any time. In cases where the processing of personal data is based on our legitimate interest, you have the right to object to our legitimate interest. If we find your objection justified, we will erase the data processed on that basis from our systems. We will also erase it if it is proven that the data was processed unlawfully.
However, your right to erasure of personal data is not absolute. If we need your data to fulfil our legal obligations imposed by tax laws, accounting regulations, and other specific legal regulations, we will have to continue processing it for that purpose.
As a data subject, you have the right to request restriction of the processing of your personal data, namely if you contest the accuracy of the personal data during the period of verification of its accuracy, or if the processing is unlawful and instead of erasure you request restriction of its processing, as well as if the controller no longer needs your personal data for the stated purpose, but you require it for the establishment, exercise, or defence of legal claims. In the case of restriction of processing, your data will remain in our systems, but we will no longer use it for our purposes.
Upon your request, the controller will notify you of any change, correction, or erasure of your personal data. You also have the right to request the transfer of your personal data to another controller whose details you provide to us in writing. From our side, transfer of the e-mail address is technically possible; other data, given the different purposes of processing, will be provided depending on the circumstances of the individual case. The controller is entitled to refuse a data subject’s request for data portability if the requested transfer could adversely affect the rights and freedoms of others and if the statutory conditions for the exercise of the right to portability under the GDPR are not met.
Deadlines for Handling Requests
We will handle all your requests concerning the exercise of your rights stated above, objections to the controller’s legitimate interest, or consent to the processing of personal data within 72 hours of delivery. In the case of a complex request, no later than 1 month from delivery of the request. If your request is technically demanding to process, we will inform you accordingly and extend the stated period by an additional 2 months in accordance with the law.
To Whom the Data May Be Disclosed
The controller will provide personal data to processors only in the case of a legal, business, or statutory claim. These include in particular postal and courier services, the attending physician, healthcare facilities, the tax office, courts, law enforcement authorities, and other persons and authorities to whom the controller is legally obliged to provide information.
Personal data obtained and processed by the processor is not transferred to any third country outside the EU, and your data is stored on servers located within the EU.
Supervisory Authority
The supervisory authority for personal data processing is the Office for Personal Data Protection of the Slovak Republic. If we do not respond to your request for the exercise of your rights within 1 month of its delivery, you have the right to contact the Office for Personal Data Protection pursuant to Section 100 of Act No. 18/2018 Coll., as amended and effective.