GDPR

Dear customer,

This privacy notice applies to you and your personal data because you are our customer. Our company acts as the controller in processing your personal data.

We want to explain how we will use the personal data that we obtain from you or from third parties during the course of our contractual relationship, whether ongoing or after its termination.

Through this document, we also aim to fulfill our obligation to provide information according to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) and Act No. 18/2018 Coll. of 29 November 2017 on the protection of personal data and on amendments to certain acts.

Operator’s identification data:

Company details

Štefánia Hostinová – HOSTIN

Address: SNP 129, 919 04 Smolenice, Slovakia

Website: www.hostin.sk

Company ID (IČO): 33550719

Registry: Trade Register of Trnava, trade license number: 207-883

Contact person: Ing. Tomáš Baran, hostin@hostin.sk

 

1. Types of personal data

We process the following data:

  • Personal contact details: For example, your name, surname, permanent address, mailing address, e-mail address, contact phone number
  • Work contact details: For example, the address of the company you represent, work e-mail address, and phone number.
  • Contractual data: For example, the content of the contract signed with our company, including all its annexes, the scope of services provided, type of vehicle, its designation.
  • Payment information.
  • Correspondence and communication data: Such as e-mail correspondence, internet data transfers, and IP address.
  • Access rights: Your access rights to various applications within the IT infrastructure.
  • Registration data, including access passwords.
  • Security-related information.
  • Camera system recordings.

 

2. Purposes and objectives of data processing

We will process your data for the following purposes:

  • Provision of contractual services: We are required to maintain records of our clients in accordance with specific regulations. The legal basis is the fulfillment of the controller’s legal obligation.
  • Loyalty program: Maintaining customer records and sending newsletters about the latest offers and services related to membership in our program. The legal basis is the contract concluded between us and the controller’s legitimate interest.
  • Direct marketing: Improving the development of our services and creating personalized offers for you. The legal basis is the controller’s legitimate interest.
  • Taxes and accounting: To fulfill obligations arising from tax laws and other regulations related to financial transactions, we are required to process certain personal data. The legal basis is the fulfillment of legal obligations.
  • Security and operation threat: Monitoring the functionality, security, and stability of our network, of which you are a participant. The legal basis is the fulfillment of legal obligations and the controller’s legitimate interest.
  • Additionally, we have installed a camera system on our premises. The legal basis is the controller’s legitimate interest.
  • Dispute resolution and investigation of offenses: We may process personal data for the purposes of resolving disputes, complaints, legal proceedings, or if there is suspicion of an offense that we wish to further investigate. The legal basis is the fulfillment of legal obligations and the controller’s legitimate interest.
  • Compliance with the law: We may need to process your personal data to comply with the law (e.g., matching your name with names on so-called watchlists and complying with anti-money laundering laws) or to comply with a court order.
  • Marketing consents: We may also use other data based solely on specific consents obtained from you in advance. The legal basis is the consent obtained from you.
  • Customer administration: We maintain records of all our customers and their services. Based on the analysis of our records, we also make strategic decisions regarding offers for our customers. The legal basis is the contract concluded between us and the controller’s legitimate interest.

 

3. Who has access to your data

The controller may share your data with third parties under the following circumstances:

  • We may share your personal data with other third parties acting on our behalf, such as service providers. In such cases, these third parties may only use your personal data for the purposes described above and only in accordance with our instructions. They are contractually obliged to comply with security guidelines defined by law.
  • Our employees will have access to personal data. Access is granted only to those who need it for the purposes mentioned above and only when the employee is bound by confidentiality obligations.
  • If required by law or court order, we may share your personal data, for example, with our suppliers or clients, tax authorities, social security offices, law enforcement agencies, or other government authorities.

 

4. Placement of your personal data

Your personal data will be located exclusively within the European Union and the European Economic Area. We value your privacy and protect your data in our systems to the highest possible extent.

 

5. Storage of your personal data

We keep your personal data for a limited period of time, and this data will be deleted when no longer needed for processing purposes. In most cases, this means we retain your data for the duration of your relationship with us. Where possible, we will delete the data during your relationship with us as soon as it is no longer necessary. In any case, we will delete your personal records at the latest upon the expiry of legal deadlines after the end of the contractual relationship, unless legislation requires their retention.

We may process your personal data for a longer period after the termination of the relationship in case of ongoing legal disputes or if you have granted us permission for long-term retention of your personal data.

 

6. Legal basis for processing your data

In most cases, we process your personal data based on our legitimate interests pursued on contractual grounds, or based on your consent as the data subject. You can withdraw your consent at any time by providing a verifiable notice on our website. Additionally, in many instances, we are required to process your personal data based on legal obligations under specific regulations. If processing is based on consent, you always have the option to withdraw your consent.

 

7. Rights of data subjects

We process your personal data and we want you to be informed about it. Even though we do not require your permission to process your personal data because it is mandated by law or laws related to our contract, you have many rights regarding their processing. The text above will answer most of your questions.

Your rights

Right of access

You may request information on how we process your personal data, including details such as:

  • Why we process your personal data
  • What categories of personal data we process
  • With whom we share your personal data
  • How long we retain your personal data or the criteria used to determine this period
  • What rights you have
  • Where we obtain your personal data from (if we did not obtain it from you)
  • If the processing involves automated decision-making (profiling)
  • If your personal data has been transferred to a country outside the EEA, how we ensure the protection of your personal data.

All of the above is available in this document.

You may also request a copy of the personal data we process about you. However, additional copies may incur a fee.

Right to rectification

It is important that we have accurate information about you, and we ask that you notify us if any of your personal data is incorrect, for example, if you have changed your name or address.

Right to erasure

If we are processing your personal data unlawfully, for example, if we process your personal data longer than necessary or without justification, you may request that we erase this data.

Right to restriction

From the moment you request rectification of your personal data or if you object to processing, and until we can investigate the issue or confirm the accuracy of your personal data (or change it according to your instructions), you have the right to restrict processing. This means that we (except for storing personal data) may only process your personal data with your consent, if necessary for legal claims, to protect someone else’s rights, or if there is a significant public interest in processing. You may also request that we restrict the processing of your personal data if the processing is unlawful, but you do not want us to delete the personal data.

Right to object

If you believe that we do not have the right to process your personal data, you may object to its processing. In such cases, we may continue processing only if we can demonstrate compelling legitimate grounds that outweigh your interests, rights, and freedoms. However, we may always process your personal data if necessary to establish, exercise, or defend legal claims.

Right to data portability

You may request that the personal data you have provided us with for processing based on consent or to fulfill a contract is provided to you in a structured, commonly used, and machine-readable format. You also have the right to request that this information is transferred to another data controller.

Withdrawal of consent

You have the right to withdraw your consent, and we will subsequently cease processing based on this legal basis.

We will also inform other parties to whom we may have provided your personal data about your request/requests.

If you have any doubts, you have the right to lodge a complaint under Section 100 of the Personal Data Protection Act with the relevant supervisory authority, for example, through www.dataprotection.gov.sk.

How can I complain about the use of my data or exercise my rights?

If you wish to complain about how we process your personal data, including with regard to the rights mentioned above, you can contact us at the email address hostin@hostin.sk, and your concerns and requests will be reviewed.

If you are not satisfied with our response, or if you believe that we are processing your data unfairly or unlawfully, you may lodge a complaint with the relevant supervisory authority, which is the Office for Personal Data Protection. Further information about the Office and their complaint procedures can be found here: www.dataprotection.gov.sk.

 

8. Contact details

Should you have any questions regarding your personal data processing, you can contact us by mail or e-mail:

Štefánia Hostinová – HOSTIN

SNP 129, 91904 Smolenice, Slovakia

www.hostin.sk

hostin@hostin.sk