GENERAL DATA PROTECTION REGULATION (GDPR)

Data Controller:
ASTON ESQUIRE s.r.o.
Bajkalská 22, 821 09 Bratislava
Company ID (IČO): 35934387
VAT ID (IČ DPH): SK2022000640
E-mail: hotelaston@hotelaston.sk
Tel.: +421 2 5363 2038

The Data Controller processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 18/2018 Coll. on Personal Data Protection.

  1. Purpose of Personal Data Processing

The Data Controller processes personal data for the following purposes:
• reservation, provision and registration of accommodation services,
• maintaining accounting records and invoicing,
• demonstrating the legitimacy of services and legal claims,
• processing complaints and fulfilling contractual obligations,
• protection of persons and property (CCTV monitoring in common areas),
• marketing communication solely based on the data subject’s consent.

  1. Categories of Processed Personal Data

The following personal data may be processed:
• first name, surname,
• permanent address,
• date of birth (if required for identification),
• nationality (if required by law),
• e-mail, telephone number,
• payment and invoicing information,
• data required for accommodation registration under the Act on the Residence of Foreigners,
• CCTV records (without audio).

  1. Legal Basis for Processing

Personal data is processed based on:
• performance of a contract (provision of accommodation services),
• legal obligation (e.g., foreigner registration, accounting),
• legitimate interest of the controller (property protection, safety),
• consent of the data subject (marketing purposes).

  1. Recipients of Personal Data

Personal data may be provided to:
• public authorities, if required by law (e.g. police, foreign police),
• accountants, auditors, legal representatives, IT service providers,
• third parties providing restaurant and supplementary services to the hotel — only to the extent necessary for fulfilling the service: for accommodated guests the room number, in case of conference services the company name.

  1. Data Retention Period
  • accommodation records: 6 years from the last visit,
    • accounting and invoicing data: 10 years according to law,
    • CCTV footage: max. 30 days unless used in proceedings,
    • marketing data: until consent is withdrawn.
  1. Data Subject Rights

The data subject has the right to:
• access personal data,
• rectification of inaccurate data,
• erasure (if not restricted by law),
• restriction of processing,
• data portability,
• object to processing based on legitimate interest,
• withdraw consent at any time, without affecting lawful processing carried out before withdrawal.

Requests can be submitted via e-mail or postal mail. The controller will respond within 30 days.

  1. Transfer of Personal Data to Third Countries

The Data Controller does not transfer personal data outside the EU. If transfer is necessary, it will be carried out in accordance with GDPR requirements.

 

 

  1. Data Security

The Data Controller ensures appropriate technical and organisational measures for data protection, including:
• encrypted IT systems,
• physical security of premises,
• training and authorization of persons with access to data,
• access passwords and database logs.

  1. Right to Lodge a Complaint

The data subject has the right to lodge a complaint with the supervisory authority:

Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava
https://dataprotection.gov.sk

  1. Final Provisions

This information document is publicly available at the hotel reception and on the operator’s website.
The Data Controller reserves the right to update it in accordance with applicable legislation.

In Bratislava, 1 January 2024
ASTON ESQUIRE s.r.o.

Scroll to Top