Kaštieľ Pálffy
Hotel Lomnica in Tatranska Lomnica
www.hotellomnica.sk
Kaštieľ Pálffy
ViaJur viticulture and winemaking
www.viajur.sk
Kaštieľ Pálffy
PaB Donau, a new municipal enterprise in Bratislava
www.pabdonau.sk
Menu
English
Vouchers
Contacts Contacts

Privacy Policy

  1. Personal Data Processing Principles. The company PALK, a. s., with its registered office at Prostredná 49/13, 900 21 Svätý Jur, Company ID (IČO): 46 818 481 (hereinafter referred to as the “Controller”), in accordance with Regulation (EU) 2016/679 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”) and Act No. 18/2018 Coll. on Personal Data Protection and on amending and supplementing certain acts (hereinafter referred to as the “Act”), has implemented security measures that are regularly updated. These measures define the scope and method necessary to eliminate and minimize threats and risks affecting the information system in order to: − ensure the availability, integrity, and reliability of management systems utilizing the latest information technologies, − protect personal data against loss, damage, theft, modification, destruction, and to maintain its confidentiality, − identify potential problems and sources of disruption and prevent them. Contact for the Data Protection Officer (DPO): dpo@www.kastielpalffy.sk

 

  1. Privacy Policy

Your personal data will be kept secure, in accordance with the data retention policy, and only for the time necessary to fulfill the purpose of the processing. Access to personal data is restricted to persons authorized by the Controller to process personal data, who process it strictly based on the Controller’s instructions. Your personal data will be backed up in accordance with the Controller’s retention rules. Personal data stored in backup repositories serves to prevent security incidents that could arise, in particular, from a security breach or damage to the integrity of the processed data.

  1. Definitions

3.1. “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

3.2. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means;

3.3. “Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;

3.4. “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

3.5. “Information system” means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;

3.6. “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

3.7. “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

3.8. “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

3.9. “Consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

3.10. “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

3.11. “Relevant and reasoned objection” means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.

  1. Purposes of Personal Data Processing

4.1. Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Personal data about our customers is processed on the basis of a contract under Article 6(1)(b) and Article 6(1)(c) of the Regulation, in accordance with Act No. 404/2011 Coll. on the Residence of Aliens and Amendment and Supplementation of Certain Acts. Scope of processed personal data: title, first name, surname, address, country, date and place of birth, payment card number and its expiration date, identity document number, telephone, e-mail, purpose of stay. These are subsequently stored in accordance with Act No. 395/2002 Coll. on Archives and Registries.

4.2. Accommodation reservation. Personal data about our customers is processed on the basis of a contract under Article 6(1)(b) of the Regulation. Scope of processed personal data: title, first name, surname, telephone, e-mail, date and time of reservation, IP address. These are subsequently stored for a period of 10 years in accordance with Act No. 395/2002 Coll. on Archives and Registries.

4.3. Service reservation. Personal data about our customers is processed on the basis of a contract under Article 6(1)(b) of the Regulation. Scope of processed personal data: title, first name, surname, telephone, e-mail, date and time of reservation. These are subsequently stored for a period of 1 year.

4.4. Order of goods/services (e-shop) → purchase contract. Personal data about our customers is processed on the basis of a contract under Article 6(1)(b) of the Regulation. Scope of processed personal data: title, first name, surname, address, country, telephone, e-mail. These are subsequently stored for a period of 10 years.

4.5. Processing of accounting documents. The processing is necessary for compliance with a legal obligation to which the controller is subject under Article 6(1)(c) of the Regulation. Scope of processed personal data: title, first name, surname, address, telephone, account number, e-mail, and signature. These are subsequently stored in accordance with Act No. 395/2002 Coll. on Archives and Registries.

4.6. Complaints. Personal Data Protection – Information Obligation. In the case of complaints, personal data is processed under Article 6(1)(c) of the Regulation. Scope of processed personal data: title, first name, surname, address, telephone, e-mail. These are subsequently stored in accordance with Act No. 395/2002 Coll. on Archives and Registries.

4.7. Debt collection. In the case of debt collection, personal data is processed under Article 6(1)(c) of the Regulation. Scope of processed personal data: first name, surname, personal identification number (rodné číslo), address, telephone, e-mail. These are subsequently stored in accordance with Act No. 395/2002 Coll. on Archives and Registries.

4.8. Executions. The processing of personal data is necessary for compliance with a legal obligation to which the controller is subject under Article 6(1)(c) of the Regulation. Scope of processed personal data: standard personal data, other personal data identified or provided during the proceedings. These are subsequently stored in accordance with Act No. 395/2002 Coll. on Archives and Registries.

4.9. Registration of job applicants. The processing of personal data of job applicants is carried out on the basis of “Consent” to the processing of personal data under Article 6(1)(a) of the Regulation, provided by the applicant. The Controller will only contact successful candidates. Personal data is processed for a period of 3 years from the granting of consent. There is no transfer of personal data to a third country. Personal data will not be used for automated individual decision-making, including profiling. You have the right to withdraw your consent to the processing of personal data at any time before the expiration of the stated period by sending a request to the e-mail address: dpo@kastelpalffy.sk or by sending a request to the Controller’s address with the text “GDPR withdrawal of consent” on the envelope. The Controller declares that in the event of a written request from the data subject to terminate the processing of personal data before the stated deadline, these will be deleted within 30 days of receipt of the withdrawal of consent.

4.10. Newsletter. If you wish, you can subscribe to our newsletter bulletin, which is located on our website www.kastielpalffy.sk. Personal data will be processed solely for sending newsletter messages to the e-mail address you provide. By subscribing to the newsletter bulletin, you consent to the processing of personal data. Personal data is processed under Article 6(1)(a) of the Regulation. Your e-mail address will be processed until you unsubscribe. It is possible to unsubscribe by clicking on the “unsubscribe” link provided in every newsletter message you receive from us. After unsubscribing, you will no longer receive any newsletter messages from us. Scope of processed personal data: e-mail address. Personal data is processed by joint controllers: • PALK, a. s., Prostredná 49/13, 900 21 Svätý Jur, Company ID (IČO) 46 818 481 • ViaJur, s. r. o., Prostredná 49/13, 900 21 Svätý Jur, Company ID (IČO) 46 972 137

4.11. Monitoring of premises for the purpose of property protection

Our facility is equipped with a camera information system that monitors the external and internal premises of the Controller for the purpose of property protection within the legitimate interest of the Controller in accordance with Article 6(1)(f) of the Regulation. Camera system records are not provided to third parties. They are only made available to authorized persons of the Controller and IT specialists who maintain them. Personal data obtained by the camera system is used for property protection and as evidence in administrative proceedings in cases where personal data obtained by the camera system is required as evidence in ongoing administrative proceedings. If the recorded footage is not used for the purposes of criminal proceedings or misdemeanor proceedings, the record is automatically destroyed by programmatic action within 7 days from the day following the day on which the record was made. Personal Data Protection – Information Obligation.

4.12. Registry of representatives of suppliers and customers. The processing of personal data of suppliers and customers is carried out within the legitimate interests of the Controller, in accordance with Article 6(1)(f) of the Regulation. Scope of processed personal data: title, first name, surname, job classification, service assignment, functional classification, personal employee number, professional department, workplace location, telephone number, fax number, workplace e-mail address, and employer identification data. These are subsequently stored for a period of 10 years after the termination of the contract or business relationship.

  1. Rights of the Data Subject

5.1. Right to withdraw consent – in cases where we process your personal data based on your consent, you have the right to withdraw this consent at any time. You can withdraw your consent electronically at the address of the authorized person, in writing by a notice of withdrawal of consent, or in person at the registered office of our company. The withdrawal of consent does not affect the lawfulness of the processing of personal data that we carried out prior to its withdrawal.

5.2. Right of access – you have the right to be provided with a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written paper form, unless you request another method of provision. If you requested this information by electronic means, it will be provided to you electronically, if technically feasible.

5.3. Right to rectification – we take reasonable steps to ensure the accuracy, completeness, and timeliness of the information we hold about you. If you believe that the data we hold is inaccurate, incomplete, or outdated, please do not hesitate to ask us to modify, update, or complete this information.

5.4. Right to erasure (right to be forgotten) – you have the right to ask us to erase your personal data, for example, if the personal data we collected about you is no longer necessary to fulfill the original purpose of processing. However, your right must be assessed in light of all relevant circumstances. For example, we may have certain legal and regulatory obligations, which means we will not be able to comply with your request.

5.5. Right to restriction of processing – under certain circumstances, you are entitled to ask us to stop using your personal data. This includes cases where you believe the personal data we hold about you may be inaccurate, or when you think we no longer need to use your personal data.

5.6. Right to data portability – under certain circumstances, you have the right to ask us to transfer the personal data you provided to us to another third party of your choice. However, the right to portability only applies to personal data we obtained from you based on consent or a contract to which you are a party.

5.7. Right to object – you have the right to object to data processing that is based on our legitimate interests. If we do not have a compelling legitimate ground for processing and you file an objection, we will no longer process your personal data. If you believe that any personal data we hold about you is incorrect or incomplete, please contact us. If you wish to object to the way we process your personal data, please contact our Data Protection Officer by e-mail at dpo@www.kastielpalffy.sk or in writing at the address: PALK, a. s., with its registered office at Prostredná 49/13, 900 21 Svätý Jur. Our authorized person will review your objection and work with you to resolve the matter.

Menu
English
Contacts Contacts
Prostredná 49,
900 21 Svätý Jur
Zobraziť na mape
reservations@kastielpalffy.sk
+421 907 242 548
Slovak
Our Projects
Kaštieľ Pálffy logo
palk icon
Je nám ľúto, web Kaštieľa Pálffy nie je možné pozrieť cez váš internetový prehliadač.
Pravdepodobne používate už nepodporovanú verziu a preto odporúčame nainštalovať najnovšiu verziu Microsoft Edge, Google Chrome alebo Firefox. Cez nich si užijete náš web v celej kráse.
Stiahnuť prehliadač Google Chrome
Adresa
Prostredná 49,
900 21 Svätý Jur
Kontakty
event@kastielpalffy.sk
+421 915 826 821
Sledujte nás