Personal data protection
Information on personal data processing by company Fun&Travel, s.r.o.
In accordance with provision § 19 and following of the Statute No.. 18/2018 Z. z. about personal data protection and about change and amendment of some statutes (Hereinafter “Statute”) in accordance with articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural person with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)(Hereinafter “Regulation”) the Controller hereby acquaints the Consumer with the processing of the personal data.
1. Personal data controller
All rights and obligations of the Controller, as well as of the data subject are regulated in accordance with the Statute and the Regulation, both of which the Controller strictly abides by. Controller is a person that set purpose and means of the processing of the personal data and processes the personal data in its own name. Controller of your personal data je the company Fun&Travel, s.r.o., seated Kladenská 16, 040 18 Košice – mestská časť Krásna, ID No.: 51 271 974, registered in the Business register of District Court Košice I Section: Sro, Insert No. : 42940/V (Hereinafter „Controller“) Contact information of the Controller: For written communication: address Kladenská 16, 040 18 Košice – mestská časť Krásna Form phone communication: +421 907 511 916 or firstname.lastname@example.org
2. Scope and categories of the processed data
Scope, list of the processed personal data, is set by the relevant legislation, furthermore results from directly or indirectly concluded Trip procurement Contract or Tourism service procurement Contract, as well as other contractual documentation or is listed in the Processing of the data consent (Hereinafter “Consent”) Controller processes personal data only in the scope necessary to achieve the purpose of the processing. Processed data consist mainly of personal data with regards to identity and contact information, specifically academic title, name, surname, address, date of the birth, Id No., number and scan of the travel documents, email and phone number. Controller processes following categories of personal data for marketing purposes, if Consent for such processing was granted by the data subject: Basic identification information – academic title, name, surname and address, Contact information – e-mail address a phone number Eventually photographs, video from the trip or tourism service, if such record was taken, Information on previously use products and services – which services were ordered in the past, or were interested in, information on the use of the client zone etc. Information from record of phone communication, e-mails, short text messages as well as messages sent via mobile application used for commutation via internet.
3. Sources of the personal data
Personal data mentioned above are collected directly from the data subject. When the collected data are not collected from the data subject, source of such information is in most cases other person, e.g. other travel participant or a family member. Personal data, or some of the personal data specified upon subscribing toth newsletter, upon registration on the website of the Controller, in the Trip procurement Contract, in the Tourism Service procurement contract, in other places in the online environment or other documents respectively. Personal data can in some cases originate in publicly reachable sources, registers, e.g. Business registry or can rarely originate from third parties that were allowed to provide such data.
4. Purpose of the personal data processing
If the personal data are processed with regard to fulfilment of contractual obligations of the Controller, legitimate interest of the Controller or in accordance with relevant legislation or international treaty which is binding for the Slovak republic, purpose of the processing is with regard to following activities: Conclusion, registry and management of the Trip procurement Contracts, Tourism Service Procurement with client care included Securement of all services stemming from the Trip procurement Contract and Toursim Service procurement contract Personal data processing for accounting purposes Personal data processing with regard to the fulfilment of obligation from employment relationships Registry and filing Dealing with eventual objections and active and passive legal disputes Conclusion of Insurance agreements Audit performance of the Controller, Legal audit performance of the Controller and internal activities for the purpose of providing better services. If the personal data are processed on the basis of Consent for marketing purposes, main purpose of such processing is to provide newest information about relevant products and services of the Controller when the aforementioned purpose is connected mainly with following activities: Product a services offers, where the offer of the Controller can be provided via electronic means, mainly via e-mail a or via messages sent to a mobile device through a telephone number or application, through the post, via phone or via other agreed upon manner Consumer competition realization; Satisfaction poll with products and services Automated personal data processing with application use included for purposes of re-marketing, retargeting and segmentation of users with aim to curtail the offer for individual preferences of the Consumer Consent of the data subject granted for marketing purposes is optional, where the Controller cannot send to the data subject individualised offers of trips and tourism services.
5. Legal basis for the personal data processing
Legal basis for the personal data processing is mainly fulfilment of legal obligation (established by the Statue of the Regulation), conclusion, management and fulfilment of contractual obligations from the trip procurement obligations, legitimate interest, which is protection of rights and legally protected interest of the Controller. Legal basis is a consent granted by the data subject (mainly for marketing purposes, Consumer competitions etc.), if such consent was granted. If the data subject does not provide to the Controller personal data needed for the fulfilment of the contractual obligations of the Controller or on the basis of the Statute, Controller is not obliged to conclude a Trip procurement contract, tourism service procurement contract or any other service.
6. Time period of the processing and retention of the personal data
Controller is entitled to process personal data of the data subjects for the time period set by relevant legislation. Personal data processing on the basis of a Consent is possible for the time period set in the Consent. Consent granted to the Controller is granted for the duration of the contract and for the following 10 years after the Contract or until the Consent is rescinded.
7. Access to processed personal data and categories of recipients
Except for the Controller and the employees of the Controller, third parties as processors can have access to processed personal data for the purposes of personal data processing. With regard to the scope of services provided by the Controller, such group of processor is very wide, where the transfer of processed personal data is transferred even to third countries, mainly countries of final destination or transit countries in accordance with concluded Trip procurement Contract. Categories of such processors are enumerated below: IT service providers Accounting services providers Law offices Local authorities Transport companies Accommodation services providers Guides Embassies, diplomatic missions and consular embassies Third parties chard by the Controller to process personal data on the basis of concluded contract. Except for the Controller a the employees of the Controller, other people can have access acting as the processors of personal data can have access to the processed personal data for the purposes of personal data processing. For example, external companies managing IT systems of the Controller or providing other services with regards to personal data processing for marketing purposes that were charged with processing by the Controller by a written agreement.
8. Rights of data subject with regard to personal data processing
With regard to the personal data processing Data subject can exercise: Rights to access and right for information regarding personal data Right to rectification Right to erasure Right to restriction of processing Right to data portability Right to object against personal data processing Right to object and automated individual decision making including profiling Right to rescind consent Right to file a motion to start a proceeding with an overseer offices, specifically Personal data protection office of the Slovak republic, seated Hraničná 12, 820 07 Bratislava 27, Slovak republic, contact information: +421 2 3231 3214, e-mail: email@example.com Data subject can exercise aforementioned right in accordance with the Statue and Regulation as well as other competent legislation. Statement and eventual information of steps taken by are provided by the Controller as soon as possible, no later than 1 month after the request was delivered. In legitimate cases with regard to amount and complexity of requests, the time limit can be extended by two months repeatedly. Controller is obliged to inform the data subject about every extension within one month of the request delivery with reasons for such extension. Data subject can exercise rights by the means of written request sent to the address of the Controller or by the means of electronic communication on e-mail address firstname.lastname@example.org .
9. Personal data processing consent rescission
Consent for the personal data processing can be rescinded by the data subject at all time by the means of written rescission sent to the address of the Controller or via e-mail to email@example.com. Rescission must be concrete enough, to an extent, that it contains name, surname, address of the data subject, where it must be evident from the text, that the data subject does not wishes the Controller to further process the personal data, precise definition of the scope of personal data processing rescission can be specified.
10. Profiling and automated individual decision making
Controller performs with regards to its activities profiling, meaing automated processing in specified processes. Automated processing is such personal data processing, where the Controller uses exclusively automated information system (e.g. software atec.) or web applications for the purposes of trip price calculation etc. Controller aim to provide individualised offers of products and services, which is the main reason for the profiling done on the consent granted for marketing purposes.