+421 948 104 665
info@ekofarma.sk

Privacy Policy

1. INTRODUCTION

Dear visitors and customers, the protection of your personal data is a priority for us at Ekofarma Ostrov s.r.o. This document serves to explain in detail how we collect, process, store and protect your personal data when you use our services and visit our website. We want you to have a complete overview of what data we collect, why we need it, and how we process it securely in accordance with applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council, better known as the GDPR.

Our goal is not only to fulfil legal obligations, but also to build trust and transparency with you, our clients and visitors. This document explains in detail all the processes and rights relating to the processing of personal data, so that you can feel safe and well-informed.

2. IDENTIFICATION AND CONTACT DETAILS

The controller of personal data is Ekofarma Ostrov s.r.o., with its registered office at Veľký Lél 819, 946 12 Zlatná na Ostrove. The company registration number (IČO) is 47999926.

For questions regarding the protection of personal data or the exercise of your rights, you can contact us at the email address info@ekofarma.sk or by phone at +421 905 123 456.

The controller has not appointed a dedicated Data Protection Officer, as this is not required under current legislation.

All our employees who process personal data are duly instructed, bound by confidentiality, and regularly trained to ensure the maximum protection of your data.

3. DATA PROCESSING STATEMENT

We process personal data exclusively for the purposes of providing services, managing reservations, accounting, marketing and communication. We do not share data with any third parties without a legal basis and only to the extent necessary to fulfil specific obligations.

The processing of personal data is carried out by our own employees, who are duly authorised and regularly trained in the area of data protection.

Mandatory data is collected and processed on the basis of legal regulations, such as the Act on Registration of Residence of Citizens of the Slovak Republic (Act No. 253/1998 Coll.) and the Act on Residence of Foreigners (Act No. 404/2011 Coll.). We process this data to the extent and within the time limits required by law.

Providing the data required by law is necessary for the provision of accommodation services. If you are providing data on behalf of another person (for example, a child or a minor), you must clearly state this and confirm consent.

4. LEGAL BASIS FOR PROCESSING

The processing of personal data is always based on at least one of the legal grounds defined in Article 6 of the GDPR. We always verify this legal basis before commencing processing and assess its appropriateness with regard to the purpose of processing.

The most common legal grounds we rely on include:

  • Performance of a contract: processing of data necessary for concluding and fulfilling the accommodation contract, handling reservations, and communication before arrival and during the stay.
  • Compliance with a legal obligation: storing and disclosing data in accordance with laws on registration of stays, reporting stays to municipalities and the police, and tax obligations.
  • Consent of the data subject: obtaining consent for sending marketing materials, newsletters or other promotional information, which may be withdrawn at any time.
  • Legitimate interest: ensuring the security of property and persons through a CCTV system in common areas, preventing fraud or enforcing claims.

In cases where processing is based on legitimate interest, we always carry out a proportionality test to balance the rights of data subjects against our legitimate interests.

5. SCOPE OF DATA PROCESSED

We collect only the personal data that is necessary to fulfil specific processing purposes. In detail, this includes the following data:

  • Identification data: first name, surname, title and other data necessary for identifying the client and guests.
  • Contact data: email address, phone number, correspondence address.
  • Reservation data: check-in and check-out dates, number of persons, specific requests (e.g. wheelchair access, allergies).
  • Accounting and payment data: billing information, account numbers, proof of payments.
  • Technical data: IP address, cookies, data about the browser and device used, which help us analyse website traffic and security.
  • CCTV recordings: visual recordings of persons moving in common and public areas, retained for a maximum of 14 days.

We do not collect or process sensitive personal data, such as data relating to health, political opinions, religion or sexual orientation, unless such data is expressly provided by you in connection with the service being provided (e.g. allergies).

6. RECIPIENTS OF PERSONAL DATA

Personal data is shared only with authorised persons and organisations that need this data for the purpose of fulfilling their legal or contractual obligations. The controller guarantees that all such entities are bound by confidentiality and the legislative rules on personal data protection.

  • Accounting firms and tax advisors: for proper bookkeeping, compliance with tax laws and preparation of tax returns.
  • IT service and hosting providers: who ensure the technical operation of the website, email management and data storage.
  • Law firms and external consultants: who provide legal advice and represent the controller in court or administrative proceedings.
  • Public authorities: on the basis of a legal obligation, for example the police, financial administration, municipal office and other competent authorities.

7. DATA RETENTION PERIOD

Personal data is retained for the period necessary to fulfil the purpose for which it was processed, with the controller respecting all legally prescribed archiving periods.

  • Reservation and operational data: 5 years from the end of the service provision, due to possible inspections, complaints and other legitimate interests of the controller.
  • Accounting documents: in accordance with accounting legislation, a minimum of 10 years from the end of the accounting period.
  • Cookies and analytical data: retained for a maximum of 13 months, then automatically deleted or anonymised.
  • CCTV recordings: a maximum of 14 days, except in cases of incident investigation, where they are retained until the case is resolved.

After the retention period expires, data is securely deleted or anonymised, ensuring that the data subject can no longer be identified.

8. USE OF COOKIES

Our website uses cookies, which help ensure proper functionality, improve the user experience, analyse traffic and display relevant content including advertisements.

The types of cookies used include:

  • Necessary cookies: these ensure basic website functions such as navigation, login and saving preferences. These cookies are essential for the operation of the site and cannot be disabled.
  • Analytical cookies: these anonymously collect data about visitors, such as the most visited pages, time spent on the site, device and browser used. They help us better understand visitor behaviour and improve our services. We use, for example, Google Analytics.
  • Marketing cookies: these are used to track visitor behaviour across websites in order to display relevant advertisements (remarketing). These cookies are managed by third parties such as Google Ads, Facebook and other platforms.

On your first visit to the website, a banner will appear where you can choose which categories of cookies to allow. Settings can be changed at any time in your browser settings or via the cookie management link on the page.

Declining certain cookies may affect the functionality of the website or the availability of personalised services, however basic functions will be maintained.

9. RIGHTS OF THE DATA SUBJECT

Every natural person whose data we process has, in accordance with the GDPR, the right to:

  • Access to data: Obtain information about whether we process their personal data, what data, for what purpose and to whom we provide it.
  • Rectification of data: Request the correction or completion of inaccurate or incomplete data.
  • Erasure of data: Request the deletion of data if it is no longer needed, or if consent has been withdrawn.
  • Restriction of processing: Request a restriction of processing in cases of dispute regarding the accuracy or lawfulness of processing.
  • Right to data portability: Obtain their data in a commonly used format and transfer it to another controller.
  • Objection to processing: Object to processing based on legitimate interest, unless compelling grounds for continuing processing are demonstrated.
  • Lodging a complaint: Contact the Office for Personal Data Protection of the Slovak Republic if they suspect a violation of their rights.

To exercise these rights, you can contact us by email at info@ekofarma.sk or in writing at the controller’s address.

10. DATA SECURITY AND PROTECTION

The controller has implemented extensive technical and organisational measures to protect personal data against unauthorised access, loss, misuse or destruction.

  • Encryption of communications via HTTPS with a valid SSL certificate
  • Firewall and antivirus solutions on servers and workstations
  • Regular data backups and secure storage of backups
  • Access to data only for authorised persons on a need-to-know basis
  • Regular employee training on GDPR and security measures
  • Secured physical premises with an access control system

Every security incident is documented and, where necessary, reported to the relevant supervisory authority within the statutory time limit.

11. ON-SITE INFORMATION

This document is available not only online on the website, but also in physical form:

  • At the reception of the accommodation facility in printed form
  • In each room as part of the welcome pack for guests
  • A copy can be obtained on request from the facility manager

All significant changes to the policy will be communicated to visitors and customers in a timely manner.

12. SUPERVISORY AUTHORITY AND CONTACT

If you have any questions or wish to exercise your rights, please contact us or directly the supervisory authority:

Controller:

Ekofarma Ostrov s.r.o.
Veľký Lél 819
946 12 Zlatná na Ostrove
Company ID: 47999926
Email: info@ekofarma.sk
Phone: +421 948 104 665

Supervisory Authority:

Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava 27
Tel.: +421 2 3231 3220
Web: www.dataprotection.gov.sk
Email: statny.dozor@pdp.gov.sk

0
    0
    Cart
    Your cart is emptySpäť do obchodu
    Continue shopping
    Ekofarma Ostrov s.r.o. Veľký Lél 819, 946 12 Zlatná na Ostrove Phone: +421 948 104 665 E-mail: info@ekofarma.sk Season: April – October Show on map