Personal Data Processing Rules Ensuring the highest level of protection of your privacy is our priority, therefore we strive to secure a high level of protection of your personal data during their processing in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR") and Act no. 18/2018 Coll. on personal data protection. For the purposes of the GDPR, the controller which determines the scope and purpose of personal data processing provided through any of the functionalities of this website is the company D.J.K., a limited liability company, with its registered office at Južná trieda 26, 040 01 Košice, Company ID: 31 691 897, registered in the Commercial Register maintained by the District Court Košice, section Sro, insert no. 4805/V (also referred to as the "controller"). If you have any questions concerning the processing of personal data we have obtained from you, or if you wish to exercise any of the rights listed below, please contact us via written submissions addressed to the registered office address of the controller indicated above or electronically at the email address office@kupelecks.sk Collection of Personal Data These rules apply to the processing of personal data obtained by the controller through the completion of the contact form located on this website, requests to receive news (newsletter), and personal data provided through telephone or email communication made on the basis of contact information provided on this website.Scope of Processed Personal Data For the purposes specified in the following paragraph of these rules, it is necessary to process personal data of individuals who are interested in booking and/or using spa, accommodation, catering, and related services from our portfolio, and of individuals interested in being informed about the current offer of services and products from our portfolio, and of individuals we intend to contact for the realization of our marketing activities. The obtained personal data are processed in accordance with the principle of minimization of personal data processing under Article 5 GDPR and therefore are processed only to the necessary extent and scope: name and surname, email address, and telephone number. The subject of our personal data processing does not include special categories of personal data or personal data of persons under the age of 16. It is very important that the personal data we process about you are truthful and up to date. Please inform us if your personal data change during the processing.Purpose of Personal Data Processing We process your personal data for the following purposes: a) to communicate with you, provide feedback or response to the interest or inquiry expressed by you through any functionality of this website or use of contact details provided on this website; b) for marketing purposes and conducting our marketing activities which comply with the law and include providing information about the portfolio of services and products we offer and sending newsletters; c) for the management and protection of this website. In the event that we process your personal data for direct marketing purposes in the form of sending newsletters about news and offers of our services and products that we think may interest you, you have the option to unsubscribe from the newsletter if you no longer wish to receive it in the future.Legal Basis for Processing Personal Data The processing of your personal data for purposes described in the previous paragraph under letters a) (i.e. communication based on your expressed interest) and b) (i.e. marketing) is based on our legitimate interest in active communication with persons who show interest in the offered services and products and our legitimate interest in effective marketing support and promotion of our business activities and offer of services and products. Although these are the legal bases for the processing of your personal data, we always respect and prioritize your rights and interests over ours. For the purpose of management and protection of this website, the legal basis of personal data processing is also our legitimate interest, which is the provision of IT services and maintaining the security of this website’s operation. The processing of your personal data based on our legitimate interest arises from Article 6, Paragraph 1 of the GDPR. However, you have the right to object to such processing of your personal data at any time. For this purpose, you may contact us in writing at the address of our registered office given in the introduction of these rules or by email at office@kupelecks.sk. Any objection submitted by you will be thoroughly assessed and you will be informed about the result.Period of Personal Data Processing Personal data are retained for as long as necessary to fulfill the purposes for which they were collected. The period of personal data processing is 3 years from the date of their acquisition. The processing period is regularly reviewed and when it expires, personal data processing is terminated and personal data are deleted or otherwise destroyed.Recipients of Personal Data The personal data processing under these rules is also carried out through third parties – intermediaries. Such third party is the company PIENINY RESORT s.r.o., with registered office at Hrnčiarska 29, Košice - city district Staré Mesto 040 01, Company ID: 36 821 063, registered in the Commercial Register maintained by the District Court Košice I, section Sro, insert no.: 56557/V, email address office@kupelecks.sk, which provides us with certain accommodation, treatment, and catering services and seeks and mediates opportunities on our behalf to enter into contracts for the provision of services and products we offer and other related contracts. Other such third parties are service providers we use to carry out the processing of your personal data for the purposes set out in these rules. These are specifically services related to technical and software support and administration of marketing and sales activities of the controller. The controller has signed contracts with processors for the processing of personal data. The processors are bound to process personal data exclusively for the purposes specified in these rules. Your data are not made available to third parties for their independent use or processing beyond the purposes of these rules.Transfer of Personal Data to Third Countries or International Organizations Your personal data are not transferred to countries outside the European Union.Rights Related to Personal Data Processing Under the GDPR, every person whose personal data is processed by the controller has the following rights: a) the right to information about the processing of their personal data; b) the right to access personal data processed and stored about them; c) the right to request correction of their incorrect, inaccurate, or incomplete personal data; d) the right to request deletion of their personal data when they are no longer necessary or if the processing is unlawful; e) the right to object to the processing of their personal data for marketing purposes or on grounds related to a particular situation; f) the right to request restriction of processing of their personal data in certain cases; g) the right to receive their personal data in a machine-readable format and/or request their transfer to another controller; h) the right to withdraw their consent to personal data processing at any time with effect on the lawfulness of processing based on consent before its withdrawal, if such consent was given; i) the right to request that decisions based solely on automated processing which affect them significantly, based on their personal data, be made by a natural person and not automatically, if personal data are processed in this way by the controller; j) the right to lodge a complaint with the supervisory authority, especially in the EU Member State of their habitual residence, place of work, or place of the alleged breach, and the right to effective judicial remedy if they believe their personal data processing is in violation of the law. The supervisory authority in Slovakia is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, Bratislava; k) the right to submit a request or complaint to the controller in connection with the protection and processing of their personal data. Any person wishing to submit a request or complaint and exercise their rights may do so in writing at D.J.K., limited liability company, Južná trieda 26, 040 01 Košice, or electronically at office@kupelecks.sk. These personal data processing rules may be updated and amended from time to time. This version of the personal data processing rules was issued on 20.12.2022