1. Personal data protection
1.1. By entering personal data, the User confirms that he/she has understood the terms and conditions of personal data protection, that he/she agrees with their wording and that he/she accepts them in full.
1.2 The Provider is the controller of the Users’ personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”). The Provider undertakes to process personal data in accordance with legal regulations, in particular the GDPR.
1.3. Personal data is any information relating to an identified or identifiable natural person; An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more elements which are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.4 When placing an order, personal data is required for the successful processing of the order (name and address, contact). The purpose of personal data processing is the execution of the User’s order and the exercise of rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of personal data processing is also to send commercial communications and perform other marketing activities. The legal basis for the processing of personal data is the performance of a contract pursuant to Article 6 (1) of the GDPR. 1 letter b) of the GDPR, the fulfilment of the legal obligation of the Controller under Article 6 (1) (c) of the GDPR and the legitimate interest of the Provider under Article 6 (1) of the GDPR. 1 lit. f) GDPR. The legitimate interest of the Provider is the processing of personal data for direct marketing purposes.
1.5 The Provider uses the services of subcontractors for the performance of the License Agreement, in particular the postal service provider (personal data is stored in 3 countries) and the web hosting provider. Subcontractors are vetted to process personal data securely. The provider and the web hosting subcontractor have a personal data processing agreement in place, according to which the subcontractor is responsible for properly securing the physical, hardware and software perimeter and is therefore directly liable to the user for any leak or breach of personal data.
1.6 The Provider stores the User’s personal data for the period necessary for the exercise of rights and obligations arising from the contractual relationship between the Provider and the User and for the exercise of claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship). After this period, the data will be deleted.
1.7 The User has the right to request from the Provider access to their personal data pursuant to Article 15 of the GDPR, rectification of personal data pursuant to Article 16 of the GDPR or restriction of processing pursuant to Article 18 of the GDPR. The User has the right to delete personal data pursuant to Article 17 para. 1 lit. (a) and (c) to (f) GDPR. In addition, the user has the right to object to processing in accordance with Article 21 of the GDPR and the right to data portability in accordance with Article 20 of the GDPR.
1.8 The User has the right to lodge a complaint with the Office for Personal Data Protection if he/she believes that his/her right to personal data protection has been violated.
1.9 The User is not obliged to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract, and without the provision of personal data, it is not possible to conclude or perform the contract by the provider.
1.10 The Provider does not carry out automatic individual decision-making within the meaning of Article 22 of the GDPR.
1.11 A person interested in using the Provider’s services by filling in the contact form:
agrees to the use of his/her personal data for the purpose of electronic sending of commercial communications, advertising materials, direct sales, market research and direct product offers by the Provider and third parties, but not more often than once a week, and at the same time
declares that he/she does not consider the sending of information pursuant to point 1.11.1 as unsolicited advertising within the meaning of Act No. 40/1995 Coll., as amended, because the user sends information according to point 1.11.1 in conjunction with § 7 of Act No. 480/2004 Coll., expressly agrees.
The consent under this paragraph may be revoked by the User at any time in writing to the kosice@redaj.sk.
1.12 The Provider uses so-called cookies in its presentation for the purpose of improving the quality of services, personalizing the offer, collecting anonymous data and for analytical purposes. By using the website, the user agrees to the use of said technology.
2. Rights and obligations between the controller and the processor (processing agreement)
2.1 In relation to the personal data of the Clients’ Users, the Provider is an intermediary within the meaning of Article 28 of the GDPR. The user is the controller of this data.
2.2 These Terms and Conditions govern the mutual rights and obligations in the processing of personal data to which the Provider has gained access as part of the performance of the license agreement concluded in the form of acceptance of the www.redaj.sk General Terms and Conditions (hereinafter referred to as the “License Agreement”) concluded with the User on the date of opening the User Account.
2.3. The Provider undertakes to process personal data for the User to the extent and for the purposes specified in Articles 2.4 – 2.7 of these Terms and Conditions. Processing methods will be automated. As part of the processing, the Provider will collect, store and dispose of personal data. The Provider is not entitled to process personal data contrary to or beyond the scope stipulated by these Terms and Conditions.
2.4 The Provider undertakes to process personal data for the User to the following extent:
common personal data,
special categories of data according to Article 9 of the GDPR, collected by the User in connection with their own business activity.
2.5. The Provider undertakes to process personal data for the User for the purpose of processing the Clients’ inquiries and requests obtained from the contact form.
2.6. Personal data may only be processed at the Provider’s or its subcontractors’ workplaces within the meaning of point 2.8 of these Terms and Conditions, in the territory of the European Union.
2.7. The Provider undertakes to process the personal data of the User’s clients for the User, for the period necessary for the exercise of rights and obligations arising from the contractual relationship between the Provider and the User and from the exercise of claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
2.8 The User gives consent to the involvement of a subcontractor as a subcontractor pursuant to Art. 28 para. 2 GDPR, which is the provider of application hosting. At the same time, the User grants the Provider a general consent to involve another personal data processor in the processing, but the Provider must inform the User in writing of any intended changes related to the hiring of additional intermediaries or their replacement and provide the User with the opportunity to object to these changes. The Provider must impose on its subcontractors in the position of a personal data processor the same obligations for the protection of personal data as set out in these Terms and Conditions.
2.9. The Provider undertakes that the processing of personal data will be ensured in particular in the following way:
Personal data is processed in accordance with the law and on the basis of the User’s instructions, i.e. to perform all activities necessary for the provision of the Web Platform.
The Provider undertakes to ensure the technical and organizational protection of the processed personal data so that unauthorized or accidental access to the data, their change, destruction or loss, unauthorized transfers, other unauthorized processing, as well as other misuse cannot occur, and that all obligations of the personal data processor are continuously secured in terms of personnel and organization during the period of data processing. resulting from the legislation.
The technical and organisational measures taken are commensurate with the level of risk. The Provider shall use them to ensure the continued confidentiality, integrity, availability and resilience of the processing systems and services and to restore the availability of and access to personal data in a timely manner in the event of physical or technical incidents.
The Provider hereby declares that the protection of personal data is subject to the Provider’s internal security regulations.
Only authorized persons of the Provider and subcontractors who will have the conditions and scope of data processing determined by the Provider will have access to personal data within the meaning of Article 2.8 of these Terms and Conditions, and each such person will have access to personal data under their unique identifier.
The Provider’s authorized persons who process personal data under these Terms and Conditions are obliged to maintain confidentiality about personal data and security measures, the disclosure of which would jeopardize their security. The provider shall ensure that they are demonstrably bound by this obligation. The Provider shall ensure that this obligation of the Provider and the authorised persons continues even after the termination of the employment relationship or other relationship with the Provider.
The Provider shall assist the User with appropriate technical and organizational measures, if possible, to comply with the User’s obligation to respond to requests for the exercise of the data subject’s rights set out in the GDPR; as well as in ensuring compliance with obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the Provider.
Upon termination of the provision of services related to processing pursuant to Article 2.7 of these Terms and Conditions, the Provider is obliged to delete or return all personal data to the User, unless the Provider is obliged to store personal data on the basis of a special law.
The Provider shall provide the User with all information necessary to demonstrate compliance with the obligations under this Agreement and the GDPR and shall allow audits, including inspections, carried out by the User or another auditor authorized by the User.
2.10 The User undertakes to immediately notify the Provider of all facts known to the User that could adversely affect the proper and timely performance of obligations arising from these Terms and Conditions and to provide the Provider with the cooperation necessary to meet these Terms and Conditions.
3. Final provisions
3.1 These Terms and Conditions shall cease to be valid upon the expiry of the period specified in Article 1.6 and Article 2.7 of these Terms and Conditions.
3.2 The User agrees to these Terms and Conditions by ticking the consent via the online form. By ticking the consent box, the user indicates that he has read these terms and conditions, agrees with them and accepts them in full.
3.3 The Provider is entitled to change these Terms and Conditions. The Provider is obliged to publish the new version of the Terms and Conditions on its website without undue delay, or to send the new version to the User’s e-mail address.
3.4. Contact details of the Provider in matters related to these Terms and Conditions: +421 908 089 114, kosice@redaj.sk.
3.5 Relations not expressly regulated by these Terms and Conditions are governed by the GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code, as amended.
These Terms and Conditions enter into force on 01.01.2024.
1. Personal data protection
1.1. By entering personal data, the User confirms that he/she has understood the terms and conditions of personal data protection, that he/she agrees with their wording and that he/she accepts them in full.
1.2 The Provider is the controller of the Users’ personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”). The Provider undertakes to process personal data in accordance with legal regulations, in particular the GDPR.
1.3. Personal data is any information relating to an identified or identifiable natural person; An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more elements which are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.4 When placing an order, personal data is required for the successful processing of the order (name and address, contact). The purpose of personal data processing is the execution of the User’s order and the exercise of rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of personal data processing is also to send commercial communications and perform other marketing activities. The legal basis for the processing of personal data is the performance of a contract pursuant to Article 6 (1) of the GDPR. 1 letter b) of the GDPR, the fulfilment of the legal obligation of the Controller under Article 6 (1) (c) of the GDPR and the legitimate interest of the Provider under Article 6 (1) of the GDPR. 1 lit. f) GDPR. The legitimate interest of the Provider is the processing of personal data for direct marketing purposes.
1.5 The Provider uses the services of subcontractors for the performance of the License Agreement, in particular the postal service provider (personal data is stored in 3 countries) and the web hosting provider. Subcontractors are vetted to process personal data securely. The provider and the web hosting subcontractor have a personal data processing agreement in place, according to which the subcontractor is responsible for properly securing the physical, hardware and software perimeter and is therefore directly liable to the user for any leak or breach of personal data.
1.6 The Provider stores the User’s personal data for the period necessary for the exercise of rights and obligations arising from the contractual relationship between the Provider and the User and for the exercise of claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship). After this period, the data will be deleted.
1.7 The User has the right to request from the Provider access to their personal data pursuant to Article 15 of the GDPR, rectification of personal data pursuant to Article 16 of the GDPR or restriction of processing pursuant to Article 18 of the GDPR. The User has the right to delete personal data pursuant to Article 17 para. 1 lit. (a) and (c) to (f) GDPR. In addition, the user has the right to object to processing in accordance with Article 21 of the GDPR and the right to data portability in accordance with Article 20 of the GDPR.
1.8 The User has the right to lodge a complaint with the Office for Personal Data Protection if he/she believes that his/her right to personal data protection has been violated.
1.9 The User is not obliged to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract, and without the provision of personal data, it is not possible to conclude or perform the contract by the provider.
1.10 The Provider does not carry out automatic individual decision-making within the meaning of Article 22 of the GDPR.
1.11 A person interested in using the Provider’s services by filling in the contact form:
- agrees to the use of their personal data for the purpose of electronic sending of commercial communications, advertising materials, direct sales, market research and direct product offers by the Provider and third parties, but not more often than once a week and at the same time
- declares that it does not consider the sending of information pursuant to Section 1.11.1 to be unsolicited advertising within the meaning of Act No. 40/1995 Coll., as amended, because the User sends information pursuant to Section 1.11.1 in conjunction with Section 7 of Act No. 480/2004 Coll. expressly agrees.
- The User may revoke the consent under this paragraph at any time in writing to the hotel@sojka.eu.
1.12 The Provider uses so-called cookies in its presentation for the purpose of improving the quality of services, personalizing the offer, collecting anonymous data and for analytical purposes. By using the website, the user agrees to the use of said technology.
2. Rights and obligations between the controller and the processor (processing agreement)
2.1 In relation to the personal data of the Users’ Clients, the Provider is an intermediary within the meaning of Article 28 of the GDPR. The user is the controller of this data.
2.2 These Terms and Conditions govern the mutual rights and obligations in the processing of personal data to which the Provider has gained access as part of the performance of the license agreement concluded in the form of acceptance of the General Terms and Conditions of www.sojka.eu (hereinafter referred to as the “License Agreement”) concluded with the User on the date of opening the User account.
2.3. The Provider undertakes to process personal data for the User to the extent and for the purposes specified in Articles 2.4 – 2.7 of these Terms and Conditions. Processing methods will be automated. As part of the processing, the Provider will collect, store and dispose of personal data. The Provider is not entitled to process personal data contrary to or beyond the scope stipulated by these Terms and Conditions.
2.4 The Provider undertakes to process personal data for the User to the following extent:
- common personal data;
- special categories of data pursuant to Article 9 of the GDPR collected by the User in connection with their own business activities.
2.5. The Provider undertakes to process personal data for the User for the purpose of processing the Clients’ inquiries and requests obtained from the contact form.
2.6. Personal data may only be processed at the Provider’s or its subcontractors’ workplaces within the meaning of point 2.8 of these Terms and Conditions, in the territory of the European Union.
2.7. The Provider undertakes to process the personal data of the User’s clients for the User, for the period necessary for the exercise of rights and obligations arising from the contractual relationship between the Provider and the User and from the exercise of claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
2.8 The User gives consent to the involvement of a subcontractor as a subcontractor pursuant to Art. 28 para. 2 GDPR, which is the provider of application hosting. At the same time, the User grants the Provider a general consent to involve another personal data processor in the processing, but the Provider must inform the User in writing of any intended changes related to the hiring of additional intermediaries or their replacement and provide the User with the opportunity to object to these changes. The Provider must impose on its subcontractors in the position of a personal data processor the same obligations for the protection of personal data as set out in these Terms and Conditions.
2.9. The Provider undertakes that the processing of personal data will be ensured in particular in the following way:
- Personal data is processed in accordance with the law and on the basis of the User’s instructions, i.e. to perform all activities necessary for the provision of the Web Platform.
- The Provider undertakes to ensure the technical and organizational protection of the processed personal data so that unauthorized or accidental access to the data, their change, destruction or loss, unauthorized transfers, other unauthorized processing, as well as other misuse cannot occur, and that all obligations of the personal data processor are continuously secured in terms of personnel and organization during the period of data processing. resulting from the legislation.
- The technical and organisational measures taken are commensurate with the level of risk. The Provider shall use them to ensure the continued confidentiality, integrity, availability and resilience of the processing systems and services and to restore the availability of and access to personal data in a timely manner in the event of physical or technical incidents.
- The Provider hereby declares that the protection of personal data is subject to the Provider’s internal security regulations.
- Only authorized persons of the Provider and subcontractors who will have the conditions and scope of data processing determined by the Provider will have access to personal data within the meaning of Article 2.8 of these Terms and Conditions, and each such person will have access to personal data under their unique identifier.
- The Provider’s authorized persons who process personal data under these Terms and Conditions are obliged to maintain confidentiality about personal data and security measures, the disclosure of which would jeopardize their security. The provider shall ensure that they are demonstrably bound by this obligation. The Provider shall ensure that this obligation of the Provider and the authorised persons continues even after the termination of the employment relationship or other relationship with the Provider.
- The Provider shall assist the User with appropriate technical and organizational measures, if possible, to comply with the User’s obligation to respond to requests for the exercise of the data subject’s rights set out in the GDPR; as well as in ensuring compliance with obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the Provider.
- Upon termination of the provision of services related to processing pursuant to Article 2.7 of these Terms and Conditions, the Provider is obliged to delete or return all personal data to the User, unless the Provider is obliged to store personal data on the basis of a special law.
- The Provider shall provide the User with all information necessary to demonstrate compliance with the obligations under this Agreement and the GDPR and shall allow audits, including inspections, carried out by the User or another auditor authorized by the User.
2.10 The User undertakes to immediately notify the Provider of all facts known to the User that could adversely affect the proper and timely performance of obligations arising from these Terms and Conditions and to provide the Provider with the cooperation necessary to meet these Terms and Conditions.
3. Final provisions
3.1 These Terms and Conditions shall cease to be valid upon the expiry of the period specified in Article 1.6 and Article 2.7 of these Terms and Conditions.
3.2 The User agrees to these Terms and Conditions by ticking the consent via the online form. By ticking the consent box, the user indicates that he has read these terms and conditions, agrees with them and accepts them in full.
3.3 The Provider is entitled to change these Terms and Conditions. The Provider is obliged to publish the new version of the Terms and Conditions on its website without undue delay, or to send the new version to the User’s e-mail address.
3.4. Contact details of the Provider in matters related to these Terms and Conditions: +421 948 044 391, hotel@sojka.eu.
3.5 Relations not expressly regulated by these Terms and Conditions are governed by the GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code, as amended.
These Terms and Conditions enter into force on 01.01.2015.