Privacy Policy

Data Controller's information obligation under GDPR and Act No. 18/2018 Coll.

This Privacy Policy (hereinafter "Privacy Policy") has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR") and Act No. 18/2018 Coll. on the Protection of Personal Data.

The system is classified as an information system in which the Provider processes personal data pursuant to Section 5(l) of the Act.

Article I: Definitions

  1. Customer is:
    • A natural person over 16 years of age without business activity
    • A business person or legal entity
    • A person seeking services through the booking portal
    The Customer is recognised as a "data subject" under Act No. 18/2018 Coll.
  2. Provider is:
    • A natural business person or legal entity
    • A service provider using the booking system
    • Recognised as a "data controller" under applicable law
    Acts in cooperation with the web hosting operator (processor).

Article II: Protection of Personal Data

  1. The system expressly does not support automated restriction, pseudonymisation, logging or encryption under Section 5(f), (h), (i), (j) of the Act. Only manual measures.
  2. Online identifiers are retained under Section 5(k) of the Act.
  3. The Author bears no responsibility for data protection breaches under Section 5(m) -- is not considered a controller, processor, recipient or third party.
  4. The Provider is recognised as a data controller under Section 5(o) of the Act.
  5. The Provider bears sole responsibility for data protection breaches under Section 5(m) of the Act.
  6. The web hosting operator is confirmed as a processor under Section 5(p) of the Act.
  7. The Provider must comply with the following principles:
    • Lawfulness (Section 6) -- processing must be lawful
    • Purpose limitation (Section 7) -- data is processed only for a specific purpose
    • Data minimisation (Section 8) -- only necessary data is collected
    • Accuracy (Section 9) -- data must be accurate and up to date
    • Storage limitation (Section 10) -- data is retained only for the necessary period
    • Integrity and confidentiality (Section 11) -- data must be adequately secured
    • Accountability (Section 12) -- the controller must demonstrate compliance
  8. The Provider is obliged to implement appropriate technical and organisational measures under Section 31(1), (2), (4), (5) -- must consider the nature, scope, purpose of processing and risks.
  9. The Provider must implement data protection by design (privacy by design) under Section 32(1)-(3) before commencing processing.
  10. The Provider must take into account the state of the art, cost of implementation, context/purpose of processing and probability/severity of risks.
  11. The Provider must implement data protection by default ensuring:
    • Processing only for a specific purpose
    • Data minimisation
    • Limited retention period
    • Prohibition of unlimited access to personal data
  12. The Provider assesses the adequacy of security with regard to risks: accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access to personal data.
  13. The Provider ensures that persons processing data act only according to the controller's instructions or according to legal requirements/international treaties.
  14. The Provider must provide information to data subjects under Article 13 of Regulation (EU) 2016/679 and Section 19 of Act No. 18/2018 Coll. before commencing processing.
  15. The Provider must provide information to data subjects to the extent and in the manner prescribed by applicable legislation.
  16. If the Author accidentally gains access to personal data during support/updates, they must immediately inform the Provider by phone and maintain confidentiality under Section 79(1) (the obligation continues even after processing ends).
  17. The Provider confirms that all data in the database provided to the Author is in compliance with applicable legislation.

Rights of the Data Subject

As a data subject, you have the following rights:

  • Right of access -- you have the right to obtain confirmation as to whether your personal data is being processed, and if so, to access it
  • Right to rectification -- you have the right to have inaccurate personal data concerning you corrected
  • Right to erasure -- you have the right to have personal data concerning you erased (the "right to be forgotten")
  • Right to restriction of processing -- you have the right to restrict the processing of your data
  • Right to data portability -- you have the right to receive personal data in a structured, commonly used and machine-readable format
  • Right to object -- you have the right to object to the processing of personal data
  • Right to lodge a complaint -- you have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic

Request for Erasure of Personal Data

If you wish to request the erasure of your personal data from the ProDiary booking system, you may do so by:

  • Contacting the Service Provider (business) with whom you registered directly
  • Sending a request to the email address: info@prodiary.sk
  • By phone at: +421 915 428 229

System Operator:

EKUM, s.r.o.

Bajkalska 45G, 821 05 Bratislava

Company ID: 35 777 168 | VAT ID: SK2020255688

Tel.: +421 915 428 229

E-mail: info@prodiary.sk

Supervisory Authority:

Office for Personal Data Protection of the Slovak Republic

Hranicna 12, 820 07 Bratislava 27

Web: dataprotection.gov.sk

This Privacy Policy has been valid and effective since 25 May 2018, in accordance with the entry into force of the GDPR.

WhatsApp Contact Try for Free