Privacy policy
Information on General Data Protection Regulation GDPR
Kúpele Bojnice, a. s. (Bojnice Spa) 972 01 Bojnice, IČO (Comp. Reg. No.): 316 38 694 processes the personal data of data subjects as a spa operator in accordance with principles of personal data processing under articles 13 and 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “Regulation“) and Section 19 of the Act of the National Council of the Slovak Republic No. 18/2018 Coll. on personal data protection and amending and supplementing certain Acts provides following information on processing of personal data of data subjects.
Purposes of personal data processing:
- provision of spa treatment approved by insurance companies
- provision of spa treatment and wellness stays for self-payers
- provision of accommodation
- monitoring of publicly accessible areas by video surveillance
- supply and demand relationships
- marketing communication
PROVISION OF SPA TREATMENT
|
INFORMATION ON PERSONAL DATA FILING SYSTEM |
|||
|
Purpose of personal data processing |
Provision of spa treatment and services connected with spa care |
||
|
Legal basis for personal data processing |
Act No. 576/2004 Coll. on Health Care |
||
|
Data subjects |
Clients of VŠZP, UNION and Dôvera insurance companies, whose spa treatment (group A or B) was approved by their insurance company |
||
|
List of personal data |
Name, surname, title, personal identification number, permanent address, insurance company, length of stay, indication group of spa treatment, code of diagnosis according to the ICD (International Classification of Diseases), end date of spa treatment, city code (permanent address), gender |
||
|
List of contact details |
Phone number, email address, permanent address – for arranging and confirmation of the spa treatment |
||
|
PROCESSING OPERATIONS WITH PERSONAL DATA |
|||
|
Provision of personal data |
Insurance company |
||
|
Access to personal data |
Insurance company, data subject |
||
|
Public disclosure of personal data |
Personal data are not publicly disclosed |
||
|
Storage period |
20 years |
||
|
Collection of personal data |
- data processor collects personal data directly from the data subject (in person/via telephone) and registers them in the “Client Card” in the IS |
||
|
Recording of personal data |
- data processor with provided access rights collects personal data either from written documentation sent by the respective insurance company, or from the data available in the electronic communication system of the insurance company; and registers them in the “Client Card” |
||
|
Use of personal data |
- doctor uses personal data to schedule procedures and to compile a medical record |
||
|
Provision of personal data |
- processed personal data serve as a basis for the invoicing of the insurance company at the end of each month - National Health Information Centre uses personal data based on a particular Act |
||
|
Disclosure of personal data |
- data are disclosed to a particular insurance company for the control to the extent required or if required by circumstances or a particular Act (courts of law, law enforcement authorities, national supervisory authorities, etc.) |
||
|
Erasure of personal data |
- storage period of the personal data in the IS is 20 years following the end of the spa treatment – retention period is automatically set in LBIS/4G |
||
Personal data shall not be transferred to Third Countries.
PROVISION OF TREATMENT PROCEDURES AND SPA STAYS FOR SELF-PAYERS
|
DETAILS ON INFORMATION SYSTEM OF THE PERSONAL DATA |
|||
|
Purpose of the processing of personal data |
Booking services |
||
|
Legal basis for the personal data processing |
Act No. 48/2002 Coll. on stay of foreign nationals Act No. 253/1998 Coll. on the reporting of citizen residency and on the Registry of Inhabitants of the Slovak Republic |
||
|
Data subjects |
Self-payers who book their stays via telephone, email or by letter, through travel agencies; convalescent stays offered by companies or other institutions |
||
|
List of personal data |
Name, surname, title, date of birth, permanent address, length of stay, city code (permanent address), gender, nationality |
||
|
List of contact details |
Phone number, email address, permanent address – for arranging and confirmation of the spa treatment |
||
|
PROCESSING OPERATIONS WITH PERSONAL DATA |
|||
|
Provision of personal data |
Personal data are not further disclosed |
||
|
Access to personal data |
Data subject, law enforcement authorities, etc. |
||
|
Public disclosure of personal data |
Personal data are not publicly disclosed |
||
|
Storage period |
10 years |
||
|
Collection of personal data |
- data processor collects personal data directly from the data subject (in person, via telephone/email), from travel agencies and/or companies (electronically or in paper form), and registers them in the “Client Card” in the IS |
||
|
Recording of personal data |
- data processor with provided access rights collects personal data and registers them directly into the “Client Card” in the IS |
||
|
Use of personal data |
- doctor uses personal data to schedule procedures - personal data serve as a basis for the invoicing of the travel agencies, companies, and institutions
|
||
|
Provision of personal data |
- data are not further disclosed |
||
|
Disclosure of personal data |
- data processor, or, if required by circumstances or a particular Act (courts of law, law enforcement authorities, national supervisory authorities, etc.) |
||
|
Erasure of personal data |
-storage period in the IS is 10 years following the end of the stay, retention period is automatically set in LBIS/4G |
||
Personal data shall not be transferred to Third Countries.
PROVISION OF ACCOMODATION
|
DETAILS ON THE INFORMATION SYSTEM OF THE PERSONAL DATA |
|||
|
Purpose of the processing of personal data |
Booking services |
||
|
Legal basis for the personal data processing |
Accommodation facilities are defined by the Decree of the Ministry of Health of the Slovak Republic No. 210/2016 Coll. |
||
|
Data subjects |
Self-payers who book their stays via telephone, email or by letter |
||
|
List of personal data |
Name, surname, title, permanent address, length of stay, nationality |
||
|
List of contact details |
Phone number, email, permanent address – serves for communication about booking and confirmation of the stay |
||
|
PROCESSING OPERATIONS WITH PERSONAL DATA |
|||
|
Provision of personal data |
Personal data are not further disclosed |
||
|
Access to personal data |
Data subject, law enforcement authorities, etc. |
||
|
Public disclosure of personal data |
Personal data are not publicly disclosed |
||
|
Storage period |
10 years |
||
|
Collection of personal data |
- data processor collects personal data directly from the data subject (in person, via telephone/email), from travel agencies and/or companies (electronically or in paper form), and registers them in the “Client Card” in the IS |
||
|
Recording of personal data |
- data processor with provided access rights collects personal data and registers them directly into the “Client Card” in the IS |
||
|
Use of personal data |
- personal data serve as a basis for the invoicing of the travel agencies, companies, and institutions
|
||
|
Provision of personal data |
- data are not further disclosed |
||
|
Disclosure of personal data |
- data processor, or, if required by circumstances or a particular Act (courts of law, law enforcement authorities, national supervisory authorities, etc.) |
||
|
Erasure of personal data |
-storage period in the IS is 10 years following the end of the stay, retention period is automatically set in LBIS/4G |
||
Personal data shall not be transferred to Third Countries.
MONITORING OF PUBLICLY ACCESSIBLE AREA BY VIDEO SURVEILLANCE
When visiting our spa, at the entrance we inform you that the area is being monitored by video surveillance recording system due to our legitimate interest to protect the property of our company and other persons and also as evidence in case of incident. The storage period of video surveillance record is 10 days.
SUPPLY AND DEMAND RELATIONSHIPS
In terms of the supply and demand relationships, we process personal data necessary to execute the contracts with suppliers and purchasers. Provision of personal data is required to enter a contractual agreement, only to the extent necessary for entering into a contractual agreement.
Purpose of the processing of personal data:
- entering into a contractual agreement
- execution of contractual relationships
- managing claims and complaints related to a contractual relationship
Personal data are processed for the following purposes:
- debt recovery within the period necessary to recover debts of contractual parties
- retention of contractual documentation: documents and details necessary for accounting during the period of 10 years following the ending of the contractual relationship and the repayment of the liabilities of contractual parties
Personal data are disclosed to:
- law firms for the purpose of legal services provision
- courts of law, law enforcement authorities to the extent of required cooperation
- contractual parties to the extent necessary for executing of a contractual relationship
- third parties, to which the operator is obliged to provide the data based on a specific legislation
MARKETING COMMUNICATION
In terms of marketing communication, we process common personal data to the extent of contact details necessary for communication with the data subject. Provision of personal data is voluntary. Data are processed for marketing communication purposes in order to sign up for the newsletter. Personal data are processed for this purpose only within the period of validity of the consent.
RIGHTS OF A DATA SUBJECT WITH REGARD TO THE PROCESSING OF PERSONAL DATA
Data subject has a right to:
- information on personal data processing
- obtain access to personal data which are being processed and stored
- request correction of incorrect, inaccurate, or incomplete data
- request erasure of their personal data, if they are no longer necessary or their processing is no longer legal
- object to the processing of personal data for marketing purposes
- request restriction on the personal data processing in specific cases
- withdraw their consent, whenever needed, without any further impacts on the legitimacy of the processing based on the consent given before its withdrawal (if such consent was given)
- receive a copy of their personal data
-
file an application or a complaint to Kúpele Bojnice, a. s. and its appointed person in terms of the protection and processing of their personal data. Each data subject, who wants to file and application or a complaint and exercise their rights, can do so:
- in a written form: Kúpele Bojnice, a.s., 972 01 Bojnice
- electronically: info@kupele-bojnice.sk