Privacy Notice

Slovensky

1. Who we are

The data controller is Oleksandr Popov, a self-employed person based in Bratislava, Slovak Republic.

Business ID (IČO): [PLACEHOLDER_ICO]

Tax ID (DIČ): [PLACEHOLDER_DIC]

Contact email: [PLACEHOLDER_EMAIL]

2. What data we process

When you make a reservation and stay with us we process:

  • Booking data — name, email, phone, check-in/out dates, nationality, number of guests.
  • Identity-document data — passport/ID number, date and place of birth, permanent address. Required by Act No. 253/1998 Coll. on residence reporting.
  • City tax payment records (Bratislava ordinance VZN 4/2023).
  • Telegram chat IDs — for staff only, never for guests.

We DO NOT keep photographs or scans of identity documents — they are used in-memory only during OCR; the extracted text is persisted as database fields and the image is discarded.

3. Legal basis

  • Act No. 253/1998 Coll. — mandatory residence reporting (Guest book).
  • Act No. 431/2002 Coll. on accounting — retention of accounting records.
  • Bratislava ordinance VZN 4/2023 — local accommodation tax.
  • Performance of the rental contract between guest and operator.
  • Legitimate interest of the operator — operational needs (communication, records, property protection).

4. Retention period

  • Guest book records — 10 years after end of stay (statutory accounting + civil limitation period).
  • Booking and financial records — 10 years (§35 of Act No. 431/2002).
  • City tax payment records — 10 years.
  • Staff Telegram chat IDs — until staff account deactivation, then at most 30 days.
  • After the period expires personal data is either anonymised or permanently deleted.

5. Recipients (sub-processors)

Your data is processed by the following sub-processors (full list including DPA dates available in the link below):

  • Anthropic PBC (USA) — translation services and demand forecasting. Calls flow via the operator-controlled EU-hosted proxy; raw personal data is not sent to Anthropic.
  • Google Cloud — document OCR, EU endpoint only (eu-vision.googleapis.com).
  • Hetzner Online GmbH (Germany) — server hosting and encrypted backups.
  • [ACCOUNTANT COMPANY NAME] — bookkeeping.

6. Your rights

Under the GDPR (Regulation EU 2016/679) you have the right to:

  • Access your data (Art. 15).
  • Rectification of inaccurate data (Art. 16).
  • Erasure once the mandatory retention period expires (Art. 17).
  • Restriction of processing (Art. 18).
  • Data portability (Art. 20).
  • Lodge a complaint with the supervisory authority — Úrad na ochranu osobných údajov SR, Hraničná 12, 820 07 Bratislava, www.uoou.sk.

Send your request by email to [PLACEHOLDER_EMAIL]. We respond within 30 days.

7. Security

Data is stored encrypted at rest (AES-256). Backups are GPG-symmetric encrypted with a passphrase held only by the operator. Access to the system is role-restricted and every data change is audit-logged.

8. Contact

For any question regarding the processing of your data, please contact us:

Email: [PLACEHOLDER_EMAIL]

Address: Bratislava, Slovak Republic