Privacy Policy of HOTEL GLORIA PALAC

Dear client,

Thank you for visiting this web site. The company GLORIA PALAC sro, based in Prašná 7, 040 17 Košice, ID No: 36722014 (hereinafter referred to as “the Company”) has the role to protect the personal data of all its clients in accordance with European Union (EU) and Act No. 18/2018 Z. z. the protection of personal data and the amendment and supplementation of certain laws (the “Personal Data Protection Act”). The Company has taken the appropriate technical, organizational and personnel measures in accordance with EU regulations and other relevant legislation of the Slovak Republic, including the Data Protection Act, relating to data protection. The aim of these measures is to ensure the protection of their clients’ personal data from illegal forms of processing. The primary principles of our company’s privacy are:

  • Only the authorized persons of our company and the authorized persons of our agents have access to your personal information .
  • The provision of personal data is made only in the intentions of individual laws, in particular by state authorities or judicial authorities, if required by the applicable law in the event of a response to legal claims or legal proceedings.
  • We monitor dedicated public areas of the premises of the company via a camera system only for the purpose of protecting property, public order, life and health of individuals.
  • In order to ensure the protection and security of the processed personal data, we have taken the appropriate measures and used state-of-the-art information technologies.
  • Your personal information provided to us by special laws is processed only for a predetermined purpose, which is the fulfillment of the contractual obligations arising from the use of our services.
  • We do not provide or disclose personal information to any other operator who may use it for direct marketing purposes unless you expressly consent to it.
  • We keep the provided personal information in our information systems in accordance with legal regulations and only for as long as is necessary to provide quality services (accommodation and related additional services), answering your questions or solving your problems.

Our company processes only personal data processed by special legislation to provide our services, especially in connection with the provision of accommodation services and related ancillary services.

Other rights as the data subject related to the processing of your personal data are governed by section 28 of the Personal Data Protection Act. According to this provision, the person concerned has the right, based on a written application sent to the company’s address, from us as from the operator,

  • confirmation whether or not personal data about it is processed,
  • in a generally understandable form, information on the processing of personal data in the company’s information system, in particular to the extent of: company identification data, intermediary identification data when processing personal data on behalf of the company, purpose of processing personal data, list or scope of processed personal data, or the obligation to provide personal data, the legal basis for processing personal data, third parties and their personal data are provided, the circle of recipients and their personal data are made available, the form of publication, if personal data are disclosed, third countries, if personal data are transferred to third countries .
  • in a generally understandable form, precise information about the source from which the company has obtained its personal data for processing,
  • in a generally comprehensible form, a list of its personal data processed,
  • repair or liquidate any of its incorrect, incomplete or outdated personal data that is being processed,
  • the destruction of its personal data whose purpose of processing has ended,
  • the destruction of her personal data that is being processed, if the law has been violated,
  • blocking its personal data for revocation of consent prior to its expiration if the company processes personal data on the consent of the person concerned.

If an application is made by e-mail or fax application, the request is deemed to have been filed and the person concerned will deliver the request in writing within three days of the date of dispatch by e-mail or fax.

The person concerned also has the right to suspect that his or her personal data is being unduly processed and to submit to the Office for the Protection of Personal Data of the Slovak Republic an application for the initiation of a procedure for the protection of personal data. If the person concerned is not fully entitled to legal action, his / her rights may be exercised by a legal representative. If the person concerned does not live, his or her rights under the Personal Data Protection Act may be invoked by a close person.
In case of any questions regarding the processing of your personal data or processing-related terms and conditions, please contact us at: HOTEL GLORIA PALAC sro., Prašná 7, 040 17 Košice or on e-mail address

HOTEL GLORIA PALAC sro is the operator of the following information systems (information is provided in the scope of keeping records of the operating information systems operated under the Personal Data Protection Act):

Data Manager

HOTEL GLORIA PALAC sro Registered office: Prašná 7, 040 18 Košice, operation Bottová 1, 040 01 Košice

IČO: 36722014 Tax Identification Number: 2022298630 VAT Identification Number IČ DPH: SK2022298630

Phone: +421 55 6257328

Person responsible for data protection: Ing. Ján Kubička


(hereinafter: “Company” or “HOTEL GLOARIA PALAC sro”)

The company respects the personal rights of its clients and has therefore prepared this Data Protection Guide (hereinafter referred to as the “Guide”), which is available in electronic form on the Company’s website as well as printed in every hotel.
The Company as a data controller declares that it complies with the provisions of Act no. 112 of 2011 on the Right to Information and Freedom of Information (hereinafter referred to as the “Personal Data Protection Act”).

This Guide provides a general overview of how the Company manages data while providing its services. Due to the wide range of guest requirements, the way you manage your data may occasionally differ from what is described in this guide. Such deviation may occur at the request of the guest and the Company will inform the guest in advance of that. The company will provide information about any data management that is not listed in this Guide before the data management process.

The company is required to manage personal information only for predetermined purposes, for the necessary time and for the exercise of its rights and the performance of its duties. The company must only manage the personal data that is necessary and appropriate to meet the specific data management goal.

A legal statement containing the consent of minors under the age of sixteen is not valid unless agreed or subsequently approved by the statutory representative of those minors.
If the Company uses the received data for a purpose other than the original purpose of data collection, the Company must, in any case, inform the persons concerned and ask them for specific, prior consent and / or provide them with the opportunity to prohibit such use.
Personal data provided to the Company during the data management process shall be made available only to persons who have been contracted or employed in the Company to perform duties related to that data management process.

II. definitions

Data subject: any particular individual identified or identifiable (directly or indirectly) on the basis of personal data;

Personal data: any data that may be relevant to the data subject – in particular the name of the data subject, the identification number and one or more information characterizing his or her physical, physiological, mental, economic, cultural or social attributes – and any conclusions regarding the subject data that can be derived from these data.

Special information: personal data on race or ethnic origin, political opinions or membership of a political party, religious or other worldview, membership of trade unions, sexual life as well as personal data on health, pathological passion and record data in the criminal record.

Consent: Voluntary and specific expression of a data subject’s intent, which is based on good information, and which gives the data subject a clear and unambiguous consent to the management of personal data in a complex manner or for each operation;

Objection: Statement of data subjects in which they object to the management of their personal data and request termination of data management and / or deletion of managed data;

Data administrator: natural or legal persons or organizations that do not have legal personality who either determine the purpose of managing data by themselves or with others and create and take decisions on data management (including the equipment used) or instruct the data processor to accept such data Decision;

Data Management: Deprecated from the procedure used; any operation or all operations performed with the data, in particular in the case of collection, recording, systematization, storage, processing, application, questioning, transmission, disclosure, harmonization or interconnection, blocking, erasure and destruction of data as well as prevention of further use of such data, , audio or visual recording as well as recording physical attributes suitable for person identification (for example, fingerprints and palms, DNA samples, iris scanning);

Data transfer: providing third-party access to data;

Publication: giving the general public access to data;

Data deletion: Destruction of data in such a way that its recovery is no longer possible;

Labeling of data: assignment of the identification mark to the data in order to distinguish them;

Blocking data: Assigning the badge to the data to block it for a certain time or forever;

Data processing: performing any technical tasks related to data management operations, regardless of the method and device used to perform such activities, and regardless of the place of application, provided the data-related tasks are concerned;

Data processor: natural or legal persons and / or organizations without legal personality who or which perform data management under a contract with a data controller – including legally contracted contracts;

Third party: natural or legal persons and / or organizations without legal personality who are or are not identical with the data subject, data controller or data processor.


III. Manage your data

III.1. Use of hotel services

Managing all data subject and service data are based on voluntary consent to provide services and / or maintain contacts through such data management. The company must store the personal data described in this article (except for the exceptions defined in the individual paragraphs) for the period specified in the provisions of the applicable tax and accounting laws and after that period they must erase them.

In the case of certain services, additional information may be provided in the “Comments” section, which allows a complete assessment of the guest’s needs. Room reservation and service provision may not be dependent on the provision of such additional data.

III.1.1. Room Reservations

In the case of online, personal (paper) or telephone reservations, the Company requests / may request from the Guest to provide the following information:

  • name (optional)
  • name,
  • surname;
  • address (address, city, postal code, country)
  • E-mail adress;
  • phone number;
  • cell phone number (optional)
  • type of credit card / debit card;
  • credit card / debit card number,
  • the name of the credit card / debit card holder;
  • credit card expiration / debit card expiration date
  • CVC / CVV credit card / debit card (for MasterCard: Card Validation Code (CVC2), for Visa International: Card Verification Value (CVV2).)

If you have any further questions regarding the management of data regarding reservation rooms, please send your inquiry to


In the case of third-country nationals, the law requires the following data to be managed:

  • identification details of a natural person and, moreover,
  • identity card details (passport)
  • the address of the hotel
  • the beginning and end of the stay at the hotel
  • visa number, registration certificate, visa validity
  • time and place of entry into the country.

Third-country nationals: all persons who are not nationals of a Member State of the European Economic Area, including displaced persons.

The Member States of the European Economic Area are:

  • the Member States of the European Union;
  • Iceland, Liechtenstein and Norway as participating Member States,
  • as well as Switzerland, as a state with a similar legal status.

The provision of requested data by the Guest is a prerequisite for the use of hotel services.
By signing the Hosts Registration Card, the Company agrees to manage and / or archive the personal data provided by filling in the registration card to verify that the contract has been signed and / or executed, as well as to recover the claims against the aforementioned deadline.


III.1.2 Bank Card Data
For room bookings, the Company may only use data from that bank card, credit card or bank account to the extent and at the time necessary to execute the rights and fulfill the obligations. The data is processed by a bank partner contracted by the Company. For information on their data processing policy, visit the bank’s website


III.1.3 Safety cameras

The company operates security cameras to ensure the security of guests and their property on hotel premises. Security cameras are marked with a pictogram and a text alert.
The purpose of security cameras is to protect property. More specifically, the purpose is to protect a device of remarkable value as well as Personal Values ​​of Hosts and is used to detect violations of the law and to capture the perpetrator in the act, and preventing such crimes can not be done in a different way and / or there is no other method of providing evidence.
You can get more information about managing your camera data in every hotel.

IV. Data security

IV. 1. SSL

The company uses on-site SSL encryption for on-line reservations. All information shared by the data subject with the Company must be automatically encrypted and protected from network traffic. When our server gets the information, it decodes using an individual private key. SSL allows the browser to connect to a website and create a secure communications channel in a transparent way. SSL is the most widely used and most successful encryption system. For data subjects to use the system, they simply need to verify the compatibility of their browsers.

IV. 2. Other security-related activities

The company must ensure the transparency of the control and determine how and which personal data is transferred using the data transfer device who and when it inserts the data into the system and must also ensure that the system can recover in the event of an error. Errors generated during auto-processing are generated.

The company must manage the personal data confidentially and must not provide it to unauthorized persons. The company must specifically protect personal data against unauthorized access, modification, transmission, disclosure, erasure or destruction, as well as accidental destruction, damage and unavailability due to the change of technology used. The company must take all precautions to ensure the technical protection of personal data.


V. Rights and remedies

V 1. Providing information

Based on requests sent by data subjects to e-mail addresses in each part or directly to the Company (HOTEL GLORIA PALAC sro, Prašná 7, 040 18 Košice.), The Company must provide information regarding specific data about the entity managed by the Company and / or processed data processors commissioned by the Company; the source of such data, purpose, legal basis and duration of data management; the name and address of the data processors as well as their data management activities; and (in the case of the transfer of personal data of the entity) the legal basis and the recipient of the data transfer. Such information must be provided within 25 days, free of charge once a year for identical data, and for a fee for any additional requirements.
If disclosure is denied, the Company must inform the data subject in writing of the provision of its law as the legal basis for the refusal of information and also inform the data subject about the possibilities of appeal.

In 2 Corrections

If personal data is incorrect and the Company has the correct data, it must correct such data.
The company must update the data subject as well as the parties that could potentially receive data from the Company for data management purposes. Such notification shall not be made unless the legitimate interests of the data subject in the sense of the purpose of the data management are violated.
On-demand repairs, time limits for administration and appeal are governed by Article VII.1.

V 3. Deletion and blocking, objection

Cases of deletion and blocking of personal data and objections against data management are governed by the provisions of Section 17 – § 21. of the Personal Data Protection Act.
The company must provide information about the legal provisions mentioned in this paragraph based on the requirements sent to .

V.4. Jurisdiction

If the privacy of data subjects is violated, they may bring an action against the Company. Litigation is governed by the provisions of Section 22 of the Personal Data Protection Act and the Regulations of the First Book, third part XII. Chapters (§ 2:51 – § 2:54) of Act V of 2013. on the Civil Code as well as other relevant legislation.
The company must provide information regarding the legislation used in this paragraph based on the requirements sent to

V.5. Compensation and damages

If the Company causes damage by unauthorized processing of the data of the person concerned or violates the requirements for the protection of personal data or violates the right of the person concerned to privacy, the Company may be subject to a claim for damages.

The data controller is deprived of responsibility for the payment of the damage if he proves that the damage or violation of the person’s right to privacy has caused irreducible reasons beyond the scope of the data processing.

The Company is also responsible for all data subject damages caused by data processors, and the Company is also required to pay the person concerned an injunction fee in the event of a violation of privacy rights caused by the data processor. The company is deprived of this responsibility and liability for the payment of the damages if it proves that the damage or violation of the person’s right to privacy was caused by force beyond the scope of the data management due to irreversible reasons. Damage can not be compensated and no damage charge can be claimed if it was caused by the intentional or grossly negligent misconduct of the person concerned.


VI. Miscellaneous provisions

The company reserves the right to notify the parties concerned of the change of this Handbook.
The company is not responsible for the accuracy of the data provided by visitors to websites or guests.
If you have questions about privacy, you can ask your Local Privacy Office for help.


Office for Personal Data Protection
Address: Hraničná 12,820 07, Bratislava 27, Slovak Republic

IČO: 36064220

Phone: +421/2/3231 3220





Last updated: May 21, 2018