Privacy and data protection policy

Mountain Lake Hotel processes your personal data in order to fulfill the obligations assigned to us under the Tourism Act, as well as to provide quality hotel service. We protect your data by applying all appropriate technical and organizational means to prevent unauthorized access, unauthorized or malicious use, loss or premature deletion of information.
HOW AND WHY WE USE YOUR PERSONAL DATA
To fulfill regulatory obligations and under contract We collect and process your personal data and other personal data in order to fulfill obligations assigned to us under the Tourism Act. We collect and process your personal data and other personal data in order to fully provide the services you have requested and wish to use with us, as well as to fulfill our contractual obligations to you. PIN, names, gender, citizenship, permanent address e-mail, letters, information about your requests for troubleshooting, complaints, requests, grievances. Another feedback we receive from you video recordings that are made to improve security
preferences for the services we provide you;
Security when entering and transferring card data is provided by using the SSL protocol to encrypt the connection between our server and the payment page of our servicing bank.
The authenticity of your card is verified by entering a security code
In addition, to identify you as a cardholder, the payment server for e-commerce of our servicing bank supports the authentication schemes of international card organizations - Verified by VISA and MasterCard SecureCode, in case you are registered to use them. "
Other information such as: data provided through the hotel's website; IP address when visiting our website; The processing is performed in order to:
establishing the identity of the client upon check-in at the hotel; management and execution of your service requests; preparing and sending an invoice for the services you use with us; to provide you with the necessary comprehensive service, as well as to collect the amounts due for the services used; analysis of the client's history and preparation of a user profile in order to determine a suitable offer for you; we research and analyze customer consumption of our services, based on anonymous or personalized information, to identify key trends, improve our understanding of our customer behavior and work with third parties to develop new services for our customers; processing by the data processor at the conclusion of a contract, assignment, reporting, acceptance, payment
AFTER YOUR CONSENT
In some cases, we process your personal data only with your prior written consent. Consent is a separate basis for the processing of your personal data and the purpose of the processing is stated in it, and is covered by the purposes listed in this policy. If you give us the relevant consent and until its withdrawal
we prepare suitable for you proposals for programs and services offered by the hotel; Concessions granted may be withdrawn at any time. Withdrawal of consent will have an impact on the provision of the relevant services for the provision of the relevant programs. To withdraw your consent, you must send your application by e-mail to the hotel
TO WHOM WE PROVIDE YOUR PERSONAL DATA
We process your identification data and other personal data in order to comply with obligations stipulated in a regulatory act, such as: providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act; providing information to the Commission for Personal Data Protection in connection with obligations provided for in the legislation on personal data protection - Personal Data Protection Act, Regulation (EU) 2016/679 of 27 April 2016, etc .; obligations provided for in the Accounting Act and the Tax and Social Security Procedure Code and other related normative acts, in connection with the maintenance of correct and lawful accounting;
providing information to the court and third parties, in the framework of proceedings before a court, in accordance with the requirements of the procedural and substantive legal regulations applicable to the proceedings; verification of payment for online registrations.
HOW WE PROTECT YOUR PERSONAL DATA
To ensure adequate data protection of the company and its customers, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act and its implementing regulations.
For maximum security in the processing, transmission and storage of your data, we may use additional security mechanisms such as encryption, pseudonymization and more.
WHEN WE DELETE YOUR PERSONAL DATA
As a rule, we terminate the use of your personal data for the objectives related to the contractual relationship after termination of the contract, but we do not delete them before the expiration of one year from the termination of the contract or until the final settlement of all financial obligations and expiration of statutory data retention obligations, such as obligations under the Accounting Act for storage and processing of accounting data (5 years), expiration of the statute of limitations for filing claims (5 years) specified in the Law on Obligations and Contracts, obligations for providing information to the court, competent state authorities, etc. grounds provided for in the current legislation (5 years). Please note that we will not delete or anonymize your personal data if it is necessary for pending court, administrative or pending proceedings before us.
Your data can also be anonymized. Anonymization is an alternative to deleting data. Upon anonymization, all personally identifiable items / items that allow your identification are irrevocably deleted. There is no legal obligation to delete anonymized data, as it does not constitute personal data.
YOUR RIGHTS IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA
Right to information
You have the right to request information on whether data relating to you are processed, information on the purposes of such processing, on the categories of data and on the recipients or categories of recipients to whom the data are disclosed; a message in an understandable form containing your personal data being processed, as well as any available information about their source;
information on the logic of any automated processing of personal data concerning you, at least in the case of automated solutions.
Right of correction
In the event that we process incomplete or erroneous / erroneous data, you have the right, at any time, to request: to delete, correct or block your personal data, the processing of which does not meet the requirements of the law;
to notify the third parties to whom his personal data have been disclosed of any deletion, correction or blocking, except in cases where this is not possible or involves excessive effort.
Right to delete
At any time you have the right to request the deletion of personal data processed by us if: personal data are not necessary for the purposes for which they were collected and processed; withdraw your consent and there is no other legal basis for their processing; personal data have been processed illegally
Right to object
At any time you have the right to: objections to the processing of your personal data if there is a legal basis for it; where the objection is justified, the personal data of the individual concerned may no longer be processed
object to the processing of your personal data for direct marketing purposes.
Right of appeal Applications for access to information or for correction are submitted in person or by a person expressly authorized by you, through a notarized power of attorney.
We will rule on your request within 14 days of its submission. In case of an objectively necessary longer term - in order to collect all the requested data and this seriously complicates our activity, this term can be extended up to 30 days. With our decision we give or deny access and / or the information requested by the applicant, but we always motivate our answer.
RELEVANCE AND POLICY CHANGES
In order to apply up-to-date protection measures and in order to comply with current legislation, we will regularly update this Privacy Policy.