Privacy policy

Cookies

A cookie is a short text file that is sent to your browser by websites you visit. Cookies are important. Without them, browsing the web would be much more difficult. Cookies do not give us access to your computer or any information about you, except for the data you choose to share with us. They allow websites to remember information about your visit, for example, to save your safe search preferences, to select relevant ads, to track the number of visitors to the site, to simplify registration for new services and to protect your data. This can make your next visit to the site easier and more productive.

 

Personal data protection

Privacy Policy
 
Preamble
 

The company MGO GROUP, s.r.o., with its registered office at Mraziarenská 6, 821 08 Bratislava, Company ID 44 310 421, registered in the Commercial Register of the District Court Bratislava I, Section Sro, File 53700/B, is a commercial company engaged mainly in the provision of information technology services consisting primarily of electronic processing, transmission, storage and retrieval of data messages, including text, sound and image by electronic means on request, as well as the rental of vessels (hereinafter referred to as the “Provider”) of the Recipient of the Service, which may be a natural or legal person.

These Personal Data Protection Rules form part of the Agreements for the provision of information technology services and vessel rental (hereinafter referred to as the “Agreement”), to which the Provider and the Recipient are parties, as well as for relationships arising from similar relationships. The General Terms and Conditions can be found here. They also serve as information for all those interested in concluding an Agreement for the provision of information technology services and vessel rental on the protection of personal data with the Provider.

MGO GROUP, s.r.o., the Provider, is responsible for compliance with generally binding regulations on the protection of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4 May 2016) and Act No. 18/2018 Coll. on the protection of personal data and on the amendment of certain acts.

When providing information technology services and vessel rental, the Provider protects the personal data of all Service Recipients in accordance with the above-mentioned generally binding regulations. These Personal Data Protection Rules, which form part of the contract, describe in particular, but not exclusively, what personal data the Provider requires and for what reason, what rights the data subject has and how the Provider protects personal data.

I. Definitions
Personal information

Personal data is generally any data relating to a natural person that constitutes their physical identity, physiological identity, genetic identity, psychological identity, mental identity, economic identity, cultural identity or social identity. The most common personal data are name, surname and address.

Interested party

a natural person over 18 years of age or a legal entity interested in using the Provider’s services and entering into a binding legal relationship with the Provider, but who has not yet submitted a Fully Completed Order;

Recipient or Service Recipient

a natural person over 18 years of age, using the Services, who has submitted a Completely Completed Order via the online interface

Law

Personal Data Protection Act No. 18/2018 Coll. as amended

II. Purpose of processing personal data

The purpose of processing personal data contained in the order is to fulfill the contract and the purpose of processing the email address of the Service Recipient by regularly informing the Recipients about the Provider’s current service offer is to improve the quality of the services provided to the Service Recipients.

III. Legal basis for processing personal data

If the Interested Party for information technology services or vessel rental has decided to conclude a Contract for the provision of these services, it is necessary to enter some personal data in order to exercise the rights and obligations under the concluded contract. The legal basis for the processing of the personal data of the Service Recipient entered in the order is therefore Section 13, paragraph 1, letter b) of the Act, according to which the processing of personal data is necessary for the performance of the contract to which the data subject is a party.

The legal basis for processing the email address of the Service Recipient for the purpose of regular information about the Provider’s services is therefore Section 13, paragraph 1, letter f) of the Act, according to which the processing of personal data is necessary for the purpose of the legitimate interests of the controller. The Provider is entitled to regularly inform the Service Recipient about its services, and the Service Recipient can legitimately expect such information and at the same time such interests or rights of the Service Recipient requiring the protection of personal data do not prevail over the Provider’s legitimate interest in informing about its services.

IV. List of processed personal data

1. The provider processes the following personal data for the purpose of fulfilling the contract: title, name, surname, email, address, telephone number, IP address.
2. The provider processes the following personal data for the purpose of informing about current offers of its services: email address.

V. Updating personal data

1. The Service Recipient may update personal data at any time by email: [email protected].
2. Updating some data – address or billing data is also possible in other ways, namely by phone only from an authorized phone number, i.e. the phone number specified in the order, or by email only from an authorized email, i.e. the one specified in the order.
3. If the Service Recipient provides other personal data via an authorized phone number or email than those specified in the order, this is considered an update of personal data.
4. The Provider does not accept changes to personal data via Live Chat at all, as it is not possible to verify the identity of the person using this method of communication with the Provider.

VI. Personal data retention period

1. The retention period of personal data is the period for which the contractual relationship lasts.
2. After the termination of the contractual relationship, the Provider automatically deletes personal data after 30 days. The Provider stores the personal data of the Service Recipient for another 30 days after the termination of the contractual relationship for the possible renewal of the contractual relationship by the Service Recipient.
3. If special generally binding regulations (e.g. tax or accounting) require a longer retention period for personal data, in that case the Provider stores them for the period required by these special generally binding regulations. 

VII. Personal data protection

1. The Provider protects personal data to the maximum extent possible, continuously monitors the protection of personal data and takes the necessary technical and organizational measures.
2. The data is stored on the Provider’s servers, which are stored in a secure server room. All the Provider’s servers are located in the European Union.
3. The data is encrypted and secured against hacker attacks and other unauthorized access. The Provider’s employees have access to personal data, but are trained in the secure handling of personal data.
4. The Provider reports security incidents in accordance with the Personal Data Protection Act.
5. Data protection is constantly updated in accordance with the latest knowledge in the field of personal data security, appropriate to the current state of technology and software.
6. If data is provided to a processor for the purpose of fulfilling the Provider’s contractual obligations, this data is also provided within the territory of the European Union (all of the Provider’s processors specified in the following Article VIII are entities of the Member States of the European Union).

VIII. Intermediaries

The Provider, pursuant to Section 8 of Act No. 122/2013 Coll. on the Protection of Personal Data, as amended, hereby informs the Recipient(s) that, in connection with the provision of the Services, it has authorized the following entities (intermediaries) to process personal data on behalf of the Provider to the following extent:

  • ACCOUNT EK, s.r.o., Pribišova 2, 841 05 Bratislava – processing of the Recipient’s personal data for the purpose of keeping the Provider’s accounts in accordance with the Accounting Act and related regulations
  • MGO Real Eestate I, s.r.o., Mraziarenská 6, 821 08 Bratislava – providing customer support, processing of printouts with personal data for contact with clients
  • MGO Real Eestate II, s.r.o., Mraziarenská 6, 821 08 Bratislava – providing customer support, processing of printouts with personal data for contact with clients
 
IX. Using the Live Chat service

If the Interested Party or Recipient uses customer support via online chat and email (if the Recipient of the service sends an email to the email address published on the website www.luxurysailing.eu, this email is automatically included in the email management system), and provides their personal data in this way, the Provider stores this personal data for a period of 2 years in case of claims arising from the Service Agreement by the Recipient of the service or the Provider.

X. Rights of the data subject

1. Right to information – The Recipient has the right to request information at any time about their data that is processed by the Provider, as well as about their origin, recipients or categories of recipients to whom the Provider transfers this data, and the purpose of the processing.
2. Right to data correction – If the Recipient’s data is stored incorrectly by the Provider, they can request it to be updated at any time.
3. Right to data deletion and right to restriction of processing – The Recipient has the right to delete personal data processed by the Provider. Personal data can be deleted at any time by means of a written request. However, it is necessary to know that without the given data it is not possible to exercise the rights and obligations under the concluded Service Agreement, therefore, by deleting the data, the Recipient withdraws from the Agreement with immediate effect without any right to a refund of any funds paid. Data deleted in this way will usually be deleted immediately. If deletion is contrary to statutory, contractual or tax or commercial archiving obligations or other legally regulated reasons, instead of deleting the personal data, only a restriction of their use may be carried out. After deleting the Recipient’s data, it will no longer be possible to allow access to the Recipient’s personal data. The exercise of the right to deletion is not necessary if the Recipient has terminated the contractual relationship in one of the ways specified in the General Terms and Conditions. All personal data that do not have to be stored for legal reasons will be deleted immediately after the termination of the contractual relationship. Personal data that may not be deleted during the duration of the legal reasons for storage may not be used for a purpose other than that provided for by law and access to them will only be possible for the stated purposes.
4. Right to data portability – At the request of the Recipient, the Provider will issue or transfer the personal data entered in the order in a structured and common format that can be read on a computer, if this request of the Recipient can be technically implemented. The Provider will make every effort to technically implement such a request.
5. Right to object to data processing – The Recipient has the right at any time and without giving a reason to object to the processing of personal data for the purpose of informing about the Provider’s current offers, by not checking the relevant box in the Order. In such a case, the Provider will not delete the Recipient’s email, as it is necessary for the implementation of the rights and obligations arising from the Contract, but will not use it for the purpose of sending information about the current offer of services.
6. Contact (for exercising the rights concerned) – In the event that the Interested Party or the Recipient contacts the Provider by email at [email protected] or by post to MGO GROUP, s.r.o., with its registered office at Mraziarenská 6, 821 08 Bratislava, we will store the data communicated to the Recipient or Interested Party (email address, or name, surname and telephone number) for answering questions or for processing the request. The data will be deleted immediately if they are no longer necessary for the purpose of processing, or we will limit their processing if there are legal obligations to store them.
7. Right to complain – In the event of a complaint, the Recipient or Interested Party may contact the contacts listed in the previous point. In addition, the Interested Party or Recipient has the right to file a complaint regarding the processing of their personal data with the Office for Personal Data Protection of the Slovak Republic, with its registered office at Hraničná 4826/12, 820 07 Bratislava, if they feel that their rights to personal data protection have been violated.

XI. Data stored by customers

1. The Provider is not aware of what data the Recipients store on the Provider’s servers within the framework of the concluded contract, nor is it authorized to find out.
2. The data stored by the Recipients of the service on the Provider’s servers are encrypted. If the Recipient of the service stores personal data on the server, then he is the controller within the meaning of the Personal Data Protection Act and, if the conditions under the Act are met, he is obliged to conclude an intermediary agreement with the Provider, which the Operator will provide upon request. The responsibility for the protection of personal data lies with the controller, the Provider as an intermediary performs only one processing operation – storage of personal data under the conditions defined in the intermediary agreement.

XII. Conclusion

1. If anyone has any questions regarding the protection of personal data, they can contact the operator at any time during the hours listed as the Provider’s operating hours on its website www.luxurysailing.eu or they can contact the Provider via email: [email protected].
2. Anyone can contact the Provider via the listed contacts, if they do not understand these General Terms and Conditions for the Protection of Personal Data or any part thereof, the Provider will explain the protection of personal data upon request.
3. By clicking the appropriate box, the Interested Party and/or the Recipient declares that they have read and understood these Personal Data Protection Rules.
4. These Personal Data Protection Rules enter into force for the first time on 25.5.2018 and are regularly updated by the Provider.

In Bratislava on May 25, 2018

 

GDPR and LuxurySailing.eu

Message for clients

Dear clients,

We would like to inform you that with the upcoming entry into force of the General Data Protection Regulation (General Data Protection Regulation further than GDPR) We are updating the current Terms and Conditions and adding the document Privacy Policy. In its new form, it fully covers the issue of personal data protection and specifies our relationship as a data controller – processor, and also fulfills the role of a Personal Data Processing Agreement.

The new terms and conditions come into effect on 25. 5. 2018. At the same time, on this page you will find basic information on how the GDPR affects you and what steps you should take. Please note that the information below is for informational purposes only and does not replace services provided by law firms or companies dealing with GDPR issues.

If you or your company processes personal data of your customers (employees, partners, etc.), it is more than likely that the GDPR affects you. In this regard, you are subject to certain obligations that you must adapt to.

 

LuxurySailing.eu as data controller

We use the data entered in the order below mainly to provide the services offered and for billing purposes, etc.

Personal data – all information about an identified or identifiable natural person. An identifiable natural person is a natural person who can be directly or indirectly identified
Processing of personal data – any operation or set of operations that is performed systematically on personal data, using automated processes. Processing means in particular the collection, recording, provision, storage, use, dissemination, publication, etc.
Personal data controller – a natural or legal person, public authority, service or other entity that determines the purpose and means of processing personal data, carries out their collection, processing and storage for the purpose specified by it
Processor – a natural or legal person, public authority, service or other entity that processes personal data on behalf of the personal data controller

LuxurySailing.eu
– places maximum emphasis on proper security of personal data, including their protection by means of appropriate technical or organizational measures against unauthorized or unlawful processing, against accidental loss, destruction or damage.
– has sufficient organizational measures, including detailed set process procedures to maintain maximum security of personal data.
– we take maximum care in the technical security of all personal data.
– personal data is stored in a separate part of the data storage, which is secured by strict technical and organizational measures, as a result of which the data can only be processed for the purposes intended for it and it is not possible to technically link it with data from other services.
– we process the data for the purpose of fulfilling the contract, e.g. invoicing of services provided
– we do not provide data to third parties other than those necessary to provide services and cases where we provide them to state authorities on the basis of law (e.g. courts, police and others)
– data is protected in accordance with GDPR, technical and personnel procedures are used that protect it against leakage and destruction

 

LuxurySailing.eu as a data collector

This includes data that you store on our servers as part of using our services, such as email data and the like. From the point of view of GDPR, LuxurySailing.eu is a personal data processor towards its customers who use our services to store personal data.

LuxurySailing.eu
– does not interfere in terms of content, technology or law with the data that customers have placed within the services on LuxurySailing.eu devices
– performs automatic scans of data stored on LuxurySailing.eu servers using system tools (e.g. antivirus, rights correction, content usage, etc.)
– processes personal data only for the purpose of the proper functioning of the services and never uses this information for other purposes (e.g. marketing, etc.)
– does not provide data outside the territory of the European Union or outside countries that are recognized by the European Commission as countries with a sufficient level of data security
– implements advanced security standards in order to provide a high level of security for our services
– in the event of a data leak, we will notify our customers as soon as possible