Hoteza Limited’s management demonstrates commitment to data protection by creating the policy and associated requirements, assigning specific roles and responsibilities, continuously developing a positive data protection culture, and allocating appropriate resources.
Hoteza Limited is responsible for compliance with the General Data Protection Regulation (GDPR, 2016/679) and other applicable laws concerning privacy and personal data protection.
Hoteza Limited understands its roles and responsibilities in the data processing.
Personal data in Hoteza Limited are:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (lawfulness, fairness and transparency);
- collected for specified, explicit and legitimate purposes (purpose limitation);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation);
- accurate and, where necessary, kept up to date (accuracy);
- stored no longer than is necessary for the purposes for which the personal data are processed (storage limitation);
- processed in a secure manner that ensures the confidentiality, integrity and availability of personal data.
Hoteza Limited is able to demonstrate compliance with this statement (accountability).
Hoteza Limited respects the rights of the Data Subjects (the right to be informed, the right to access, the right to rectification, the right to erasure (right to be forgotten), the right to restrict processing, the right to data portability, the right to object, the rights in relation to automated decision making and profiling) and guarantees their observance.
Hoteza Limited understands and assesses potential risks to the rights and freedoms of natural persons. If necessary, a data protection impact assessment (DPIA) is conducted.
Hoteza Limited has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the strict segregation of access rights;
- the encryption and, if necessary, pseudonymisation of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of incidents;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Hoteza Limited continually improves the suitability, adequacy and effectiveness of the data protection.
The Data Subjects can Hoteza Limited at any time and receive additional information at [email protected].
The Data Protection Policy is subject to periodic assessment, revision and updating every two years or, if necessary, at shorter time intervals to reflect changing conditions.
Date and Revision: October 22nd, 2020. Revision 5