4. PURPOSE OF PERSONAL DATA PROCESSING
We process personal data solely for permitted purposes and in compliance with the applicable legal regulations. Any processing of personal data is always linked to a stipulated purpose of processing and the associated legal basis for processing within the meaning of Article 6 of the General Data Protection Regulation, in particular: the performance of a contract or conducting negotiations concerning a contract, compliance with a legal obligation of the data controller, legitimate interests of the data controller or consent of the data subject.
In the event the processing of your personal data is being conducted on the legal basis specified as Consent of the Data Subject, the processing of such personal data is possible only for as long as such consent is in effect. If you withdraw your consent and/or if the period for which you granted consent elapses, the further processing of your personal data is ruled out.
4.1. Processing of personal data for the fulfilment of contractual obligations
We process personal data in order to fulfil our contractual obligations towards customers or for the implementation of pre-contractual measures taken at the data subject’s specific request.
4.2. Processing of personal data for the maintenance of our legitimate interests (taking into account your interests)
We also process personal data in cases where this is necessary in order to maintain our legitimate interests. This includes, for example, the following:
- Customer care and complaint response;
- Measures to improve our services and improve our relationship with our customers, e.g. customer satisfaction surveys, website improvement and development, website statistics etc.;
- Protection our company’s rights in the event of litigation regarding services provided;
- Protection of assets, health and security (to this end, our company uses security cameras. For details regarding the processing of personal data in connection with the CCTV system, please ask our staff at the reception desk of Hotel Josef. At your request, we will also present our documents on our privacy protection measures implemented in connection with the use of the CCTV system.);
- Direct advertising, unless you did not give consent to your personal data processing for those purposes;
- Measures to arrange security of services provided.
4.3. Personal data processing with your consent
In certain instances, our company processes data based on your consent. You may withhold your consent at any time. The processing of data conducted before you withdrew your consent is still permitted. We usually process personal data based on your consent in order to distribute marketing information and newsletters. We process personal data for such purposes only to the extent of data provided by you.
In connection with the communication of news, presentation of services and keeping in touch program, our company uses the services offered by certain social networks and other web sites, such as Facebook, Twitter, Pinterest or TripAdvisor. By following Hotel Josef on social and other networks, i.e. by clicking on “like” or “subscribe” buttons on the page, you voluntarily subscribe to the news published on our wall. By clicking on the “dislike” or “unsubscribe” buttons you may cancel the subscription. Our company may access the profiles of its subscribers, but we do not record or process the data in the profiles in our own internal system.
We also publish on our social networks the photographs or videos from events associated with the provision of our services. Unless the photographs show a group of persons, we always request a written consent of data subjects prior to publication.
4.4. Personal data processing for the purpose of statutory compliance
Our company processes some personal data in order to comply with our statutory obligations. Some of those obligations may be under the applicable laws of the Czech Republic, others under the EU law. Specifically, we have the obligation to collect, keep or report information intended for the regulatory tasks performed by various competent bodies and authorities.
4.5. Personal data processing for the purpose of direct marketing
For direct marketing purposes, which entails largely sending e-mail newsletters and other marketing communications, we usually process only your name and surname and your e-mail address. We send the newsletters or other marketing communications only on the basis of your consent or on the basis of our company’s legitimate interests.
The sending of newsletter or other marketing communications is not limited, but you may unsubscribe from receiving such information at any time. In such event, we may process the basic subscription information over a reasonable period of time in order to be able to prove why we sent you the newsletter or marketing info in the first place. We send the information only in direct relation to the services provided by our company and we do not share the information with third parties except for processors who arrange the distribution of newsletters or marketing communications for our company.
You may subscribe from our newsletters or marketing communication by clicking a link in our e-mail or sending your unsubscribe request to: email@example.com.
4.6. Information about the change of purpose
If our company were to process your personal data for any purposes other than for which the data had been originally collected, we will inform you about the new purpose in accordance with applicable law.
5. PERSONAL DATA RECIPIENT
In some instances, personal data may be disclosed to third parties as processors, particularly pro third-party providers of certain services for our company (software coding services, server administration services) or to providers of technologies used by our company (such as the reservation system), or, to the minimum extent necessary, to our company’s legal or tax advisors. In order to assure high quality of our services, we may also share your personal data with the members of the MMP Assets group.
Additionally, we may also disclose personal data to other recipients to the extent we are bound to do so under the applicable legal provisions. In all other instances, our company may disclose your personal data to a third party only subject to your express consent.
6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Our company does not transfer your personal data to recipients in third countries.
7. STORAGE OF PERSONAL DATA
Our company processes personal data in order to satisfy our contract obligations only for the duration of such contract obligations. Once the personal data are no longer needed for such purposes, we erase them.
But in order to comply with law or to protect our legitimate interests, we must store certain personal data even after the end of the term of contract. This applies, for example, to our duty to document services provided.
Whenever out Company has the duty to store or archive personal data, we proceed in accordance with time periods laid down in applicable law. In the absence of an express term being stipulated in the terms of the service or laid down in law, the reasonable term for storing the data is determined by our company with a view to the statutory limitation periods, allowing for the time needed to learn that a claim was filed or other proceedings initiated against our company, with a view to the likelihood of any such claims against our company, estimated time periods needed to detect cyberattacks against our information systems or other security infringements, customary process and recommendations of supervisory authorities and the likelihood and significance of such threats.
8. DATA SUBJECTS AND THEIR RIGHTS
Should your personal data be processed by us in our capacity as the data controller, you have the legal status of a data subject, along with all of the associated rights towards the data controller ensuing from the General Data Processing Regulation
As a data subject, you have the following rights within the meaning of Articles 15 through 22 of the General Data Processing Regulation:
- Right of access to your personal data, particularly the right to request information regarding the processing of your personal data from the data controller;
- Right of rectification of personal data if the data is inaccurate;
- Right to erasure of personal data (“right to be forgotten”);
- Right to restriction of processing;
- Right to object against the processing to the Controller;
- Right not to be subject to a decision made solely on the basis of automated processing, including profiling (with exceptions).
In addition to the foregoing, a data subject has a right to lodge a complaint with the supervisory authority, which is:
Úřad pro ochranu osobních údajů [Personal Data Protection Office]
Pplk. Sochora 27
170 00 Praha 7
E-mail address: firstname.lastname@example.org
9. PERSONAL DATA SECURITY
During any processing of your personal data, we place emphasis on safeguarding the data against data breaches or abuse, primarily through appropriate technical measures and the security of our website and other information systems and SW applications that we use and are aware of, as well as through mandatory internal procedures and organizational rules for the processing of personal data, including a secrecy obligation on the part of our employees.
In this regard we adopted specific technical, organizational and other measures for the security of personal data processed by automated means and personal data processed manually.
In the event that with regard to a specific case, another entity is authorized to process the relevant personal data – a personal data processor – such processing is regulated in detail by an agreement on personal data processing which stipulates, in compliance with the General Data Protection Regulation, strict technical and organizational rules for the effective protection of data processed by the processor, and/or by an addendum to the main agreement.
We reserve the right to make changes to this Statement on Personal Data Processing and Protection. The current version will be available at the website of Hotel Josef.