STATEMENT ON PERSONAL DATA PROCESSING AND PROTECTION
Our company, Haštalská s.r.o., with its registered office in Prague 1 – Staré Město, Rybná 693/20, postcode 110 00, Czech Republic, Company ID No: 256 548 11, recorded in the Commercial Register of the Metropolitan Court in Prague under File No. C 145610/MSPH (the “Hotelier,” the “Company,” or simply “we”), as the operator of the Hotel Josef, located in Prague 1 – Staré Město, Rybná 20, postcode 110 00, Czech Republic, protects, consistently and on a long-term basis, the personal data and privacy of visitors to its website and its customers, suppliers and other persons. All procedures and measures adopted and implemented by the Hotelier in this area are consistently based on current legal regulations applicable to the protection of personal data and privacy, in particular,
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- Adaptations made to Czech legal regulations in this area, specifically the Act on Personal Data Processing, as well as
- the Civil Code, Act No. 89/2012 Sb., and Act No. 480/2004 Sb., On Providers of Certain Information Services.
When changes and modifications are made to the above-described legal regulations, we adapt all of our procedures and measures on a regular basis in accordance with such changes and modifications.
2. THE HOTELIER AS THE PERSONAL DATA CONTROLLER
If you provided your personal data to us in connection with the services being offered by us and if we process such data, we will become the personal data controller with regard to such personal data and will be responsible for the proper processing and protection of the data.
This Statement on Personal Data Processing and Protection serves to explain our procedures with regard to the processing of the personal data collected from you when you use of our services, personal data obtained as a result of oral or written communications, visits to our website at https://www.hoteljosef.com/ and/or from other sources. We process the personal data primarily for the purpose of providing and managing hotel services, as well as for the purpose of processing reservations and other services that we offer within the framework of our activities.
Please take the time to familiarize yourself with this Statement on Personal Data Processing and Protection. Should you require any further clarification, please contact us via e-mail at: email@example.com.
3. PERSONAL DATA BEING PROCESSED
Our customers are individuals and legal entities that wish to use our services. We process personal data solely in compliance with the relevant legal regulations, it being understood that the term processing means that we obtain, store and delete personal data, and in certain cases, we transfer the data.
The personal data that we process are obtained directly from you in connection with your order/reservation of accommodation, receipt of hotel registration and entry cards or passes to fitness facilities, use of health-related treatments and other services provided by the Company (Wi-Fi connections, for example) or in connection with the completion of a hotel guest satisfaction survey.
Some of the personal data that we process is obtained by monitoring your activity on our website. To a partial extent, we sometimes also process personal data that we obtained in other ways, in compliance with the applicable laws on personal data protection, from public sources such as the Commercial Register or other registers.
In addition to the above, we can also ask you to provide information on the persons traveling with you (their identification data and other necessary information). We do not, however, knowingly participate in the collection of the personal data of children, in accordance to the definition contained in the applicable laws.
We process primarily the following personal data:
- contact information (for ex.: full name, surname, title, residential address, e-mail, telephone number);
- information relating to the reservation of a hotel stay or visit (for ex.: date and time of arrival and departure, number of adults and children to be accommodated in a room including data about family members, type of room, list of procedures);
- information set forth in personal identification documents (date of birth, nationality, passport or national identity card number, visa, payment card details);
- location data (when using our motorcycle rental service);
- online identifier (IP address, MAC address, login information);
- participation in customer loyalty scheme; participation in marketing scheme; information relating to purchases and deliveries of products or services;
- travel history and reason for hotel visit (business trip or vacation);
- guest preferences (for ex.: dietary information or food allergies, room preferences);
- marketing and communication preferences; reviews and opinions on our products and services (for ex.: date of visit, room number);
- orders of packages provided by our hotel and other information that you decide to provide to us or that we can obtain from you.
4. PURPOSE OF PERSONAL DATA PROCESSING
We process personal data solely for permitted purposes and in compliance with the applicable legal regulations. Any processing of personal data is always linked to a stipulated purpose of processing and the associated legal basis for processing within the meaning of Article 6 of the General Data Protection Regulation, in particular: the performance of a contract or conducting negotiations concerning a contract, compliance with a legal obligation of the data controller, legitimate interests of the data controller or consent of the data subject.
In the event the processing of your personal data is being conducted on the legal basis specified as Consent of the Data Subject, the processing of such personal data is possible only for as long as such consent is in effect. If you withdraw your consent and/or if the period for which you granted consent elapses, the further processing of your personal data is ruled out.
4.1. Processing of personal data for the fulfilment of contractual obligations
We process personal data in order to fulfil our contractual obligations towards customers or for the implementation of pre-contractual measures taken at the data subject’s specific request.
4.2. Processing of personal data for the maintenance of our legitimate interests (taking into account your interests)
We also process personal data in cases where this is necessary in order to maintain our legitimate interests. This includes, for example, the following:
- Customer care and complaint response;
- Measures to improve our services and improve our relationship with our customers, e.g. customer satisfaction surveys, website improvement and development, website statistics etc.;
- Protection our company’s rights in the event of litigation regarding services provided;
- Protection of assets, health and security (to this end, our company uses security cameras. For details regarding the processing of personal data in connection with the CCTV system, please ask our staff at the reception desk of Hotel Josef. At your request, we will also present our documents on our privacy protection measures implemented in connection with the use of the CCTV system.);
- Direct advertising, unless you did not give consent to your personal data processing for those purposes;
- Measures to arrange security of services provided.
4.3. Personal data processing with your consent
In certain instances, our company processes data based on your consent. You may withhold your consent at any time. The processing of data conducted before you withdrew your consent is still permitted. We usually process personal data based on your consent in order to distribute marketing information and newsletters. We process personal data for such purposes only to the extent of data provided by you.
In connection with the communication of news, presentation of services and keeping in touch program, our company uses the services offered by certain social networks and other web sites, such as Facebook, Twitter, Pinterest or TripAdvisor. By following Hotel Josef on social and other networks, i.e. by clicking on “like” or “subscribe” buttons on the page, you voluntarily subscribe to the news published on our wall. By clicking on the “dislike” or “unsubscribe” buttons you may cancel the subscription. Our company may access the profiles of its subscribers, but we do not record or process the data in the profiles in our own internal system.
We also publish on our social networks the photographs or videos from events associated with the provision of our services. Unless the photographs show a group of persons, we always request a written consent of data subjects prior to publication.
4.4. Personal data processing for the purpose of statutory compliance
Our company processes some personal data in order to comply with our statutory obligations. Some of those obligations may be under the applicable laws of the Czech Republic, others under the EU law. Specifically, we have the obligation to collect, keep or report information intended for the regulatory tasks performed by various competent bodies and authorities.
4.5. Personal data processing for the purpose of direct marketing
For direct marketing purposes, which entails largely sending e-mail newsletters and other marketing communications, we usually process only your name and surname and your e-mail address. We send the newsletters or other marketing communications only on the basis of your consent or on the basis of our company’s legitimate interests.
The sending of newsletter or other marketing communications is not limited, but you may unsubscribe from receiving such information at any time. In such event, we may process the basic subscription information over a reasonable period of time in order to be able to prove why we sent you the newsletter or marketing info in the first place. We send the information only in direct relation to the services provided by our company and we do not share the information with third parties except for processors who arrange the distribution of newsletters or marketing communications for our company.
You may subscribe from our newsletters or marketing communication by clicking a link in our e-mail or sending your unsubscribe request to: firstname.lastname@example.org.
4.6. Information about the change of purpose
If our company were to process your personal data for any purposes other than for which the data had been originally collected, we will inform you about the new purpose in accordance with applicable law.
5. PERSONAL DATA RECIPIENT
In some instances, personal data may be disclosed to third parties as processors, particularly pro third-party providers of certain services for our company (software coding services, server administration services) or to providers of technologies used by our company (such as the reservation system), or, to the minimum extent necessary, to our company’s legal or tax advisors. In order to assure high quality of our services, we may also share your personal data with the members of the MMP Assets group.
Additionally, we may also disclose personal data to other recipients to the extent we are bound to do so under the applicable legal provisions. In all other instances, our company may disclose your personal data to a third party only subject to your express consent.
6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Our company does not transfer your personal data to recipients in third countries.
7. STORAGE OF PERSONAL DATA
Our company processes personal data in order to satisfy our contract obligations only for the duration of such contract obligations. Once the personal data are no longer needed for such purposes, we erase them.
But in order to comply with law or to protect our legitimate interests, we must store certain personal data even after the end of the term of contract. This applies, for example, to our duty to document services provided.
Whenever out Company has the duty to store or archive personal data, we proceed in accordance with time periods laid down in applicable law. In the absence of an express term being stipulated in the terms of the service or laid down in law, the reasonable term for storing the data is determined by our company with a view to the statutory limitation periods, allowing for the time needed to learn that a claim was filed or other proceedings initiated against our company, with a view to the likelihood of any such claims against our company, estimated time periods needed to detect cyberattacks against our information systems or other security infringements, customary process and recommendations of supervisory authorities and the likelihood and significance of such threats.
8. DATA SUBJECTS AND THEIR RIGHTS
Should your personal data be processed by us in our capacity as the data controller, you have the legal status of a data subject, along with all of the associated rights towards the data controller ensuing from the General Data Processing Regulation
As a data subject, you have the following rights within the meaning of Articles 15 through 22 of the General Data Processing Regulation:
- Right of access to your personal data, particularly the right to request information regarding the processing of your personal data from the data controller;
- Right of rectification of personal data if the data is inaccurate;
- Right to erasure of personal data (“right to be forgotten”);
- Right to restriction of processing;
- Right to object against the processing to the Controller;
- Right not to be subject to a decision made solely on the basis of automated processing, including profiling (with exceptions).
In addition to the foregoing, a data subject has a right to lodge a complaint with the supervisory authority, which is:
Úřad pro ochranu osobních údajů [Personal Data Protection Office]
Pplk. Sochora 27
170 00 Praha 7
E-mail address: email@example.com
9. PERSONAL DATA SECURITY
During any processing of your personal data, we place emphasis on safeguarding the data against data breaches or abuse, primarily through appropriate technical measures and the security of our website and other information systems and SW applications that we use and are aware of, as well as through mandatory internal procedures and organizational rules for the processing of personal data, including a secrecy obligation on the part of our employees.
In this regard we adopted specific technical, organizational and other measures for the security of personal data processed by automated means and personal data processed manually.
In the event that with regard to a specific case, another entity is authorized to process the relevant personal data – a personal data processor – such processing is regulated in detail by an agreement on personal data processing which stipulates, in compliance with the General Data Protection Regulation, strict technical and organizational rules for the effective protection of data processed by the processor, and/or by an addendum to the main agreement.
We reserve the right to make changes to this Statement on Personal Data Processing and Protection. The current version will be available at the website of Hotel Josef.
10. CONTACTING US
Should you have any questions, or if you wish to withdraw consent or exercise your other rights as a data subject, you can contact us:
- in writing at the address of our registered office; Prague 1 – Staré Město, Rybná 693/20, postcode 110 00, Czech Republic
- by sending an e-mail to us at: firstname.lastname@example.org; and/or
- by telephone at: +420 221 700 111.