Personal data protection
A) Basic Provisions
- The controller under Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) is Rezidence Pavlov, s.r.o., Reg. No. 07176066, with registered office at Žižkova 1287/43, 741 01 Nový Jičín, Czech Republic (hereinafter the “Controller”).
- The Controller’s contact details are as follows: registered office: Žižkova 1287/43, 741 01 Nový Jičín, email: firstname.lastname@example.org, telephone number: 739 880 622, web: www.rezidencepavlov.cz
- “Personal Data” means any and all information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The Controller has not designated a data protection officer.
Sources and Categories of Personal Data which are being processed
- The Controller processes personal data provided to the Controller by another (especially by a person who has placed an order, etc.) or personal data obtained by the Controller during the processing of an order and performance of a contract and legal obligations.
- The Controller processes the identification and contact data of another which are necessary for the processing of an order and performance of a contract and legal obligations.
- If the other person has freely granted consent to the Controller, the Controller processes the other person’s email and the date of his/her consent also for the purposes of sending commercial communications.
C) Statutory Reason and Purpose of Personal Data Processing
- The statutory reason for personal data processing is:
- Performance of a contract between the Controller and another under Article 6 (1) (b) of the GDPR;
- Performance of a legal obligation associated with a contract made between the Controller and another under Article 6 (1) (c) of the GDPR.
- The purpose of personal data processing is:
- Processing of an order and performance of rights and obligations resulting from a contractual relationship between the Controller and another; an order requires personal data which are necessary for the successful processing of such order (name and surname, address, contact details – telephone number and email); provision of personal data is a necessary requirement for entrance into and performance of a contract and for communication; a contract cannot be made or performed by the Controller without provision of personal data;
- Special categories of data under Article 9 of the GDPR, especially sending newsletters in compliance with the GDPR [Article 4 (11) and Article 7 of the GDPR].
- The Controller does not perform automated individual decision-making under Article 22 of the GDPR.
D) Period of Data Retention
- The Controller retains the personal data:
- For a period necessary for the performance of rights and obligations resulting from the contractual relationship between the Controller and another, and in compliance with the legislation of the European Union and the Czech Republic, for a period of duration of obligations resulting from a contractual relationship, for the limitation or similar period for assertion of relevant claims or for a period laid down in a legal regulation (archiving period, etc.), at the minimum;
- In the event of consent with sending newsletters, the email for such purposes will be retained until such consent is revoked.
- After the expiry of the period of personal data retention, the Controller will erase the personal data.
E) Personal Data Recipients (Controller’s Sub-suppliers)
- The persons receiving personal data from the Controller are those who:
- Participate in the delivery of services / performance of payments under contracts (especially persons providing bookkeeping and taxation services);
- Provide website operation services (rezidencepavlov.cz) and Internet pages with an ordering system (Booking.com, etc.) and other services associated with website and ordering system operation;
- Provide marketing, counselling and other professional services.
- The Controller does not intend to transmit the personal data to a third country (a country outside the EU) or to an international organization.
F) Rights of the Other Person whose Personal Data are processed by the Controller
- Under the conditions provided for in the GDPR, the other person whose personal data are processed by the Controller has:
- The right of access to his/her personal data under Article 15 of the GDPR;
- The right to rectification of personal data under Article 16 of the GDPR or the right to restriction of processing under Article 18 of the GDPR;
- The right to erasure of personal data under Article 17 of the GDPR;
- The right to object against processing under Article 21 of the GDPR; and
- The right to data portability under Article 20 of the GDPR;
- The right to revoke his/her consent with processing by sending a written or electronic notice to the Controller’s address or email given in Article A hereof.
- Moreover, the said person has a right to lodge a complaint with the Office for Personal Data Protection if the said person thinks that her/his right to personal data protection has been breached.
G) Conditions for Personal Data Security
- The Controller declares to have adopted all the suitable technical and organizational measures to secure personal data.
- The Controller has adopted technical measures to secure data storage systems and places of storage of documentary personal data.
- The Controller declares that personal data may be accessed only by persons authorized by the Controller.
H) Final Provisions
- By sending an order through the Internet order form, each person confirms to have been acquainted, inter alia, with the conditions of personal data protection and accepts such conditions to the full extent thereof.
- The Controller is entitled to change such conditions while keeping the minimum standard of personal data protection provided for by legal regulations. The new version of the conditions of personal data protection will be published by the Controller on its website.
- The supervision of compliance with the Personal Data Protection Act is performed by the Office for Personal Data Protection.
These conditions come into effect on 01 February 2019.