PERSONAL DATA PROTECTION
As of 25 May, companies and organisations handling the personal data of customers or users of websites shall comply with the new European regulation on the protection of personal data.
The regulation is called the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation - GDPR)
Personal Data Protection Policy
I.
Basic Provisions
1. The personal data protection policy was prepared by the personal data controller (hereinafter referred to as the “Controller”) for the purposes of
fulfilment of obligations to inform Users (hereinafter individually referred to as the “Data Subject”), as the personal data subjects,
about the circumstances of the processing of their personal data in accordance with the provision of Article 13 of the Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016, the General Data Protection Regulation.
II.
Terms and Definitions
1. Regulation – Regulation (EU) of the European Parliament and of the Council 2016/679 on the protection of natural persons
with regard to the processing of personal data and on the free movement of such data, and repealing Directive
95/46/EC.
2. Personal data – information about an identified or identifiable natural person, if the natural person can be
identified based the personal data directly or indirectly.
3. Controller – Hotel Královka s.r.o., Molitorovská 324/9, 10000 Prague, Company registration No.: 02788136, Data Controller,
who determines the purposes and means of processing personal data.
4. Website – website address: www.hotelkralovka.cz.
5. Data subject – a natural person who can be identified directly or indirectly on the basis of personal data.
6. User – a natural person who uses a website and who is the data subject as defined in the Regulation.
7. Processor – a person who processes the personal data for the controller.
8. Operator – in this case the Controller.
III.
Information about Personal Data Processing Functions
1. Cookies
1.1. The website's system uses third-party analytical and marketing tools which,
using small data files called “cookies”, evaluate the behaviour and actions of the User on the website. The purpose
of using these tools is to allow the Controller to analyse the use of the website by the User in order to improve
the user’s comfort while using the website.
1.2. The operation of these tools is technically managed via cookies received by the User's device.
Refusing the given tool means refusing the cookie used by the tool.
1.3. The use of cookies can be configured in the internet browser. Most Internet
browsers receive cookies in the default browser settings. The User may refuse the use of cookies in
the Internet browser or only allow the use of some cookies.
1.4. The legal basis for the processing is a legitimate interest of the Controller consisting of the analytical and/or statistical
evaluation of the website's traffic.
1.5. The cookie processing period last for as long as the cookie is stored on the User’s computer, i.e., until
it is deleted or it expires.
1.6. The internal recipients of the personal data are the Controller’s employees. The external recipients of the personal data are
external providers of marketing and analytical tools who are in the position of personal data
processors.
2. Performance of a contract between the Data Subject and the Controller
2.1 The Controller processes the personal data of the Data Subject provided by the Data Subject or personal data
which the Controller obtained in connection with the performance of the contract.
2.2 The Controller processes the identification and contact data of the Data Subject required for the contract performance.
2.3 The legal reason for the processing of personal data is the performance of a contract between the Data Subject and the Controller.
2.4 The legal reason for the processing of personal data is the legitimate interest of the Controller to provide direct
marketing (advertising, newsletters).
2.5 The reason for the provision of personal data to the Controller is the identification of the contracting parties, which is necessary for the conclusion and performance of the Purchase Contract.
2.6 The purpose of the processing of personal data is to process an order, exercise rights and obligations arising from
a contractual relationship between the Data Subject and the Controller.
2.7 Personal data are processed by the Controller for the duration of the contractual relationship with the Data Subject. Upon expiry of
the validity or termination of the Contract, the data shall only be processed for the period for which the Controller has the obligation
to retain such data in compliance with the binding legal regulations, i.e., for a minimum period of 10 years
pursuant to the Value Added Tax Act and for a minimum period of 5 years pursuant to the Accounting Act.
IV.
Instructions for the Data Subject
1. The Data Subject has the right to:
demand the Controller to provide it with access to its personal data; raise an objection against processing; correction of personal data;
deletion of personal data; restriction of processing of personal data; data portability to another controller;
file a complaint with the Office for Personal Data Protection if it believes that the Controller processes
the personal data inconsistently with the Regulation.
V.
Personal Data Processing Specifications
1. The Controller is entitled to process the personal data also through its authorised
employees or through a provider, in their capacity of the personal data processor.
2. The personal data are processed in the form of electronic databases in secure data storage
sites.
3. The Data Subject’s personal data processing shall not involve automated decision-making
or profiling that would have any legal consequences for the User.
4. The provider does not transfer the User’s personal data to third countries or international organisations.
VI.
Final Provisions
1. By their continued use of the website, the Data Subject expresses his/her free and informed will and that they clearly understand the processing of personal data according to this personal data protection policy and that they have been properly and thoroughly instructed on and informed about the processing of personal data.
2. The Controller is entitled to unilaterally amend this personal data protection policy according to the applicable legislation and the Data Subject expresses its consent to this through their use of the website.
3. The Personal Data Protection Policy is published in electronic form and is available on the website.
The Personal Data Protection Policy entered into effect on 25 May 2018.