DECLARATION ON THE PROCESSING OF PERSONAL DATA

in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the instructions to data subjects (hereinafter referred to as "GDPR")

1. RIGHTS AND OBLIGATIONS OF THE GUEST:

   KOPACKA HOTEL s.r.o., with registered office: Řehořova 2877/41, 130 00 Praha, ID: 07290306, VAT: CZ07290306, registered in the Commercial Register kept at the Municipal Court in Prague, Section C, insert 11242, (hereinafter referred to as the "Controller") hereby informs you about the processing of your personal data and your rights in accordance with Article 12 GDPR.

2. RIGHTS AND OBLIGATIONS OF THE GUEST:

   Personal data are processed to the extent that the relevant data subject has provided them to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or which the controller has otherwise collected and processes in accordance with applicable law or to fulfil the controller's legal obligations.
   • directly from data subjects (customer, job applicant, email communication, telephone communication, contact form on the website, etc.)
   • from the administrator's business partners (travel agencies, online accommodation booking companies, etc.)

3. Categories of personal data subject to processing

   • address and identification data used to uniquely and unmistakably identify the data subject - name, surname, date of birth, permanent address, nationality, number of travel document or other official identity document, visa number, purpose of stay, signature and data enabling contact with the data subject - contact data - e.g. contact address, telephone number, e-mail address and other similar information
   • descriptive data (e.g. bank details)
   • other data necessary for the performance of the contract
   • data provided in excess of the applicable laws processed under the data subject's consent (use of personal data for marketing communications, personnel management, etc.)

4. Categories of data subjects

   • customer administrator
   • an employee of the administrator
   • supplier of the administrator
   • another person who is in a contractual relationship with the controller
   • jobseeker

5. Categories of recipients of personal data

   • financial institutions
   • Processors
   • State i. authorities in the performance of their statutory obligations under the relevant legislation

6. Purpose of processing personal data

   • the execution of orders, bookings, the conclusion and performance of contracts relating to the services offered and provided by it, and in the cases imposed on it by law, in particular by the Act on local fees for the purpose of collecting the fee for a spa or recreational stay, or the fee for accommodation capacity, and the Act on the Residence of Foreigners, where the provision of personal data is mandatory (in the above cases, KOPACKA HOTEL s.r.o. is obliged to provide personal data in accordance with the provisions of Article 6(1)(a) of the Act. (b), c), f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), is entitled to process your personal data without your consent.
   • the purposes contained in the data subject's consent
   • negotiation of the contractual relationship
   • performance of the contract
   • protection of the rights of the controller, the beneficiary or other persons concerned (e.g. recovery of claims by the controller)
   • archives maintained on the basis of the law
   • job vacancies
   • the fulfilment of legal obligations by the administrator
   • protection of the vital interests of the data subject
   
   When making a reservation on the website of the controller, the personal data required for the successful execution of the reservation (name, surname, telephone, e-mail) are required. The purpose of processing personal data is to process the order of the data subject and to exercise the rights and obligations arising from the contractual relationship between the data subject (customer) and the controller. The purpose of processing personal data is a ls o to send commercial communications and to carry out other marketing activities. The lawful grounds f o r processing personal data are the performance of a contract pursuant to Article 6(1)(b) GDPR, the fulfilment of a legal obligation of the controller pursuant to Article 6(1)(c) GDPR and the legitimate interest of the controller pursuant to Article 6(1)(a) GDPR.
   f) GDPR. The legitimate interest of the controller is the processing of personal data for direct marketing purposes.

7. Method of processing and protection of personal data

   The processing of personal data is carried out by the controller. The processing is carried out at the controller's premises and at the controller's headquarters by individual authorised employees of the controller or by the processor. The processing is carried out by means of computer technology or, where applicable, manually for personal data in paper form, in compliance with all security principles for the management and processing of personal data.
   
   To this end, the controller has taken appropriate technical and organisational measures (in accordance with Article 25 of the GDPR) to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transmission, unauthorised processing or other misuse of personal data. All entities to which personal data may be disclosed shall respect the right of privacy of data subjects and shall comply with applicable data protection legislation.
   
   The Provider does not engage in automated individual decision-making (including profiling) within the meaning of No. 22 GDPR.

8. Period of processing of personal data

   In accordance with the time limits specified in the relevant contracts, in the administrator's filing and shredding rules or in the relevant legislation, this is the time necessary to secure the rights and obligations arising from both the contractual relationship and the relevant l e g i s l a t i o n .

9. Lessons learned

   The controller processes data with the consent of the data subject, except in cases provided by law where the processing of personal data does not require the consent of the data subject.
   
   In accordance with Article 6(1) of the GDPR, the controller may process the following data without the data subject's consent:
   • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
   • the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures taken prior to the conclusion of the contract at the request of the data subject;
   • the processing is necessary for compliance with a legal obligation to which the controller is subject;
   • the processing is necessary to protect the vital interests of the data subject or another natural person;
   • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
   • the processing is necessary for the purposes of the legitimate interests of the controller or third party concerned, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is data child.

10. Rights of data subjects

    In accordance with Article 12 of the GDPR, the controller informs the data subject, upon request, of the right to access personal data and the following information:
    1. the purpose of processing
    2. the category of personal data concerned,
    3. the recipients or categories of recipients to whom the personal data have been or will be disclosed,
    4. the planned period for which the personal data will be stored,
    5. all available information about the source of the personal data
    6. if not obtained from the data subject, whether automated decision-making, including profiling, takes place.
    
    The data subject shall further have the right to request from the controller:
    
    
    7. access to your personal data in accordance with Article 15 GDPR
    8. rectification of personal data pursuant to Article 16 GDPR
    9. the right to erasure, the right to be forgotten under Article 17 GDPR,
    10. the right to restriction of processing pursuant to Article 18 GDPR,
    11. the right to data portability under Article 20 GDPR,
    12. the right to object to processing under Article 21 GDPR
    13. the right not to be subject to any decision based solely on automated processing, including profiling, pursuant to Article 22 of the GDPR.
    
    Any data subject who becomes aware or believes that the controller or processor is carrying out processing of his or her personal data which is contrary to the protection of the data subject's private and personal life or contrary to law, in particular where the personal data are inaccurate with regard to the purpose of the processing, may:
    
    
    14. Ask the administrator for an explanation.
    15. Require the administrator to remedy the condition thus created. In particular, this may involve blocking, r e c t i f y i n g , supplementing or erasing personal data.
    16. If the data subject's request pursuant to paragraph 1 is found to be justified, the controller shall rectify the defective situation without delay.
    17. If the controller does not comply with the data subject's request pursuant to paragraph 1, the data subject shall have the right to apply directly to the supervisory authority, i.e. the Office for Personal Data Protection
    18. The procedure referred to in paragraph 1 shall not preclude the data subject from submitting his or her complaint directly to the supervisory authority.
    19. The controller shall have the right to charge a reasonable fee for the provision of the information not exceeding
    
    the costs necessary to provide the information.

11. Change in data protection rules

    In the event of any changes to the privacy policy, we will communicate these changes on the website. We therefore recommend that you check them regularly.

12. Contact us

    If you have any questions or requests regarding this privacy policy, please contact us at:
    
    KOPACKA HOTEL s.r.o.
    Kubelíkova 1224/42
    130 00 Prague
    Tel: +420 725 888 719
    E-mail: rezervace@hotelkopacka.com
    
    You may also use this contact information if you wish to view, correct, block or delete information collected about you through the Site.