Terms and Conditions for the Processing of Personal Data
(hereinafter referred to as the “Conditions”)
Data Controller: Residence Muzeum Vltavínů, Panská 19, 381 01 Český Krumlov (hereinafter referred to as the “Hotel”)
Customer: Natural or legal person using the services of the operator (hereinafter referred to as the „Guest“)
Regulation: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation
- The subject of these Conditions is to ensure the processing of personal data of Customers obtained in the course of the Hotel’s business activities, as well as the establishment of the obligation to maintain confidentiality with regard to the information obtained to the extent and under the conditions stipulated by these Conditions.
- The Hotel complies with these Conditions to process personal data of Customers. These Conditions are made to the extent of the rights and obligations that derive from the applicable legislation in the processing of personal data under the preceding paragraph, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation (hereinafter referred to as the “Regulation”).
Rights, Obligation and Confidentiality
- The Hotel is obliged to take such technical, personnel and other necessary measures to prevent unauthorized or incidental access to personal data, their alteration, destruction or loss, unauthorized transmission or other unauthorized processing, as well as other forms of misuse of personal data.
- In connection with the provision of accommodation services, the Hotel is obliged to process personal data of the guests. These data are mainly used by:
- Hotel Receptionists
- Hotel Manager
- Marketing Department Officer
- The abovementioned users were instructed about the sensitivity of personal data. They handle the personal data of guests only within the services provided by the Hotel. The Hotel or its staff does not transmit personal data of guests to other entities. Other personal data processors are:
- Previo Hotel System
- Inzio Marketing Company
- Conditions of processing and handling of personal data of guests are regulated in the processing agreement between the Hotel and the respective processor.
Data Protection Officer (DPO)
- The DPO of the Hotel is Petr Novotný (firstname.lastname@example.org). The Officer has participated in the training necessary for the performance of the duties of the Officer in accordance with the Regulation.
- The Hotel has the legal obligation to keep some personal data about its guests, especially name, surname, date of birth, address, and time of accommodation, number and type of document, or possible visa, purpose of stay. This obligation is governed by the Act on the Residence of Foreign Nationals in the Czech Republic (326/1999) and Act on Local Fees (565/1990).According to these acts, the Hotel is required to keep personal data about customers for 6 years.
- The Customer has the right to ask the Hotel at any time for an overview of their personal data. This information is stored in (i) a guest card in the Hotel system, (ii) an accommodation log, and (iii) guest records, which are all stored in a printed form in a locked room. In the case of a request for the deletion of personal data, the Hotel will delete the guest card and destroy the accommodation book and guest records. However, the Hotel must comply with the abovementioned acts. The listed personal data may only be deleted after the legal deadline.
Technical and Organizational Security of Personal Data Protection
- The Hotel undertakes to provide, both technically and organizationally, the protection of the processed personal data in such a way that unauthorized or accidental access of the data, its alteration, destruction or loss, unauthorized transmissions, any other unauthorized processing, as well as other misuse may not occur, and that, both in terms of personnel and organization, all obligations of the personal data Controller resulting from the legislation, in particular the Regulation, were secured all the time for the period of data processing.
- The Hotel undertakes that the processing of data will be secured in particular as follows:
- personal data will only be accessible to authorized Hotel employees who will have conditions and extent of the data processing set by the Hotel, and any such person will access personal data under a unique identifier;
- personal data will be processed on the premises of the Hotel, to which only authorized employees or their suppliers (subcontractors) will have access, who will be bound by the same obligations;
- The Hotel will prevent unauthorized reading, creating, copying, transferring, editing or deleting of records containing personal data;
- the Hotel shall take measures to identify and verify to whom and by who the personal data were transmitted, processed, altered or deleted.
- The Hotel undertakes, through its own internal regulations or special contractual arrangements, to ensure that its employees and other persons who will process personal data do so only under the conditions and to the extent set by the Hotel and corresponding to the Hotel’s instructions. In particular, the Hotel itself will (and the mentioned individuals are also bindingly obliged to) maintain confidentiality about personal data and security measures the disclosure of which would jeopardize the security of personal data, even after termination of employment or related work at the Hotel.
- The Hotel uses CCTV to protect its customers, their property and the Hotel’s property. The Hotel declares that it does not in any way process the records, does not provide them to third parties or entities.
Date of last update: 25 May 2018