Albeřické chalupy

Zásady ochrany osobních údajů (GDPR)

PROTECTION OF PERSONAL DATA AND GDPR

PROTECTION OF PERSONAL DATA AND GDPR

1. BASIC PROVISIONS

1. BASIC PROVISIONS

  1. The data controller pursuant to Article 4 (7) of the European Parliament and Council Regulation (EU) 2016/679 o ochraně fyzických osob v souvislosti se zpracováním osobních údajů a o volném pohybu těchto údajů (dále jen: „GDPR“) je Tomáš Váňa, IČ 63190141, with its registered office at Národní 924, 551 01 Jaroměř (dále jen: „správce„). 
  2. The Administrator's contact details are:
  3. Personal data refers to all information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  4. The Administrator has not appointed a data protection officer.

  1. The data controller pursuant to Article 4 (7) of the European Parliament and Council Regulation (EU) 2016/679 o ochraně fyzických osob v souvislosti se zpracováním osobních údajů a o volném pohybu těchto údajů (dále jen: „GDPR“) je Tomáš Váňa, IČ 63190141, with its registered office at Národní 924, 551 01 Jaroměř (dále jen: „správce„). 
  2. The Administrator's contact details are:
  3. Personal data refers to all information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  4. The Administrator has not appointed a data protection officer.

2. SOURCES AND CATEGORIES OF PERSONAL DATA PROCESSED

2. SOURCES AND CATEGORIES OF PERSONAL DATA PROCESSED

The Administrator processes only the personal data you have provided or personal data the Administrator has obtained on the basis of fulfilling your order. This may include visiting our website, filling out a contact form, related to the realization of a service, during personal contact, by phone, in writing, by email, or other communication means. 

The Administrator processes only the personal data you have provided or personal data the Administrator has obtained on the basis of fulfilling your order. This may include visiting our website, filling out a contact form, related to the realization of a service, during personal contact, by phone, in writing, by email, or other communication means. 

3. LEGAL REASON AND PURPOSE OF PROCESSING PERSONAL DATA

3. LEGAL REASON AND PURPOSE OF PROCESSING PERSONAL DATA

  1. The legal reason for processing personal data is:
    • Fulfillment of the contract between you and the Administrator pursuant to Article 6 (1) (b) GDPR,
    • Fulfillment of the legal obligation of the Administrator pursuant to Article 6 (1) (c) GDPR,
    • The legitimate interest of the Administrator in providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6 (1) (f) GDPR,
  2. Your consent to processing for the purpose of providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6 (1) (a) GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on certain information society services, if no goods or services have been ordered.
  3. The purpose of processing personal data is:
    • To process your order (accommodation reservation) and perform the rights and obligations arising from the contractual relationship between you and the Administrator; personal data necessary for successful processing of the order (name and address, contact) are required for the conclusion and fulfillment of the contract, without providing personal data it is not possible to conclude or fulfill the contract by the Administrator,
    • To fulfill legal obligations towards the state,
    • To send commercial communications and perform other marketing activities.
    • Your consent to processing for the purpose of providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6 (1) (a) GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on certain information society services, if no goods or services have been ordered.

The Administrator does not engage in automated individual decision-making within the meaning of Article 22 GDPR.  

  1. The legal reason for processing personal data is:
    • Fulfillment of the contract between you and the Administrator pursuant to Article 6 (1) (b) GDPR,
    • Fulfillment of the legal obligation of the Administrator pursuant to Article 6 (1) (c) GDPR,
    • The legitimate interest of the Administrator in providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6 (1) (f) GDPR,
  2. Your consent to processing for the purpose of providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6 (1) (a) GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on certain information society services, if no goods or services have been ordered.
  3. The purpose of processing personal data is:
    • To process your order (accommodation reservation) and perform the rights and obligations arising from the contractual relationship between you and the Administrator; personal data necessary for successful processing of the order (name and address, contact) are required for the conclusion and fulfillment of the contract, without providing personal data it is not possible to conclude or fulfill the contract by the Administrator,
    • To fulfill legal obligations towards the state,
    • To send commercial communications and perform other marketing activities.
    • Your consent to processing for the purpose of providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6 (1) (a) GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on certain information society services, if no goods or services have been ordered.

The Administrator does not engage in automated individual decision-making within the meaning of Article 22 GDPR.  

4. DATA RETENTION PERIOD

4. DATA RETENTION PERIOD

The Administrator retains personal data:

  1. For the period necessary to perform the rights and obligations arising from the contractual relationship between you and the Administrator and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship),
  2. For the duration until the consent to the processing of personal data for marketing purposes is withdrawn, for a maximum of 10 years if personal data are processed based on consent.

After the expiration of the personal data retention period, the Administrator will delete the personal data unless there is another legal basis for processing. 

The Administrator retains personal data:

  1. For the period necessary to perform the rights and obligations arising from the contractual relationship between you and the Administrator and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship),
  2. For the duration until the consent to the processing of personal data for marketing purposes is withdrawn, for a maximum of 10 years if personal data are processed based on consent.

After the expiration of the personal data retention period, the Administrator will delete the personal data unless there is another legal basis for processing. 

5. RECIPIENTS OF PERSONAL DATA (ADMINISTRATOR’S SUBCONTRACTORS)

5. RECIPIENTS OF PERSONAL DATA (ADMINISTRATOR’S SUBCONTRACTORS)

  1. Recipients of personal data are individuals:
    • Involved in the delivery of services / realization of payments based on a contract,
    • Involved in providing information about the offered services (authorized persons of the Administrator),
    • Providing marketing services,
    • Providing website operation services (IT & WP HOST s.r.o. and other related services (Google Ireland Ltd.)).
  2. The Administrator intends to transfer personal data to a third country (a country outside the EU) or an international organization.

  1. Recipients of personal data are individuals:
    • Involved in the delivery of services / realization of payments based on a contract,
    • Involved in providing information about the offered services (authorized persons of the Administrator),
    • Providing marketing services,
    • Providing website operation services (IT & WP HOST s.r.o. and other related services (Google Ireland Ltd.)).
  2. The Administrator intends to transfer personal data to a third country (a country outside the EU) or an international organization.
  3.  

6. YOUR RIGHTS

6. YOUR RIGHTS

  1. Under the conditions set out in GDPR, you have:
    • The right to access your personal data pursuant to Article 15 GDPR,
    • The right to correct personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR,
    • The right to delete personal data pursuant to Article 17 GDPR,
    • The right to object to processing pursuant to Article 21 GDPR,
    • The right to data portability pursuant to Article 20 GDPR,
    • The right to withdraw consent to processing in writing or electronically to the address or email of the Controller specified in Article 1 (2) of these conditions.
  2. You also have the right to file a complaint with the Office for Personal Data Protection if you believe your right to personal data protection has been violated.

  1. Under the conditions set out in GDPR, you have:
    • The right to access your personal data pursuant to Article 15 GDPR,
    • The right to correct personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR,
    • The right to delete personal data pursuant to Article 17 GDPR,
    • The right to object to processing pursuant to Article 21 GDPR,
    • The right to data portability pursuant to Article 20 GDPR,
    • The right to withdraw consent to processing in writing or electronically to the address or email of the Controller specified in Article 1 (2) of these conditions.
  2. You also have the right to file a complaint with the Office for Personal Data Protection if you believe your right to personal data protection has been violated.

7. PERSONAL DATA SECURITY CONDITIONS

7. PERSONAL DATA SECURITY CONDITIONS

  1. The Administrator declares that it has taken all appropriate technical and organizational measures to secure personal data.
  2. The Administrator has taken technical measures to secure data storage and personal data storage in paper form, particularly by using encrypted communication, passwords, antivirus programs, and locks.
  3. The Administrator declares that only authorized persons have access to personal data.

  1. The Administrator declares that it has taken all appropriate technical and organizational measures to secure personal data.
  2. The Administrator has taken technical measures to secure data storage and personal data storage in paper form, particularly by using encrypted communication, passwords, antivirus programs, and locks.
  3. The Administrator declares that only authorized persons have access to personal data.

8. FINAL PROVISIONS

8. FINAL PROVISIONS

  1. By sending a reservation or inquiry from the contact form, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
  2. The Administrator is entitled to change these conditions. The new version of the personal data protection terms will be published on its website.

 

These terms become effective on May 1, 2024.

  1. By sending a reservation or inquiry from the contact form, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
  2. The Administrator is entitled to change these conditions. The new version of the personal data protection terms will be published on its website.

 

These terms become effective on May 1, 2024.