GDPR
Information on the processing of personal data
Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the information of data subjects (hereinafter referred to as "GDPR") (hereinafter referred to as "Information Memorandum"):
I. Who are we and how can you contact us?
Sfera Hospitality s.r.o., ID No.: 17561019, with registered office at 17. listopadu 413/1, Šumperk, Postal Code 787 01, a company registered in the Commercial Register maintained by the Regional Court in Ostrava under File No. C 90466 (hereinafter referred to as the "Controller"), is the controller of your personal data, which means that it determines the purpose and means of processing personal data, carries out the processing of personal data and is responsible for it. In some cases, the Controller may also be in the position of a processor of personal data, i.e. it processes personal data for purposes determined by another controller. For more information about our activities and our range of services, please visit our website at https://hotelperk.cz/.
If you do not find the answers to your questions in this Information Memorandum or on our website, or if you wish to have some information explained in more detail, you can contact us via the data mailbox - IDDS: jytysb4.
The Administrator never communicates information by telephone or email. If the data subject proves his or her identity, the information can be sent by post, hand-delivered, or to a data box
II. How do we process your personal data and how is it secured?
We fully understand the importance of protecting the personal data and privacy of our clients. When processing personal data, we always act in such a way that your personal data is as secure as possible and cannot be misused. Any data processed further, for example by lawyers and/or tax advisors, is also protected by a legal duty of confidentiality in accordance with the Advocacy Act and/or the Tax Advice Act.
We process your personal data manually in our information systems or in the information systems of our processors. Your personal data may be processed primarily by selected employees of the Controller and by the categories of processors specified in each case for the respective processing purpose. We have taken measures to ensure that only the Controller's employees and processors involved in the processing of your personal data have access to your personal data and that these employees and processors maintain the confidentiality of all facts, data and data (personal or otherwise) of which they become aware in the course of their work. With all potential processors, the Controller has a written data processing agreement in which we place emphasis on the security of your personal data and which contains identical safeguards for the data processing processes of these processors as are set up by us.
We process your personal data in the Czech Republic. We do not transfer your personal data to other countries.
When you visit our websites, we may automatically collect certain information using technologies such as cookies, browser analysis tools and server logs. In many cases, information collected through cookies and other tools is used in a non-identifiable manner without any reference to personal information.
Cookies are small text files that a website stores on the hard drive of your computer or other device when you visit it via your browser. We may use cookies to make the use of the website more efficient, as well as to customize browsing preferences and improve the functionality of our website. Cookies may be used to manage performance and collect information about how our website is used for analytical purposes. There are two types of cookies: session cookies, which are removed from your device when you leave the website, and persistent cookies, which remain on your device for an extended period of time or until you manually remove them.
Log files from our servers may collect information about how users use the website (usage data). This data includes, but is not limited to, the user's domain name, language, browser type and operating system, Internet service provider, IP (Internet Protocol) address, the location or link from which the user came to the website, the website you visited before coming to our website, and the website you visit after leaving our website, as well as the time spent on our website. We may track and use website usage data to evaluate its performance and operation, to improve its design and features, or for security purposes.
You can change your browser settings to block, notify or delete the cookies you receive. Alternatively, you can browse our website using an anonymous browser profile. For more information about adjusting or changing your browser settings, please refer to your browser's manual or help. If you do not agree to the use of cookies or similar technologies that store information on your device, you must change your browser settings accordingly. Please note that some features of our website may not work properly if you disable the receipt of cookies or these technologies.
We may provide links to third party websites ("Linked Sites") on our website. We are under no obligation to evaluate, review or investigate the Linked Sites. Each Linked Site may have its own terms of use and privacy statement. Users must read and abide by these terms and conditions when using the Linked Sites. We are not responsible for the policies and practices of any Linked Sites and any additional links contained on such sites. These links do not constitute our endorsement of the Linked Sites or any company or service. We encourage users to read the terms and conditions and relevant documents of such Linked Sites before using them.
Our website is not aimed at children. We do not use it to knowingly collect personal information from children or to provide services to children. If we become aware that a child has provided personal information through one of our websites, we will remove that information from our systems.
We may also use Google Analytics on our website to collect information about users' online activities on the website, such as web pages visited, links clicked and searches made.
We use this information to compile reports and improve the site. Cookies anonymously collect information such as the number of visitors to the site, where visitors came from and the pages they visited. The information generated by these cookies and your current IP address will be transmitted from your browser and stored on Google servers in the United States and other countries. Google will use this information on your behalf for the purposes of evaluating your use of our website as described above. The IP address obtained through Google Analytics will not be associated with any other data held by Google. For more information about the data collected by Google Analytics, please visit http://www.google.com/intl/en/analytics/privacyoverview.html. You can block these cookies by using the appropriate settings on your internet browser. If you do so, you may not be able to take full advantage of the features of our websites. The Google Analytics Opt-out browser add-on can be downloaded at the following address: http://tools.google.com/dlpage/gaoptout.
III. How do we obtain your personal data?
We obtain your personal data from you. If we obtain personal data from you, we will inform you whether the provision of personal data is a legal or contractual requirement or a requirement to be included in a contract, whether you are obliged to provide personal data and the possible consequences of not providing personal data. In particular, we obtain your personal data by:
- on the basis of your requests, enquiries and in the context of contract negotiations; or
- when communicating by email or other written communication; or
- when communicating in person at our facility.
IV. For what purposes do we process your personal data?
We process your personal data only to the extent necessary for the purpose and for the period of time necessary to fulfil the purpose. We may process personal data for other purposes (for example, to comply with a statutory retention period) after the original purpose has been fulfilled (for example, to fulfil a contract). We list the purposes of processing below in this section. We generally retain your personal data for the period of time required by law, contract or on the basis of our legitimate interest (for example, for the duration of limitation periods where we may be interested in asserting or defending our legal claims).
We process your personal data for the following purposes:
a) contract negotiation and performance, implementation of pre-contractual measures taken at your request, handling your requests;
b) the performance of our legal obligations;
c) for the protection of our rights and legitimate interests, in particular for monitoring the quality of services and optimising the services provided and to evaluate possible risks;
d) to contact you with offers of products and services from our business partners (if you have given your consent to the processing of personal data for this purpose).
Ad a) Negotiation of the contract and execution of the contract, implementation of measures taken prior to the conclusion of the contract at your request, handling of your requests;
The controller processes your personal data for purposes related to the performance of contractual obligations, in particular for the purposes of (i) valid conclusion, performance, amendment and termination of contracts, (ii) related contractual documents, (iii) claims, and (v) related communications. The provision of said personal data is therefore a contractual requirement.
Legal basis for processing (legal title):
We process personal data for the above purposes on the basis of the legal title for the performance of a contract to which the data subject is a party (usually a customer of the Controller) or for the implementation of measures taken prior to the conclusion of the contract at the request of the data subject (usually a prospective customer of the Controller's products), pursuant to Article 6(1)(b) of the GDPR.
Categories of personal data:
We process the following categories of personal data for the above purposes: name and surname, address of place of residence, possibly also e-mail address, bank account.
Duration of processing:
For these purposes, we process personal data for the duration of the contract negotiations, for the duration of the contract and for the duration of the warranty, claim and other periods relating to the contract, when the parties may exercise their rights and obligations under the contract.
Ad b) Fulfilling our legal obligations
As a business entity, we must comply with a number of legal regulations and the obligations set out therein, in particular: Act No. 89/2012 Coll., the Civil Code; Act No. 253/2008 Coll., on certain measures against the legalization of the proceeds of crime and the financing of terrorism, as amended; Act No. 280/2009 Coll, Tax Code, as amended; Act No. 563/1991 Coll., on Accounting, as amended; Act No. 120/2001 Coll., on Bailiffs and Enforcement Activities and on Amendments to Other Acts, as amended; Act No. 99/1963 Coll, Civil Procedure Code, as amended; Act No. 634/1992 Coll., on Consumer Protection, as amended; Act No. 40/2009 Coll., Criminal Code, as amended; Act No. 499/2004 Coll, No. 326/1999 Coll., on the residence of foreigners in the territory of the Czech Republic and on the amendment of certain acts, as amended, Act No. 565/1990 Coll., on local fees and related sub-legislation, legislation of European Union law. The provision of the above personal data is therefore a legal requirement.
Legal basis for processing (legal title):
We process personal data for the above purposes on the basis of the legal title of compliance with a legal obligation to which the Controller is subject, pursuant to Article 6(1)(c) GDPR.
Categories of personal data:
For the purposes stated, we process the following categories of personal data:
• identification and contact data (name and surname, address of place of residence, e-mail address if applicable),
• in the case of natural persons engaged in business, also the name of the natural person engaged in business, registered office, registration number, VAT number, VAT payer's details,
• details of the services used and the amount and method of payment for the services provided (bank account number in the case of non-cash payment),
Recipients of personal data (processors or third parties to whom personal data are or may be provided):
We use an IT service provider or a legal and tax consultancy for the above purposes. The controller must also provide the necessary cooperation to the relevant state administration authorities, such as tax authorities or bailiffs, criminal, misdemeanour or administrative authorities, to the extent and under the conditions provided for by law.
Processing time:
We process personal data for the purposes set out above for the period of time specified in the relevant legislation. Subject to exceptions where legislation provides for a longer retention period for certain documents that may contain personal data, we retain personal data processed for the performance of our legal obligations for a maximum of 10 years.
Ad c) Asserting or defending our legitimate interests
For the purposes of protecting our legitimate interests, we may process your personal data where our legitimate interests override your interests or your fundamental rights and freedoms. In particular, we process your personal data in this way for:
(i) handling any litigation, in particular for the purposes of litigation or other disputes.
(ii) Optimising administrative processes within the Controller.
(iii) Photodocumentation of events.
For events organised by us, we take photo documentation (situational shots of events) to a reasonable extent for the purpose of subsequent publication of selected photographs on our website for promotional purposes. In this way, we do not primarily depict the visitors of a specific event, but the overall atmosphere of the event, the images are not published in detailed resolution, nor do we attach descriptions of specific persons attending the event. According to the expert opinion of the Office for Personal Data Protection, in such cases the primary issue is not the protection of personal data, but the protection of privacy under the Civil Code; therefore, consent to the processing of personal data for "illustrative" images is not required. Visitors are notified in advance of the taking of photographs by means of a camera pictogram, our photographers are visibly identified and photographs are only taken in the main event area, so that visitors are always able to stay in areas where no photographs are taken. If you have any doubts or questions about the photo documentation, you can contact us at the contacts below.
(iv) Operation of the CCTV system
Its purpose is to protect the premises and the health of persons entering the premises of the Administrator. Data is stored within a time loop. Cameras are installed only in the indoor areas. The data subject is informed of the use of the CCTV system by a sign on the entrance door of the Controller's premises.
Ad d) for contacting our business partners with offers of products and services (if consent to the processing of personal data is given)
If you give us your consent to process and share your data for marketing purposes, we will be entitled to analyse your data, without automated processing, and make decisions based on this and offer you services from the portfolio of our business partners that we carefully select. We may market to you by email. Together, we may process your personal data and other information we have collected, as well as public data and data from third parties. This will include, for example, your email address, information about the services you have used.
You grant consent to the following entities (group members):
[name of entity, ID number, address]
We will be able to use your data for a period of 2 years; if you become a client of any of the above group members, then from the date of consent for as long as you are a client of any group member and for 5 years after the end of any contractual relationship between you and the group members. You may withdraw this consent at any time if you wish.
V. What are your rights?
We process your data in a completely transparent manner. You can exercise the following rights at any time during the processing of your personal data:
a) Right to access your personal data and to obtain a copy of your personal data that we process.
b) Right to rectification and completion of your personal data if you discover that we are processing incorrect or inaccurate personal data about you.
c) Right to erasure of your personal data (the right to be forgotten). You can request us to erase your personal data and we will do so if:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you withdraw your consent under which we process personal data and there is no other legal basis for processing;
- you object to processing on the basis of legitimate interest where there are no overriding legitimate grounds for processing on our part; or you object to the processing of personal data for direct marketing purposes (i.e. we will no longer send you targeted commercial communications);
- the personal data is processed unlawfully; or
- the personal data must be erased to comply with a legal obligation under European Union or Czech law.
Please note that your personal data cannot be deleted if the processing is necessary:,
- for the exercise of the right to freedom of expression and information;
- for the performance of a legal obligation requiring processing under European Union or Czech law, or for the performance of a task carried out in the public interest or in the exercise of official authority;
- for reasons of public interest in the field of public health;
- for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes; or
- for the establishment, exercise or defence of legal claims.
d) Right to restriction of processing of your personal data.
You may also require us to restrict the processing of your personal data if:
- the personal data processed is not accurate;
- the processing is unlawful;
- the personal data processed is not necessary for the purposes for which it was collected or otherwise processed; or
- you object to the processing.
If you exercise your right to restriction of processing and one of the above conditions is met, we will make a record in our systems that the data is subject to restriction and we will not, as a rule, actively process such data any further (except where required by law).
If the reasons for the restriction of processing no longer apply, we will lift the restriction on the processing of your personal data. We will inform you of this in advance.
e) Right to transfer
In the case we process your personal data on the basis of your consent or for the purpose of performance of a contract and at the same time the processing is automated, you have the right to obtain such personal data of yours in a structured, commonly used, machine-readable format and to transmit it to another controller. In this case, your personal data will be provided to you electronically in a secure file in [xml] format.
f) If you believe that there has been a breach of the obligations set out in data protection legislation (in particular the GDPR), you have the right to file a complaint with the Data Protection Authority or another competent supervisory authority of a Member State of the European Union responsible for supervising compliance with the obligations set out in the GDPR (in particular, the supervisory authority in the Member State of your habitual residence, place of employment or place of the alleged breach).
No automated decision-making, i.e. decision-making based solely on automated processing (including profiling), which would have legal effects on you or affect you in any other similar way, takes place at the Controller.
You also have the right to object to the processing of your personal data where personal data is processed:
- for the performance of a task carried out in the public interest or in the exercise of official authority;
- for the purposes of the legitimate interests of the controller or of a third party; or
- for direct marketing purposes, which includes profiling, in order to tailor the offer to your needs and improve the quality of the services provided.
In the case you object, we will not process your personal data until we can demonstrate compelling reasons for the processing which override your interests or rights and freedoms or for the establishment, exercise and/or defence of our legal claims..
In the case you exercise any of the above rights, we will inform you in writing without undue delay how we will deal with your request.
Thank you for your trust.
Sfera Hospitality, s.r.o.