Companny Hotel Promenáda s.r.o fully acknowledges the crucial and dynamically increasing importance of privacy protection, or protection and security of personal data of natural persons, especially that of clients, business partners, their representatives, employees as well as any other data subjects. Since personal data are processed in the context of business activities of our company, we have put much effort to secure and develop the essential protection standards of personal data of affected entities, beyond the framework of legislative requirements. In addition, our endeavours are directed at the implementation of consistent and transparent rules to enforce those requirements.
The objective of this Statement is to provide assurances to the public that Hotel Promenáda s.r.o. processes personal data in compliance with legislation regulating the given area and to inform data subjects of their rights arising from such legislation.
The pivotal legal regulation affecting the area of protection of personal data and privacy in general is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as the “GDPR”), which is to be implemented in the Czech legal order through the Act on Processing of Personal Data. Our company has put the above-mentioned legal regulations in concrete terms, supplementing them with internal regulations on personal data protection, which have been gradually introduced to promote rights of data subjects and to protect their privacy.
What personal data we process
Personal data are understood as all data on the basis of which a particular natural person can be identified. For example, personal data include names, surnames, date of birth, e-mail addresses, information on work positions or work attendance, or information on financial transactions of natural persons. Our company has been consistent in implementing the rules rooted in the basic principles of personal data processing in a way ensuring that the processes of personal data protection are carried out lawfully, correctly and transparently based on at least one legal ground. All personal data are therefore collected by us for certain legitimate purposes and then processed only in a manner compatible with the determined purpose. We take care to ensure that the extent of personal data processed by us is reasonable and relevant in relation to the purpose of processing and that personal data are accurate, while we make special effort to be able to guarantee that personal data are stored by us in a form enabling identification of data subjects only for a necessary period in relation to the purpose of personal data processing.
The personal data concerned especially include identification data, such as names, surnames, date of birth, permanent residence address, birth registration number, identification number, tax identification number, contract number, file number as well as data subjects’ contact data, e.g. address, telephone number, fax, e-mail address and similar data.
Why we process personal data
Unless required by legal obligations, contracts, public interests or vital interests of data subjects (hereinafter as “Clause 6 of the GDPR”), the processing of personal data is voluntary. We process the data forwarded to us by data subjects and our clients for the purposes of provision of our services. If you decide to refuse to have your personal data processed or if you ask for your data to be erased, you may do so by writing to the e-mail address firstname.lastname@example.org. We guarantee that we will comply with your request immediately, but within 1 month at the latest, unless another legal obligations prevents us from erasing your personal data.
Who might receive your personal data
Where we share your personal data with third entities, we proceed in accordance to legal regulations and the GDPR, and will therefore adopt all safeguards in order to protect your legitimate interests in a due form.
How your personal data are kept secure
We pay special attention to ensure that all personal data are processed and retained in a secure manner and for a necessary period, taking into account the purposes for which the personal data have been collected. Throughout the period of personal data processing, we take all steps to perform our obligations and provide an adequate protection to data subjects’ legitimate interests laid down in the GDPR. Our company has applied safeguards to set up technical and organizational measures that guarantee the security level corresponding to the individual risk categories of personal data processing, in order to prevent, in particular, any destruction, alteration, loss, unauthorized access or processing or misuse of such data.
Rights of data subjects
In terms of personal data protection under the GDPR, data subjects have the following rights:
- Right of access to personal data.This right is provided at request. Data subjects have a right to obtain from the company information as to whether their personal data are processed by the company and what categories of personal data are concerned, together with the purpose for and the period during which personal data will be processed. Data subjects will be given access to or a copy of their processed data free of charge at their request. The access enables data subjects to check whether their personal data are handled lawfully or not.
- Right to accuracy of personal data.The company will adopt all safeguards to process only accurate and up-to-date data. The company is obliged to verify whether the data processed by it are accurate, and any data identified as inaccurate will be erased or rectified. The company has an information obligation in relation to data subjects also in this case. Data subjects have a right to supplement incomplete personal data in a form of a declaration addressed to the company.
- Right to be forgotten or right to erasure.This right allows data subjects to require that the company erase their personal data and discontinue storing of such personal data under the condition, though, that this procedure is not prevented by any statutory impediment e.g. on the grounds of public interests or legal obligations that require processing of personal Data. In case this exception applies, the company is obliged to inform data subjects within 1 month.
- Right to require restriction of personal data processing. On the one hand, this right concerns inaccurate data the processing of which must be restricted by the company for a period necessary to verify such data. On the other hand, this right addresses any cases of unlawful handling of personal data and processing for no purpose, in case the erasure of data is not in data subjects’ interest. Finally, the ground for restriction of personal data processing consist in lodging of an objection to processing for a period during which the objection is evaluated by the company.
- Right to portabilityenables data subjects to have their personal data forwarded to or shared between controllers.
- As aforesaid, the GDPR gives data subjects the right to lodge an objection to processing of personal data at any time.
- Last but not least, another right granted to data subjects by the GDPR is not to be subject to any decisions based exclusively on automated processing of personal data.
Since we are aware that provision of personal data is a very sensitive issue, we will be delighted to attend to any questions or requests for explanation sent to our e-mail address email@example.com. We attach great importance to every question or request to us and will carefully examine and respond to them.