Company Declaration on Personal Data Processing
GDPR – Personal Data Processing
We greatly appreciate your patronage at the hotel Royal Regent, and in this context, please allow us to inform you about the manner of processing and use of your personal data in relation with fulfilling an accommodation contract (“Contract”), following the requirements of the General Data Processing Regulation, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), which came into effect on 25 May 2018.
We would like to inform you that the company INTER spa service s.r.o. (hereinafter the “Company”) processes your personal data (hereinafter “Personal Data”) – as the Controller – for the purpose of meeting legal obligations, notification obligations, and registration obligations in accordance with the Operating Rules of the hotel, including the standards of securing your Personal Data in the following areas:
1. fulfilling the Contract and other contractual relations between you and the Company
2. fulfilling the obligations and legal obligations of reporting as set by the Foreign Police Act – reporting the stays of all foreigners
3. for the purpose of distributing commercial messages – using direct marketing – about the goods and services of the Company related to the services provided according to the Contract or about similar goods and services. This processing is based on legislation in the sense that it is in the legitimate interest of the Company to use direct marketing tools.
Personal Data are not further transferred and processed by other parties connected to the Company, by representatives of the Company, or by other external providers of services – as processors. The only processor of Personal Data in the Company is the payroll clerk, who processes the Personal Data of employees. Her agenda is mandated and managed by a supplement to her contract, namely the version given by the decision of the European Commission on adequate protection as described in Art. 45 of the GDPR, the existence of standard clauses, contractual clauses, or other appropriate guarantees as according to Art. 46 of the GDPR, the existence of binding company regulations as according to Art. 47 of the GDPR, or according to the exceptions for specific situations as given in Art. 49 of the GDPR (“Legal Reasons”). Personal Data may be processed by Third Parties working in a jurisdiction outside of the European Economic Community in relation to any of the reasons mentioned above; in such cases, the Company shall ensure that the Personal Data be adequately protected and that they shall be protected in any case in accordance with the legislation on Personal Data Protection valid in the Czech Republic.
Personal Data are provided – for the purposes listed in the second paragraph of this chapter – to government authorities, the Foreign Police in accordance with the requirements of pertinent legislation or with the operating rules of mass accommodation facilities.
The processing of Personal Data for the purposes given in the second paragraph of this chapter is a condition subsequent for the conclusion and/or fulfilment of the Contract. Personal Data may be processed for the period that the Contract is valid, and furthermore for a period of six years after its termination, unless legislation does not determine a longer period.
The processing of Personal Data for the purposes listed in the third item of the second paragraph of this chapter is voluntary and unsubscribing from the distribution list for commercial messages does not have any effect on the Contract’s fulfilment. Personal Data shall be processed for the period that the Contract is valid, and furthermore for a period of six years after its termination, unless the guest previously unsubscribes from the distribution list for commercial messages, and that by either sending notification to firstname.lastname@example.org or by clicking the button (link) at the end of each notification sent in the commercial message.
Your personal data will be processed manually and by automated means.
In relation to your Personal Data, you have the following rights with the Company:
(i) to access: you have the right to receive confirmation about whether your Personal Data are processed or not, and if so, to gain access to such data and information to the extent given by Article 15 of GDPR;
(ii) to withdraw consent: if you have granted your consent with the processing of your Personal Data, you can withdraw this consent at any time without giving reason and with effect in the future. To exercise this right, please send your withdrawal to the addresses listed below. Consent withdrawal does not affect the validity of the processed Personal Data that was processed before consent withdrawal;
(iii) to rectification: if the processed Personal Data is inaccurate, you have the right to request the rectification of such data at any time. To exercise this right, please contact us at the addresses listed below;
(iv) to erasure and blocking: you have the right to request the blocking and/or erasure of stored Personal Data. If the erasure should be in conflict with legal or contractual obligations or with the legitimate interests of the Company, the Personal Data can be merely blocked;
(v) to the restriction of processing: the Company shall restrict the processing of Personal Data in the cases predicted in Article 18 of the GDPR, e.g. if you shall question the accuracy of Personal Data or if you will request the Personal Data for the purpose of protecting legal claims;
(vi) to object: you have the right to object to the processing of Personal Data under the conditions given in Article 21 of the GDPR at any time and without giving reason;
(vii) to transfer: in the case that you request the provision of the Personal Data, the Company will give them to you and will transfer these data to you or to the party you have designated in a structured, commonly used, and – if technically possible – in a machine-readable format;
(viii) to lodge a complaint: you have the right to lodge a complaint with the pertinent supervisory authority if you believe that your right to the protection of Personal Data has been infringed upon. This complaint should be lodged in the country that you usually reside in, where your workplace is located, or in the place where the right has supposedly been infringed, or in another location as given by Article 77 of the GDPR; the pertinent supervisory authority in the Czech Republic is the Office for Personal Data Protection.
Any questions or requests pertaining to the processing of Personal Data may be sent by e-mail to the GDPR Coordinator in the Company – email@example.com