Resort Klášter Želiv | Privacy Policy

Privacy Policy

1. Introduction

1.1 These Principles are processed in accordance with Act No. 110/2019 Coll., on the processing of personal data, as amended, and with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.2 The purpose of these Principles is to provide Participants with basic information regarding the processing of personal data.

1.3 For the purposes of these Principles, it is understood that:

a) The Controller is Klášter Želiv s.r.o. – Želiv 122, 394 44 Želiv, ID: 03502481, contact email: manager@zeliv.eu

b) Participant is a natural person who grants the Company consent to process personal data; and

c) Personal data primarily includes name and surname, address, date of birth, email address, phone number, the company in which the data subject works, identification number of a self-employed person, and tax identification number of the self-employed person, or other data necessary for collection by the Controller in accordance with the purpose of their processing. The Controller, as the processor of Personal Data, hereby informs about the manner and scope of processing Personal Data, including the scope of Participant's rights related to the processing of Personal Data. These principles also apply to the Controller's website www.hotelkasterzeliv.eu.

1.4 The Controller is the operator of Hotel Želiv and provides services related to hotel operation. Within these services and related services, Personal Data are processed by the Controller:

a) to the extent provided in connection with the services of the Controller and its organized marketing activities; and

b) for the purposes listed below.

1.5 The Controller is the administrator of Personal Data. Personal Data are not processed by any other entity unless third parties process them based on a processing agreement concluded in accordance with applicable legal regulations. Only the Controller and any processor will have access to the processed Personal Data, in accordance with applicable legal regulations.

1.6 Personal data may vary depending on the products or services you purchase from us, but generally include your contact details, address data, data necessary for invoicing and ensuring the operation of the mutual contractual relationship. We may obtain this information from you during the existence of the contractual relationship, through web forms, or through other communication with you, when concluding contracts, etc.

1.7 Personal data you provide through our website (via our forms). Specifically, it concerns:

a) Name and surname

b) Date of birth

c) Phone number

d) Email address

e) Arrival and departure dates

f) Permanent address

g) Message text you may leave

2. Purpose of processing Personal Data The Controller processes Personal Data for the following purposes:

a) to ensure the conclusion and subsequent fulfillment of the contractual obligation between the Controller and the Participant. From such a relationship, additional legal obligations arise, and the Controller must also process Personal Data for this purpose;

b) for marketing purposes, so that the Controller can best tailor its product and service offers and commercial communications to the needs of the Participants; for this purpose, the Controller obtains the Participant's explicit consent;

c) to protect its legitimate interests, which include proper and timely fulfillment of the agreed contractual obligation between the Controller and the Participant, compliance with legal obligations arising from the contractual relationship, protection of the Controller's reputation as the website administrator, and safeguarding the Controller's property interests in case of legal disputes.

3. Data Protection and Processing Information.

3.1 The Participants are subject to Act No. 110/2019 Coll., on the processing of personal data, as amended, and other applicable legal regulations.

3.2 The Participant acknowledges that by giving consent, the Controller will begin processing Personal Data.

3.3 If the Participant does not provide their Personal Data, it will not be possible to conclude a contract with the Controller and/or provide services arising from it. Personal Data are necessary in this context.

3.4 Providing Personal Data to the Controller is generally contractual and statutory requirement. Regarding the provision of Personal Data for marketing purposes, which does not constitute the fulfillment of a contractual or legal obligation of the Controller, the Participant's consent is required. If the Participant does not give consent for the processing of Personal Data for marketing purposes, it does not mean that the Controller will refuse to provide its services or conclude a contract with them as a result.

3.5 Personal Data will be processed during negotiations on the conclusion of a contract between the Controller and the Participant, for the purpose of concluding the contract, as well as during the duration of the contractual relationship.

3.6 For the purpose of fulfilling the legal obligation of archiving accounting documents based on Act No. 563/1991 Coll., on Accounting, as amended, Personal Data (except for email address and phone number) will be further processed and stored for a period of 5 years starting from the year following the year in which the contract was concluded between the Controller and the Participant.

3.7 After the expiration of the periods specified in paragraphs 3.5 and 3.6, the Controller will delete the Personal Data.

3.8 The Participant is obliged to provide the Controller only with truthful and accurate Personal Data.

3.9 The Controller will make every effort to prevent unauthorized processing of Personal Data.

3.10 Personal Data of Participants will not be transferred to a third country or an international organization.

3.11 Personal Data are and will be processed in electronic form in a non-automated manner.

3.12 The Participant acknowledges that their Personal Data are stored in protected data centers in accordance with applicable legal regulations, whose operation complies with European standards for personal data protection.

3.13 The Participant acknowledges that cookies may be stored on their device by the Controller.

4. Participant's rights related to data processing

4.1 The Participant has the right to withdraw their consent (where processing of Personal Data is based on consent) at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent also does not affect the processing of Personal Data that the Controller processes based on other legal grounds (e.g., necessary for the performance of a contract, compliance with a legal obligation, or other reasons specified in applicable legal regulations). Consent can be withdrawn by filling out a form/deselecting a checkbox/sending a withdrawal to the Controller's registered office or via a link in email communication.

4.2 The Participant also has the right:

a) To be informed about the processing of their Personal Data (i) The Participant is entitled to request from the Controller whether their Personal Data are being processed or not. If they are being processed, the Participant has the right to request information from the Controller, especially about the identity and contact details of the Controller, its representative, and possibly the Data Protection Officer, about the purposes of processing, categories of affected Personal Data, recipients or categories of recipients of Personal Data, legitimate interests of the Controller, the list of Participant's rights, the possibility to contact the Office for Personal Data Protection, the source of the processed Personal Data, and about automated decision-making and profiling. (ii) If the Controller intends to further process the Participant's Personal Data for purposes other than those for which they were obtained, the Controller will provide the Participant with information about this other purpose and other relevant information prior to such further processing.

b) To request access to their Personal Data from the Controller The Participant is entitled to request from the Controller whether their Personal Data are being processed or not, and if so, to access information about the purposes of processing, categories of affected Personal Data, recipients or categories of recipients, the retention period, information about the Participant's rights (such as the right to request correction or deletion, restriction of processing, objection to processing), the right to file a complaint with the Office for Personal Data Protection, information about the source of Personal Data, whether automated decision-making and profiling are taking place, and details about the used procedures, as well as the significance and expected consequences of such processing for the Participant. The Participant has the right to obtain copies of the processed Personal Data. The right to obtain such copies must not adversely affect the rights and freedoms of other persons.

c) To request correction of provided Personal Data If, for example, the Participant's address, phone number, or other fact that can be considered Personal Data has changed, the Participant has the right to request the Controller to correct the processed Personal Data. Additionally, the Participant has the right to supplement incomplete Personal Data, including by providing an additional statement.

d) To request deletion of provided Personal Data In certain cases, the Participant has the right to request the Controller to delete their Personal Data. Such cases include, for example, when the processed data are no longer necessary for the purposes mentioned above. The Controller automatically deletes Personal Data after the expiration of the necessary period, but the Participant can also request its deletion at any time. The Participant's request is subject to individual assessment (even if the Participant has the right to deletion, the Controller may have a duty or legitimate interest to retain the Personal Data) and the Participant will be informed in detail about the outcome.

e) To restrict processing of Personal Data The Controller processes the Participant's Personal Data only to the extent necessary. However, if the Participant believes that the Controller exceeds the purposes for which Personal Data are processed, they may submit a request for their Personal Data to be processed only for the most necessary legal reasons or to be blocked. The Participant's request is subject to individual assessment, and they will be informed in detail about the outcome.

f) To file a complaint with the Office for Personal Data Protection. The Participant may contact the supervisory authority at any time with a suggestion or complaint regarding the processing of Personal Data, at the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, website https://www.uoou.cz/.

4.3 If the Participant believes that the Controller is processing their Personal Data in violation of their privacy rights or applicable legal regulations, especially if the Personal Data are inaccurate with regard to the purpose of processing, they may:

a) Request an explanation from the Controller via email or phone;

b) Submit an objection to the processing via email and request the Controller to rectify the situation (e.g., by blocking, correcting, supplementing, or deleting Personal Data). The Controller will decide on the objection promptly and inform the Participant. If the Controller does not comply with the objection, the Participant has the right to contact the Office for Personal Data Protection directly. This provision does not affect the Participant's right to submit a complaint directly to the Office for Personal Data Protection.

4.4 The Participant may exercise their above rights in writing to the address of the Controller's registered office or by email.

4.5 If the Participant requests information about the scope or manner of processing their Personal Data, the Controller is obliged to provide this information without delay, no later than one month after receiving the request from the Controller.

4.6 If the Participant exercises the right to access Personal Data in electronic form, the Controller will also provide the requested information electronically unless the Participant requests a different method of providing the information.

4.7 The Controller is entitled, in the case of repeated and unjustified requests for a physical copy of processed Personal Data, to charge a reasonable fee for administrative costs associated with such requests.

4.8 Personal Data are automatically evaluated and may be used for profiling or automated decision-making in the area of the Controller's marketing activities.

4.9 As a result of these activities, the behavior of the Participant on the website will be mapped and evaluated, which constitutes a certain interference with the right to privacy. At the same time, this evaluation helps ensure that the Participant receives only those advertising offers regarding the Controller's products and services that they might be interested in based on the evaluation results.

5. Final provisions

5.1 All legal relationships arising in connection with the processing of Personal Data are governed by the legal order of the Czech Republic, regardless of where access was made from. The Czech courts are competent to resolve any disputes arising in connection with privacy protection between the Participant and the Controller.

5.2 Participants who provide their Personal Data through the registration form for the purpose of concluding a contract with the Controller or give consent to the processing of Personal Data do so voluntarily, in their own name, and the Controller does not regulate their activity in any way.

5.3 The wording of the Principles may be changed or supplemented by the Controller. The Controller will inform Participants of any such change by email at least 30 days before the changes take effect.

5.4 These Principles are effective in their current version as of June 1, 2024.

Issued by the managers of Klášter Želiv s.r.o.

Th. Lic. Tadeáš Róbert Spišák

PaeDr. Mgr. David Peter Palušák

June 1, 2024

back