GENERAL DATA PROTECTION REGULATION (GDPR)

("conditions")

 

TERMS USED:

Data administrator: ŽlabEko s.r.o., Protivec 32, Strunkovice nad Blanicí (hereinafter "Operator")

Customer: A natural or legal person using the operator's services

Regulation: Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation

 

GENERAL CONDITIONS

1. The subject of these Terms and Conditions is to ensure the processing of personal data of customers acquired as part of the Operator's business activities, as well as stipulating the obligation to maintain confidentiality of such information, to the extent and under the conditions set by these terms.

2. The operator undertakes to process customer's personal data in accordance with these terms and conditions. These Terms and Conditions are made to the extent of the rights and obligations arising from the processing of personal data under the previous paragraph from the relevant legislation, in particular Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016, General Regulation on the protection of personal data ("Regulation").

 

RIGHTS, OBLIGATIONS AND CONFIDENTIALITY

1. The operator undertakes to take such technical, personnel and other necessary measures to prevent unauthorized or accidental access to, alteration, destruction or loss of unauthorized access to personal data, unauthorized transfers, their other unauthorized processing and other misuse of personal data .

2. In connection with the provision of accommodation services, the Operator is obliged to process the guest's personal data. These data work in particular:

Receptionist operator.

b. Operator Manager.

c. Accountant.

d. Serving the restaurant.

e. The above users have been instructed about the sensitivity of personal data. Guests' personal data are handled exclusively by the Operator. Neither the operator nor employees pass on personal data to other entities.

 

CUSTOMER INFORMATION

1. The operator is obliged by law to keep certain personal data about its guests, namely name, surname, date of birth, address and time of accommodation, number and type of document, possible visa, purpose of stay. This obligation is governed by the Act on the Residence of Aliens in the Czech Republic (326/1999) and the Local Fees Act (565/1990). According to this legislation, the operator is obliged to keep personal data about customers for 6 years.
2. The customer is entitled at any time to ask the operator for an overview of his personal data. This information is stored in the (i) guest card on the operator's system, (ii) in the guest book, and (iii) the register book, which is stored in a locked space in the operator's building. In the case of a request for deletion of personal data, the Operator shall comply with such requests, but the Operator must comply with the above-mentioned laws. The listed personal data can only be deleted after the statutory deadline.

 

TECHNICAL AND ORGANIZATIONAL SECURITY OF PERSONAL DATA PROTECTION

1. The operator undertakes to ensure, technically and organisationally, the protection of personal data processed in such a way as to prevent unauthorized or accidental access, alteration, destruction or loss, unauthorized transmission, other unauthorized processing and other misuse of data. to ensure that all personal data controller obligations arising from the legislation, in particular the Regulation, are safeguarded on a personnel and organizational basis throughout the processing of the data.2. The operator undertakes to ensure the processing of the data in the following manner:a) only authorized persons of the Operator will have access to personal data, which will be set by the Operator with the conditions and scope of data processing;b) personal data will be processed on the premises of the Operator to which only authorized persons or its suppliers (subcontractors) will be bound by the same obligations;(c) An operator shall prevent unauthorized reading, creation, copying, transmission, modification or deletion of records containing personal data;(d) take measures to identify and verify to whom the personal data have been transmitted while they were processed, altered or deleted.3. The Operator undertakes, through its own internal regulations or special contractual arrangements, to ensure that its employees and other persons who will process personal data will do so only under the conditions and to the extent specified by the Operator's instructions and corresponding instructions. In particular, he / she will (and will impose upon these persons) to maintain confidentiality of personal data and security measures, the disclosure of which would jeopardize the security of personal data, even after employment or relevant work at the Operator.

 

Date of last update: 7.3.2021