ON THE HANDLING AND PROTECTION OF PERSONAL DATA
(hereinafter referred to as "Instructions for guests on the handling of personal data")
Accomodation provider - personal data administrator
trading company: DEIDDA, s.r.o.
Company ID: 267 36 713
with registered office: Politických vězňů 916/16, Prague 1 - Nové Město, postal code 110 00
registered at: Municipal Court in Prague, Section C, File 90555
(hereinafter referred to as the "Accommodation Provider" or "Personal Data Administrator")
The Landlord adopted Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter “General Regulation on Personal Data Protection”) and Act No. 101/2000 Coll., on Personal Data Protection and on Amendments to Certain Acts, as amended (hereinafter referred to as the “Personal Data Protection Act”) data, which also applies to the personal data of accommodated guests. By this Instruction of the Guests on the handling of personal data, the Accommodation Provider acquaints the accommodated guests with the principles and methods of processing their personal data as follows:
Principles of processing personal data of guests
1. The controller of personal data is obliged in relation to the accommodated guests as a data subject (hereinafter referred to as "guests") to process personal data in a correct and lawful and transparent manner so that they are collected for certain, explicit and legitimate purposes. The personal data processed must be accurate and, where necessary, kept up to date, and the scope of their processing must be proportionate, relevant and limited in relation to the purpose of the processing.
2. Personal data must be stored in a form which permits identification of guests for no longer than is necessary for the purposes for which they are processed. Personal data is processed and archived for a period specified by generally binding legal regulations.
3. The processing of personal data must be carried out in such a way as to ensure adequate security of personal data, including their protection by appropriate technical or organizational measures against unauthorized or unlawful processing and against accidental loss, destruction or damage.
4. The controller of personal data is responsible for the proper and lawful handling of personal data and must be able to demonstrate this compliance.
Personal data processed by the Accommodation Provider about guests - foreigners
1. The controller of personal data in the position of the Accommodation Provider is obliged by law (Act No. 326/1999 Coll., The Act on the Residence of Foreigners in the Czech Republic, as amended) to process the following personal data of guests who are foreigners (hereinafter "guests - foreigners'): beginning and end of accommodation, surname, first name, date of birth, nationality, travel document number, visa number, address of permanent residence abroad.
A foreigner is a natural person who is not a citizen of the Czech Republic, including a citizen of the European Union.
2. The processing of the personal data of foreign guests referred to in paragraph 1 of this Article is necessary for the fulfillment of the legal obligation applicable to the personal data controller and is thus not bound to the consent of foreign guests. The landlord enters the personal data in the house book, which is also considered a set of paper documents signed by a foreigner on the application form or a duplicate of a paper document containing data within the scope of the application form (hereinafter "house book").
3. The landlord further processes and stores in the house book the following personal data of foreign guests for the purpose of concluding and fulfilling the contract to which the foreign guests are parties, ie for the purpose of providing accommodation, and also for the protection of legitimate interests of the landlord: - foreigners.
4. The entry of personal data in the house register must be made in the current time, regularly, clearly and comprehensibly.
5. The landlord is obliged to keep a house book in paper form. The data stated in the house book are also kept electronically via the HORES reservation system. Access to guest data in the house book may be granted to entities authorized in accordance with the generally binding regulations of the Czech Republic (especially the Aliens Police of the Czech Republic). Electronic records are backed up to an internal backup server.
6. The landlord keeps the house book for a period of 6 years from the last entry. The Landlord is obliged to keep the documentary documents replacing the house book for a period of 6 years from the end of the accommodation of the guest - foreigner.
Personal data processed by the Accommodation Provider about domestic guests
1. The Personal Data Administrator in the position of the Accommodation Provider is obliged by law (Act No. 326/1999 Coll., The Act on Local Fees, as amended) to process the following personal data of guests who are citizens of the Czech Republic (hereinafter referred to as “domestic guests ") And whose purpose of stay is subject to the obligation to pay a local holiday tax: start and end of accommodation, purpose of stay, surname, first name, ID card or travel document, date and place of birth, address of permanent residence or place of permanent residence abroad . The Accommodation Provider is obliged to keep a record book in paper form about these personal data of domestic guests.
2. If the personal data of domestic guests are not processed by the Accommodation Provider pursuant to paragraph 1 of this Article, the Accommodation Provider is entitled to process personal data to the same extent for the purpose of concluding and fulfilling the accommodation contract. In the event that more than one person who does not pay the fee according to the Act on Local Fees is accommodated on the basis of the accommodation contract, the processing of personal data is sufficient only for the client as an accommodated domestic guest and the number of other accommodated domestic guests. If each of these persons is the client individually, the above-mentioned identification data are provided by all domestic accommodated persons.
3. The Landlord further processes and stores the following personal data of domestic guests for the purpose of concluding and fulfilling the accommodation contract to which the domestic guests are parties, ie for the purpose of providing accommodation, and also for the protection of legitimate interests of the Landlord: domestic guest payment card number.
4. The processing of personal data of domestic guests mentioned in this article is not bound to the consent of the accommodated domestic guests.
5. The landlord enters the personal data of domestic guests in the register, which is kept in both paper and electronic form through the reservation system HORES. The record book also means any paper documents containing data within the scope of the record book. (hereinafter collectively referred to as "records"). Electronic records are backed up to an internal backup server.
6. The entry of personal data in the records must be made in the current time, regularly, clearly and comprehensibly.
7. The landlord keeps the records for a period of 6 years from the last registration. The Accommodation Provider is obliged to keep the documentary documents replacing the registration book for a period of 6 years from the end of the accommodation of the domestic guest.
Access to personal data of guests
1. The Landlord keeps the personal data of guests to the extent specified in this Instruction of Guests on the handling of personal data in electronic and paper (physical) form, while the following persons have access to this data:
the receptionist of the Accommodation Provider as its employees;
external network administrator in case of electronic documentation.
2. Personal data of the accommodated guests of the Hotel in the range of name, surname and address of residence are transferred within the invoicing of the externally cooperating accounting company.
3. Access to personal data of guests, both domestic guests and guests - foreigners, may also be provided to entities that are authorized to view under generally binding legal regulations (especially the Police of the Czech Republic).
The right of guests to access personal data
1. Guests are entitled to request confirmation from the Landlord whether personal data concerning them are or are not processed by the Landlord and, if so, they have the right to gain access to such personal data and related information (especially the purpose of processing; personal data concerned, entities to which personal data are transferred, planned time of storage of personal data) - these facts also result from this Instruction of guests on the handling of personal data.
The right of guests to correct and delete personal data
1. The Guest is entitled to the Accommodation Provider without undue delay correct inaccurate personal data concerning the guest. Taking into account the purposes of processing, the guest has the right to supplement incomplete personal data, even by providing an additional statement.
2. The Guest has the right to have the Accommodation Provider delete the personal data concerning the guest without undue delay, and the Accommodation Provider has the obligation to delete the guest's personal data without undue delay if the guest's personal data are no longer needed for the purposes for which they were collected or otherwise. processed and generally binding regulations do not impose an obligation to keep them, or if the guest's personal data have been processed illegally. The landlord is not obliged to delete the personal data of the guest if the processing is necessary for the exercise of the right to freedom of expression and information; necessary to comply with a legal obligation arising from generally binding legislation; necessary for the determination, exercise or defense of legal claims.
The guest's right to restrict processing
1. The guest has the right for the Accommodation Provider to limit the processing of personal data of guests in the following cases:
the guest denies the accuracy of personal data, for the time necessary for the Landlord to verify the accuracy of personal data;
the processing is illegal and the guest refuses to delete the personal data and requests instead that their use be restricted;
The landlord no longer needs personal data for processing purposes, but the guest requests them for the determination, enforcement or defense of legal claims;
the guest has raised an objection to the processing, until it is verified whether the legitimate reasons of the Accommodation Provider outweigh the legitimate reasons of the guest.
2. In the event of restrictions on the processing of personal data, such data may be processed only with the consent of the guest, or for the purpose of determining, enforcing or defending legal claims, for the protection of the rights of another natural or legal person or for reasons of overriding public interest. European Union or a Member State. This does not exclude the legal obligation of the Accommodation Provider to report foreign guests to the relevant department of the Aliens Police of the Czech Republic. A guest who has reached the processing restriction pursuant to this Article must be notified in advance by the Accommodation Provider that the processing restriction will be lifted.
The guest's right to object to the processing of personal data
1. The guest has the right to object at any time to the processing of personal data concerning him, the processing of which is necessary according to the Accommodation Provider for the purposes of the legitimate interests of the relevant Accommodation Provider or third party, or to meet the legal obligations of the Accommodation Provider.
2. The landlord does not further process personal data unless he proves serious legitimate reasons for the processing, which prevail over the interests or rights and freedoms of the guest, or for the determination, exercise or defense of legal claims.
Additional guest rights
1. The Guest has the right to obtain personal data concerning him provided to the Accommodation Provider in a structured, commonly used and machine-readable format, and the right to transfer this data to another Accommodation Provider without the Accommodation Provider to whom the personal data was provided obstructing, and if:
the processing is based on the consent given by the guest to the processing of their personal data for one or more specific purposes;
the processing is based on a contract and is therefore necessary for the performance of a contract to which the guest is a party;
processing is performed automatically.
2. The guest shall have the right not to be the subject of any decision based solely on automated processing, including profiling, which has legal effects or is significantly affected by him or her. This does not apply if the decision is necessary for the conclusion or performance of the contract between the Accommodation Provider and the guest; or based on the express consent of the guest; or permitted by the law of the European Union or a Member State which applies to the Accommodation Provider and which also lays down appropriate measures to ensure the protection of the rights and freedoms and legitimate interests of the guest.
3. The landlord is not entitled to make copies of his personal documents without the express and written consent of the guest. If the guest refuses to grant consent to obtain a copy of his personal document, he must not be sanctioned or disadvantaged in any way by the Accommodation Provider.
4. The landlord is obliged to notify the individual recipients to whom the personal data have been made available of any corrections or deletions of personal data or restrictions on processing carried out in accordance with Article VI. and VII. of this Instruction for guests on the handling of personal data, except in cases where this proves impossible or requires a disproportionate effort. "Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether third party or not (public authorities which may obtain personal data in the context of a special investigation, not considered as beneficiaries). The landlord informs guests about these recipients, if the guest as a data subject so requests.
Reporting breaches of personal data security to employees
1. In the event of a breach of personal data security, the personal data controller is obliged to report to the Office for Personal Data Protection without undue delay, but no later than within 72 hours of the discovery, that such a breach has occurred and the information relating to the breach.
2. If it is probable that a certain breach of personal data security will result in a high risk for the rights and freedoms of natural persons - guests, the Accommodation Provider will notify the guest of this breach without undue delay. In such notification, the Landlord shall describe to the guest, using clear and simple language, the nature of the personal data breach and related data, in particular a description of the likely consequences of the personal data breach and a description of the measures taken by the Landlord to address the breach. personal data, including possible measures to mitigate possible adverse effects.
Instruction of Hotel guests on the handling of personal data and their protection
1. Instruction of guests on the handling of personal data is available for all guests at the reception of the Hotel and on the Hotel's website at www.sovereignhotel.cz.