GDPR
Information on the Processing of Personal Data
Statement on the Processing of Personal Data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
I. Who we are and how you can contact us?
PERK PLACES s.r.o., Company ID No. 24540048, with its registered office at Jar. Staši 1314, 763 02 Zlín - Malenovice, registered in the Commercial Register maintained by the Regional Court in Brno, Section C, File No. 150355 (hereinafter referred to as the “Controller”), is the controller of your personal data, which means that it determines the purpose and means of the processing of personal data, carries out the processing of personal data and is responsible for it. In certain cases, the Controller may also be in the position of a processor of personal data, i.e. it processes personal data for purposes determined by another controller. More information about our activities and the offer of our services can be found on the website https://hotelperk.cz/.
If you do not find answers to your questions in this Information Memorandum or on our website, or if you would like some information explained in more detail, you can contact us via data mailbox – IDDS: khwv4fj, by e-mail at recepce@hotelperk.cz or in writing at the address PERK PLACES s.r.o., Jar. Staši 1314, 763 02 Zlín - Malenovice, or alternatively at the address of the establishment Hotel PERK, ul. 17. listopadu 413/1, 787 01 Šumperk.
The Controller never provides information by telephone or e-mail. If the data subject proves their identity, it is possible to send the information by post with delivery confirmation into the addressee’s own hands or to a data mailbox.
II. In what way do we process your personal data and how are they secured?
We are fully aware of the importance of the protection of personal data and the privacy of clients. When processing personal data, we always proceed in such a way that your personal data are maximally secured and cannot be misused. All data further processed, for example by lawyers and/or tax advisors, are also protected by the statutory duty of confidentiality in accordance with the Act on Advocacy and/or in accordance with the Act on Tax Advisory Services.
We process your personal data manually in our information systems, or in the information systems of our processors. Your personal data may be processed primarily by selected employees of the Controller and categories of processors always listed for the relevant purpose of processing. We have taken such measures to ensure that only employees of the Controller and processors who participate in their processing have access to your personal data, and also that these employees and processors maintain confidentiality regarding all facts, data and information (personal or otherwise) that they have learned in the course of their work. The Controller has concluded a written personal data processing agreement with all potential processors, in which we emphasize the security of your personal data and which contains identical guarantees for the processes of personal data processing at these processors as are set with us.
We process your personal data predominantly within the territory of the Czech Republic and the European Union. If, in connection with the use of certain technologies or services, a transfer outside the European Economic Area occurs, this happens only with the provision of appropriate safeguards in accordance with the GDPR.
When you visit our website, we may automatically collect certain information using technologies such as cookies, internet browser analysis tools and server logs. In many cases, the information collected using cookies and other tools is used in a non-identifiable manner without any link to personal data.
Cookies are small text files that a website stores via a browser on the hard disk of a computer or other device when visited. We may use cookies to make the use of the website more efficient and also to customize browsing preferences and improve the functionality of our website. Cookies can be used to manage performance and collect information about how our website is used, for analytical purposes. There are two types of cookies: session cookies, which are removed from your device after leaving the website, and persistent cookies, which remain on your device for a longer period or until you manually delete them.
In log files from our servers, information may be collected about how users use the website (usage data). These data include, among other things, the user’s domain name, language, browser type and operating system, internet service provider, IP address (internet protocol), location or reference from which the user came to the website, the website you visited before arriving at our website, and the website you visit after leaving our website, as well as the time spent on our website. We may monitor and use website usage data to evaluate its performance and activity, to improve its design and functions, or for security purposes.
You can change the settings of your internet browser to block accepted cookies or to notify you of their acceptance or delete them. Alternatively, you can browse our website using an anonymous browser profile. Further information on adjusting or changing browser settings can be found in the browser manual or help. If you do not agree with the use of cookies or similar technologies that store information on your device, you must adjust your browser settings accordingly. Please note that some features of our website may not function properly if you disable cookies or these technologies.
On our website, we may provide links to third-party websites (hereinafter referred to as “Linked Sites”). We are not obliged to evaluate, control or examine Linked Sites. Each Linked Site may have its own terms of use and privacy statements. Users must familiarize themselves with and comply with these terms when using Linked Sites. We are not responsible for the policies and practices of any Linked Sites and any additional links that may be located on those sites. These links do not represent our endorsement of the Linked Sites or any company or service. We recommend that users familiarize themselves with the terms and relevant documents of these Linked Sites before using them.
Our website is not intended for children. We do not use it to knowingly obtain personal data from children or to provide services to children. If we find that a child has provided their personal data through one of our websites, we will remove such data from our systems.
On our website, we may also use Google Analytics to collect information about users’ online activities on the website, such as visited web pages, clicked links and performed searches.
This information is used to compile reports and to improve the website. Cookies collect information anonymously, such as the number of visitors to the website, where visitors came from and the pages they visited. Information generated by these cookies and your current IP address will be transmitted from your internet browser and stored on Google servers in the United States and other countries. Google will use this information on your behalf for the purpose of evaluating how you use our website as described above. The IP address obtained through Google Analytics will not be associated with any other data held by Google. Further information about data collected by Google Analytics can be found at http://www.google.com/intl/en/analytics/privacyoverview.html. These cookies can be blocked using the appropriate browser settings. If you do so, you may not be able to fully use the functions of our websites. The Google Analytics Opt-out browser add-on can be downloaded at: http://tools.google.com/dlpage/gaoptout.
III. How do we obtain your personal data?
We obtain your personal data from you. If we obtain personal data from you, we inform you whether the provision of personal data is a legal or contractual requirement, or a requirement that must be stated in a contract, and whether you have an obligation to provide personal data, and about the possible consequences of not providing personal data. We obtain your personal data in particular:
• on the basis of your requests, inquiries and within negotiations on the conclusion of a contract; or
• during communication via e-mail or other written communication; or
• during personal communication at our hotel or other facility of the Controller.
IV. For what purposes do we process your personal data?
We process your personal data only to the extent necessary for the given purpose and for the period that is necessary to fulfill the given purpose. After the fulfillment of the original purpose (for example performance of a contract), we may process personal data for other purposes (for example to fulfill the statutory archiving period). The purposes of processing are listed below in this chapter. We generally archive your personal data for the period set by legal regulations, the contract or on the basis of our legitimate interest (for example for the duration of limitation periods when we may have an interest in asserting or defending our legal claims).
We process your personal data for the following purposes:
• negotiation of a contract and performance of a contract, implementation of measures adopted before the conclusion of a contract at your request, handling of your requests;
• fulfillment of our legal obligations;
• for the protection of our rights and legitimate interests, especially in the area of monitoring the quality of services and optimization of provided services and for the evaluation of possible risks;
• for contacting you with an offer of products and services of our business partners (in the case of granted consent to the processing of personal data for this purpose);
• for participation in the Trigema Club program and sending information about news and offers within the Trigema group (in the case of granted consent).
Ad a) negotiation of a contract and performance of a contract, implementation of measures adopted before the conclusion of a contract at your request, handling of your requests
The Controller processes your personal data for purposes related to the fulfillment of contractual obligations, in particular for the purposes of (i) valid conclusion, performance, change and termination of contracts, (ii) related contractual documentation, (iii) complaints and (iv) related communication. The provision of the stated personal data is therefore a contractual requirement.
Legal basis for processing (legal title):
For the stated purposes, we process personal data on the basis of the legal title of performance of a contract to which the data subject (usually the Controller’s customer) is a party, or for the implementation of measures adopted before the conclusion of a contract at the request of this data subject (usually an interested party in the Controller’s products or services), pursuant to Article 6(1)(b) GDPR.
Categories of personal data:
For the stated purposes, we process the following categories of personal data: name and surname, address of permanent residence, possibly also e-mail address, telephone number, reservation data and bank details.
Period of processing:
For the stated purposes, we process personal data for the duration of contract negotiations, for the duration of the contract and for the duration of warranty, complaint and other periods related to the contract, during which the contracting parties may exercise rights and obligations arising from the contract.
Ad b) Fulfilment of our legal obligations
As a business entity, we must comply with a number of legal regulations and obligations set therein, in particular: Act No. 89/2012 Coll., Civil Code; Act No. 253/2008 Coll., on certain measures against the legalization of proceeds of crime and financing of terrorism, as amended; Act No. 280/2009 Coll., Tax Code, as amended; Act No. 563/1991 Coll., on Accounting, as amended; Act No. 120/2001 Coll., on court executors and execution activities and on amendment of other laws, as amended; Act No. 99/1963 Coll., Civil Procedure Code, as amended; Act No. 634/1992 Coll., on Consumer Protection, as amended; Act No. 40/2009 Coll., Criminal Code, as amended; Act No. 499/2004 Coll., on Archiving and Records Management and on amendment of certain laws, as amended; Act No. 326/1999 Coll., on the Residence of Foreign Nationals in the Territory of the Czech Republic and on amendment of certain laws, as amended; Act No. 565/1990 Coll., on Local Fees, and also related secondary legislation and legal regulations of European Union law. The provision of the stated personal data is therefore a legal requirement.
Legal basis for processing (legal title):
For the stated purposes, we process personal data on the basis of the legal title of compliance with a legal obligation to which the Controller is subject, pursuant to Article 6(1)(c) GDPR.
Categories of personal data:
• identification and contact data (name and surname, address of permanent residence, possibly also e-mail address);
• in the case of self-employed natural persons also designation of the self-employed natural person, registered office, Company ID, VAT ID, information on VAT payer status;
• data on services used and on the amount and method of payment for services provided (in the case of non-cash payment, bank account number).
Recipients of personal data (processors or third parties to whom personal data are or may be provided):
For the stated purposes, we use providers of IT services or legal and tax advisory services. The Controller must also provide necessary cooperation to the relevant public authorities, for example the tax administrator or court executors, law enforcement authorities in criminal, offence or administrative proceedings, to the extent and under the conditions set by legal regulations.
Period of processing:
For the stated purposes, we process personal data for the period set by the relevant legal regulations. With the exception of cases where legal regulations set a longer retention period for certain documents that may contain personal data, we retain personal data processed for the fulfilment of our legal obligations for a maximum period of 10 years.
Ad c) Assertion or defence of our legitimate interests
For the purposes of protecting our legitimate interests, we may process your personal data where our legitimate interests prevail over your interests or your fundamental rights and freedoms. In this way, we process your personal data in particular for:
• handling all dispute agendas, especially for the purposes of conducting court or other disputes;
• optimization of administrative processes within the Controller;
• photographic documentation from organized events;
• operation of a camera system.
At events organized by us, we take photographic documentation to a reasonable extent (situational shots from events) for the purpose of subsequent publication of selected photographs on our website for promotional purposes. In this way, visitors of a specific event are not primarily depicted, but rather the overall atmosphere of the event; the shots are not published in detailed resolution, nor do we attach captions identifying specific persons visiting the event. According to the expert opinion of the Office for Personal Data Protection, in such cases this is not primarily a matter of personal data protection, but of privacy protection pursuant to the Civil Code; therefore, consent to the processing of personal data for “illustrative” images does not need to be required. Visitors are informed in advance about the taking of photographic documentation by means of a camera pictogram, our photographers are visibly marked and photographic documentation is taken only in the main area of the event, and visitors always have the option to stay in areas where photographic documentation is not taken. In case of any doubts or questions regarding the taking of photographic documentation, you may contact us at the above contacts.
The operation of the camera system serves to protect the property and the protection of the health of persons entering the Controller’s operational premises. Data are stored within a time loop. The data subject is informed about the use of the camera system by a notice at the entrance to the Controller’s premises.
Ad d) Contacting you with an offer of products and services of our business partners (in the case of granted consent to the processing of personal data)
If you grant us consent to the processing and sharing of your data for marketing purposes, we will be entitled to analyze your data, without automated processing, and on that basis decide and offer you services from the portfolio of our business partners, which we carefully select. We may contact you for marketing purposes by e-mail. Together, we may process your personal data as well as other information that we have collected, as well as public data and data from third parties. This will include, for example, an e-mail address and information about services you have used.
You grant consent to the following entities (members of the group):
[to be completed by the Controller according to the current list of entities]
We will be able to use your data for a period of 2 years; if you become a client of any of the above-mentioned members of the group, then from the granting of consent for the entire period during which you are a client of any member of the group, and further for 5 years after the termination of all contractual relationships between you and the members of the group. If you wish, you may withdraw this consent at any time.
Ad e) Participation in the Trigema Club program
The customer hereby acknowledges that the operator is a member of the Trigema investment group. A member of the Trigema investment group is also the company Trigema Club s.r.o., Company ID: 21187258, with its registered office at Bucharova 2641/14, Stodůlky, 158 00 Prague 5, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File No. 397996 (hereinafter referred to as “Trigema Club”), which operates a portal of advantageous offers of companies, in particular from the Trigema investment group.
In the case of granting consent, the customer agrees that Trigema Club will inform him/her about news and offers, including offers of third parties forming the Trigema group. For this purpose, basic identification and contact data of the customer may be transferred to Trigema Club to the extent necessary for the implementation of this consent, in particular name, surname and e-mail address.
Legal basis for processing (legal title):
For the stated purpose, we process personal data on the basis of the consent of the data subject pursuant to Article 6(1)(a) GDPR.
Period of processing:
Personal data will be processed for this purpose for the duration of the granted consent, but no longer than 5 years from its granting, unless the consent is withdrawn earlier. The granted consent may be withdrawn at any time.
V. What are your rights?
We process your data in a completely transparent manner. At any time during the processing of your personal data, you may exercise the following rights:
• The right of access to your personal data and to obtain a copy of your personal data that we process.
• The right to rectification and completion of your personal data in the event that you find that we process incorrect or inaccurate personal data about you.
The right to erasure of your personal data (i.e. the right to be forgotten). You may request that we erase your personal data, and we will do so in the event that:
• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• if you withdraw your consent on the basis of which we process personal data and there is no other legal ground for processing;
• you object to processing based on legitimate interest, if there are no overriding legitimate grounds for processing on our side, or if you object to the processing of personal data for direct marketing purposes (i.e. we will no longer send you addressed commercial communications);
• the personal data are processed unlawfully; or
• the personal data must be erased for compliance with a legal obligation laid down in European Union or Czech law.
We inform you that, on the contrary, your personal data cannot be erased if their processing is necessary:
• for the exercise of the right to freedom of expression and information;
• for compliance with a legal obligation which requires processing under European Union or Czech law, or for the performance of a task carried out in the public interest or in the exercise of official authority;
• for reasons of public interest in the area of public health;
• for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes; or
• for the establishment, exercise or defence of legal claims.
The right to restriction of processing of your personal data. You may also request that we restrict the processing of your personal data in the event that:
• the processed personal data are not accurate;
• the processing is unlawful;
• the processed personal data are not necessary for the purposes for which they were collected or otherwise processed; or
• you object to processing.
If you exercise your right to restriction of processing and one of the above conditions is met, we will make a record in our systems that the data are subject to restriction, and such data will generally not be actively further processed (except for cases arising from legal regulations).
If the reasons for restriction of processing cease to exist, we will lift the restriction of processing of your personal data. We will inform you of this in advance.
The right to data portability. In the event that we process your personal data on the basis of your consent or for the purposes of performance of a contract and at the same time the processing is automated, you have the right to obtain such personal data in a structured, commonly used and machine-readable format and to transmit them to another controller. In such a case, your personal data will be provided to you electronically in a secure file in the format [xml].
If you believe that there has been a breach of obligations laid down by legal regulations on the protection of personal data (in particular the GDPR), you have the right to lodge a complaint with the Office for Personal Data Protection or with another competent supervisory authority of a Member State of the European Union entrusted with supervision over compliance with obligations laid down by the GDPR (in particular a supervisory authority in the Member State of your habitual residence, place of work or the place where the alleged breach occurred).
No automated decision-making takes place at the Controller, i.e. decision-making based solely on automated processing (including profiling), which would have legal effects for you or similarly significantly affect you.
You also have the right to object to the processing of your personal data if personal data are processed:
• for the purposes of performance of a task carried out in the public interest or in the exercise of official authority;
• for the purposes of legitimate interests of the controller or a third party; or
• for the purposes of direct marketing, which also includes profiling in order to tailor the offer to your needs and improve the quality of services provided.
If you object, we will not process your personal data until we demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms, or for the establishment, exercise and/or defence of our legal claims.
In the event of exercising any of the above rights, we will inform you in writing without undue delay about the method of handling your request.
Thank you for your trust.
PERK PLACES s.r.o.