Personal Data Processing Conditions

(“Conditions”)

Definitions:

Data Controller: Hotel Casanova, Husova 101/45, 419 01 Duchcov (hereinafter “the Hotel”), HOTEL CASANOVA DUCHCOV, s. r. o., Husova 101/45, Duchcov, IČ:06917399 , DIČ: CZ06917399

Customer: A natural or legal person using the operator’s services

Regulation: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)

General Provisions

• The purpose of these conditions is to ensure the processing of customers’ personal data obtained within the Hotel’s business activities, and to establish the obligation to maintain confidentiality regarding this acquired information, to the extent and under the conditions set forth herein.
• In accordance with these conditions, the Hotel undertakes to process customers’ personal data. These conditions are drawn up within the scope of rights and obligations arising from relevant legal regulations for personal data processing as per the preceding paragraph, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”).

Rights, Obligations, and Confidentiality

• The Hotel undertakes to adopt technical, personnel, and other necessary measures to prevent unauthorised or accidental access to personal data, their alteration, destruction or loss, unauthorised transfers, other unauthorised processing, as well as other misuse of personal data.
• In connection with providing accommodation services, the Hotel is obliged to process guests’ personal data. This data is primarily handled by:
• Hotel receptionists
• Hotel manager
• Accountants
• The aforementioned users have been instructed on the sensitivity of personal data. They handle guests’ personal data exclusively within the scope of services provided by the Hotel. Neither the Hotel nor its employees transfer guests’ personal data to other entities. Other processors of guests’ personal data include:
  Hotel system Previo
• The conditions for processing and handling guests’ personal data are regulated in a processing agreement between the Hotel and the respective processor.

DPO, Data Protection Officer

1. The Hotel’s Data Protection Officer is Marie Zasmanová (zasmanova@hotelcasanova.eu). The Hotel has ensured that the Data Protection Officer has received the necessary training for performing the DPO function in accordance with the Regulation.

Customer Information

• The Hotel has a legal obligation to retain certain personal data about its guests, specifically name, surname, date of birth, address and duration of stay, document number and type, any visa, and purpose of stay. This obligation is governed by the Act on the Residence of Foreigners in the Czech Republic (326/1999) and the Local Fees Act (565/1990). According to these legal regulations, the Hotel is obliged to retain customers’ personal data for a period of 6 years.
• Customers have the right to request an overview of their personal data from the Hotel at any time. This information is stored in (i) the guest’s card in the hotel system, (ii) the house book, and (iii) the registration book, which are kept in printed form in a locked room. In the event of a request for erasure of personal data, the Hotel will delete the guest’s card and shred the house and registration books. However, the Hotel must comply with the aforementioned laws. The listed personal data can only be deleted after the statutory retention period has expired.

Technical and Organizational Security of Personal Data Protection

• The Hotel undertakes to technically and organizationally secure the protection of processed personal data to prevent unauthorised or accidental access to data, their alteration, destruction or loss, unauthorised transfers, other unauthorised processing, as well as other misuse, and to ensure that all obligations of the personal data controller arising from legal regulations, especially the Regulation, are continuously secured both personally and organizationally throughout the data processing period.
• The Hotel undertakes that data processing will be secured primarily in the following manner:a) personal data will only be accessible to authorised Hotel personnel who have been assigned conditions and scope of data processing by the Hotel, and each such person will access personal data under their unique identifier;

b) personal data will be processed on Hotel premises, to which only authorised persons will have access.

c) The Hotel will prevent unauthorised reading, creation, copying, transfer, modification, or deletion of records containing personal data;

d) The Hotel will take measures to enable the identification and verification of to whom personal data were transferred, by whom they were processed, modified, or deleted.

• The Hotel undertakes, through its own internal regulations or specific contractual arrangements, to ensure that its employees and other persons who process personal data do so only under the conditions and to the extent determined by the Hotel and in accordance with the Hotel’s instructions. In particular, it will itself (and will obligate these persons) maintain confidentiality regarding personal data and security measures, the disclosure of which would compromise the security of personal data, even after the termination of employment or relevant work at the Hotel.

CCTV System

• The Hotel uses a CCTV system to preventively protect its customers, its property, and their property. The Hotel declares that it does not process recordings in any way, nor does it provide them to third parties or entities.
  Last updated: 24.5.2018