Personal Data Processing Policy

1)  General Information

1.1. Personal Data Processing Policy
When processing your personal data, we honour and respect the standards of data protection and particularly adhere to the following principles:
a) We always process your personal data for a clearly and comprehensibly stated purpose, by specified means, in a defined manner, and only for such time as is necessary due to the purposes of their processing; we only process accurate personal data of clients, and we are assured that their processing meets the stated purposes and is necessary to fulfil these purposes;
b) We protect and process your personal data in a way that ensures the highest possible security of this data and which prevents any unauthorised or accidental access to clients' personal data, their change, destruction or loss, unauthorised transmissions, their other unauthorised processing, as well as other abuses;
c) We always inform you clearly about the processing of your personal data and your claims for accurate and complete information about the circumstances of this processing, as well as your other related rights;
d) In our company, we comply with appropriate technical and organisational measures to ensure a level of security appropriate to all possible risks; all persons who come into contact with clients' personal data have a duty of confidentiality with respect to information obtained in connection with the processing of such data.

2)  Informationon the processing of personal data

  • a) Administrator Information
The administrator of your personal data is our company:
GAUDEO – Vranovská pláž s.r.o., identification number 02162695, with registered office Mladoňovice 65, 675 32 Mladoňovice.
  • b) Processing purposes and legal basisfor processing
  • i) Processing of personal data without your consent
As a rule, these are situations where you are obliged to give us specific personal data as a condition of being able to provide you with your product or service or when we are authorised to process your personal data obtained in another way.
We are legally entitled to process your personal data without your consent for the following purposes of complying with our legal obligations, particularly:
  • a) fulfilling legal obligations
  • i) fulfilling legal obligations
  • ii) fulfilment of obligations in the identification and control of the client according to the act on certain measures against the legalisation of proceeds
  • iii) fulfilmentof archiving obligations;
  • b) the conclusion or performance of a contract with you.
  • c) protection of rights and legally protected interests, especially for solving any controversial agenda, especially for the purposes of conducting court or other disputes.
  • ii) Processingpersonal data with your consent
These are generally situations where you voluntarily consent to us processing personal data provided by you or otherwise obtained. If you do not give consent, this may be a reason that our company will not be able to provide certain products or services or will be forced toad just availability in a reasoned way, the extent or conditions of the products and services provided.
Based on your consent, our company processes your personal data for the following purposes:
  • (a)  client care
  • (b)  offering products and services
In particular, it is about the dissemination of information, offering products and services to our company and others including product and service offerings, which are specifically targeted at individual clients, through different channels, e.g. by mail, electronic means (including e-mail and messages sent to mobile devices via telephone number) or by making a phone call, via the website. More details on the transfer are set out below in this Policy.
  • c) Extent of processed personal data of clients
Our company processes your personal data to the extent necessary to fulfil the above purposes. We process contact andidentification data, data indicating creditworthiness, trustworthiness andpayment morality, descriptive and other data and, to the extent necessary andjustified, details of other persons.
Communication record. Our company monitors and records selected communications with clients. When making voice recordings, we will always give you advance notice. The content of this communication is confidential, and we use it for the purposes of complying with legal obligations, conclusion and performance of the contract, the protection of the rights and legally protected interests and, with your consent, for the purposes of the care of clients.
  • d) How personal data are processed
Our company processes your personal data, including manual and automated processing, including algorithmic processing, in the information systems used by our company.
One way of processing our company's personal data is also through automated evaluation (to personalise our product and service offerings) personal data of clients; in doing so, derivative data about the client is also created. This is done in particular for the purpose s of complying with our legal obligations and to protect the rights and legally protected interests of our company, its clients or third parties. However, to a certain extent, our company can also use the relevant evaluation results to prepare individualised products and services.
Your personal data is processed primarily by employees of our company and, to the extent necessary, third parties (our suppliers and partners). Before any transfer of your personal data to a third party, we always enter into a written agreement with that person, which contains the same guarantees for the processing of personal data, which our company itself complies with in accordance with its legal obligations or we verify their compliance with GDPR and relevant privacy legislation.
  • e) Recipients of personal data
Your personal data of clients are available, especially to the employees of our company, in connection with the performance of their duties, in which it is necessary to handle the personal data of clients, however, only to the extent that is necessary in that case and compliance with all safety measures.
In addition, your personal data may betransferred to third parties involved in processing our company's clients'personal data, or these personal data may be available to them for anotherreason per the law.
Before any transfer of your personal data to a third party, we always enter into a written agreement with that person, in which we modify the processing of personal data to include safeguards for the processing of personal data, which our company itself observes in accordance with its legal obligations or their compliance with GDPR and relevant privacy legislation is verified.
In accordance with applicable law, our company is authorised or obliged directly, without your consent, to transfer your personal data:
the relevant government departments, courts and law enforcement agencies for the purpose of carrying out their duties and for the purpose s of enforcement
payment service providers, where necessary, to prevent, investigate or detect payment fraud;
by other persons within the scope of third-party legal regulations, for example, for the purpose of collecting our debt.
With your consent, based on which we are entitled to dispose to the appropriate extent, your personal data may be passed on to other entities to comply with our company's legal obligations, the conclusion and performance of the contract, the offering of products and services, the protection of the rights and rightly protected interests of our company, the care of clients.
  • f) Time of processing of personal data
Our company only processes clients' personal data for as long as necessary due to their processing purposes. We continuously assess if there continues to be a need to process certain personal data required for a specific purpose. If we find that they are no longer needed for any of the purposes they were processed, we will delete the data. However, internally, we have already evaluated the usual period of usability of personal data in relation to specific purposes of processing personal data, at the end of which we consider particularly carefully the need to process relevant personal data for a given purpose. At the same time, in that context, personal data is processed for the purposes of:
  1. we process the fulfilment of the contractfor the duration of the contractual relationship with the client; Furthermore,the relevant personal data is usually usable for a period of 10 years;
  2. we process the offering of products and services for the duration of the contractual relationship; Furthermore, the relevant personal data is usually usable for a period of 10 years;
  3. we process client care for the duration ofthe contractual relationship with the client; Furthermore, the relevantpersonal data is usually usable for a period of 10 years;
  • g) Right to withdraw consent
In this Policy, we tried to explain why we need your personal data and that we may process them only with your consent for some purposes. You are not obliged to consent to process your personal data by our company; at the same time, you are entitled to withdraw that consent. If you withdraw your consent, we will terminate the processing of relevant personal data for purposes requiring appropriate consent; however, we may be authorised, or even obliged, to continue to process the same personal data for other purposes.
If you do not grant or withdraw your consent, we can:
  • (a)  adjust the availability, scope or conditions of its products or services; or
  • (b)  refuse to provide you with our products or services if we find that such consent is necessary to provide the product or service under the conditions.
In case you wish to withdraw your consent to the processing of personal data, please contact the following email address in writing: recepce@penzionygaudeo.cz via the email address registered with us.
  • h) Sources of personal data
We obtain clients' personal data in particular:
  1. from the clients themselves, directly, e.g. when entering into contracts relating to products or provided services, or indirectly, e.g. when using the products themselves, clients' services or in the framework of making product and service information available to clients, e.g. through the company's website, etc.
  2. from publicly available sources (public registers, registers or lists);
  3. from its own activities by processing and evaluating other personal data of clients.
  • i) Your right to request access topersonal data and protection of clients' rights
If you ask us for information regarding processing your personal data, we will provide you with information about what data we process about you without delay. For providing such information, we have the right to claim reasonable reimbursement of the costs incurred in providing this information. If you find or believe that our company or a third party, which is involved in the processing of data, conducts the processing of your personal data, which is contrary to the protection of your private life or contrary to the law, especially if your personal data is inaccurate, you can:
  1. require an explanation from our company or a third party involved in the processing ofthe data;
  2. require that a faulty condition be removed; in particular, you may request that personal data be corrected or supplemented; if necessary, this data will be temporarily blocked or disposed of.
If we find your request well-founded, our company or a third party involved in data processing will remove the faulty condition immediately and free of charge.
As a client, you always have the right to contact the Privacy Office.

3) Extent of personal data processed

Identification data – include personal data –primarily name, surname, and permanent residence address. Other possible identifying data are, for example, the computer’s IP address and the file of specific authentication data that we agree to use.
Contact information – name, surname, contact address, telephone number, email address or other similar contact details. Other possible identifying data are, for example, the computer’s IP address and the file of specific authentication data that we agree to use.
Data necessary to decide on the conclusion of the contract - these are data needed primarily to assess riskiness from the perspective of preventing the legalisation of the proceeds of crime and terrorist financing, as well as data collected to assess the credit risk of the trade.
These data include, depending on the type of contract concluded:
Sociodemographic data include age, gender, family status, education, number of persons in the household, type of income, and character of the employment relationship.
Data arising from the performance of contract obligations - depending on the nature of the product or provided service, we process data related to the product or provided service. Personal data, such as contract duration, warranty period, voucher number, etc., are processed in this category.
Personal data obtained in connection with the provision of our products or services - These are personal data obtained in our communication. It is mainly about:
  1. data used to ensure the security of communications,
  2. records of your preferred language for communication, expressed interest in a product or service, or your specific requirements that have been communicated to us.