GDPR

INFORMATION ABOUT PERSONAL DATA PROCESSING AND PROTECTION

With effect from 25 May 2018 the processing of personal data of clients of Hotel Alwyn are subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), known as GDPR. With regard to this we provide our clients with the following information about the processing and protection of their personal data.


Personal data controller

The controller of personal data of clients of The Hotel Fitzgerald at the address Vítkova 151/26, 186 00 Praha 8 – Karlín (hereinafter referred to as the Hotel) is the company Mankato Prague Operations,  s.r.o., ID: 09743316, with its registered seat at Vítkova 151/26, 186 00 Praha 8 – Karlín, registered in the commercial register maintained by Prague City Court, section C, insert 341593 (hereinafter referred to as the Controller).

 

Which personal data do we process?

The personal data that we process about our clients and the extent of which differs depending on the type and extent of the services provided include:

  • name and surname, title

  • date of birth

  • nationality

  • home address

  • travel document number

  • visa number if indicated on the travel document

  • duration of stay

  • purpose of stay in the Czech Republic

  • e-mail address

  • phone number

  • type, number and expiry date of payment card

  • vehicle registration number

  • records from the surveillance system

  • other data, if necessary in connection with the provision of services by the Controller.

We obtain personal data directly from the client or from the agent that has arranged accommodation when concluding the accommodation reservation agreement or the accommodation agreement and also during our contractual relationship. Personal data is provided by the client on voluntary basis. Should the client choose not to provide us with his/her personal data, we will not be able to conclude an accommodation reservation agreement or accommodation agreement.

No automated decision-making occurs during the processing of the clients personal data.

In order to ensure the security and confidentiality of personal data, which is extremely important to us, we use technical and organizational measures to protect against unauthorized access to the personal data and its misuse, including the security of our IT systems. We regularly evaluate and update all our measures.

 


Purpose of processing and legal basis for the processing of personal data

 

We process personal data for the following purposes:

  • providing services on the basis of a concluded accommodation reservation agreement or accommodation agreement in the Hotel, i.e. in particular, for the purposes of concluding a contract and managing our contractual relationship and communicating with the client.
    In this case the legal basis enabling us to process personal data is that the processing of personal data of the client is necessary in order to conclude or fulfil an agreement with him/her.

  • fulfilling our legal obligations, i.e. in particular, for the purposes of keeping a house book and notifying the accommodation of foreign citizens according to legislation governing the residence of foreign citizens in the Czech Republic. In this case the legal basis enabling us to process personal data is that the processing of personal data of the client is necessary in order to fulfil the legal obligation that applies to us as a controller of personal data.

  • protecting our legitimate interests, i.e. in particular, for the purposes of assessing, exercising and enforcing our legal claims, protecting the rights, property or security of us, our clients or other persons. In this case the legal basis enabling us to process personal data is that the processing of personal data of the client is necessary for the purposes of our legitimate interests as a controller of personal data.

  • marketing and sending marketing messages and business offers, provided that the client has granted his/her consent to direct marketing. In this case the legal basis enabling us to process personal data is that the client has at some time granted us revocable consent to the processing of his/her personal data for this purpose.

 

Recipients to whom we might provide personal data

n order to ensure the proper running of the Hotel, when providing services and fulfilling our contractual obligations, we use professional and specialized services of other subjects, such as gastronomic service providers, IT services, accountants, auditors and other subjects. In case these subjects process personal data of the Hotel’s clients provided to them by the Controller, they are in the position of personal data processors and process them only according to our instructions and cannot use them otherwise. We select each such subject carefully and with each of them we enter into a personal data processing contract, in which such subject as a processor has to fulfil strict obligations to protect and safeguard personal data.

 

Period for which we will process personal data

We store personal data of the Hotel’s clients only for as long as any of the aforementioned processing purposes lasts, i.e. in particular for the duration of the agreement and for the duration of consent of the client to the processing of personal data. Following the termination of agreement or the withdrawal of the clients consent we will then store personal data only for the duration and under the conditions required by law in accordance with general limitation, archiving and shredding periods.

 

Rights relating to the processing of the client’s personal data

Regarding the processing of personal data the client has:

  • the right to brief, clear, transparent and comprehensible information about how we handle his/her personal data and what his/her rights are regarding the processing of his/her personal data (this document also serves this purpose);

  • the right of access to personal data including the right to obtain confirmation of whether or not we are processing his/her personal data and the right to request information about how we are processing his/her personal data;

  • the right to rectification of inaccurate or incomplete personal data;

  • the right to erasure of his/her personal data (“the right to be forgotten”), if:

his/her personal data is no longer required for the purposes for which it was collected or processed;

he/she has withdrawn his/her consent to the processing of his/her personal data;

he/she has objected to the processing of his/her personal data and our legitimate interest in the further processing of his/her personal data does not have priority in that particular case or he/she has objected to the processing of his/her personal data for direct marketing purposes;

his/her personal data has been processed unlawfully;

– his/her personal data has to be erased according to legal regulations.

  • the right to the restriction of processing of his/her personal data if:

he/she disputes the accuracy of his/her personal data, until we verify their accuracy;

the processing of his/her personal data is unlawful and instead of erasing such personal data he/she only asks for its use to be restricted`

we no longer need his/her personal data but he/she requests it in order to exercise his/her legal rights;

he/she has objected to the processing of his/her personal data, until we verify whether our legitimate interests outweigh his/her interests.

  • the right to the portability of data including his/her right to obtain his/her personal data and his/her right to decide to have it transferred to another service provider (to another personal data controller)

  • the right to object to the processing of his/her personal data if we process it in order to protect our legitimate interests or for direct marketing purposes

  • the right to make a complaint to the supervisory authority which is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7; www.uoou.cz

In case of any questions or comments on the processing of the client’s personal data or want to exercise his/her rights referred to in section VI., he/she can do so in writing to the Controller’s address Mankato Prague Operations s.r.o., IČ: 09743316, 151/26, 186 00 Praha 8 – Karlín, or by e-mail to: reception@hotelfitzgerald.com.