I. Basic clauses
- The controller of personal data pursuant to Article 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) is Genea Hotels s.r.o., ID No. 19088256, with its registered office at Přísečná 29, 381 01 Přísečná (hereinafter: “controller”).
- The contact details of the Administrator are email@example.com.
- Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
- the controller has not appointed a data protection officer.
II. Lawful basis for the processing of personal data
The lawful basis for processing personal data is
- performance of a contract between you and the controller pursuant to Article 6(1)(b) GDPR (“Performance of the Contract”),
- the legitimate interest of the controller in the provision of direct marketing (in particular for the sending of commercial communications and newsletters) pursuant to Article 6(1)(f) of the GDPR (“Legitimate Interest”),
- your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services in the absence of an order for goods or services (hereinafter referred to as “Consent”).
On the part of the controller -> automatic individual decision-making within the meaning of Article 22 GDPR. You have given your explicit consent to such processing.
III. Purpose of processing, categories, sources and recipients of personal data
|Source of data
|Recipients of personal data (processors)
|Client personal data (contant data)
|Subcontractors, mailing services, cloud storage
|Provision of direct marketing (especially for sending commercial communications and newsletters)
|Contact data of clients
|Mailing services, cloud storage, subcontractors
|Monitoring traffic analysis, server error detection and prevention of fraud and server attacks
|For 50 months: third party cookies, pseudo-anonymised identifiers of registered users such as UserIDs, IP addresses and web browsing data.
|User movement on the site, registration and creation of an anonymized user ID, display of error page
|Google Analytics, web hosting services and possibly other analytics services
|Advanced traffic analysis
|Tracking user movement on the web and form filling
|User movement on the web, mouse movement, clicking, typing on the keyboard
|Services to track user movement on the web
|Targeted advertising (retargeting)
|For up to 13 months: third-party cookies, IP addresses, browser data and web browsing data
|Showing certain pages on the site
|Advertising platforms enabling retargeting (AdWords, Sklik, Facebook)
|Getting demographic insights in traffic statistics
|Third party cookies, demographic data (age, gender, interests, purchase interest and other categories)
|DoubleClick cookie, Android ad ID, iOS ID for advertisers
|Customer review posting
|Customer name, photo, email
|E‑mail communication and survey on site
|Cloud storage, mailing services
|Profiling for displaying targeted content on the web and in direct marketing (newsletters)
|User identification cookie, URL of the page viewed
|Viewing certain pages on the web
|Facebook, web hosting company
IV. Data retention period
- Unless otherwise specified in the preceding paragraphs, the Data Controller shall retain personal data
- for the period necessary for the exercise of the rights and obligations arising from the contractual relationship between you and the controller and the exercise of claims arising from that contractual relationship (for a period of 15 years from the termination of the contractual relationship).
- for the period until consent to the processing of personal data for marketing purposes is withdrawn, if the personal data is processed on the basis of consent.
- After the expiry of the retention period, the controller shall delete the personal data.
- Cookies are text files containing small amounts of information that are downloaded to your device when you visit our website. Cookies are then sent back to the website or another website that recognises them on each subsequent visit.
- Cookies perform a variety of tasks, such as allowing you to navigate between websites efficiently, remembering your preferences and generally improving the user experience. They can also ensure that advertisements displayed online are better tailored to your personality and interests.
- We use the following cookies on the website:
- Necessary cookies: are required for the operation of the website, for example, to allow you to log into secure areas of the site and other basic functionality of the site. This category of cookies cannot be disabled.
- Analytical/statistical cookies: allow us, for example, to recognise and measure the number of visitors and to track how our visitors use the website. They help us to improve the way the site works, for example by enabling users to easily find what they are looking for. We only run these files with your prior consent.
- Advertising cookies: are used to track preferences and allow you to see advertising and other content that best matches your interests and online behaviour. We only run these cookies with your prior consent.
- Information about cookies and the current list of cookies can be found via the individual web browsers, most often under Developer Tools.
- For more information on the management of cookies in individual browsers, please see the following links:
- Internet Explorer — https://support.microsoft.com/cs-cz/help/17442/windows-internet-explorer-delete-manage-cookies
- Google Chrome — https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=cs
- Firefox — https://support.mozilla.org/cs/kb/povoleni-zakazani-cookies
- Safari — https://support.apple.com/cs-cz/guide/safari/sfri11471/mac
- Opera — https://help.opera.com/cs/latest/security-and-privacy/
- Microsoft Edge — https://docs.microsoft.com/cs-cz/sccm/compliance/deploy-use/browser-profiles
VI. Recipients of personal data (subcontractors of the controller)
- The controller -> intends to transfer personal data to a third country (non-EU country) or an international organisation. Recipients of personal data in third countries are: providers of mailing services, data and file storage, analytical tools, discussion and direct marketing services.
VII. Your rights
- Under the conditions set out in the GDPR, you have
- the right to access your personal data in accordance with Article 15 of the GDPR,
- the right to rectification of your personal data pursuant to Article 16 GDPR or restriction of processing pursuant to Article 18 GDPR,
- the right to erasure of personal data pursuant to Article 17 GDPR,
- the right to object to processing under Article 21 GDPR,
- the right to data portability pursuant to Article 20 GDPR,
- the right to withdraw consent to processing in writing or electronically to the address or email of the controller set out in Article III of these terms and conditions.
- You also have the right to lodge a complaint with the Data Protection Authority if you believe that your data protection rights have been violated.
VIII. Personal data security conditions
- The controller declares that it has taken all appropriate technical and organisational measures to safeguard personal data.
- The controller has taken technical measures to secure data storage and storage of personal data in paper form.
- the controller declares that only persons authorised by the controller have access to the personal data.
IX. Final provisions
- By submitting an order from the online order form or by filling in the enquiry form, you confirm that you are aware of the terms and conditions of data protection and that you accept them in their entirety.
These terms will take effect on 4 July 2023.