GDPR

GENERAL DATA PROTECTION REGULATION

(GDPR)

PERSONAL DATA PROCESSING POLICY

issued according to the Regulation (EU) of the European Parliament and of the Council of 27 April 2016

on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter “GDPR”)


Dear guests, on this page you will find, in compliance with GDPR, the most important information on your personal data processed by L7 CORSO, s.r.o., Company ID: 139 88 948, with a registered office at Stará louka 460/38, 360 01 Karlovy Vary, registered in the Commercial Register managed by the Regional Court in Pilsen, Section C, file 41479 (hereafter “Controller” or “Company”).


The goal of this notification is to inform you about personal data processing, which takes place in connection to visiting the website www.corsohotel.cz, as well as about certain other cases of personal data processing, where within the activities of the Company, personal data of other persons are being processed (e.g. guests in the hotel, journalists etc.; hereafter “Data Subject”).


    I. Processing personal data from contact forms


When a query is sent through the inquiry form, certain personal data located in the encrypted interface is being collected, specifically the following data:


    • Date and time of sending the inquiry form;

    • Data from the sent inquiry form;

    • Possible questions of the visitor.


Processing of these protocol files will be done by the Company itself.


Personal data on visitors of the Controller’s website processed in relation to administration of the Controller’s website, or as the case may be, administration of the Controller’s reservations system and/or realization of internet marketing, will be processed only under the assumption that the relevant Data Subject granted their consent in the sense of art. 6 (1) a) of GDPR, and only for the time such consent is valid. In case of absence of consent of the Data Subject in the sense of art. 6 (1) a) of GDPR, the personal data of Data Subjects will be processed based on their request in the sense of art. 6 (1) b) of GDPR. 


    II. Processing of personal data in order to send newsletter


In case the website user is interested in receiving newsletter and other advertising notifications, the Company will process personal data provided by such user for these purposes based on consent, in each case at least in the extent of e-mail address, name and surname. Contents of the newsletter and other advertising notifications may be personalized based on the provided data and other data for content personalization, which the Company ascertains from the user’s behavior on the website, or as the case may be, newsletter.


The Company will process personal data of users only after the user fills in their data to the relevant form for newsletter and other advertising notifications order and subsequently confirms submitting the order and their consent with personal data processing by reply according to instructions delivered in e-mail message. If the order is not confirmed, the filled in data will not be stored anywhere. 


The provided personal data is being processed until the granted consent is withdrawn. The processing of personal data will be performed by the Company itself, or as the case may be, through a specialized processor.


The consent with processing of personal data is completely voluntary and the user may withdraw it at any time by sending a notice of withdrawing the consent in writing to the Company’s address (see below).


The user may withdraw their consent also by clicking the link “You may sign off the newsletter” in the delivered e-mail or advertising notice.




    III. Personal data processing in relation to photo documentation of organized events


In case of events organized by us we make photo documentation in reasonable extent (situational photos from the events) in order to subsequently publish selected photographs on our website for promotion purposes of Boutique Hotel Corso. This is not primarily intended to depict visitors of specific events, but the overall event atmosphere, the photos are not published in detailed resolution, we do not attach description of specific visitors of the events to them. According to the expert opinion of the Office for Personal Data Protection such cases do not primarily involve issues of personal data protection, but rather protection of privacy according to the Civil Code; as such, it is not necessary to request consent with personal data protection regarding such “illustration” photos.


Visitors are advised in advance about the fact that photo documentation will be taken at an event in the form of camera pictograph, our photographers are visibly marked and the photo documentation is taken only in the main area of the event, while the visitors always have the opportunity to stay in areas, where no photo documentation is taken. In case of any doubts or questions regarding the photo documentation you may contact us via the below stated contact information.


    IV. Personal data processing based on reservation or stay


We process personal data of clients based on their reservation (or stay without reservation) in the following extent:


    • Identification and contact information (name and surname, address of permanent residence, citizen’s ID card number or another ID document number and, as the case may be, also e-mail address and telephone number);

    • In case of self-employed natural persons also their business name, registered office, company ID number, Tax ID number and VAT payer information;

    • In case of business trips of non-entrepreneurs also data on the organization that ordered or pay for the accommodation;

    • Data on the purpose of stay, or information that the client is a person not subject to a fee for spa or recreational stay;

    • Information on your membership in a loyalty program;

    • Information on your stay and services used and on the amount and manner of payment for the services provided (in case of cashless payment number of bank account or credit card data);

    • In case of foreign nationals, in addition to the above referred data also date of birth, citizenship, number of travel document, visa number, permanent residence address abroad;


    A) Processing for the purpose of compliance with legal obligations

Provision and processing of all the above referred personal data, with the exception of e-mail address and telephone number and information on your membership in loyalty program, is necessary in order to comply with legal obligations of the Company, in particular obligations arising from the Act on Local Fees and Act on the Residence of Foreign Nationals in the Territory of the Czech Republic and also from accounting and tax regulations.


    B) Processing necessary to fulfill contractual relationship 

Processing of your identification data and data on your stay and on the services provided and on the manner of payment therefor is necessary in order to fulfill the contractual relationship regarding your stay, i.e. securing orders and reservations, concluding and performing agreements related to the accommodation, boarding and associated services offered and provided by the Company.


    C) Processing necessary for legitimate interest purposes

We process your personal data in the extent of name, surname, e-mail address and information on your stay on the basis of legitimate interest of the Company for direct marketing purposes, the purpose of processing is in this case solely the possibility to send you marketing and business notifications, i.e. information on interesting news, discounts etc. 

We process personal data to this extent also in order to send satisfaction questionnaires after your stay in order to verify your satisfaction with the Company’s services and to continuously improve the quality of the Company’s services provided to you.


There are generally no cases of disputes regarding our services on the part of our guests. If there was a dispute regarding the provided services on the part of the Company, the Company would be forced to process data on the services provided in the extent necessary to conduct such dispute, solely for the purpose of protecting the rights of the Company in such dispute. Similarly the Company would be forced to process the necessary data also in case of failure to pay for the services or in case of damage incurred by the Company.


    D) Automated processing of your data

We do not in any case conduct automated decision making or other automated processing of your personal data, which would have legal consequences for you or which would otherwise significantly impact you.


    V. Personal data processing in relation to handling inquiries, queries associated with accommodation services on website


In case of inquiries for services on the website of Boutique Hotel Corso www.corsohotel.cz via an inquiry form or by sending a query to the relevant e-mail stated on the website the Company will process personal data of potential customers in the extent of name, surname, e-mail address telephone number or company name solely based on your consent. You may withdraw your consent at any time by sending an express notice thereof to the e-mail address reservation@corsohotel.cz.

 

After the relevant inquiry is processed, the Company may use the above stated data further based on your consent for its marketing purposes regarding its offer of accommodation services. In such cases the data subject is entitled to withdraw their consent at any time by sending an express notice thereof to the e-mail address reservation@corsohotel.cz.


The processing of personal data will be performed by the Company itself, or as the case may be, through a specialized processor.


    VI. Personal data processing in relation to accommodation service


Personal data of customers (name, surname, date of birth, citizen’s ID card or passport number, address of residence, signature), who stay in Boutique Hotel Corso is being processed by the Company based on the legal ground stipulated by the Act no. 565/1990 Coll., on Local Fees, as amended, and the Act no. 326/1999 Coll., on the Residence of Foreign Nationals (Section 101), as amended. As such, this processing is necessary in order to comply with legal obligation in compliance with art. 6 (1) c) of GDPR and consequently such processing does not require consent of the accommodated person (Data Subject).


The Company stores, based on a consent, the name, surname and e-mail address of its customers also in order to verify the satisfaction of customers or to make a business offer of the same nature, or to offer service that was the subject of a previous order. In such case the Data Subject is entitled to withdraw their consent at any time by sending an express notice thereof to the e-mail address reservation@corsohotel.cz.


The Company will seek feedback and thereby process e-mail addresses of customers in such a way that it will send to these e-mail addresses, in compliance with the above, a questionnaire regarding the customer’s satisfaction with the course of their stay in the Boutique Hotel Corso, i.e. a business notification. The questionnaire will be sent to the customers in relation to the relevant purchase of services only once. The Company will process the feedback and therefore also the e-mail addresses of customers by itself, or as the case may be, through a contractually bound third party(processor).

 

    VII. Google Analytics and Google Adwords


For analysis of web pages via cookie files the Company uses the Google Analytics service, developed and operated by Google Inc., with a registered office at Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). 


Google will not connect the transmitted data, including IP address, with other data. Google’s declaration on personal data protection can be reviewed here.


A website visitor may prevent collection of cookie files and analysis thereof through Google Analytics either by changing the browser settings, as referred to above, and also by:


    • Clicking the following link, whereby a so called opt-out cookie will be place on your computer, which will prevent future storage of data on visiting the website;

    • Installing a plugin to your browser available here. This plugin only works in the relevant browser on the relevant computer and it must not be deactivated or deleted after installation in order to maintain the deactivation of the Google Analytics service.


Within the frame of the Google Analytics service the Company also uses associated advertising functions offered by Google, such as overview of views in the Google advertising network, extended reporting of anonymous demographic data (e.g. age, sex, interests) or viewing advertisements in the content network based on the viewed products (so called remarketing), including the Google AdWords service used for advertising personalization and improvement of advertising and remarketing targeting.


    VIII. Information clause on CCTV system in the premises of Boutique Hotel Corso


The purpose of processing is the protection of property and increase of safety of persons. The extent of processing only includes video record from the CCTV system, no sound is recorded. Administrator of these records is the Company. The CCTV system records are kept on HDD device / hard disk operated by the Company. No other Processor is utilized for the CCTV system. The place of processing is Boutique Hotel Corso and its premises at the address Stará louka 460/38, 360 01 Karlovy Vary, the Czech Republic.


The only possible recipients of data from the CCTV system are the authorities involved in criminal proceedings or administrative authorities for the purpose of proceedings on administrative offenses.


The cameras pan the entrance area and reception, hallways and underground garages, parking spots in front of the hotel, entrances/exists, staff entrances for supplying and handling areas, terraces, entrances to fitness/wellness, lobby/foyer, access to conference rooms, ramp, inner courtyard/atrium.


The records are kept for a maximum of 72 hours, thereafter they are automatically deleted by overwriting with new records, since the CCTV system works in a loop mode.


The CCTV cameras are operating non-stop (or may be motion-sensor activated).


Contact information for receipt of requests for information is provided below.


    IX. Term of personal data processing


We process your personal data for the duration of your stay in our hotel. After conclusion of your stay we process only:


We process the data, the obligation to process which arises from the applicable legislation, only for the time necessary under the applicable legislation (e.g. accounting and tax documents which we issue to you also contain your certain personal data (name, surname, type of provided service, date of issuing the document). We only store this data for the purpose of compliance of obligations stipulated by the relevant accounting and tax legislation for the time stipulated by this legislation.)


Your name, surname, e-mail address and information on your stay for the purpose of direct marketing of the hotel (sending information regarding interesting news or discounts on our services etc.) and for sending satisfaction questionnaires. We process the data used for sending the satisfaction questionnaire only until the questionnaires are evaluated (no more than 1 month after your stay). We process your data stated above for the purposes of direct marketing until the time you convey to us your possible disapproval with such further processing. 


The data necessary for the purpose of existing or realistically impending disputes. We process this data only until the time of final and effective decision regarding the dispute resolution and compliance with the obligations arising from such decision, or as the case may be, until the time in which according to the applicable legislation a dispute may arise concerning the provided services.


After the lapse of the time limits referred to above we regularly erase your personal data, both in paper and electronic form.


    X. Other rights associated with personal data protection


Data subjects, personal data of which the Company processes, have the following rights associated with processing of their personal data, provided that the requisites stipulated by the applicable legislation are met:


    • Right access to personal data consisting in the right to receive free of charge information on the basis of a request for information, which personal data of the data subject is processed by the Company;

    • Right to rectification of the processed personal data;

    • Right to erasure of the processed personal data;

    • Right to limitation of processing of personal data;

    • Right to transfer of personal data;

    • Right to withdraw any previously provided consent with personal data processing at any time, if the consent is the legal basis for the relevant personal data processing (i.e. for sending newsletter and other advertising notifications).


Furthermore, provided that the requisites stipulated by the applicable legislation are met, the Data Subjects, personal data of which the Company processes, have the right to file an objection against processing of their personal data, if the legal basis for the processing is legitimate interest of the Company. If the personal data is processed for the purpose of direct marketing, the Data Subject is entitled to file an objection against such processing at any time.


The Data Subjects, personal data of which the Company processes, may exercise the above stated rights in writing or by e-mail with the Company being the Personal Data Controller, on the below stated contact information.


The Controller may be reached:

    a) In writing at the address Stará louka 460/38, 360 01 Karlovy Vary;

    b) By telephone on +420 353 504 111; and

    c) Electronically by e-mail: reservation@corsohotel.cz.


The above stated rights of Data Subjects are not absolute rights. Any asserted rights will be assessed by the Company individually and with regard to its rights and rights of third parties.

 

If the Data Subject believes that there has been a violation of the applicable legislation in connection with the protection of their personal data, they are entitled to file a complaint with the supervisory authority. The supervisory authority for the territory of the Czech Republic is the Office for Personal Data protection, Pplk. Sochora 27,170 00 Prague 7 (www.uoou.cz).

 



Share by: