General Data Protection Regulation - GDPR
Asten Hotels s.r.o., Company Reg. No. 241 66 898 with its registered office in Prague 1, Pařížská 1, 110 00 ("Controller") processes personal data in accordance with Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) ("GDPR") and other relevant legislation.
Tasty Solutions s.r.o., Company Reg. No. 241 64 631 with its registered office in Harrachova 23, 543 51 Špindlerův Mlýn ("Controller") processes personal data in accordance with Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) ("GDPR") and other relevant legislation.
The Controller processes data mainly collected from the data subject and third parties (e.g. travel agencies, web portals etc.) that have legitimate interests in sharing the data with the Controller who processes the data collected from third parties only in the scope necessary for compliance with the legal obligation or the necessity for the performance of a contract as defined below.
Personal data such as a name, surname, arrival date, departure date, telephone number, email address, permanent residency and date of birth may be processed in order to enter into, or perform, an accommodation contract, or similar contract ("Contract") for the purposes of application of the rights of the Controller posed by the Contract.
Personal data such as a name, surname, arrival date, departure date, permanent residency, purpose of stay, ID number or passport number may be processed in order to comply with the Controller's legal obligation laid down by Act No. 565/1990 Coll., on Local Fees, as amended.
Personal data such as a name, surname, arrival date, departure date, permanent residency, date of birth, passport number, nationality, visa number and purpose of stay may be processed in order to comply with the Controller's legal obligation in compliance with Act No. 326/1999 Coll., on the Residence of Foreign Nationals in the Czech Republic, as amended.
The Controller will process personal data by automated means as well as manually by designated employees and processors on the basis of a service contract on data processing, consisting of IT services, legal services and, in case of legal employment, accounting services.
Personal data such as a name, surname, arrival date, departure date, permanent residency, date of birth, ID number, passport number, nationality, visa number and purpose of stay may be disclosed by the Controller to the bodies of public administration in compliance with the abovementioned Acts.
Personal data such as a name, surname, arrival date, departure date, permanent residency, room number and date of birth may be disclosed to the bodies through which the Controller seeks to enforce their rights resulting from the Contract (e.g. courts, notaries, debt collectors).
We do not actively track our guests and partners on our website. Our guests and partners visiting the website give their consent with the processing of their personal data by means of "cookies" in the "Opt‑In" feature.
With regard to data minimisation, the above mentioned personal data represents a minimum of what is necessary to be processed by the Controller to ensure legal obligations and rights in compliance with GDPR, contracts concluded with data subjects and abovementioned Acts.
Provided that special prior consent has been given, the Controller may be entitled to process personal data of housed guests and people interested in accommodation (e.g. a name, surname, arrival date, departure date, permanent residency, date of birth, ID number, passport number, nationality, visa number and purpose of stay, email address, telephone number used for communication between data subjects and the Controller) for marketing purposes of sending out commercial and promotional offers. This special consent is optional and by no means entitles the Controller to make the performance of their services subject to this consent. The consent is granted for an indeterminate period of time from the day of entering into a contract to its withdrawal at any time. The data subject's email address will be automatically processed by the Controller's employees and shall not be disclosed to third parties.
Sensitive data are usually not processed or required by the Controller except for health-related data provided to the Controller by the data subject voluntarily. In that case the Controller may use the data to offer improved services and accommodate specific needs of data subjects.
A data subject should have access to his or her personal data processed by the Controller as well as the right to have them rectified or erased; the right of restriction of processing; and also, the right to object to the processing. In addition, the data subject should have the right to withdraw his or her consent to the processing of personal data, should the data be processed by the Controller on the basis of such consent.
The data subject shall also have the right to receive the personal data concerning him or her, which he or she has provided to the Controller. The Controller shall provide the personal data pursuant to a request from the data subject in a structured, commonly used, and machine-readable format or transmit those data to another designated controller without undue delay. This shall not apply to personal data where the processing is performed by non-automated means.
The Controller shall not transfer personal data to third countries.
Where a data subject considers that the processing of his or her personal data is unauthorised, he or she should have the right to complain to a supervisory authority. In the Czech Republic, it is The Office for Personal Data Protection (www.uoou.cz).
Controller's contact details
Asten Hotels s.r.o. I Tasty Solutions s.r.o.
Pařížská 1, 110 00 Praha 1 I Harrachova 23, 543 51 Špindlerův Mlýn
Jiří Gajdošík, Managing Partner I Asten Hotels I Tasty Solutions