Data administrator: Alfons Group s.r.o. with its registered office at Legerova 41, 120 00 Prague 2, operating the Alfons Hotel at the same address (hereinafter the “Hotel”)
Customer: a natural or legal person using the operator’s services
Regulation: Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016, General Regulation on the protection of personal data
- The subject of these conditions is to ensure the processing of personal data of customers obtained within the business activities of the Hotel and to enshrine the obligation to maintain the confidentiality of this information, to the extent and under the conditions set out in these conditions.
- The hotel undertakes to process personal data of customers in accordance with these conditions. These conditions are drawn up to the extent of the rights and obligations arising from the relevant legislation in the processing of personal data under the previous paragraph, in particular Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 data (the “Regulation”).
Rights, obligations and confidentiality
- The hotel undertakes to take such technical, personnel and other necessary measures to prevent unauthorized or accidental access to personal data, their alteration, destruction or loss, unauthorized transfers, their other unauthorized processing, as well as other misuse of personal data.
- In connection with the provision of accommodation services, the Hotel is obliged to process personal data of guests. In particular, the following work with this data:
- Hotel receptionist
- Hotel manager
- Restaurant staff
- Marketing consultant
- The above users have been instructed on the sensitivity of personal data. They handle the personal data of guests exclusively within the services provided by the Hotel. Neither the hotel nor the staff pass on the personal data of guests to other entities. Other processors of guests’ personal data are:
- Previo hotel system
- The conditions of processing and handling of personal data of guests are regulated in the processing contract between the Hotel and the given processor.
- The hotel commissioner is the Hotel manager Mr. Jiří Hlávka (firstname.lastname@example.org). The Hotel has provided the Commissioners with the training necessary to perform the function of Commissioner in accordance with the Regulation.
- The hotel has a legal obligation to keep some personal data about its guests, in particular name, surname, date of birth, address and time of accommodation, number and type of document, possible visa, purpose of stay. This obligation is governed by the Act on the Residence of Foreigners in the Czech Republic (326/1999) and the Act on Local Fees (565/1990). According to these legal regulations, the Hotel is obliged to keep personal data about customers for a period of 6 years.
- The customer has the right to ask the Hotel for an overview of his personal data at any time. This information is stored in (i) the guest card in the hotel system, (ii) the house book and (iii) the record book, which are stored in printed form in a locked room. In case of a request to delete personal data, the hotel deletes the guest card and shreds the house and registration book. However, the Hotel must comply with the above laws. The listed personal data can be deleted only after the expiration of the legal period.
Technical and organizational security of personal data protection
- The hotel undertakes to technically and organisationally ensure the protection of the processed personal data so that unauthorized or accidental access to the data, their change, destruction or loss, unauthorized transfers, their other unauthorized processing, as well as other misuse, cannot occur. All obligations of the personal data controller arising from legal regulations, in particular the Regulation, are ensured in terms of personnel and organization for the duration of data processing.
- The hotel undertakes that the processing of data will be ensured in particular in the following way:
- personal data will be accessed only by authorized persons of the Hotel, who will have set the conditions and scope of data processing by the Hotel and each such person will access personal data under his unique identifier;
- personal data will be processed on the premises of the Hotel, to which only authorized persons or its suppliers (subcontractors), bound by the same obligations, will have access;
- The Hotel will prevent the unauthorized reading, creation, copying, transmission, modification or deletion of records containing personal data;
- take measures to identify and verify to whom personal data have been transferred, before they have been processed, amended or deleted.
- The Hotel undertakes, through its own internal regulations or special contractual arrangements, to ensure that its employees and other persons who will process personal data will do so only under the conditions and to the extent specified by the Hotel and in accordance with the Hotel’s instructions. In particular, it will itself (and obligatorily impose on these persons) confidentiality of personal data and security measures, the disclosure of which would jeopardize the security of personal data, even after the termination of employment or relevant work at the Hotel.
- The hotel uses a camera system to prevent the protection of its customers, its own and their property. The hotel declares that the records are not processed in any way, nor do they provide them to third parties or entities.
Date of last update: 12.6.2018