Data Manager: Alfons Group s.r.o. with its registered office at Legerova 41, 120 00 Praha 2, which operates the Hotel Alfons at the same address (“Hotel”)
Customer: a natural or legal person using the services of the operator
Regulation: Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016, General Regulation on the protection of personal data
- The subject of these terms and conditions is to ensure the processing of personal data of the customers obtained in the course of the Hotel’s business activities, as well as the establishment of the obligation to keep confidential the information obtained, to the extent and under the conditions stipulated by these conditions.
- The hotel complies with these terms and conditions to process customer personal information. These conditions are embodied in the scope of the rights and obligations that arise from the applicable legislation in the processing of personal data under the preceding paragraph, in particular Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Regulation on the protection of personal data (“the Regulation”).
Rights, duties and confidentiality
- The hotel undertakes to take such technical, personnel and other measures as may be necessary to prevent unauthorized or accidental access to personal data, alteration, destruction or loss, unauthorized transmissions, any other unauthorized processing or other misuse of personal data.
- In connection with the provision of accommodation services, the Hotel is obliged to process the personal data of the guests. These data are mainly processed by:
- the hotel reception
- Hotel Manager
- Restaurant staff
- Marketing consultant
- The above mentioned users were informed about the sensitivity of all personal data. With personal information, guests only use the services provided by the hotel. The hotel or staff will not transfer personal data of guests to any other entities. Guests’personal data are further processed by:
- hotel Previo system
- Terms of processing and handling of personal data of guests are regulated in the processing agreement between the hotel and the respective processor.
- The Commissioner is the hotel manager Jiří Hlávka (firstname.lastname@example.org). The hotel has provided the Commissioner with the required training necessary for carrying out the duties of the Commissioner in accordance with the Regulation.
- The hotel has the legal obligation to keep certain personal data about its guests, especially name, surname, date of birth, address and time of accommodation, number and type of document, visa, purpose of stay. This obligation is governed by the Act on the Residence of Foreigners in the Czech Republic (326/1999) and Act on Local Fees (565/1990). Under this legislation, the hotel is required to keep personal data about its customers for 6 years.
- The customer has the right to ask the hotel for a summary of their personal data at any time. This information is stored in (i) a guest card in the hotel system, (ii) a housebook, and (iii) a record book, which are all in stored in a printed form in a locked room. In the case of a request for deletion of personal information, the hotel will delete the guest card and will destroy the house and registration book. However, the hotel is obliged to keep to the above-mentioned laws. The personal data listed can only be deleted after the legal deadline.
- The hotel undertakes to provide technically and organizationally the protection of the processed personal data in such a way that unauthorized or accidental access to the data, its alteration, destruction or loss, unauthorized transfer, any other unauthorized processing, as well as other misuse may occur and that the personal data are personally and organizational continuously secured throughout the processing of these data by the Commissioner, resulting from the legislation, in particular the Regulation.
- The hotel undertakes that the processing of the data will be ensured in particular as follows:
- personal data will only be accessible to authorized hotel guests who will have the terms and extent of the data processed by the Hotel and any such person will access personal data under its unique identifier;
- personal data will be processed on the premises of the Hotel, to which only authorized persons or their suppliers (subcontractors) will have access, bound by the same obligations;
- The hotel will prevent unauthorized reading, creating, copying, transferring, editing or deleting records containing personal information;
- shall take measures to identify and verify to whom the personal data were transmitted, processed, altered or deleted.
- The hotel undertakes, by means of its own internal regulations or special contractual arrangements, to ensure that its employees and other persons processing the personal data will do so only under the conditions and within the scope of the Hotel and the corresponding instructions of the Hotel. In particular, it will (and bindingly oblige those individuals) to maintain confidentiality about personal data and security measures the disclosure of which would jeopardize the security of personal data, even after termination of employment or related work at the Hotel.
- The hotel uses its camera system to prevent the protection of its customers, their and their property. The hotel declares that the records do not work in any way, it does not provide them to third parties or entities.
Technical and organizational security of personal data protection
Date of last update: 12.6.2018