GDPR

I. Basic Provisions

  1. The controller of personal data pursuant to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: GDPR”) is Hotels & Restaurants Krumlov s.r.o., ID No. 3453057, with registered office at Salvátorská 931/8, 110 00 Prague 1 (hereinafter: Controller”).
  2. The Administrator’s contact details are fb@restaurant-krumlov.cz.
  3. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 
  4. The controller has not appointed a data protection officer.

II. Lawful reason for processing personal data

  1. The lawful reason for processing personal data is 
    • the performance of a contract between you and the controller pursuant to Article 6(1)(b) of the GDPR (“Performance of the Contract”), 
    • the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR (“Legitimate Interest”), 
    • Your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services in the absence of an order for goods or services (hereinafter referred to as Consent”).
  2. The controller makes automatic individual decisions within the meaning of Article 22 GDPR. You have given your explicit consent to such processing. 

III. Purpose of processing, categories, sources and recipients of personal data

Legal reason Purpose Data Source of data Recipients of personal data (processors)
Performance of the contract Order processing and response to the inquiry sent via the contact form Personal data of clients (contant data, address) Gift voucher form, contact form Subcontractors, web hosting services, cloud storage, shipping companies
Legitimate interest Ensuring the correct functionality of the website Cookies (technical) Login to your user account Web hosting services, subcontractors
Legitimate interest Provision of direct marketing (especially for sending commercial communications and newsletters) Client contact details (email, name) Information from orders Mailing services, cloud storage, subcontractors
Legitimate interest Routine traffic analysis, server error detection and prevention of fraud and server attacks Third party cookies, web browsing data User movement on the site, display of page with error Google Analytics, web hosting services and possibly other analytical services
Consent Targeted advertising (retargeting) For a maximum of 13 months: third-party cookies, IP addresses, browser data and web browsing data  Displaying certain pages on the site Advertising platforms enabling retargeting (AdWords, Sklik, Meta)
Consent Obtaining demographic insights in traffic statistics Third party cookies, demographic data (age, gender, interests, purchase interest and other categories)  DoubleClick cookie, Android advertising ID, iOS ID for advertisers Google Analytics
Consent Marketing and web promotion Emails, names of potential customers, IP addresses and other technical identifiers Newsletter registration form Services for sending emails

IV. Data retention period

  1. Unless otherwise stated in the preceding paragraphs, the Controller shall store personal data 
    • for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims arising from this contractual relationship (for a period of 15 years from the termination of the contractual relationship). 
    • for as long as the consent to the processing of personal data for marketing purposes is withdrawn, if the personal data is processed on the basis of consent. 
  2. After the expiry of the retention period, the controller shall delete the personal data.

V. Cookies

  1. Cookies are text files containing small amounts of information that are downloaded to your device when you visit our website. Cookies are then sent back to the website or another website that recognises them on each subsequent visit. 

  2. Cookies perform a variety of tasks, such as enabling you to navigate between websites efficiently, remembering your preferences and generally improving the user experience. They can also ensure that the advertisements displayed online are better tailored to your personality and interests.

  3. We use the following cookies on the website: 
    • Necessary cookies: these are required for the operation of the website, for example, to allow you to log into secure areas of the site and other basic functionality of the site. This category of cookies cannot be disabled.
    • Analytical/​statistical cookies: these cookies allow us, for example, to recognise and track the number of visitors and to monitor how our visitors use the website. They help us to improve the way the site works, for example by enabling users to easily find what they are looking for. We only run these files with your prior consent.
    • Advertising cookies: these are used to track preferences and allow you to see advertising and other content that best matches your interests and online behaviour. We only run these cookies with your prior consent. 
  4. Please note that third parties (including, for example, external service providers) may also use cookies and/​or access data collected by cookies on the website.
  5. Information about cookies and the current list of cookies can be found via the individual web browsers, most often under Developer Tools.
  6. Consent can be expressed by means of a check box contained in the so-called cookie bar. You can subsequently refuse cookies in your browser settings or set to use only some of them.
  7. For more information on managing cookies in individual browsers, please visit the following links: 

VI. Recipients of personal data (subcontractors of the controller)

  1. The controller intends to transfer personal data to a third country (a country outside the EU) or an international organisation. The recipients of personal data in third countries are providers of mailing services, data and file storage, analytical tools and direct marketing services. 

VII. Your rights

  1. Under the terms of the GDPR, you have 
    • the right to access your personal data under Article 15 of the GDPR,
    • the right to rectification of personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR
    • the right to erasure of personal data pursuant to Article 17 GDPR,
    • the right to object to processing under Article 21 GDPR,
    • the right to data portability pursuant to Article 20 GDPR,
    • the right to withdraw consent to processing in writing or electronically to the address or email of the controller set out in Article III of these terms and conditions. 
  2. You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated. 

VIII. Personal data security conditions

  1. The controller declares that it has taken all appropriate technical and organisational measures to safeguard personal data. 
  2. The controller has taken technical measures to secure data storage and storage of personal data in paper form, in particular … 
  3. The controller declares that only persons authorised by it have access to the personal data.

IX. Final Provisions

  1. By submitting an order from the online order form or by filling in the enquiry form, you confirm that you are aware of the privacy policy and that you accept it in its entirety. 
  2. You agree to these terms and conditions by ticking the consent box via the online form. By ticking the consent box, you confirm that you are aware of the privacy policy and that you accept it in its entirety. 
  3. The administrator is entitled to change these conditions. It will publish the new version of the Privacy Policy on its website and will also send you a new version of the Privacy Policy to the email address you have provided to the Controller. 

These terms and conditions will take effect on 13.6.2024.