These Principles for Protecting Personal Data (hereinafter the “Principles”) inform data subjects (hereinafter the “User”), whose personal data are processed by Bakal spol. s r.o. with its registered office at Nábř.L.Svobody Botel Albatros, Prague 1, CRN: 25677136, (hereinafter the “Controller”), about all data processing activities and the principles for protecting the privacy of Users when providing services by Bakal spol. s r.o. with its registered office at Nábř.L.Svobody Botel Albatros, Prague 1, CRN: 25677136, (hereinafter the “Controller”), including providing services on the basis of a contact at www.botelalbatros.cz (hereinafter the “Website”).

1. Responsible Persons

Controller of personal data:

Bakal spol. s r.o. with its registered office at Nábř.L.Svobody Botel Albatros, Prague 1, CRN: 25677136.

Contacts for exercising rights: Telephone: +420 224 810 547, E-mail: info@botelalbatros.cz.

2. Basic Terms

GDPR:

Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC effective from 25.5.2018 (hereinafter the “GDPR”).

Personal data:

Pursuant to the GDPR, all information about an identified or identifiable natural person.

Special categories of personal data:

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Data subject (User):

An identified or identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing personal data:

Pursuant to Article 4 (2) of the GDPR processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller:

Pursuant to Article 4 (7) of the GDPR the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor:

Pursuant to Article 4 (8) of the GDPR a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Supervisory Authority:

The Office for Personal Data Protection (hereinafter the “OPDP”).

Risky Processing:

Processing that is likely to pose a risk to the rights and freedoms of data subjects, the processing is not occasional or involves the processing of special categories of personal data or personal data relating to the criminal convictions and offenses referred to in Article 10 of the GDPR

Automated individual decision making incl. profiling:

Any form of decision making based on automated processing of personal data, i.e. without human intervention, consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

3. Legal Basis for Processing

The User consents to the processing of personal data for purposes of:

Collecting data about potential Users, contacting them for marketing or business communications and sending business and marketing messages.

Implementing the rights and obligations of a Contract on the Provision and Delivery of Services, making a payment and fulfilling the contractual obligations of the Controller.

Thus the User consents to the processing of his/her personal data and being contacted by the Controller at the email address or telephone contact that the User fills out.

The User is aware that he/she is required to state his/her personal data correctly and truthfully. The User confirms that the data provided are accurate and that he/she has been informed that this concerns the voluntary provision of personal data.

Processing period

Personal data will be processed for a period of 10 years.

4. Recipients of Personal Data

The Controller is authorized to submit the User’s personal data to the following entities:

  • Botel Albatros employees
  • Other providers of processing software, services and applications but not currently used by the Controller.

5. Cookies

This concerns a short text file containing a specific character string with unique information about the User’s browser that is used to analyze data about traffic and use of the Website. Consent to the use of cookies can be given or not.

6. The Principles of Processing Personal data

Legality

A User's personal data is processed in accordance with the legislation in force, in particular the GDPR Regulation.

User consent

Personal data are processed only in the manner and to the extent that the User has given consent to, if processing is based on consent, otherwise on the basis of a Contract.

Minimizing and limiting the processing of Personal data

Personal data are only processed to the extent necessary to achieve the purpose of their processing and for a period no longer than is necessary to achieve the purpose of their processing.

Accuracy of the personal data processed

Personal data are processed with an emphasis on their accuracy using the measures available.

Transparency

By means of these Principles and the contact person, the User has the opportunity to become acquainted with the manner in which personal data are processed, as well as their scope and content.

Purpose limitation

Personal data are processed only to the extent necessary for fulfilling the intended purpose and in accordance with that purpose.

Security

Personal data are processed in a manner that ensures their due security, including the use of suitable technical or organizational measures to protect them from unauthorized or unlawful processing and from accidental loss, destruction or damage.

7. Rights of the Data Subject

Right of Access

The right of access to the personal data means the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, what data it concerns and how it is being processed.

Right to Rectification

The right to rectification means the User shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. The User has the right to have incomplete personal data completed by the Controller at any time.

Right to Erasure

The right to the erasure of personal data is the Controller’s obligation to erase the personal data about the User being processed if the conditions specified in the GDPR are met and the User requests the Controller to do so.

Right of Restriction to Processing

The User has the right, in the cases specified by the Regulation, that the Controller restrict the processing of the User’s personal data.

Right to Object

The User has the right to object at any time to processing based on the legitimate interests of the Controller, a third party or it is necessary for the performance of a task carried out for reasons of public interest or during the exercise of public authority.

Right to Data Portability

The right to data portability gives the User the ability to obtain personal data provided by the Controller in a commonly used and machine-readable format. This data may then be passed on to another Controller or, if technically possible, a request may be made that it be transmitted from one Controller to another.

Right to Withdraw Consent

According to the GDPR, the User has the right to withdraw consent to the processing of his or her personal data at any time. This right does not apply in the case of a Contract because the User’s personal data are processed for the performance of the Contract, not on the basis of consent to processing.

Right to Lodge a Complaint

In the event of dissatisfaction with the processing of his or her personal data by the Controller, the User has the right to lodge a complaint directly with the Controller or to turn to the Office for Personal Data Protection.

Information on the User’s rights

The website of the Office for Personal Data Protection: https://www.uoou.cz/6-prava-subjektu-udaj/d-27276

These Principles for Protecting Personal Data come into force on 25. 5. 2018.