The operator AXLE EUROPE s.r.o. processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Data Protection Regulation GDPR.
1. Legal grounds for processing ordinary personal data without the guest’s consent
The legal grounds for the processing of ordinary personal data are: contract, law, vital interest, e.g. extreme emergency, public interest and legitimate interest of the controller. The guest acknowledges that the accommodation provider has the right to request and process the guest’s personal data to the extent required by law, without the guest’s consent, in accordance with Act No. 326/1999 Coll. and the related amendment of 18.12.2015 Act No. 314/2015 The accommodation provider must keep a register of the stay of foreigners in which it records the personal data of foreign guests in the following scope: name, surname, date of birth, citizenship, ID card or passport number, visa number if indicated in the travel document, start and end of accommodation, purpose of stay, address of permanent residence abroad, address of residence in the Czech Republic if the foreigner has it, signature on the prescribed registration form A6 ŘSCP No. 4/2015. In accordance with Act No. 565/1990 Coll. on Local Fees, the accommodation provider must keep a registration book in which it records the personal data of guests in the following scope: name, surname, address of permanent residence or permanent residence abroad, start and end of accommodation, purpose of stay, ID card or travel document number of the guest. Any other more specific data beyond this scope, such as specification of the purpose of stay other than the statutory term “treatment or recreation” or date of birth and birth number of the accommodated person, neither the accommodation provider nor the municipal authority can enter it in the registration book without the guest’s consent. The accommodation provider is obliged to keep the aforementioned data for a period of six years on the basis of legal grounds. The accommodation provider is obliged to provide the guest with information about the data it holds about him/her upon request, and only after the identity of the person concerned has been proven. The accommodation provider never communicates information by telephone or e-mail. In case the guest proves his/her identity, it is possible to send the information by post with a delivery note in his/her own hands or to a data box. The guest further acknowledges that the accommodation provider may, without the guest’s consent, process personal data that he/she necessarily needs to communicate with the guest and to conclude and perform the contract, whereby the legitimate interest of the accommodation provider’s administrator is considered to be an inquiry where the accommodation provider needs the guest’s necessary data, such as e-mail address and telephone number, to communicate with the guest. This involves the processing of data necessary for communication leading to the conclusion of a contract, whereby a bindingly confirmed reservation and the fact that the guest has checked in is considered a contract. The guest further acknowledges that if the accommodation provider has a contract with the guest, i.e. the guest has checked in and the accommodation provider has therefore provided a service to the guest, direct marketing in the form of sending commercial communications is also considered a legitimate interest of the data controller. Therefore, the accommodation provider does not need the consent of the guest to whom it has provided the service to send commercial communications. However, the accommodation provider is obliged to allow the guest to unsubscribe from receiving commercial e-mail communications at any time. In all other cases, except for the legal reasons mentioned above, the accommodation provider is obliged to request consent for the processing of ordinary personal data.
2. Legal grounds for processing sensitive personal data without the guest’s consent
The guest acknowledges that the accommodation provider is entitled to process sensitive personal data without his/her consent only if he/she informs the accommodation provider himself/herself, e.g. he/she informs the hotel of his/her request for a diet, for a wheelchair accessible room, he/she informs that he/she has a specific allergy, requires a special diet, is on crutches, needs a lift, etc. In this case, the hotel has a legitimate interest in ensuring that the guest’s stay takes place according to his/her wishes and may process the sensitive personal data in order to conclude the contract. The above-mentioned sensitive personal data may also be provided to the accommodation provider by the group leader who represents the guests in the group and to whom the information has been provided by the person concerned, even in this case the accommodation provider does not need the guest’s consent for processing. However, upon the guest’s departure, the accommodation provider is obliged to delete such sensitive personal data without delay, unless the guest has given his/her express and voluntary written consent to the storage of his/her sensitive data.
3. Information obligation of the accommodation provider
It is the duty of the administrator of the CCTV system to inform all affected persons who occasionally enter the premises of the fact that the premises are being monitored. Information about the location of the CCTV system is in writing and is placed in a visible place before entering the premises or area being monitored.
The information includes a pictogram of the camera, the fact that the property is monitored by the camera system, the name of the administrator and a link to the place where further information can be obtained. The accommodation provider hereby informs the guest that the purpose of monitoring by the camera system is to protect the property and safety of clients and employees and to perform their work duties. The guest acknowledges that he/she is a person who enters the property occasionally and therefore irregularly, therefore the accommodation provider does not require the guest’s consent to process personal data. Camera footage is kept by the manager for a maximum of fourteen days from the date of recording, due to the length of stays and to ensure the protection of property and the safety of guests during their stay. Cameras are only placed in certain common areas outside and inside the hotel and in no way invade the personal privacy of the guest.
4. Obligation of the accommodation provider, rights of the guest
It is the accommodation provider’s obligation to allow guests to consult the accommodation facility’s guidelines and to provide the guest with information on how his/her personal data is handled, in particular where the personal data is stored, who has access to it, how it is processed and how it is protected. The guest has the right to access his/her personal data processed by the accommodation provider, the right to request its correction, restriction of processing or deletion (with the exception of the aforementioned legal grounds and time limits for deletion), or the right to object to processing. If the guest believes that his/her personal data is being processed unlawfully, he/she may lodge a complaint with the supervisory authority, which for the territory of the Czech Republic is the Office for Personal Data Protection ( www.uoou.cz ).
CHALUPA VÁPENKA
Vápenka 43
Stárkov 549 31
Czech republic
tel. +420 704 78 78 73
info@chalupa-vapenka.cz
Operator AXLE EUROPE s.r.o.
130 00 Praha 3
IČO: 27473155
Contacts
info@axle.cz
+420 724969700