Personal Data Processing Agreement

Dear guest,

Thank you for choosing Apartment 1504 in Moser Residence for your upcoming stay.

In order to contact you and/or prepare a tailor-made quotation for you, or to enable you to book and pay for your stay online, we need your personal data to the extent strictly necessary.

The accommodation owner Kateřina Vráželová, Spojařská 747, 250 67 Klecany, ID: 17279551 (hereinafter also referred to as "the Administrator" or "Company"), in accordance with Act No. 101/2000 Coll., on the Protection of Personal Data, as amended (hereinafter referred to as the "Personal Data Protection Act"), shall process your personal data that you fill in the "contact form" on apartmanrezidencemoser.cz, or in the "online reservation form" on the apartmanrezidencemoser.cz/rezervace/ website (hereinafter referred to as the "Contact Form"), or in other forms on the apartmanrezidencemoser.cz website.

For what purposes do we process the data

Your personal data shall be processed for the purposes of responding to your request to contact you about the Moser Residence Apartment, establishing communication and enabling you to book and pay for your accommodation.

Your personal data shall be processed for the above purposes until the conclusion of the short-term accommodation contract or utilisation of services offered to you by the Company. If the contract is not concluded, your data will be deleted in a timely manner, at the latest within six months from the submission of the Form to the Company. If a contract is entered into, you shall receive detailed information in due course on how your personal data shall be processed in the performance of such contract.

Who will process your data

The Controller of the (personal) data is the Administrator. The data protection regulation allows the Controller to entrust the processing of personal data to the Processor. A personal data processor is a user who processes personal data on the basis of a specific law or a mandate or authorisation by the Controller. No other processor shall process your data until a Contract between you and the Company has been concluded.

How long do we retain your personal data

We process your (personal) data for the duration of our communication with you, but no longer than for the following 12 months from the end of the communication with you.

How do we process the data 

We process the data only for the time and to the extent necessary. As a rule, we extend the access to the data only to selected representatives of the administrator (i.e. the owner) – the owner or the landlord.

Personal data is technically protected against unwanted data leakage. The hosting server with the data is located in the Company's office in Klecany, Central Bohemian Region. The server is securely located in a separate room. Access to the server is carried out through authentication, i.e. the user and an encrypted password. Access to the server is externally restricted by the rights of the user and the firewall of the server. Access to files is possible via FTP and SSH with authentication, i.e. user and encrypted password. Access to FTP and SSH server is protected against dictionary attacks and guarded by a firewall.

Personal data shall be processed manually and automatically to the extent that they were provided. The owner of the website is obliged to protect personal data in a manner equal to or better than required by law. Users' personal data will be stored securely in electronic or paper form. If some of your data is stored in paper form, which will be rather an exception, it will be stored in a safe, while only the owner's executive and possibly one person designated by the executive will have access to this data. Personal data stored in paper form will be stored and processed under similar conditions as electronic data. Check and the shredding of paper carriers of personal data will take place twice a year.

What are your legal rights during processing of your personal data

Each user has the following rights during processing of his or her information:

1. Access to personal data – Access to personal data means the user's right to obtain information (confirmation) from the administrator on the basis of his active request whether or not his personal data are being processed. If they are processed, the user has the right to obtain these personal data and at the same time has the right to obtain information related to the processed data.
2. The right to rectification of personal data – the user has the right to rectification of his personal data concerning him.
3. The right to erasure of personal data
   – The Controller (owner) is obliged to delete any personal data if at least one of the following condition is met:
   • the personal data are no longer needed for the purposes for which they were collected or otherwise processed,
   • the user withdraws the consent (if consent was required for the processing) and there is no other legal reason for the processing,
   • the user objects to the processing and there are no overriding legitimate grounds for the processing to happen,
   • the personal data has been processed unlawfully,
   • personal data must be deleted in order to comply with a legal obligation,
   • the personal data were collected in connection with the offer of information society services. However, the right to erasure shall not apply where the processing is necessary for compliance with a legal obligation, for the establishment, exercise or defense of legal claims and in other cases laid down in the GDPR.
4. The right to data portability – The principle of the right to data porability is that under certain conditions, the user is entitled to obtain personal data concerning him or her that he or she has provided to the Controller and transfer those to another Controller.
5. The right to object to processing – The user has the right to object to the processing of personal data at any time with regards to his or her particular situation. The Controller shall no longer process personal data unless it can offer compelling legitimate grounds which would override the interests, rights and freedoms of the user, or needs to establish, exercise or defend legal claims. Users have the right to contact the Data Protection Authority (www.uoou.cz) with a suggestion or complaint if the data controlloer or processor fails to comply with a request to remedy a deficiency. However, the Authority may be contacted even without sufficient grounds directly at any time.
6. The right not to be subject to any decision based solely on automated decision-making – This right ensures the user that they will not be subject to a decision based solely on automated processing, subject to possible exceptions. Automated decision-making is not considered to be a situation where the user does not formally meet the requirements set by the Platform.

The above policy comes into effect from June 1, 2022.