Personal Data Protection Policy

The personal data controller according to Art. 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: 'GDPR') is TO MĚ POSED s.r.o. ID: 19642491, with its registered office at Žerůvky 29, 779 00 Bystročice, registered in the Commercial Register kept by the Regional Court in Ostrava, Section C, Insert 93481 (hereinafter: 'controller').

The controller's contact details are: address: Žerůvky 29, 779 00 Bystročice e-mail: info@domkov.cz phone: +420 724 315 620

Personal data means any information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The controller has appointed a Data Protection Officer. The contact details are: Michal Chmelař, tel.: 724 315 620, e-mail: info@domkov.cz.

The controller processes personal data that you have provided or personal data that the controller has obtained based on the fulfillment of your order: name and surname date of birth e-mail address postal address phone number data necessarily related to the client's stay/order

The controller processes your identification and contact data and data necessary for the fulfillment of the contract.

The legal reason for processing personal data is fulfillment of the contract between you and the controller according to Art. 6(1)(b) GDPR, fulfillment of the controller's legal obligation according to Art. 6(1)(c) GDPR, legitimate interest of the controller in providing direct marketing according to Art. 6(1)(f) GDPR, your consent to processing for the purposes of direct marketing according to Art. 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services if no order for goods or services was placed.

The purpose of processing personal data is processing your order and exercising rights and obligations arising from the contractual relationship; personal data required for order processing (name, address, contact) is necessary for the contract, without it, the contract cannot be fulfilled, fulfillment of legal obligations to the state, sending commercial communications and other marketing activities.

The controller does/does not engage in automated individual decision-making within the meaning of Art. 22 GDPR. You have provided your explicit consent for such processing.

The controller stores personal data for the time necessary to exercise the rights and obligations arising from the contractual relationship and to assert claims from these relationships (for 15 years after the termination of the contract).

until the consent for marketing purposes is withdrawn, for a maximum of 5 years, if the data is processed based on consent.

After the retention period expires, the controller deletes the personal data.

Recipients of personal data are persons involved in the delivery of goods/services/payments based on a contract, providing marketing services.

The controller does not intend to transfer personal data to a third country (outside the EU) except for mailing/cloud service providers.

Processing is carried out by the controller, but these processors may also process data for them: EcoMail service provider Previo reservation system Global Payments gateway or other software/app providers not currently used by the controller.

Under the conditions set out in the GDPR, you have the right of access (Art. 15), the right to rectification (Art. 16) or restriction of processing (Art. 18), the right to erasure (Art. 17), the right to object (Art. 21), the right to data portability (Art. 20), the right to withdraw consent in writing or electronically to the address or e-mail of the controller.

Furthermore, you have the right to lodge a complaint with the Office for Personal Data Protection if you believe your rights have been violated.

The controller declares that they have taken all appropriate technical and organizational measures to secure personal data.

The controller has taken technical measures to secure data storage and paper storage, especially via passwords and file encryption.

The controller declares that only authorized persons have access to personal data.

By sending an order from the online form, you confirm you are familiar with and accept the privacy policy in its entirety.

You agree to these terms by checking the consent box in the internet form. By checking it, you confirm you are familiar with and accept the terms.

The controller is entitled to change these terms. The new version will be published on the website and sent to your e-mail address.