Privacy protection rules

PRIVACY PROTECTION RULES

for the website www.lovemaltabookings.com („Website“) operated by Jan Herzán, ID No.: 03495850 place of business Pod Svahem 1520/14, 14700 Prague 4 – Braník („Controller“), who is the controller of personal data in accordance with Art. 4 point 7 of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of the personal data and on the free movement of such data („GDPR”).

  1. introductory provisions
    1. These Privacy Protection Rules („Rules“) inform on the on the way and extent of the processing of personal data, incl. the rights of data subjects personal data of which is processed by the Controller.
    2. The Controller processes only accurate personal data acquired in accordance with GDPR, whereas this personal data is collected and processes solely in accordance with the Rules. The Controller processes personal data of the data subjects in lawful and transparent manner while minimizing the personal data to the minimal extent necessary for fulfilling the given purpose of their processing.
  2. sources and categories of personal data
    1. The Controller processes solely personal data acquired from data subjects (customers) through the Website, namely by:
  1. filling the registration form as a client interested in finding an accommodation;
  2. filling the registration form as a client offering an accommodation;
  3. filling the form for inquiring an accommodation through the Website; and
  4. filling an e-mail address into the field requesting a newsletter (commercial message) from the Controller.
    1. The Controller processes the following personal data of data subjects – persons interested in accommodation:
  1. name;
  2. surname;
  3. phone number;
  4. e-mail address;
  5. sex; and
  6. date of birth.
    1. The Controller processes the following personal data of data subjects – offerors of accommodation:
  1. name;
  2. surname;
  3. phone number;
  4. e-mail address; and
  5. address/location of the accommodation.
  1. lawfulness and purposes of processing
    1. The Controller processes personal data for the following lawful reasons:
  1. performance of a contract in accordance with Art. 6 Par. 1 lett. b) GDPR;
  2. legitimate interests of the Controller in accordance with Art.  6 Par. 1 lett. f) GDPR (direct marketing);
  3. consent of the data subjects in accordance with Art. 6 Par. 1 Lett. a) GDPR and Section 7 Par. 2 of the Act no. 480/2004 Coll., on certain information society services, as amended („Act on certain information society services“); and
  4. compliance with legal obligation in accordance with Art. 6 Par. 1 lett. c) GDPR.
    1. The Controller processes personal data for the following purposes:
  1. maintaining a user account – the following data is required: (i) name, (ii) surname, (iii) phone number, and (iv) e-mail address;
  2. mediation of accommodation – personal data mentioned in Art. 2.2 of the Rules are required in order to fill a form provided to the offeror of accommodation to mediate an accommodation;
  3. sending newsletters (commercial messages) – e-mail address is required in order to send newsletters (commercial messages); and
  4. keeping records by the Controller – personal data in accordance with Art. 2.2 and 2.3 of the Rules in order to ensure future possible application of rights and obligations.
  1. record-keeping period (retention time)
    1. The Controller is keeping the personal data processed for purposes stated in the Art 3.2 (i), (ii) and (iv) of the Rules for the period of ten (10) years since realization (finishing) the last part of the contractual relationship, provided applicable legislature does not state  a longer period of time.
    2. The Controller keeps the personal data processed for the purposes stated in the Art. 3.2 (iii) of the Rules for an indefinite period until it will be revoked or the newsletter will be unsubscribed.
    3. Following the end of the record-keeping period (retention time), the personal data is destroyed by the Controller.
  2. processor
    1. The following processers process personal data on behalf of the Controller:
  1. providers of accommodation that posted their offers on the Web;
  2. providers of services allowing the operation and functionality of the Website;
  3. provider of cloud storage Active24.cz
  4. provider of e-mail services Active24.cz
  5. provider of mailing services (sending of newsletters) active24.cz, mailchimp.com
    1. Personal data will be not transferred to a third country outside of EU or to international organizations.
  1. security of personal data
    1. The Controller declares that he undertook all the necessary technical, organizational and security measures on order to duly secure the personal data with respect to their confidentiality, integrity and accessibility.
    2. Only persons authorized by the Controller have access to the personal data.
  2. commercial message
    1. The Controller is entitled to send news and other commercial messages relating to the Website and to services of the Controller to e-mail addresses of customers registered through the Website and to the data subject that consented with receiving a newsletter through he Website. Sending of commercial messages is regulated by the Section 7 Par. 3 of the Act on certain information society services. Data subject is entitled to reject the reception of any further commercial messages – e.g. by clicking an unsubscribe button embodied into the commercial message.
  3. you rights
    1. Remember that you have the following rights:
  1. Right of access to your personal data (Art. 15 GDPR);
  2. Right on rectification of your personal data (Art. 16 GDPR);
  3. Right to have your personal data erased (Art. 17 GDPR);
  4. Right to restrict the processing of your personal data (Art. 18 GDPR);
  5. Right to data portability (Art. 20 GDPR); and
  6. Right to object against the processing of your personal data (Art. 21 GDPR).
    1. In case of a request for personal data erasure, user account of the given data subject will have to be erased, whereas the request will be granted only if the Controller’s interest shall not prevail over the interests of the given data subject.
    2. You have also the right to revoke your consent (should it be the lawful reason for processing) with processing of your personal data at any given time in writing or electronically on the e-mail address of the Controller.
    3. Should you have any reasonable doubt about compliance of the Controller to duly process your personal data, you can file a complaint to the Office for Personal Data Protection. Eventually, you can file a court motion to the competent court.
  1. Cookies
    1. The Website is using cookies as a way of collecting behavioural data on its visitors. The Website simultaneously allows to view it in a mode without monitoring the behaviour of its visitors. This mode can be allowed within the settings of the given web browser or by filing a complaint according to Art. 21 GDPR to the e-mail address of the Controller. In case of blocking certain cookies, the Website may not work properly.
    2. Cookies for ads targeting are processed on the basis of your consent. Such consent is given for the period stated below and can be revoked at any time by changing the settings of your web browser.
    3. Cookies are processed on behalf of the Controller by the following processors:
  1. Google Inc., with its seat at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as a provider of Google Analytics. The collected cookies data are subsequently processed by the company Google Inc. in accordance with its privacy policy available at https://www.google.com/intl/cs/policies/privacy/#nosharing.
  2. Facebook Inc., with its seat at 1601 Willow Road, Menlo Park, CA 94025, USA, as a provider of Facebook Pixel. The collected cookies data are subsequently processed by the company Facebook Inc. in accordance with its privacy policy available at https://www.facebook.com/full_data_use_policy.
    1. The Controller uses the following cookies on the Website:
Cookie type Purpose More information
Visitor ID Cookie An anonymous identifier used to recognise a visitor across visits. It may be used to identify repeat visits and analyse cross visit behaviour.
Tracking Cookie An account related ID used to recognise customers and maintain your session on site. It may be used to link site usage information with transactional information when analysing and optimising the user experience.
Customisation Cookie Used to customise your experience A unique ID used to recognise you as a returning visitor and customise your experience on our Websites.
Testing Cookies Anonymous cookie used to randomly serve variants of content and to maintain a visitor’s view of that content. It may also be used to record a variants performance in achieving goals such as helping visitors to register.
Analytics Cookies These are used to collect information about how visitors use our Websites. We use the information to compile reports and to help us improve the Websites. The cookies collect information in an anonymous form, including the number of visitors to the Websites, where visitors have come to the Websites from and the pages they visited.
Advertising Cookies These are anonymous identifiers used to serve ads of third parties. The cookies allow us to advertise to you on third party websites.

 

  1. closing provisions
    1. By submitting the registration on the Website (creating a user account) you confirm having read the Rules and that you do not have any objections to its content.
    2. In case of giving consent to receive a newsletter by filling your e-mail address into the given box on the Website, you confirm having read the Rules and that you do not have any objections to its content.
    3. The Rules can be subject to a one-sided change by the Controller. The most current version of the Rules will be available on the Website. Data subject will be informed on changes of the Rules by means of an e-mail message.

 

Rules are come into effect as of 1.7.2018