In compliance with Regulation (EU) 2016/679 of the European Parliament and the Council dated 27 April 2016, pertaining to the protection of natural persons concerning the processing of personal data and the free movement of such data, and the repeal of Directive 95/46/EC (referred to as the General Data Protection Regulation or ‘GDPR’), hereinafter simply denoted as ‘GDPR,’ this document provides essential information regarding the processing of your personal data by MITTRADE, s.r.o. The company, identified by registration number 27109755 and situated at Na pÅ™ÃkopÄ› 857/18, NovÃ© MÄ›sto, Prague 1, is henceforth referred to as the ‘controller.’
1. What Information Do We Process?
In connection with your reservation (or stay without a reservation), we process your personal data within the following categories:
- Identification and Contact Information: Includes name, surname, permanent address, ID card number, or equivalent document, and optionally, email address, and telephone number.
- For Self-Employed Individuals: Details about the self-employed person, business address, company registration number, tax identification number, and information about VAT payer status.
- For Non-Self-Employed Individuals on Business Trips: Information regarding the organization responsible for the reservation or payment.
- Purpose of Stay: Information about the purpose of the stay or confirmation of exemption from the recreational stay fee.
- Stay Details and Utilized Services: Includes specifics about your stay, services used, and payment details such as amount and method (for non-cash payments, bank account number, or credit card information).
- For Foreign Nationals: In addition to the above, details like date of birth, nationality, passport number, visa number, and permanent address abroad are also collected.
2. What is the basis and purpose behind the processing of your personal data?
Processing necessary for the fulfillment of legal obligations
The provision and processing of all the aforementioned personal data, with the exception of email address and telephone number, are essential for the purpose of fulfilling our legal obligations, particularly those arising from the Local Fees Act and the Act on the Stay of Foreigners in the territory of the Republic of Croatia
Processing necessary for the fulfillment of a contractual relationship
Primarily, we use your personal data to complete and manage your reservation, which is essential for us to provide you with this service. The processing of your identification details, information about your stay, the services provided, and the amount and method of their payment is necessary for the purpose of fulfilling the contractual relationship related to your stay. This includes ensuring orders and reservations, as well as the conclusion and execution of contracts related to the accommodation and related services offered and provided by us.
Without providing the above-mentioned information, we cannot offer our accommodation services to you.
Processing based on legitimate interest
We process your personal data, including your name, surname, email address, and information about your stay, based on our legitimate interest for the purposes of direct marketing. The sole purpose of this processing is to send you promotional communications, such as information about interesting news, discounts, etc., that are similar and related to the services you have already used with us.
You have the option to reject the sending of promotional communications in advance. In the case of receiving promotional communications, you can at any time raise an objection to the processing of your personal data for the purpose of sending promotional communications, and we will cease the distribution of such communications.
We also process personal data to the same extent for sending satisfaction surveys after your stay in our villas, with the aim of verifying your satisfaction with our services and continuously improving the quality of our services for you.
3. Source of Personal Data
The above-mentioned information is obtained either directly from you, in connection with the negotiation and conclusion of a contract for the provision of accommodation and catering services, or if someone else secured the reservation of our services for you (typically an employer in the case of business trips), we obtain your identification and contact details directly from that person. In the case of reservations made through booking portals, your identification and contact details are provided to us by the booking portal.
4. How long do we process your personal data?
We process your personal data for the duration of your stay in our villas. Subsequently, after its conclusion, we process only:
Data for which the obligation to process arises from relevant legal regulations, and only for the period necessary according to these regulations. (For example, accounting and tax documents that we issue to you also contain some of your personal data, such as name and surname, type of service provided, date of document issuance. We retain these documents only for the purpose of fulfilling obligations stipulated by relevant accounting and tax regulations, for the period prescribed by these regulations, but not exceeding 10 years).
Your name, surname, email address, and information about your stay for the purposes of direct marketing by Buqez (sending information about interesting news, discounts on our services, etc.) and for sending satisfaction surveys.”
5. To whom do we disclose or transfer your personal data?
Sharing with Third Parties
We provide access to your personal data to public authorities, where the obligation to transfer data arises from valid and effective legal regulations (this is typically the case for data processed under the Local Fees Act or the Act on the Stay of Foreigners in the territory of the Republic of Croatia).
For the purpose of ensuring certain support services (such as sending marketing communications, improving communication and segmenting offers, processing cookies), we utilize the services of processors. This processing is always conducted exclusively for our company and based on our instructions. We ensure the selection of processors based on their credibility and the quality of services, including the security of processed personal data. Processing is only possible based on a contract concluded between the controller and the processor, which obliges the processor to provide the same level of personal data protection as the controller. Our processors have their registered office and process personal data either in the Czech Republic or in another EU country.
6. How does the controller ensure the protection of personal data
All individuals who come into contact with personal data on our behalf are obligated to maintain confidentiality regarding the processed personal data and the security measures in place for their protection. This obligation persists even after the termination of their legal relationship with the controller.
7. Your rights according to applicable data protection legislation
Under the current legal regulations for the protection of personal data, you have the right to access your personal data that we process. This includes the right to obtain from the controller the following:
- Confirmation of whether the controller processes your personal data and access to this personal data.
- Information about the purposes of processing.
- Information about the categories of the personal data concerned.
- Information about the recipients or categories of recipients to whom the personal data will be disclosed.
- Information about the planned duration of storage or the criteria for determining this duration.
- Information about the existence of the right to request the rectification or erasure of personal data, or the restriction of their processing, or the right to object to such processing.
- Information about all available information regarding the source of personal data if it is not obtained from the data subject â€“ from you.
- Information about whether automated decision-making, including profiling, is taking place.
- In cases where the rights and freedoms of others will not be adversely affected, a copy of personal data.
Furthermore, you have the right:
- To rectify your personal data if they are incorrect, inaccurate, or incomplete in any way; the correction will be made by the controller considering technical possibilities.
- To request the erasure of personal data in cases specified by the GDPR, such as withdrawing consent to processing, objecting to processing, unlawful processing of personal data, when personal data are no longer necessary for the purposes for which they were processed, etc. This option does not apply when processing is necessary to fulfill a legal obligation and in some other cases specified by the GDPR;
- Request the restriction of the processing of personal data in cases foreseen by the GDPR.
- Data portability for the data you have provided to us and that we process automatically, based on your consent or the necessity of their processing for the fulfillment of a contract with you, or for the implementation of measures taken before the conclusion of a contract at your request. In such cases, we will allow you to obtain your personal data in a structured, commonly used, and machine-readable format, or, if technically feasible, we will directly transfer them to another controller designated by you.
- Object to the processing of your personal data based on the necessity of processing for legitimate interests, including processing for direct marketing purposes. If, in such a case, we do not demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or for establishing, exercising, or defending legal claims, we will not further process your personal data in that case.
- Withdraw your consent to the processing of personal data at any time by sending an explicit statement to our address provided at the beginning of this notice or email address. The withdrawal of consent is effective upon delivery of such a statement to the controller. According to the GDPR, the legality of processing based on consent granted before its withdrawal is not affected by the withdrawal.
- Not be subject to any decision based solely on automated processing, including profiling, which has legal effects on you or significantly affects you in a similar manner, except in cases explicitly mentioned in the GDPR.
- In addition to the above, if you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection with its registered office at Pplk. Sochora 27, 170 00 Prague 7.