As part of the new legislation of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in connection with the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) valid throughout the EU, the terms of personal data protection have been modified. Fundamental adjustments to our system were not necessary, as we have been following all the rules based on the GDPR from the beginning. However, we have recently published detailed information on how we handle customers’ private data.

Basic provision
The administrator of personal data according to Article 4 point 7 of the GDPR is Jan Novák with registered office at Školní 480, Otnice ZIP code 683 54, ID number: 65286740 (hereinafter: “administrator”).

The administrator’s contact details are
address:
Otnice, Školní 480
email: jan-novak@volny.cz
Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example a name, identification number, location data, network identifier or to one or more special elements of physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
The administrator processes personal data to the extent of:

• name and surname,
• e-mail,
• phone

The administrator is not obliged to appoint a personal data protection officer.
Sources and categories of processed personal data
The administrator processes personal data provided by the customer or personal data obtained by the administrator based on the performance of the contract.
Legal reason, purpose and period of personal data processing
The legal reason for processing personal data is
Fulfillment of the contract between the customer and the administrator according to Article 6 paragraph 1 letter b) GDPR
The processing is necessary for the purpose of fulfilling the contract or for the purpose of implementing measures taken before the conclusion of the contract. Processing for the purpose of fulfilling the contract and the fulfillment of legal obligations cannot be refused. For this purpose, personal data may be processed for the duration of the contractual relationship.

Accounting – legal obligation

If you are a customer, the administrator processes your personal data (invoicing data listed on the invoice) which is necessary to comply with the legal obligation to issue and register tax documents. Processing for the purpose of fulfilling the contract and the fulfillment of legal obligations cannot be refused. These personal data are processed for the duration of the obligation to keep tax and accounting documents according to the relevant legal regulations.

The legal reason for processing personal data for this purpose is Article 6 paragraph 1 letter c) GDPR – processing is necessary to fulfill a legal obligation that applies to the controller.

For this purpose, personal data may be processed for the period specified by law.

Sending business messages and doing other marketing activities based on:
The administrator’s legitimate interest in providing direct marketing (especially for sending commercial messages and newsletters) according to Article 6, paragraph 1 letter f) GDPR
We use personal data (name, surname and e-mail) for the purpose of direct marketing – sending business messages. If you are our customer, we do so out of legitimate interest, as we reasonably assume that you are interested in our news, for a period of 5 years from the last contact.

• I consent to the processing for the purpose of providing direct marketing

(especially for sending commercial messages and newsletters) according to Article 6 paragraph 1 letter a) GDPR in connection with § 7 paragraph 2 of Act No. 480/2004 Coll., on certain information society services in the event that no goods or services have been ordered. If you are not our customer, we only send you newsletters based on your consent, for a period of 5 years from the date of granting. In both cases, you can withdraw this consent by using the unsubscribe link in each email sent.

The administrator does not make automatic individual decisions in the sense of Article 22 of the GDPR.
After the personal data retention period has expired, the administrator deletes the personal data.
Recipients of personal data (controller’s subcontractors)
Other persons who are in the position of processors help us to ensure some of our contractual or legal obligations. These are persons:
participating in the delivery of goods / services / realization of payments based on the contract,
providing reservation system and website operation services,
providing marketing services,
providing accounting services.
Personal data will also be made available to the relevant administrative authorities, if the law imposes such an obligation on us (i.e. in particular in the case of an inspection, during which the given authority is authorized to require the submission of personal data).

Customer rights
Under the conditions set out in the GDPR, customers have:
The right to access your personal data according to Article 15 GDPR

On the basis of a request from the customer, the administrator documents what personal data of the customer it processes and why.

The right to correct personal data according to Article 16 of the GDPR, or restrict processing according to Article 18 of the GDPR.

If the customer changes or finds his personal data out of date or incomplete, he has the right to request a change, correction or addition of his personal data.

The right to erasure of personal data according to Article 17 GDPR.

Another right is the right to erasure (to be forgotten). At the administrator’s request, we will delete all your personal data from our system and from the system of all sub-processors, if there is no legal obligation to process personal data (e.g. for the purposes of recording issued tax documents for a period set by law).

The right to object to processing according to Article 21 of the GDPR

If the customer believes that the administrator is processing his inaccurate data or that the processing is illegal, he can use this right. In that case, the administrator will limit the processing without delay until the objection is resolved. The scope of personal data or processing purposes can be limited. (e.g. by unsubscribing from the newsletter, you limit the purpose of processing for sending commercial communications.)

The right to data portability according to Article 20 GDPR

The customer also has the right to transfer processed information in a structured and machine-readable format.

The right to withdraw consent to processing

And that in writing or electronically to the address or email address of the manager listed in Article I point 1 of these terms and conditions.

Furthermore, customers have the right to file a complaint with the Office for Personal Data Protection if they believe that the right to personal data protection has been violated. (address Pplk. Sochora 27, 170 00 Prague 7, Tel.: 234 665 125, data box ID: qkbaa2n, e-mail: posta@uoou.cz)
Unsubscribing from newsletters and business communications
You can unsubscribe from commercial communications by clicking on the unsubscribe link in each email sent.
Terms of security of personal data
The administrator declares that he has taken all appropriate technical and organizational measures to secure personal data.
The administrator has taken technical measures to secure data stores, in particular password security, antivirus programs, encryption, regular backups, and storage of personal data in paper form by storing in a lockable space.
The administrator declares that only authorized persons have access to personal data.

Final Provisions
By submitting an order from the online order form, the customer confirms that he has familiarized himself with the terms of personal data protection and that he accepts them in their entirety.
The administrator is authorized to change these conditions. It will publish the new version of the personal data protection conditions on its website and at the same time send you the new version of these conditions to your e-mail address, which you have provided to the administrator.

These terms and conditions take effect on March 1, 2021.