Terms and Conditions for the Processing of Personal Data ("Terms")

Terms in Use:

Data Controller:
Resort Aurum, Černý Důl 83, 543 44

Customer:
natural or legal person using the services of the Provider

Regulation:
Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation

General provisions

1.
The purpose of these terms and conditions is to ensure the processing of the personal data of the customers obtained in the course of the business activities of Resort Aurum, as well as to establish the obligation to maintain the confidentiality of such information obtained, to the extent and under the conditions set out in these terms and conditions.

2.
Resort Aurum undertakes to process the personal data of customers in accordance with these terms and conditions. These terms and conditions are made within the scope of the rights and obligations arising from the relevant legislation when processing personal data pursuant to the previous paragraph, in particular Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Data Protection Regulation ("the Regulation").

Rights, duties and confidentiality

1.
Resort Aurum undertakes to take such technical, personnel and other measures as may be necessary to prevent unauthorised or accidental access, alteration, destruction or loss of personal data, unauthorised disclosure, other unauthorised processing or other misuse of personal data.

2.
In connection with the provision of accommodation services, the Resort Aurum is obliged to process the personal data of the Guests. Such data shall be processed in particular by

  1. the hotel manager
  2. the accounting department
  3. The IT department
  4. Marketing Consultant

3.
The above mentioned users have been instructed about the sensitivity of personal data. They handle the personal data of the guests exclusively within the framework of the services provided by Resort Aurum. Neither Resort Aurum nor its employees pass on guests' personal data to other entities. Other processors of guests' personal data include

  1. Hotel system Agnis

4.
The conditions of processing and handling of the guests' personal data are regulated in the processing contract between the accommodation provider and the processor.

Customer Information

1.
Resort Aurum is legally obliged to keep certain personal data of its guests, in particual name, surname, date og birth, adress and period of accommodation, number and type of documents, visa, purpose of stay. This obligation is regulated by the Act on the Stay of Foreigners in the Czech Republic (326/1999) and the Act on Local Fees (565/1990). According to these laws, the hotel is obliged to keep the personal data of the customer for 6 years.

2.
In addition to the legal obligations, other personal data may be collected: camera footage, e-mail and mobile number for communication with the guest in case of online or e-mail reservations.

3.
The customer has the right at any time to ask the ubxtractor for an overview of his personal data. This information is stored in (also) the guest's card in the hotel's system.

Technical and organisational safeguards for the protection of personal data

1.
The Resort Aurum undertakes to ensure the technical and organisational protection of the processed personal data in such a way that unauthorised or accidental access, alteration, destruction or loss of data, unauthorised disclosure, other unauthorised processing or other misuse of data cannot occur and that all the obligations of the data controller arising from the legal provisions, in particular the Regulation, are ensured at all times during the processing of data by personnel and organisation.

2.
Resort Aurum undertakes to ensure that the processing of data is secured, in particular, in the following manner

  • only authorised persons of Resort Aurum, who have been informed of the conditions and scope of the data processing by Resort Aurum, will have access to the personal data, and each of these persons will access the personal data under their unique identifier;
  • personal data will be processed in the premises of Resort Aurum, to which only authorised persons or its contractors (subcontractors) bound by the same obligations will have access;
  • Resort Aurum will prevent the unauthorised reading, creation, copying, transmission, modification or deletion of records containing personal data;
  • take measures to identify and verify to whom personal data has been communicated, processed, modified or deleted.

3.
Resort Aurum undertakes, by means of its own internal regulations or specific contractual agreements, to ensure that its employees and other persons who process personal data only do so under the conditions and to the extent specified by Resort Aurum and in accordance with the instructions of Resort Aurum. In particular, he/she will himself/herself (and will also bind the aforementioned persons) to maintain the confidentiality of personal data and security measures, the disclosure of which would jeopardise the security of personal data, even after termination of the employment or relevant work with Resort Aurum.