GDPR

I.
Basic provisions

1. The personal data controller pursuant to Article 4(7) of Regulation
(EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data (hereinafter referred to as: “GDPR”) is JP-Tabák
s.ro, Nad Libří 354, 159 00 Prague 5 (hereinafter referred to as: “Controller”).
2. The contact details of the controller are: manager@hoteluledu.cz
3. Personal data means any information about an identified or
identifiable natural person; an identifiable natural person is a natural
person who can be identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural
person.
4. The controller has not appointed a data protection officer.

II.
Legal basis for processing personal data
1. The legal basis for processing personal data is the performance of a contract between you
and the controller pursuant to Article 6(1)(b) of the GDPR (hereinafter referred to as “Performance of
the Contract”), the legitimate interest of the controller in providing direct marketing
(in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(
f) of the GDPR (hereinafter referred to as “Legitimate Interest”), your consent to processing for the purposes of
providing direct marketing (in particular for sending commercial communications and
newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No.
480/2004 Coll., on certain information society services in the event that no
order for goods or services has been placed (hereinafter referred to as “Consent”).
2. The controller does not make any automatic individual decision-making
within the meaning of Article 22 of the GDPR. You have provided your explicit
consent to such processing.

III.
Purpose of processing, categories, sources and recipients of personal data

IV.
Data retention period
1. Unless otherwise stated in the previous points, the Administrator stores personal data
for the period necessary to exercise the rights and obligations arising from the contractual
relationship between you and the Administrator and to assert claims from these contractual relationships
(for a period of 15 years from the termination of the contractual relationship). for the period until the consent
to the processing of personal data for marketing purposes is revoked, if the personal data is
processed on the basis of consent.
2. After the expiry of the personal data retention period, the Administrator deletes the personal data.

V.
Cookies
1. If cookies are listed among the personal data in point III.,
the following rules apply to their processing.
Each user can set the rules for using or blocking cookies in their internet browser, thereby indicating
their consent to their processing.
2. If you object to the processing of technical cookies necessary for
the functioning of the website, the full functionality and compatibility of the website cannot be guaranteed in such a case
.

VI.
Recipients of personal data (subcontractors of the controller)
1. The controller intends to transfer personal data to a third country (a country outside the EU) or
an international organization. Recipients of personal data in third countries are
providers of mailing services, data and file storage, analytical tools
and direct marketing services.

VII.
Your rights
1. Under the conditions set out in the GDPR, you have the right to access your personal
data pursuant to Article 15 GDPR, the right to rectify personal data pursuant to Article 16 GDPR, or
to restrict processing pursuant to Article 18 GDPR, the right to erase personal data pursuant to Article 17
GDPR, the right to object to processing pursuant to Article 21 GDPR, the right to
data portability pursuant to Article 20 GDPR, the right to withdraw consent to processing
in writing or electronically to the address or email of the controller specified in Article III of these
terms and conditions.
2. You also have the right to file a complaint with the Office for Personal Data Protection if
you believe that your right to personal data protection has been violated.

VIII.
Conditions for securing personal data
1. The Administrator declares that it has taken all appropriate technical and organizational measures
to secure personal data.
2. The Administrator has taken technical measures to secure data storage and storage of
personal data in paper form, in particular…
3. The Administrator declares that only persons authorized by him have access to personal data.

IX.
Final provisions
1. By submitting an order from the online order form, you confirm
that you are familiar with the terms and conditions of personal data protection and that
you accept them in full.
2. You agree to these terms and conditions by checking the consent box via
the online form. By checking the consent box, you confirm that you are familiar with
the terms and conditions of personal data protection and that you accept them in full.
3. The administrator is entitled to change these terms and conditions. The administrator will publish a new version of the terms and conditions of
personal data protection on its website and will also send you
a new version of these terms and conditions to your e-mail address that you
provided to the administrator.

These terms and conditions come into effect on July 20, 2023.