Personal data protection

These principles apply to compliance with the right to privacy with respect to personal data protection in connection with these web pages. We are not liable for the contents and application of protection of privacy at any other web pages which are linked to our web page. Links to other web pages are not hidden.

For the purpose of statistical analysis of page rank, we monitor data necessary to such analysis. In order to analyze the page rank we use the tools of the third party – Google – Google Analytics and the tool AWstats. We fully respect your right to privacy and we do not collect any personal information of your person without your consent. By completing order and registering email address for sending communications you agree with processing all completed personal data and storing the data related to the order.

When processing personal data we take a proper care of the compliance of security and privacy standards as provided for by the Act no. 101/2000 Coll., on Personal Data Protection and on the Amendment to Certain Acts, as amended.

Our Internet connection provider records the personal data at its own liability and it is bound under the confidentiality regulations. It shall not make the technical information about number of visits of web pages accessible, unless required to do so by the applicable law.

The web pages use cookies in order to facilitate repeated browsing.

In case of any changes to the privacy protection principles, the changes shall be stated in this web page.

Information on the processing of the personal data of customers and persons entering the premises monitored by the data controller

within the meaning of the Regulation 2016/679 of the European Parliament and Council (also referred to as GDPR)

The purpose of this document is to provide a complete and comprehensible description of how the personal data of all customers of E.R.O.C. s.r.o., with the registered office at Petřínská 489/5, Smíchov, 150 00 Prague 5, ID No.: 63672332 (hereinafter referred to as the “Data Controller”) are processed, and the complete acquaintance of such persons with their rights.

What personal data does the Data controller process?

In the case of clients using accommodation services – citizens of the Czech Republic: According to Act No. 565/1990 Coll., on local fees: Name, surname, address of permanent residence or permanent residence abroad and number of ID card or travel document of natural person. For the purpose of protecting legitimate interests, we also process the date of birth.

In the case of clients using accommodation services – foreigners: According to Act No. 326/1990 Coll., on the residence of foreigners: Surname, name, date of birth, nationality, travel document number, visa number, permanent residence abroad, purpose of residence in the Czech Republic, address stay in the Czech Republic.

In the case of clients who have given their consent to processing: E-mail, telephone number.

For those who have visited some of the web pages of the Data Processor – their IP address.

Records from a camera system monitoring the premises of the Data Controller pursuant to Act No. 89/2012 Coll., the Civil Code.

For clients using the Quasi Cash card cash withdrawal service: details determined by bank, i.e. name and surname, valid ID document number, final four numbers of credit/debit card and client signature.

Why does the Data Controller need my personal data?

Personal data are processed to fulfill the rights and obligations of a contract between you and the Data Controller and to comply with statutory obligations (e.g. proper calculation and payment of local fees, taxes and other similar fees, keeping of records and house books). Records from the camera system then serve to ensure the security and protection of property and fulfill the statutory duty of the data controller.

Where are my data actually stored?

Personal data in electronic form is stored on secured dedicated server in the territory of the Czech Republic, which is the property of the Data Controller, only the authorized persons according to the previous article have direct access to personal data.

Personal data in written form are stored in secured cabinets at the headquarters of the Data Controller and only authorized persons according to the previous paragraph have access to them.

How long will the Data controller process my personal data?

The Data Controller administers the provided personal data only for the necessary time, which is in case of clients for the general limitation period of 3 years according to the Act No. 89/2012 Coll., the Civil Code, which is extended for a protection period of one year from the last contact with the customer after it’s termination.

In the case of clients with whom an accommodation agreement has been concluded, the Data Controller is obliged to register personal data in the register or house books in accordance with the currently effective legal regulation for a period of 6 years after the last entry into the relevant book.

Documents containing personal data that are considered as accounting documents are retained in accordance with the Accountancy Act for a period of five years beginning at the end of the accounting period to which they relate. Tax documents are kept for 10 years from the end of the taxable period in which the transaction took place.

In the case of camera recordings, the shots are stored for up to 14 days and then automatically erased. In case of a legal obligation pursuant to Act No. 202/1990 Coll. and pursuant to Act No. 186/2016 Coll. video recordings are kept for the period set by these laws (90 days or 2 years).

In the case of customers using technical gaming devices, personal data are processed to the extent specified by Act No. 186/2016 (all personal data on the ID card) for 10 years from the last identification of the customer under this Act, or pursuant to Act No. 253/2008 Coll., on certain measures against the legalization of proceeds from crime and the financing of terrorism, for a period of 10 years from the realization of the business or from the termination of the business relationship with the client. In the case of consent to the processing of other personal data, the personal data within the scope of this consent are retained for the period for which it was granted.

If a court, administrative, enforcement, insolvency, complaint or similar procedure is conducted, or tax audit, where personal data are to be processed, personal data beyond the above deadlines will be processed until the end of such proceeding or control; including, where appropriate, extraordinary appeal procedures and proceedings with international institutions (e.g. the European Court of Human Rights).

During the archiving of personal data on the basis of the requirements of the Act, the data are not otherwise used or made available, except for the transfer of the data to data subject or to public authorities under the law, including the eventual transfer to the law firm.

Who is responsible for the way personal data is handled?

The Data Controller is the company E.R.O.C. s.r.o., with its registered office at Petřínská 489/5, Smíchov, 150 00 Praha 5, ID No.: 63672332, registered in the public register kept by the Municipal Court in Prague, Section C, Entry 36611.

The manager of the management and evidence of personal data (“manager“) performs the function of the manager for the administration and recording of personal data. It is possible to contact the manager with any queries related to personal data management as well as requests for corrections, modifications and completions of personal data. If the manager is unavailable, you can contact one of the executive directors.

Who has access to the provided personal data?

We take the processing of your personal data very seriously, so we only have access to these data for the necessary amount of people. Access to the processed personal data is granted only to employees of the Data Controller authorized due to their employment and its executive directors or processors who are contractually and legally obliged to protect your personal data (e.g. accountants, reservation system administrators, computer network administrators, law firms, etc.).

In the case of recording from a camera system, shots are transmitted to public authorities in cases where their content can help to identify person who committed crime / offense.

For the sake of completeness, we add that your personal data is submitted to third parties in cases where the law requires us to make your personal data available (for example, in the case of a legitimate request from a public authority).

What rights do I have in connection with my personal data?

You have the right to be kept informed about the extent of your personal data we process. Specifically, you have the right to information on what purpose we process the data to which individuals are accessed. You also have the right to request a repair or deletion, or a limitation of their processing. You can also object to individual processing methods.

In the event that you believe that we treat your personal data in violation of GDPR or law, you have the right to file a complaint with the Office for Personal Data Protection (the Supervisory Authority).

In this regard, we ask that you, in the event of your suspicion of the unlawful processing of your personal data before the filing of the complaint, first notify us and we promise you that we will do everything we can to resolve and correct the situation.

You also have the right to request the transmission of all personal data we process about you in a simple, machine-readable form (text file), or you may request us to arrange your personal data to your designated third party.

Thank you for getting acquainted with employee personal data processing information, and if you have any questions about this topic, you can contact the Data Controller at any time using the above contact details.