Terms of protection of personal data.
1. Basic Regulations
The personal data controller referred to in Article 4, paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR) is:
- chorvatsko-levne.cz, s.r.o.
- Tovární 1737/32
- 400 01 Ústí nad Labem, CZ
- 00420 725 344 344
(hereinafter: the Administrator)
Personal information is any information about a person who is identified or identifiable; the identifiable natural person is a natural person who can be identified directly or indirectly, in particular by referring to the identifier, such as name, identification number, location information, network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or social identities of an individual.
The Administrator did not name the data protection officer.
2. Sources and categories of processed personal data
The Administrator handles the personal information you provided when booking accommodation or travel, or personal information that the Administrator received with your order.
The Administrator processes your identification information, contact information and the information needed to complete the contract.
3. Legal reason and purpose of processing personal data
The legal reason for processing personal data is
- Performing a contract between you and the Administrator in accordance with Article 6, paragraph 1, point b) of the GDPR
The purpose of personal data processing is
- processing your order and exercising the rights and obligations arising from the contractual relationship between you and the Administrator; When ordering, personal data are required for the successful execution of the order (name and address, contact), the provision of personal data is a necessary condition for concluding and executing the contract;
There is no automatic individual decision-making within the meaning of Article 22 of the GDPR.
4. Data retention period
Administrator stores personal information
- in the period required to exercise the rights and obligations arising out of the contractual relationship between you and the Administrator and the performance of claims arising out of these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
After the expiration of the personal data retention period, the Administrator deletes personal information.
5. Personal Data Receivers (subagents of the controller)
Personal information recipients are people
- involved in providing services, execution of payment under contract,
- Providers from the Adria Planet portal
The Administrator does not intend to transfer personal information to a third country (outside the EU) or to an international organization.
6. Your rights
You have the conditions specified in the GDPR
- the right to access your personal data in accordance with Article 15 of the GDPR;
- the right to correct personal data in accordance with Article 16 of the Regulation on Gross National Income or Restrictions on Processing in accordance with Article 18 of the GDP Regulation;
- the right to delete personal data in accordance with Article 17 of the GDPR;
- the right to objection in accordance with Article 21 of the GDPR;
- the right to transfer the data under Article 20 of the GDPR.
Furthermore, you have the right to file a complaint with the Data Protection Office if you consider that your right to protection of personal data has been violated.
7. Personal Data Security Requirements
The Administrator declares that it has undertaken all appropriate technical and organizational measures for the protection of personal data.
The Administrator has taken technical measures to protect the storage and depository of personal data.
The Administrator declares that only personally authorized persons have access to personal information.
8. Final Regulations