Personal Data Protection
Dear Guests, at this point we would like to tell you how we handle your personal data.
Who is the data controller?
The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”) is a trading company SCORPION DEAL s.r.o., ID: 04166787 with registered office at Francouzská 6167/5 708 00 Ostrava (hereinafter referred to as: “manager”).
The contact details of the controller are:
Delivery address: SCORPION DEAL s.r.o., Francouzská 6167/5, 708 00 Ostrava Poruba
E-mail: info@foreaapartments.eu
Telephone: +420 608 888 809
The controller has not appointed a data protection officer.
What is personal data and what personal data does the controller process about you?
Personal data is any information that personally identifies you or from which you can be directly or indirectly identified.
The controller processes only those personal data it has obtained in connection with the creation of your reservation and that the controller has learned from you during your arrival and stay. This includes identification data (name and surname, date of birth, permanent address, document identification number) and contact data (e-mail address, telephone number or delivery address), payment data (credit/debit card numbers, related billing data) and visual images (data) taken by camera recording. This is data taken by a camera system located at the entrance to the building and that monitors parking spaces. The CCTV system is installed to ensure safety and protection of property. Camera data can also be used for litigation purposes.
What is the reason and purpose of the processing?
The controller collects personal data due to legal requirements, for the purpose of fulfilling our obligations (providing accommodation services to you – the legal basis for processing is the provision of Article 6(1)(b) of the Regulation, according to which personal data may be processed to the extent appropriate if the processing is necessary for the provision of accommodation services or for the implementation of measures taken before the provision of accommodation services at your request (i.e. even without your consent), for the protection of you and your property (camera recordings), or for the protection of our legitimate interests (for example, in the event of litigation). The provision of your personal data for this purpose is a contractual requirement in this respect (i.e. a requirement associated with the provision of accommodation services). Personal data is also collected for the purpose of the controller’s possible recovery of claims against you. Personal data is also collected for the purpose of fulfilling the controller’s obligations under tax and accounting regulations. According to the Accounting Act, the controller is obliged to keep accounting documents for a specified period of time.
How long is my data stored and how secure is it?
We take the security of your personal data seriously, so here are our basic practices on how we handle this data:
- physical security of paper forms in company vaults or lockers,
- we use software for IT management that meets information security;
- we require our partners in the field of information system (software) e.g. booking your accommodation, storing information about your accommodation to comply with all GDPR or data protection requirements;
- if you provide us with a credit card number (e.g. for booking accommodation), this number is only stored in our information system for the necessary period of time and is automatically deleted in the event of a problem;
- we regularly review our IT and monitor security trends
We only retain your personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims arising from these contractual relationships (for a period of 10 years from the termination of the contractual relationship and for a period of 30 days from the booking that does not lead to the implementation of the contractual relationship). After this period, the controller shall delete the data.
Is my personal data transferred to other entities?
We do not transfer your personal data to other entities except to the following entities
- tax, accounting and legal advisors to the administrator
- courts, bailiffs, the Chamber of Executors of the Czech Republic, arbitrators
- assignees of the controller’s claims against you
- representatives of the controller (both contractual representatives and representatives appointed by decision or by law, in particular guardians).
What rights do I have in relation to data protection and how can I exercise them?
You can exercise the following rights in relation to data protection:
- the right of access to your personal data
- the right to rectification of personal data or restriction of processing, if applicable
- the right to erasure of personal data
- the right to object to processing
- the right to data portability
- the right to withdraw consent to processing in writing or electronically to the address or email of the controller if personal data is processed on the basis of your consent
- the right to lodge a complaint with the Office for Personal Data Protection of the Czech Republic if you believe that your right to personal data protection has been violated.
When did this policy take effect and how can it be changed?
This policy entered into force on 1 January 2022. If we change this privacy statement, a revised version with the date of the change will be posted here.