Business company EuroAgentur Hotels & Travel a.s. fully acknowledges the crucial and dynamically increasing importance of privacy protection, or protection and security of personal data of natural persons, especially that of clients, business partners, their representatives, employees as well as any other data subjects. Since personal data are processed in the context of business activities of our company, we have put much effort to secure and develop the essential protection standards of personal data of affected entities, beyond the framework of legislative requirements. In addition, our endeavours are directed at the implementation of consistent and transparent rules to enforce those requirements.
The objective of this Statement is to provide assurances to the public that EuroAgentur Hotels & Travel a.s. processes personal data in compliance with legislation regulating the given area and to inform data subjects of their rights arising from such legislation.
The pivotal legal regulation affecting the area of protection of personal data and privacy in general is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as the “GDPR”), which is to be implemented in the Czech legal order through the Act on Processing of Personal Data. Our company has put the above-mentioned legal regulations in concrete terms, supplementing them with internal regulations on personal data protection, which have been gradually introduced to promote rights of data subjects and to protect their privacy.
What personal data we process
Personal data are understood as all data on the basis of which a particular natural person can be identified. For example, personal data include names, surnames, date of birth, e-mail addresses, information on work positions or work attendance, or information on financial transactions of natural persons. Our company has been consistent in implementing the rules rooted in the basic principles of personal data processing in a way ensuring that the processes of personal data protection are carried out lawfully, correctly and transparently based on at least one legal ground. All personal data are therefore collected by us for certain legitimate purposes and then processed only in a manner compatible with the determined purpose. We take care to ensure that the extent of personal data processed by us is reasonable and relevant in relation to the purpose of processing and that personal data are accurate, while we make special effort to be able to guarantee that personal data are stored by us in a form enabling identification of data subjects only for a necessary period in relation to the purpose of personal data processing.
The personal data concerned especially include identification data, such as names, surnames, date of birth, permanent residence address, birth registration number, identification number, tax identification number, contract number, file number as well as data subjects’ contact data, e.g. address, telephone number, fax, e-mail address and similar data.
Why we process personal data
Unless required by legal obligations, contracts, public interests or vital interests of data subjects (hereinafter as “Clause 6 of the GDPR”), the processing of personal data is voluntary. We process the data forwarded to us by data subjects and our clients for the purposes of provision of our services. If you decide to refuse to have your personal data processed or if you ask for your data to be erased, you may do so by writing to the e-mail address email@example.com. We guarantee that we will comply with your request immediately, but within 1 month at the latest, unless another legal obligations prevents us from erasing your personal data.
Who might receive your personal data
Where we share your personal data with third entities, we proceed in accordance to legal regulations and the GDPR, and will therefore adopt all safeguards in order to protect your legitimate interests in a due form.
How your personal data are kept secure
We pay special attention to ensure that all personal data are processed and retained in a secure manner and for a necessary period, taking into account the purposes for which the personal data have been collected. Throughout the period of personal data processing, we take all steps to perform our obligations and provide an adequate protection to data subjects’ legitimate interests laid down in the GDPR. Our company has applied safeguards to set up technical and organizational measures that guarantee the security level corresponding to the individual risk categories of personal data processing, in order to prevent, in particular, any destruction, alteration, loss, unauthorized access or processing or misuse of such data.
Cooperation with renowned entities
In developing a set of internal rules regulating the area of personal data protection, business company EuroAgentur Hotels & Travel a.s. cooperates with GDPR Solutions a.s., which is methodically directed by RNDr. Igor Němec, former long-time chairman of the Office for Personal Data Protection (ÚOOÚ), and vice-chairman of Working Group WP29. Beginning from 25 May 2018, the above company holds the position of the Data Protection Officer.
Rights of data subjects
In terms of personal data protection under the GDPR, data subjects have the following rights:
Since we are aware that provision of personal data is a very sensitive issue, we will be delighted to attend to any questions or requests for explanation sent to our e-mail address firstname.lastname@example.org. We attach great importance to every question or request to us and will carefully examine and respond to them.