Privacy Policy

In accordance with the EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) – the GDPR – the Malenovice conference center informs data subjects about the conditions under which personal data are processed.

1. Data protection officer

The data protection officer at the Malenovice conference center is the Christian youth academy, address: Malenovice reg. n. 334, 739 11 Frýdlant nad Ostravicí

For further information on our data protection policy please contact recepce@malenovice.com or call us at +420 731 137 847

Kontaktní údaje na osobu odpovědnou za ochranu osobních údajů jsou: recepce@malenovice.com, tel.: 731 137 847

2. Categories of processed data

Title of processed data Legitimate purpose for processing and storing personal data Category of processed personal data Legal basis for processing data Retention period
Accommodation reservation – data gained from online bookings Reservation process Identification data and client contact, dates of hotel stay Legally binding contract For the duration of your stay at the hotel and warranty period
Accommodation reservation – data gained at the reception from phone and in-person communication Reservation process Identification data and client contact, dates of hotel stay Legally binding contract For the duration of your stay at the hotel and warranty period
Records of personal data in the visitor’s book Managing the guests’ stay Identification data and client contact, dates of hotel stay, services provided Legally binding contract For the duration of your stay at the hotel and warranty period
Transferring personal data to local authorities due to various fees associated with hotel legislation Necessary to comply with a legal obligation Identification data and dates of hotel stay Legal obligation 6 years from your stay at the hotel
Transferring personal data to the Foreigners police Necessary to comply with a legal obligation Identification data and dates of hotel stay Legal obligation 6 years from your stay at the hotel
Records of personal data in the Client database Reservation expedition of frequent guests Identification data and client contact Legitimate interest Until a complaint is filed
Records of time sensitive services Service reservation process Identification data and service reservations Legitimate interest For the duration of services
Bills and invoices – documentation for value added tax Documentation of sales Data specified by Czech legislation Legal obligation 10 years
Records of bills and invoices – other than value added taxes Necessary to comply with a legal obligation Data specified by Czech legislation Legal obligation 5 years
Newsletter Sending customers special offers E-mail Legitimate interest Until a complaint is filed
Processing identification data to ensure services during their stay Guest identification Identification data Legitimate interest Until a complaint is filed

3. Further information on the categories of processed data

Legal basis for processing data is defined in the GDPR regulation, paragraph 6 and 9.

Retention period is the period of time that we are legally obligated to store your personal data.

We will not share your personal data outside the EU or with international organizations.

In the case of a “Legally binding contract” basis for processing data, we need your personal data to close a contract with you and are not able to do so otherwise.

In the case of a “Legal obligation” basis for processing data we are legally required to store and process your personal data.

We will only process your personal data for the purposes outlined.

We gain all personal data directly from the data subjects. The only exception being personal data gained from online bookings, which we receive from third party online booking companies. Due to the large number of such companies, we do not list their contact information on our website. For further information please consult the privacy policy of the website, where you booked your online reservation.

4. Rights of data subjects

The rights of data subjects to information on processing are as follow:

The right to access personal data

The data controller must provide the data subject with confirmation that the personal data is being processed, access to the personal data and upon request a copy of all personal data being processed or stored. The data subject is not entitled to demand a specific format of this copy.

The controller may not release any data that would impede the rights of other persons.

The right to rectification

The data subject is allowed to request the correction of any personal data to ensure it is accurate and to fill in any incomplete data.

The right to be forgotten

The data subject has the right to (under certain circumstances) ask for their personal data to be erased where: the personal data is no longer necessary in relation to the purpose for which it was collected/processed; the data subject withdraws their consent or objects to the processing and there is no overriding legitimate interest to continue processing; or the personal data was unlawfully processed or should be erased to comply with a legal obligation.

The right to restrict processing

The data subject has the right to restrict processing of personal data held by the data processor when: the data subject has contested its accuracy; the data subject has objected to the processing and the data controller is considering whether they have a legitimate ground which overrides this; the processing is unlawful; or the data controller no longer needs the data but the data subject requires it to establish, exercise or defend a legal claim.

The right to object

Data subjects may object to the processing of personal data that pertains to them only in the case of processing that is carried out in the public interest or based on the legitimate interest of the controller.

The right to review automated decisions

If data subjects are subject to decisions established solely on automated processing, they are entitled to review these decisions and any human intervention on the part of the controller.

The right to lodge complaints or to protection

Data subjects are entitled to lodge complaints against the processing of personal data with the supervisory authority (in the Czech Republic, this is the Office for Personal Data Protection) or to request court protection in relation to the supervisory authority, the controller, or the processor.

5. Exercising the rights of data subjects

To exercise one or more of your rights as a data subject, you can submit a formal request at the reception. For this we require a photo ID (passport or driver’s license).

To submit an online formal request of a copy of all your personal data we store and process please do one of the following:

  1. Send an email with a valid e-signature to recepce@malenovice.com
  2. Send a formal request to our data box from your data box

For further information please contact our reception at recepce@malenovice.com