Fortress Třebotov. reg. no.: 04386671, registered address: U Tvrze 1, Třebotov, 25226 (hereinafter referred to as the “Controller”), processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) (hereinafter referred to as “GDPR”) and other legislation.
The Controller processes data obtained primarily from data subjects, as well as data obtained from third parties (for example, tour operators, online portals, etc.) which are authorised to share such data with the Controller, where the Controller processes the data provided by third parties only to the extent necessary to fulfil contracts or statutory requirements as outlined below.
Personal data to the extent of name, surname, arrival date, departure date, phone number, email address, home address and date of birth may be processed for the purpose of concluding and fulfilling an accommodation contract or similar contract (hereinafter referred to as the “contract”) and in order for the Controller to exercise its rights under the contract.
Personal data to the extent of name, surname, arrival date, departure date, home address, purpose of stay, ID card or travel document (passport) number may be processed in order for the Controller to meet the requirements it has under Act No. 565/1990 Coll., on Local Fees.
Personal data to the extent of name, surname, arrival date, departure date, home address, date of birth, travel document (passport) number, nationality, visa number and purpose of stay may be processed in order for the Controller to meet the requirements it has under Act No. 326/1999 Coll., on the Residence of Foreign Nationals in the Czech Republic and on the Amendment of Certain Acts.
The personal data shall be processed by the Controller both manually and automatically by its authorised employees, as well as by processors authorised by the Controller on the basis of personal data processing contracts.
Personal data to the extent of name, surname, arrival date, departure date, home address, date of birth, ID card number, travel document number, nationality, visa number and purpose of stay may be made available by the Controller to state or local government authorities in accordance with the aforementioned laws.
Personal data to the extent of name, surname, arrival date, departure date, home address, room number and date of birth may be made available to entities, to whom the Controller will assert its contractual rights (in particular courts, notaries public, executors).
In order to accept the principle of minimising data and other principles resulting from GDPR and related regulations, the above-mentioned personal data are the minimum which the Controller requires in order to fulfil its rights and obligations under the above-described contracts concluded with data subjects and the above-mentioned laws.
By giving his/her email address the accommodated person voluntarily grants the Controller consent to process this personal data in order to send commercial and marketing offers and communications. This consent is granted for an indefinite period and may be withdrawn at any time. The email address shall be automatically processed by the Controller’s employees and shall not be made available to third parties.
The Controller does not usually process sensitive data and so does not request it from data subjects. An exception may be data about the data subject’s health which the data subject voluntarily provides to the Controller. The Controller shall then use such data in order to offer the data subject better services and to carry out the data subject’s specific wishes.
The data subject has the right of access to his/her personal data processed by the Controller, the right to its correction or erasure, or the restriction of processing, and the right to object to the processing. Furthermore, the data subject has the right to withdraw his/her consent to the processing of personal data if the data is processed by the Controller on the basis of this consent.
Furthermore, the data subject has the right to obtain from the Controller personal data concerning the data subject and which the data subject has provided to the Controller. On the basis of a request by the data subject the Controller shall provide the data subject with the data without undue delay in a structured, commonly used and machine-readable format or, on the data subject’s request, it shall provide it to another clearly specified controller. This right does not apply to personal data which is not processed automatically.
The Controller does not intend to provide personal data to third countries.
If the data subject believes that unauthorised processing of his/her personal data has occurred, he/she may make a complaint to the supervisory authority which for the Czech Republic is the Office for Personal Data Protection (www.uoou.cz).
Transaction Reporting Requirement
According to the law on the registration of sales, the seller is required to issue a receipt to the buyer and to report the sale to the tax authorities immediately online or, in case of technical difficulties, within 48 hours.