Privacy Policy according to GDPR

As of May 2018

1. Name and Address of the Controller

The following entity is the data controller according to the GDPR and other national privacy laws of the member states as well as other data protection laws:

 

Peidara Dvůr s.r.o.

Ovesné Kladruby 5

p. 353 01 Mariánské Lázně

Czech Republic

E-Mail: info@holiday-ok.eu

Website: www.pdvur.eu

1. General information on data processing

1. Extent of processing of personal data

Generally, we only process personal data of our users insofar as this is required to provide a functioning website and our content and services. The processing of personal data, regularly only occurs after consent by the user, with the exception of such cases in which a prior consent is not possible for factual reasons and the processing of data is permitted by law.

1. Legal basis for the processing of personal data

Insofar as we request the consent of the respective person for the processing of data, Art. 6 subsec. 1 lit. a EU-GDPR serves as legal basis.

 

With respect to the processing of personal data, which are required for the performance of a contract, whose contracting party is the person concerned, Art. 6 subsec 1 lit. b GDPR serves as legal basis. This also applies to processing events which are required for the performance of pre-contractual measures.

 

Insofar as a processing of personal data is required for the satisfaction of a legal obligation, to which our company is subject, Art. 6 subsec. 1 lit. c GDPR serves as legal basis.

 

In case vital interests of the data subject or another natural person require the processing of personal data, Art. 6 subsec. 1 lit. d GDPR serves as legal basis.

 

If the processing is necessary for the legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first mentioned interest, Art. 6 subsec. 1 lit. f GDPR serves as legal basis for the processing.

 

 

 

2. Erasure of data and period of storage

The personal data of the data subject will be erased or blocked as soon as the purpose of the storage has been achieved. Storage may further take place, where this has been provided by the European or national legislator in EU regulations, laws or other provisions, to which we as controller are subject. A blockage or erasure of data will also occur when a storage period provided in the above-mentioned provisions expires, unless a necessity to further store the data exists with respect to the entering into or performance of a contract.

2. Provision of Website and Creation of Log files

1. Description and extent of data processing

Each time you access our website, our system automatically collects data and information from the system of the computer from which you are accessing the website.

 

The following data are collected:

1. Information about the type of browser and the version of the browser

2. The operating system of the user

3. The internet service-provider of the user

4. The IP-address of the user

5. Date and time of access

6. Websites, from which the system of the user accesses our webpage

7. Websites, which are accessed by the system of the user via our website

8. The data is also stored in the log files of our system. The data are not stored together with other personal data of the user.

3. Legal basis for the processing of data

The legal basis for the interim storage of the data and log files is Art. 6 subsec. 1 lit. f GDPR.

 

4. Purpose of the data processing

The interim storage of the IP-address by the system is necessary to allow access to the website by the computer of the user. The IP-address of the user must be stored for the duration of the session.

 

The storage in log files is done in order to ensure the functioning of the website. In addition, the data assist us in optimising the website and to ensure the security of our IT systems. We do not analyse the data for marketing purposes.

 

These purposes are our legitimate interest in the processing of the data according to Art. 6 subsec. 1 lit. f GDPR.

5. Duration of storage

The data will be erased as soon as they are no longer required for the purpose for which they have been collected. With respect to the collecting of data in order to provide the website, this is the case once the respective session is concluded.

 

With respect to the storage of data in log files, this will be the case after 7 days at the latest. A prolonged storage is possible. In this case the IP address of the user will be erased or changed so an allocation of the client is no longer possible.

6. Possibility to object and erase

The collection of data for the provision of the website and the storage of data in log files is required for the operation of the website. Therefore, there is no possibility to object on the part of the user.

3. Contact form and e-mail contact

1. Description and extent of data processing

On our website, there is a contact section, which may be used for establishing contact with us electronically. If a user makes use of this option, the data entered into the form will be transmitted to us and stored.

 

Such data are:

• First name

• Last name

• Telephone number

• E-mail address

• Travel details

At the time of sending the message, in addition, the following data will be stored:

1. The IP-address of the user

2. Date and time of registration

For the processing of the data, your consent is requested prior to sending and reference is made to this privacy policy.

 

Alternatively, you may contact us via the e-mail address indicated. In this case, the personal data of the user transmitted by the e-mail will be stored.

 

The data will not be passed on to third parties. They will only be used for the processing of the conversation.

7. Legal basis for the processing of data

The legal basis for the processing of data in case of consent by the user is Art. 6 subsec. 1 lit. a GDPR.

 

The legal basis for the processing of data that are transmitted while sending an e-mail is Art. 6 subsec. 1 lit. f GDPR. If the e-mail contact aims at entering into a contract, Art. 6 subsec. 1 lit. b GDPR serves as an additional basis for the processing of data.

8. Purpose of data processing

The processing of the personal data from the contact form serves solely to deal with the contact initiative. In case of a contact by e-mail, this is the legitimate interest to process the data. The other personal data processed during the sending of the e-mail serve to avoid abuse of the contact form and to ensure the security of our IT-systems.

9. Duration of storage

The data will be erased as soon as they are no longer required for the purpose for which they have been collected. With respect to the personal data from the contact form and those that have been sent by e-mail, this will be the case when the respective conversation with the user has concluded. The conversation is concluded when the circumstances imply that the respective subject has been finally clarified.

The personal data collected in addition during the sending process, will be erased at the latest after seven days.

10. Possibility to object and erase

You can revoke your consent to the processeing of personal data at any time. If you enter into e-mail contact with us, you can object to the storage at any time. In such case, the conversation cannot be continued.

 

The consent may be revoked and the storage may be objected to at any time by sending an e-mail to info@holiday-ok.eu or by letter to Peidara Dvůr s.r.o., Ovesné Kladruby 5, p. 353 01 Mariánské Lázně, Czech Republic.

 

All personal data which have been stored in the context of the contact initiative will be erased in such case.

4. Webanalysis by Matomo (formerly PIWIK)

2. Extent of the Processing of Personal Data

On our website, we use the open-source-software-tool Matomo (formerly PIWIK) for the analysis of the surfing habits of our users. The software sets a cookie on the computer of the users. If individual pages of our website are accessed, the following data will be saved:

1. Two bytes of the IP address of the user’s system

2. The website accessed

3. The website from which the user was referred to the website accessed (referrer)

4. The subpages which are accessed from the website

5. The time spent on the website

6. The frequency of the access of the webseite

The software only runs on the servers of our website. The personal data is only stored there. It will not be forwarded to third parties.

 

2. Legal basis for the processing of personal data

The legal basis for the interim storage of the personal data of the user is Art. 6 subsec. 1 lit. f GDPR.

11. Purpose of the data processing

The processing of the personal data of the user allows us to analyse the surfing habits of our users. The analysis of the data, we are in a position to compose information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. In these purposes lies our legitimate interest in the processing of the data according to Art. 6 subsection. 1 lit. f GDPR. As the IP address is anonymised, the interest of the user in the protection of their personal data is adequately protected.

12. Duration of the storage

The data will be erased as soon as they are no longer required for the purpose for which they have been collected. In our case, this will be at the latest after 26 months.

13. Possibility to object and erase

Cookies will be stored on the computer of the user and transmitted from there to our site. This means that you as the user have full control over the use of cookies. Via a change to your internet browser you can de-activate or restrict the transmission of cookies at any time. Cookies already stored can be erased at any time. This can also be done in an automated way. If cookies for our website are erased, not all functions of the website may be able to be used to the same extent.

Further information about the privacy options of the Matomo software, may be found at: https://matomo.org/docs/privacy/.

5. Rights of the Persons Concerned

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us as the data controller:

1. Right to be informed

You can ask the data controller for a confirmation, if personal data which concern you are processed by us.

If there is such processing you may ask the data controller for information about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or the categories of recipients vis-à-vis whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or if specific information thereon is not possible, criteria for setting the duration of the storage;

(5) the existence of a right to erase the personal data relating to you; a right to limit the processing of the data by the controller or a right to object to such processing;

(6) the existence of a right to complain to a supervisory authority.

You have the right to request information whether the personal data relating to you will be transmitted to a third country or an internationaI organisation. In this context, you can request to be informed about sufficient guarantees in relation to Art. 46 GDPR in the context of the transmission.

14. Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed relating to you are incorrect or incomplete. The controller must undertake the rectification without undue delay.

15. Right to restrict the processing

You may request a restriction on the processing of your personal data in the following circumstances:

(1) if you contest the accuracy of your personal data for a duration which allows the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you reject the erasure of the personal data and instead request the restriction of use;

(3) the controller no longer needs the personal data for the purposes or processing, you, however, need them to establish, exercise or defend a legal claim; or

(4) if you have objected to the processing according to Art. 21 subsection. 1 GDPR and it has not yet been determined, whether the legitimate grounds of the controller take precedence over yours.

If the processing of your personal data has been restricted, those data may, apart from their storage, only be processed with your consent or in order to establish, exercise or defend legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the EU or a member state.

If the processing has been restricted according to the above-mentioned conditions, you will be notified by the controller prior to removing the restriction.

16. Right to erasure

1. Duty to erase

You may request that the controller immediately erases your personal data and the controller is obliged to erase those data immediately, if one of the following grounds applies:

(1) Your personal data is no longer required for the purposes for which they have been collected or otherwise processed.

(2) You have revoked your consent on which the processing is based in accordance with Art. 6 subsec. 1 lit. a or Art. 9 subsec. 2 lit. a GDPR, and there is no other legal basis for the processing.

(3) You have objected to the processing according to Art. 21 subsec. 1 GDPR and there are no prevailing legitimate grounds for the processing, or you have objected to the processing according to Art. 21 subsec. 2 GDPR.

(4) Your personal data have been processed unlawfully.

(5) The erasure of your personal data is required in order to satisfy a legal obligation according to the law of the European Union or a member state to which the controller is subject.

(6) Your personal data have been collected in relation to information society services according to Art. 8 subsec. 1 GDPR.

1. Information to third parties

If the controller has published your personal data and it is obliged to erase those according to Art. 17 subsec. 1 GDPR, it will take appropriate steps, including those of technical nature, taking into account the available technologies and the implementation cost, in order to inform those responsible for the processing of personal data that you, as data subject have requested the erasure of all links to these personal data or of copies or replications of these personal data.

2. Exceptions

The right to erasure does not exist, in so far as the processing is necessary

1. for exercising the right of freedom of expression and information;

2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

5. for the establishment, exercise or defence of legal claims.

17. Right to notification

If you have exercised your right to rectification, erasure or restriction of the processing of personal data vis-à-vis the controller, it is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right vis-à-vis the controller to be informed about those recipients upon request.

18. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on lit. (e) or (f) of Article 6 subsec. 1. In that case the controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

19. Right to revoke the consent to the data processing

You have the right to revoke your consent to the processing of your personal data at any time. The lawfulness of the processing up to the revocation will not be affected by the revocation.

20. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged will inform you on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.