Privacy Policy

1. GENERAL PROVISIONS

The administrator of the users' data is HotelTime Solutions a.s.

2. PERSONAL DATA

In connection with the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - hereinafter referred to as "GDPR"), we inform you that we process personal data as follows:

Personal data processed on the basis of consent Legal basis: Art. 6(1)(a) of the GDPR

Source of collected data: Personal data is obtained directly from the person whose data is being processed.

Purpose of processing: To carry out the purpose specified directly in the terms of the granted consent (as stated in the notice).

Scope of processed data: The scope of the processed data is specified directly in the terms of the granted consent (as stated in the notice).

Voluntary provision of data: Providing data is voluntary, but necessary to achieve the purpose specified in the terms of the consent expressed. Consent may be given by clicking a checkbox containing the terms of the granted consent or by clicking a button indicating agreement to the terms of the given consent.

Right to withdraw consent: Consent may be withdrawn at any time. In the case of a newsletter subscription, this can be done by clicking a button in the email footer, and in other cases it can be done by sending us an email.

Retention period: We process personal data from the moment you give your consent until you withdraw it (primary purpose), subject to our right to process information such as:

identifying data regarding the granted consent (IP address, email or phone number, name and surname), date of consent, date of withdrawal of consent, information about the way the purpose was achieved during the granted consent (e.g. information about sent messages).

This information is stored for the so-called secondary purpose, which allows for the possibility of reviewing complaints and processing this information for the time necessary to establish, pursue or defend legal claims under Czech law. Please note that after you withdraw your consent, we will not process your data in any other way.

Data recipients: Access to data may be granted to entities cooperating with us to pursue the purpose specified in the terms of the granted consent (including, but not limited to:

IT service providers, marketing agencies, research and consulting agencies). Data may also be made available to public authorities, if required by law.

 

Personal data processed in connection with the performance of a contract or taking actions at the request of the person whose data concerns, prior to the conclusion of the contract

Legal basis: Article 6(1)(c) GDPR

Source of collected data: personal data is obtained directly from the person whose data concerns or from another person in the company (e.g. a supervisor invites employees to create an account).

Purpose of processing: performing a contract for the provision of services or taking actions to begin the provision of services.

Scope of processed data: the scope of processed data includes name, surname, place of work, email address or other data provided in connection with the performance of the contract, which is necessary to provide the service.

Voluntary provision of data: providing data such as name, surname, email address, place of work is necessary for the service to be provided. In addition, providing data at the stage of concluding the contract is necessary to start providing the service and later to perform the contract.

Retention period: We process personal data from the moment of cooperation in order to start providing the service. If the contract is not concluded and there is no further communication with the Client, the data is deleted within 30 days. If the contract is concluded, the data is processed for the entire duration of the contract and after its completion for the period specified by Czech law for determining, pursuing or defending legal claims. Data processed after the contract has ended includes information on how our services have been used.

Data recipients: Our employees, associates, and external companies that are implementing a specific process related to the achievement of the purpose for which consent is granted have access to the data. Information about the recipients can be found in the conditions of the consent given and additional information can also be found in section 3 and 4 of the Privacy Policy.

 

Personal data processed in connection with a customer satisfaction survey

Legal basis: Article 6(1)(f) GDPR.

Source of collected data: personal data is obtained directly from the person whose data concerns.

Purpose of processing: the legitimate interest consists in studying customer satisfaction and collecting feedback in connection with the performance of the contract.

Scope of processed data: the scope of processed data includes name, surname, place of work, email address.

Voluntary provision of data: providing data is voluntary. Participation in the survey is not mandatory.

Retention period: We process personal data from the moment we receive the survey. If the survey is not completed, the data is deleted within 30 days. If the survey is completed and we receive answers, we process them for a period of 2 years.

Data recipients: Our employees, associates, and external companies that are implementing a specific process related to the achievement of the purpose for which consent is granted have access to the data. Information about the recipients can be found in the conditions of the consent given and additional information can also be found in section 3 and 4 of the Privacy Policy.

 

Personal data processed for the purpose of reviewing requests, complaints or claims

Legal basis: Article 6(1)(f) GDPR.

Source of collected data: personal data is obtained directly from the person whose data concerns.

Purpose of processing: the legitimate interest of examining a complaint, request or complaint and providing an answer.

Scope of processed data: the scope of processed data includes data provided on the complaint/complaint/request form.

Voluntary provision of data: Providing data is voluntary, although we have the right to require the provision of identifying data for the possibility of resolving the complaint/complaint/request when it concerns the service provided. Retention period: We process personal data from the moment the complaint/complaint/request is sent. After resolving the complaint/complaint/request, we have the right to retain information on the way the complaint/complaint/request was resolved and the complaint/complaint/request was made for the period specified by Czech law for determining, pursuing or defending legal claims.

Data recipients: Our employees, associates, and external companies that are implementing a specific process related to the achievement of the purpose for which consent is granted have access to the data. Information about the recipients can be found in the conditions of the consent given and additional information can also be found in section 3 and 4 of the Privacy Policy.

 

Personal data processed in connection with the storage of documentation andthe fulfilment of legal obligations incumbent on us:

Legal basis: Article 6(1)(b) of the GDPR.

Source of collected data: personal data is obtained directly from the person concerned.

Purpose of processing: fulfillment of legal obligations as specified in the law (e.g. tax regulations, labor laws, etc.).

Scope of processed data: the scope of processed data includes financial data or other data whose collection and storage requirements are specified in the law (e.g. on employment) Voluntary provision of data: the provision of data is necessary to fulfil legal obligations.

Processing time: we process personal data from the moment of their acquisition for the purpose of fulfilling the legal obligations until the legal obligations are fulfilled. The laws specify the periods for which certain data must be stored.

Data recipients: access to data is granted to our employees, co-workers, and external companies that carry out a given process related to the fulfilment of the purpose for which consent is given. Information about recipients can be found in the conditions of the consent granted and you can also find additional information in section 3 and 4 of the Privacy Policy.

3. DATA RECIPIENTS

In case we use any services of programming and ICT system maintenance companies, we have appropriate agreements with such companies. These agreements cover data processing rules and confidentiality. This data is not shared and none of these companies have the right to process the data in any other way than specified in the contract. Your data, insofar as the company has access to it, may only be processed for the purpose of proper service provision.

We use third-party services to deliver targeted advertising on social media and the Internet, using services i.e.: conversion pixel and Facebook ads (Meta Platforms, Inc.), Google Ads, Google Ads Remarketing and Google Analytics with anonymous IP address (Google Inc.), LinkedIn conversion tracking, LinkedIn retargeting and LinkedIn ads (LinkedIn Corporation).

We cooperate with the aforementioned entities based in the United States of America, which provide us services. In order for the services to be possible, our subcontractors must have access to personal data entrusted to us by data subjects - this is how personal data is transferred to another country, i.e. the USA.

The newsletter service is provided by Mailchimp.

4. COOKIES

Our websites and applications use cookies and similar technologies. Below you will find information about cookies and similar technologies that we use, as well as additional information on how our websites and applications work, including information about geolocation.

What are cookies?

Cookies are text files that are stored on your device (e.g. a computer, laptop, or smartphone) as you browse the internet. When you revisit our website, your browser sends a cookie back to the website (or to its server, strictly speaking), and in this way, for example, we can recognise when the user visits us again.

Cookies have a stated expiry date after which they become inactive. Our websites and applications use other similar technologies such as pixels, plugins, tags, and web beacons. We refer to these technologies collectively as cookies.

We use cookies particularly to obtain and process information about the browser and its version, operating system, URL of the previously visited page, IP address, time of the server request, user ID, language, searches on the website, products added to the basket, authentication data, data on the content viewed, and data on other activities carried out on the website or in the application. We combine your user ID with other data provided by you (such as email address or telephone number).

Do we use third party cookies?

Yes, when you use our websites or applications, you may receive cookies from the third parties that cooperate with us. We use those cookies mainly for analytical and marketing purposes. We might use the following tools provided by third parties related to the use of cookies and identifiers:

Google Tag Manager – a tool for managing tags placed on websites. The tool itself does not use cookies, but helps manage tags that may lead to the storage of cookies.

Google Analytics – a tool that collects analytical data, i.e. count visits to websites or applications, measure the duration of visits and determine which functionalities or parts of websites or applications are used or visited most often. Google Analytics uses cookies and creates pseudonymised user profiles. The IP addresses obtained by the tool are anonymized so that they cannot be assigned to a specific user.

Hotjar – a tool that collects analytical data about the behaviour and preferences of users on our websites, e.g. time spent on specific pages or the most frequently clicked items. Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will use this information to identify individual users or to match it with further data on an individual user.

Google Ads – Google’s advertising platform for running text, image and video ads as well as displaying sponsored links in the search results of the Google search engine and on cooperating websites under the Google AdSense programme

Google Marketing Platform – a platform that allows us to use many Google marketing tools in order to provide users with tailored ads, avoid displaying ads that the user has already seen, optimise campaigns and monitor their progress.

Facebook (Meta) Ads Manager – Facebook’s advertising system for creating, purchasing and managing ads within the Facebook, Instagram, and Messenger social networks, and Facebook’s Audience Network.

In addition to the above tools, our websites and applications use cookies from other third party advertisers. Our cookies, cookies of providers of the specified tools and cookies of other third parties collect information about user activity on our websites or applications. This information is used for profiling for marketing purposes, displaying personalised content and offers tailored to your potential interests or profile, and running advertising campaigns, including retargeting.

These cookies collect information on your visits to our websites and your activities there.

They allow us and third party providers to target our marketing message to specific groups of users, users who previously visited our websites or applications, and monitor the progress of advertising campaigns.

Except for the cookies necessary for the website operation, we only use cookies with the user’s consent. At any time, you can go to the browser settings to disable cookies, delete any cookies already stored or modify the option of storing them on your device. Remember that changing your browser settings by disabling or limiting the possibility of storing cookies may limit the functionality of websites or applications.

In the menu bar of each web browser, go to the “Help” section to find information on how to manage cookie settings.

5. FINAL PROVISIONS

Any disputes or claims arising from or in connection with the implementation of the Privacy

Policy shall be subject to the jurisdiction of Czech Republic, and the local jurisdiction of the court is determined for our headquarters, subject to the provisions of the consumer's or data subject's applicable law. In this case, these provisions apply and this provision is excluded.

In case of a dispute, it can be resolved amicably and this allows for the resolution of disputes through the Internet using ADR entities (entities entitled to amicable dispute resolution). We reserve the right to change the Privacy Policy by publishing a new content of the Privacy

Policy on the website. In addition, we reserve the right to update the list of cookies on an ongoing basis.

In the event of any change and/or invalidation of any of the provisions of the Privacy Policy as a result of a final court ruling, the remaining provisions shall remain in force.