PRIVACY POLICY AND DATA PROCESSING AGREEMENT

 

1. Boutique hotel Seven Days

Seven Days Prague s.r.o. is a Czech republic based company, located at Žitná 46/572, Prague, Czech republic. Our business operations are located in the Czech republic and we store our data on servers in the European Economic Area (EER).

Boutique hotel Seven Days is committed to comply with all applicable Czech and European data protection laws and regulations.

Seven Days Prague s.r.o.  (“Boutique hotel Seven Days ”) uses and maintains these terms for privacy (“Privacy Terms”) that summarizes when and how your Personal Information is collected, used, safeguarded and disclosed in connection with your access to, and use of, websites operated by Boutique hotel Seven Days and any micro-sites, mobile site or subdomains of such sites (collectively, the “Website”) and all features, functions, software and services offered through the Website. The Website and the features, functions, software and services offered through the Website collectively constitute the “Service.”

If you would like to make use of the Service, you will have to enter into an agreement with Boutique hotel Seven Days for use for the Service. After you have entered into the agreement (the “Agreement”) you are a customer of Boutique hotel Seven Days (“Customer”).

 

2. Data processing agreement

These Privacy Terms apply to the Service. By entering into the Agreement the Customer accepts these Privacy Terms. In this respect these Privacy Terms serve as a (one sided) data processing agreement between the Customer and Boutique hotel Seven Days.

We reserve the right to change the provisions of these Privacy Terms from time to time. If we make changes, we will notify Customer in advance. Customer will have to explicitly accept the amended Privacy Terms.

If Customer does not explicitly accept the amended Privacy Terms and this results in a situation in which Boutique hotel Seven Days in its sole opinion is not willing or able to continue to provide the Service, Boutique hotel Seven Days has the right to terminate the Agreement and this data processing agreement without being liable to Customer.

As long as Customer has not explicitly agreed to the amended Privacy Terms, the then current version of the Privacy Terms shall apply to the provision of the Service until the Agreement is terminated.

We encourage you also to periodically review the latest Privacy Terms.

 

3. Definitions

Definitions will be defined in this agreement. If a definition is not defined in this agreement, the definition will be defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and appealing Directive 95/46/EC (the “GDPR”).

 

4. What is Personal Information?

“Personal Information” means any information relating to an identified or identifiable natural person (“data subject”) according to the definition of personal data as set out in GDPR.

An identifiable person is someone who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity.

“Personal Information” is information that identifies an individual (such as a name, address, telephone number, mobile number, e-mail address, or other account number), and all information about that individual’s location or activities, such as information about his or her use of the Service, IP-addresses or mobile device identifiers, when this can be linked to any Personal Information.

“Personal Information” also includes demographic information such as date of birth, gender, geographic area and preferences when this information can be linked to any other Personal Information.

“Personal Information” does not include “aggregate” information, which is data about a group or category of products, services or users, when this “aggregate” information cannot be linked to any Personal Information. Aggregate data helps us understand trends and our Customers’ needs so that we can better consider new features and functions, or otherwise tailor our Services. These Privacy Terms do not restrict or limit our collection and use of “aggregate” information.

 

 5. What Personal Information do we collect?

 A. Active Collection

Personal Information may be collected in a number of ways when Customer uses our Service.

When Customer makes a reservation on our website we will collect the registration information provided to us. This contains the name, address, e-mail address, phone, country and demographic information when Customer makes a reservation. From time to time we may change the information requested upon registration or with respect to certain features or Service.

If Customer contacts us by e-mail or other means, we may collect the content of the messages, e-mail address and our response.

The registration of Customer and/or correspondence with us via e-mail constitutes a commercial relationship and implies the Customer’s consent for us to communicate to Customer about our Service.

Personal Information and demographic information may also be collected if Customer provides such information in connection with using our online chat service, leaving comments, posting content, sending an e-mail or message to another user or, forums or features on the Website and when Customer uses our Service.

In addition, from time to time we may collect demographic, contact or other Personal Information Customer provides in connection with Customer’s voluntary participation in surveys, sweepstakes, promotional offers, and other activities.

 B. Log Files

When Customer uses the Service, some information of Customer is also automatically collected, such as its: Internet Protocol (IP) address, operating system, the browser or mobile device type, the address of a referring website, Customer’s activity on the Website and regarding the use of the Service.

We treat this information as Personal Information if this information can be linked to any Personal Information mentioned above. Otherwise, it is used in the aggregate only.

 

C. Cookies

By using the Website Customer agrees that we may automatically collect certain information through the use of “cookies”.

Cookies are small data files that are stored on a user’s hard drive at the request of our Website which enable us to recognize Customers who have previously visited the Website. Furthermore, the Cookies allow us, in conjunction with our web server’s log files, to calculate the aggregate number of people visiting our Website and which parts are most popular. This helps us gather feedback to improve our Website and better serve our Customers.

Cookies do not allow us to gather any Personal Information about Customer and we do not intentionally store any Personal Information that your browser provided us in your Cookies.

You may find out more specific information about our use of cookies and web beacons at our Cookie Policy. You can find out more information about how to change your browser cookie settings at www.allaboutcookies.org.

We may also use third parties to serve ads on our Website. These third parties may place cookies, clear gifs or other devices on your computer to collect information, and information provided by these devices may be used, among other things, to deliver advertising targeted to your interests and to better understand the usage and visitation of our Website and the other site Websites tracked by these third parties. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here www.youronlinechoices.eu. Please note this does not opt you out of being served advertising.  You will continue to receive generic ads. Please note that we have no access or control of any third party tracking technologies. If you wish to block third party cookies, please refer to your browser instructions or help screen to learn about these functions.

 

D. Device Identifiers

When Customer accesses the Service by or through a mobile device (including but not limited to smartphones or tablets), we use one or more “device identifiers,” such as a universally unique identifier (“UUID”). Device identifiers are small data files or similar data structures stored on or associated with Customer’s mobile device, which uniquely identify its mobile device.

A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by us. A device identifier may convey information to us about how Customer browses and uses the Service. A device identifier may remain persistently on your device, to help you log in faster and enhance your navigation through the Service. Some features of the Service may not function properly if use or availability of device identifiers is impaired or disabled.

 

E. User Identifiers

When Customer accesses the Service, we use one or more “user identifiers.” User identifiers are small data files or similar data structure assigned to a Customer that will be used to enable Customer to continue to use the Service. A user identifier may convey information to us about how Customer browses and uses the Service. A user identifier may remain persistently on Customer’s device or computer, to help Customer log in faster and enhance Customer’s navigation through the Service. Some features of the Service may not function properly if use or availability of user identifiers is impaired or disabled.

 

F. Location Data

When Customer accesses the Service by or through a mobile device, we may access, collect, monitor and/or remotely store “location data,” which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device. Location data may convey to us information about how you browse and use the Service. Some features of the Service, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled.

 

6. Purposes of processing Personal Information

Boutique hotel Seven Days shall process Personal Information as stated in these Privacy Terms solely for the reasons mentioned below. Each reason has been categorized on its legal basis. Boutique hotel Seven Days shall not otherwise

(1.) process and use Personal Information of Customer for purposes other than set forth in the terms of service for the Service and the Privacy Terms, or as instructed by the Customer, or

(2.) disclose Personal Information to third parties other than the Subprocessors for the below mentioned purposes, or as required by law.

Processing for which the Customer has to give consent:

(1.) to analyze user characteristics and usage patterns in order to better understand how our Service is used and market it more effectively;

(2.) to request feedback and to enable us to develop, customize and improve the Service and our publications and products;

(3.) to inform Customer about other information, events, promotions, products or services we think will be of interest to Customer;

If Customer refuses consent for processing its personal information for the in this subsection mentioned purposes, Customer will not be hindered in its use of the Service. Refusing or withdrawing consent thus has no negative effects on Customer’s use of the Service.

Processing necessary for the performance of a contract and providing the Service:

(4.) for the provision of the Website and the provision of the Service according to our Terms of Service;

(5.) to process and/or respond to Customer’s requests, submissions, comments, complaints and any transactions;

(6.) to provide Customer with information or services requested;

(7.) to provide technical support and ensure the continued and smooth operation of the Service;

(8.) to facilitate Customer’s use and our operation of the Service;

(9.) for the purpose for which the information was provided;

If Customer objects to processing its personal information for the in this subsection mentioned purposes, Customer may be hindered in its use of the Service. We may block or limit your access to the Service and we reserve the right to end the agreement in accordance with the Agreement and/or the Terms of Use. The personal information mentioned in this subsection is required for the Service to function properly.

 

Processing necessary for compliance with a legal obligation

(10.) facilitate our administration of the Service;

(11.) to prevent or investigate actual or suspected fraud, hacking, infringement, or other misconduct involving our Services or Website.

If Customer objects to processing its personal information for the in this subsection mentioned purposes, Customer will not or no longer be allowed to make use of the Service. We reserve the right to end the agreement in accordance with the Agreement and/or the Terms of Use.

 

7. How long do we store Personal Information?

We store Personal Information for as long as is required to provide the Service. Below you will find a specification of how long Personal Information is stored and processed.

a) Name – For as long as Customer makes use of the Service, up to two years after the Agreement and/or Service has come to an end and/or as long as a legal obligation requires Boutique hotel Seven Days to store the Personal Information (e.g. tax related laws, Foreign Police laws);

b) Address – For as long as Customer makes use of the Service, up to two years after the Agreement and/or Service has come to an end and/or as long as a legal obligation requires Boutique hotel Seven Days to store the Personal Information (e.g. tax related laws, Foreign Police laws);

c) E-mail address – For as long as Customer makes use of the Service; up to two years after the Agreement and/or Service has come to an end

e) Contact information – For as long as Customer makes use of the Service, up to two years after the Agreement and/or Service has come to an end and/or as long as a legal obligation requires Boutique hotel Seven Days to store the Personal Information (e.g. tax related laws, Foreign Police laws);

g) Demographic information and location data – For as long as Customer makes use of the Service, up to one year after the Agreement and/or Service has come to an end and/or as long as a legal obligation requires Boutique hotel Seven Days to store the Personal Information (e.g. tax related laws, Foreign Police laws);

h) Content of messages of Customer contact – For two years after the question and/or complaint and/or any other reason for contact has been dealt with;

i) Customer testimonials, comments and/or reviews – For the specified period Customer gave permission to post the testimonials, comments and/or reviews online. If Customer did not give permission for a specified amount of time, the testimonials, comments and/or reviews will be stored for as long as the testimonials, comments and/or reviews are posted on the Website.

j) IP address – For up to two years after the IP address has been collected.

k) Device identifiers – For as long as Customer makes use of the Service and two years after the Agreement and/or the Service has come to an end;

l) User identifiers – For as long as Customer makes use of the Service and two years after the Agreement and/or the Service has come to an end.

 

8. Data processors and sharing of Personal Information

Boutique hotel Seven Days may engage subcontractors in accordance with the Agreement to assist in the provision of the Service and which may, as part of their role in delivering the Service, process Personal Information of users of the Service.

Boutique hotel Seven Days maintains a list of all Subprocessors that may process Personal Information of users of the Service.

Boutique hotel Seven Days has concluded data processing agreements with all Data processors in which they are required to abide by substantially the same obligations as Boutique hotel Seven Days under these Privacy Terms.

Unless otherwise described elsewhere in these Privacy Terms, we do not disclose, sell or trade any Personal Information about our visitors and users to any third parties.

We may share Personal Information with Data processors such as the credit card processor working with us in connection with the operation of the Website and/ or the Service and who need access to such information to carry out their work for us. Any credit card details collected are simply passed on in order to be processed as required. We never permanently store complete credit card details.

In some cases, the Data processor may be directly collecting the information from you on our behalf. If Data processor provides Personal Information to Boutique hotel Seven Days, Boutique hotel Seven Days shall mention what Personal Information that Data processor provides to Boutique hotel Seven Days on the list that Boutique hotel Seven keeps of its Data processors. We inform Data processors that they are not permitted to use Personal Information they obtain from us other than to provide the Service for us. We are not responsible for any additional information you provide directly to these Data processors. Please become familiar with their practices before disclosing any Personal Information directly to such Data processors.

From time to time, we may also share Personal Information with third parties when you give us your consent to do so. For example, we may enter into relationships with other parties to make specific services or offers available directly to our users. If a user opts-in to these third party services or marketing offers, we may share the Personal Information you provide at the time of sign-up or such other Personal Information, such as your name or other contact information, that we deem reasonably necessary or appropriate for our business partner to provide these services or offers or get in contact with you.

We may disclose Personal Information in the good faith belief that we are lawfully authorized or required to do so, or that doing so is reasonably necessary or appropriate to comply with the law or with legal process or authorities, respond to any claims, or to protect the rights, property or safety of Boutique hotel Seven Days, our users, our employees or the public, including without limitation to protect Boutique hotel Seven Days or our users from fraudulent, abusive, inappropriate or unlawful use of the Service. Boutique hotel Seven Days will promptly notify Customer of any request of an executive or administrative agency or other governmental authority that it receives and which is related to Personal Information of Customer, unless prohibited by applicable law. Customer acknowledges and agrees that Boutique hotel Seven Days has no responsibility to interact directly with the entity making the request.

 

9. Protection of Personal Information

Boutique hotel Seven Days shall ensure it implements and maintains compliance with appropriate technical and organizational security measures for the processing of Personal Information. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it.

We have put in place physical, electronic, and managerial procedures that are designed to prevent unauthorized access, loss, or misuse.

We use SSL (secured socket layer) technology to encrypt your transmission of sensitive information to us, such as account passwords, credit card numbers and other payment-related identifiable information).

We restrict internal access to Personal Information to employees who need the information to perform their duties. The unauthorized access or use of such information by an employee is prohibited and constitutes grounds for disciplinary action. Employees of Boutique hotel Seven Days are bound to a confidentiality clause.

Our information management systems are configured in such a way as to block or inhibit employees from accessing information that they have no authority to access.

You should note that our Data processors may be responsible for processing, handling or storing some of the Personal Information that we receive. They are not authorized to market to you independently. These Data processors are contractually by means of a data processing agreement with Boutique hotel Seven Days required to safeguard and secure the Personal Information they received from us.

No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.

Boutique hotel Seven Days shall ensure it has a procedure to periodically test and evaluate its technical and organizational security measures for the processing of Personal Information.

 

10. Cooperation and notification obligations

Boutique hotel Seven Days and the Customer will – to the extent possible – co-operate with each other to promptly and effectively handle enquiries, complaints, and claims relating to the processing of Personal Information from any government official or authority (including but not limited to any data protection legislation enforcement agency), third parties or individuals (including but not limited to the data subjects).

Boutique hotel Seven Days and the Customer are aware that applicable data protection legislation may impose a duty to inform the competent authorities or affected data subjects in the event of a data breach.

 

11. How can Customer review, update, correct, or delete Personal Information

Customer may review, update, correct or delete its Personal Information collected through the Website and Service by e-mailing us at info,hotelsevendays,cz.

Note that the deletion of Customer information data may lead to the termination of the Account of Customer and the use of the Service.

To have access to your Personal Information, you must provide sufficient proof of identification as we request, and we reserve the right to deny access to any user if we believe there is a question about your identity. We will respond to all access requests within 4 weeks.

Customer can request us to limit or stop the processing of its Personal Information in the future. We will meet the request of Customer, but Customer may be hindered in its use of the Service or may no longer be able or allowed to use the Service, as stated in Article 4 of these Privacy Terms.

Customer can request us with reasonable intervals to transfer the Personal Information we process about him or her to him or her or another third party as specified by Customer, as long as the requested information does not include Personal Information of other natural persons and as long as the requested information has been processed based on the legal grounds of Customer permission or necessity for providing the Service and performing the contract. We will meet the request of Customer within 4 weeks after we have received the request.

Customer has the right to file a complaint to the competent privacy authority. For the Czech republic, this authority is the Úřad pro ochranu osobních údajů, which can be reached at www.uoou.cz .

If a data subject contacts Boutique hotel Seven Days directly with a request as stated before, we will redirect the data subject to Customer and only after permission of the Customer shall we provide an overview of Personal Information of that data subject.

We reserve the right to retain your information in our files if we believe it is necessary or advisable to resolve disputes, enforce applicable terms of service, and for technical and legal requirements and constraints related to the Service.

 

12. Incident Management

Boutique hotel Seven Days shall evaluate and respond to incidents that create suspicion of unauthorized access to or handling of Personal Information. The response will be to restore confidentiality, integrity and availability of the environment of the Service. Furthermore Boutique hotel Seven Days shall establish root causes and remediation steps.

 

13. Return / deletion of Personal Information upon termination

At the moment the agreement for making use of the Service is terminated for any cause, Boutique hotel Seven Days will make available for retrieval all Personal Information of Customer. Following the return of the Personal Information, or as agreed to otherwise by Boutique hotel Seven Days and Customer, Boutique hotel Seven Days will promptly permanently delete or otherwise render inaccessible all copies of the Personal Information of Customer, except as may be required by law.

 

14. Termination

This data processing agreement between Customer and Boutique hotel Seven Days shall automatically terminate at the moment the agreement for making use of the Service is terminated. However, the terms of this data processing agreement shall continue to apply for as long as Boutique hotel Seven Days possesses Personal Information of Customer.

 

15. Governing Law

This data processing agreement shall be governed exclusively by the law of the Czech republic, unless mandatory law dictates otherwise.

 

Contact Us

If you have any questions, concerns, or comments regarding these Privacy Terms, please contact us via e-mail at info,hotelsevendays,cz.