PERSONAL DATA PROTECTION

Please take a moment to review how we protect the personal data you entrust to us as a visitor to our website or as our client (hereinafter referred to as the "Data Subject"), as well as the principles and rights you have under GDPR (General Data Protection Regulation).Subjekt údajů“) svěřujete, se zásadami a právy, které máte v souvislosti s GDPR (Nařízení o ochraně osobních údajů).

CONTROLLER AND PROCESSOR 

Správcem a zpracovatelem osobních údajů je společnost Airstay Prague s.r.o., se sídlem Charvátova 3, Praha 1 – Nové město, 110 00, IČ: 06590888, zapsané v obchodním rejstříku vedeném Městským soudem v Praze, oddíl C, vložka 284984 (dále jen „Správce“). 

The controller and processor of personal data is Airstay Prague s.r.o., with its registered office at Charvátova 3, Prague 1 – Nové Město, 110 00, Company ID: 06590888, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 284984 (hereinafter referred to as the "Controller").GDPR“), se zákonem o ochraně osobních údajů č. 101/2000 Sb., o ochraně osobních údajů a se zákon č. 110/2019 Sb., o zpracování osobních údajů.

SCOPE AND PURPOSE OF PERSONAL DATA PROCESSING

The Controller processes personal data to the extent provided by the Data Subject, based on a valid legal basis, primarily legitimate interest, contractual obligation, legal duty, or given consent. Data may also be collected by other means and is processed in accordance with applicable laws or for fulfilling the Controller’s legal obligations.

The Controller obtains personal data from:

  1. Directly from Data Subjects (via personal communication, email, telephone, website, contact form, business cards, etc.)
  2. Publicly accessible registers and records (e.g., Trade Register, Commercial Register), for the purpose of issuing accounting documents and verifying information.

 

In accordance with Article 6(1) of the GDPR, the Controller may process the following data without consent:

  1. Processing is necessary for performance of a contract with the Data Subject or pre-contractual arrangements
  2. Processing is necessary to protect the vital interests of the Data Subject or another person
  3. Processing is necessary for performance of a contract with the Data Subject or pre-contractual arrangements
  4. Processing is necessary for a task carried out in the public interest or under official authority
  5. Processing is necessary for the purposes of legitimate interests, except where such interests are overridden by the Data Subject's rights and freedoms

CATEGORIES OF PERSONAL DATA PROCESSED

To provide services and fulfill contractual obligations, the Controller processes:

  1. Address and identification details (e.g., name, surname, title, birth number, date of birth, permanent address, company ID, VAT ID)
  2. Contact information (e.g., phone number, email address, contact address)
  3. Other data necessary for contract fulfillment

For accounting and payment purposes, the Controller processes invoicing data such as VAT ID and bank account details.

The Controller may also process data beyond legal requirements with the Data Subject's consent (e.g., photographs, use of data for marketing or informational purposes).

 

CATEGORIES OF DATA SUBJECTS

  1. client
  2. Employee of the Controller
  3. suplier
  4. Other contractual partner

 

RECIPIENTS OF PERSONAL DATA

The Controller may authorize a processor who has a valid processing agreement and ensures sufficient data protection. Personal data may only be shared with collaborators or processors who provide administrative or technical support for the Controller’s website or operations (e.g., accountants). Access by other parties is permitted only to meet legal obligations. All persons processing personal data are bound by confidentiality and must follow legal regulations even after termination of cooperation. Personal data will not be shared with third parties without the Data Subject's consent. The Controller does not intend to transfer personal data outside the EU. Data is processed exclusively within the EU or in countries recognized by the European Commission as providing adequate protection.

 

ZPŮSOB ZPRACOVÁNÍ A OCHRANY OSOBNÍCH ÚDAJŮ

Správce provádí zpracování osobních údajů. Ke zpracování údajů dochází za dodržení bezpečnostních zásad pro správu a zpracování osobních údajů. Správce přijal technické, organizační a právní opatření k zajištění ochrany osobních údajů, zejména opatření, aby nemohlo dojít k neoprávněnému nebo nahodilému přístupu k osobním údajům, jejich změně, zničení či ztrátě, k jejich neoprávněnému zpracování, jakož i k jinému zneužití osobních údajů. Veškeré subjekty, kterým mohou být osobní údaje zpřístupněny, respektují právo subjektů údajů na ochranu soukromí a svoboda jsou povinny postupovat dle platných právních předpisů týkajících se ochrany osobních údajů.

METHOD OF PROCESSING AND PROTECTION OF PERSONAL DATA

The Controller ensures that personal data is processed securely. Technical, organizational, and legal measures are in place to prevent unauthorized or accidental access, modification, destruction, loss, or misuse. All parties involved must respect the privacy rights of Data Subjects and comply with data protection legislation.

RETENTION PERIOD OF PERSONAL DATA 

In accordance with GDPR, the Data Subject has the right to request:

právo k následujícím informacím o zpracovávaných osobních údajích:

  1. Information about the processing purpose
  2. Categories of personal data concerned
  3. Recipients or categories of recipients
  4. Source of the personal data
  5. informace o zdroji osobních údajů,

The Controller may charge a reasonable fee for providing information after the first copy, based on administrative costs.

If the Data Subject suspects misuse or unlawful processing of their personal data, they may:

  1. Request an explanation from the Controller
  2. Request rectification, supplementation, blocking, or deletion of data
  3. If the request is justified, the Controller shall remedy the situation promptly

 

File a complaint with the Office for Personal Data Protection

The Data Subject has the right to withdraw previously granted consent and may exercise the right to rectification, deletion, restriction, data portability, and the right to be forgotten.

COOKIES

When browsing the Controller’s website, the IP address, visit duration, and referral URL may be recorded. Cookies for advertising targeting will only be processed with the Data Subject's consent. Cookies can be disabled, and browsing is possible in a mode that prevents personal data collection. The Controller does not use cookies to store personal information or share it with third parties.