We use your data to provide the accommodation and/or other services you have ordered from us, as well as for fulfilling the obligations placed on us through the legislation regulating our activities and general business aims, such as:

• Personal data – this data is required for identifying your person, which is important to ensure that the services are provided to the person for whom they were actually ordered.
• Contact data – this data is required to contact you. We will most often contact you by phone or e-mail; however, under certain circumstances, it may be necessary to use your residential address (e.g. when other means of communication fail to function).
• Guest registration card data – we have an obligation, according to tourism legislation, to collect this data. The aim of this data collection is to avoid problems; for example, the dangers inherent in illegal immigration.
• Credit card data – this data is required if, based on our general conditions and/or accommodation agreement we have the right to block a certain amount on your credit card, as a payment for the services ordered or as compensation for expenses.
• Car data – this data is required in case you have arrived to our hotel by car and would like to have parking fee added to your room bill.
• Surveillance camera recordings – this data is required for security reasons.
• Data concerning your personal preferences – we will use such data, when we request it or when you voluntarily offer it, to offer you better services based on your desires and interests.

We are not able to provide you with accommodation services if you do not present us with the guest registration card data.

We rely on different legal bases for the processing of your data:

• The need to create a contractual relationship with you, or to fulfil an agreement that has been signed.
• You always have the right to revoke your agreement, if we rely on your permission when processing your personal data.
• The need to fulfil our legal obligations (e.g. completing and storing guest registration cards for a period of 2 years).
• The need to carry out our legitimate interests, including the management of the company and the general realisation of its business activities, as well as the discovery of legislation violations and fraud.
• The need to protect your vital interests or those of other persons (e.g. releasing your data to ambulance workers in the case of an accident).
• Other legally permitted bases.

We do not share the information you have entrusted to us, except in limited cases which are described below, and cases that are necessary for fulfilling the aims described in this Privacy Notice:

• • Service providers: like many other companies, we may order data processing services from reputable third party service providers – for example, IT and consultation services;
  • Public authorities and state institutions: we may share the data if we are legally obligated to share the data with public institutions, or if the data sharing is necessary to ensure the protection of our rights;
  • Professional consultants and others: we may share your data with professional consultants such as auditors, lawyers, accountants and other persons responsible for providing consultation services;
  • Third parties related to the company transactions: occasionally, we may share your data with third parties related to a corporate transaction, such as the selling of a company or a part thereof to another company. Similarly, a company reorganisation, joint company creation, and the relocation of company assets or shares through other means may require the sharing of data.

We will ensure the protection of your data if we share your data with the abovementioned persons, through establishing a data processing agreement between us and such persons.

We do not store or forward your data outside the European Economic Area or to countries to which the Directive 95/46/EC Article 25(6) does not apply, or if a decision concerning sufficient protection has not been made based on the directive’s subsequent document, which is the General Data Protection Regulation (EU) 2016/679 Article 45(1).

We will store your data for as long as it is necessary for the purpose of fulfilling our different data processing aims.

The company shall consider the following criteria when storing personal data:

• The data will be stored for as long as it is necessary for the purpose of providing our services.
• If the person has a client account or a loyalty card, then the personal data will be stored for as long as the account / card is active, or for as long as is required in order to offer personalised services.
• When the company has a legal, contractual or other similar obligation for storing the personal data, then the data will be stored for as long as is required to fulfil such an obligation.
• After the end of the contractual relations, certain data will be stored for as long as the person (data subject) or the company itself has the right to present demands to the other party based on a contract.

Guest registration card data, for example, is stored for a period of 2 years from the moment when the card is filled in according to the requirements of the tourism legislation. Guest’s name, contact data, accommodation provision dates and personal preferences is collected in need to create a contractual relationship and fulfil an agreement between hotel and guest, therefore this data is stored for a period of 10 years until the expiration of the contractual obligations.

We will store your contact data until you revoke your agreement, if you have given us permission to forward direct marketing materials.