Who processes your personal data?

The controller of personal data pursuant to Art. 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) Miloš Jochman, with permanent residence at Vinohrady 230, 664 61 Rebešovice (hereinafter: “Controller”) and as the Controller will process your personal data according to the terms and conditions set out below. The controller has not appointed a data protection officer. This website uses the hosting services of RYWASOFT s.r.o., with which the processing contract is signed.

What personal data do we process?

Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. We only process personal data that you provide to us in connection with the use of our services in the context of ordering a subscription to one of our titles. This is most often the information you provide when filling in the contact form:
  • Name and surname
  • Address
  • E-mail
  • Telephone number
  • Other data voluntarily filled in by you.
And the data we collect from you when you use our services:
  • IP address
  • cookies (in the case of online services) – for more information on cookies, please click here.
  • or other online identifier
We use JavaScript on our website, which is part of the source code of the website for its functionality.

Why do we process personal data and on what basis?

The lawful reason for processing personal data is:
  • the performance of the contract between you and the administrator pursuant to Art. 6 para. 1 lit. b) GDPR
  • to process your personal data on the basis of fulfilling our obligations under the law (for example, archiving accounting records), even without your consent
  • the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Art. 6 para. 1 lit. (f) GDPR
The purpose of processing personal data is:
  • processing your order and exercising the rights and obligations arising from the contractual relationship between you and the administrator
  • when placing an order, personal data are required for the successful execution of the order (name and address, contact), the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data, it is not possible to conclude the contract or to perform it by the administrator to improve the quality of our services
  • performing analysis and measurement to display content that meets your individual needs
  • sending commercial communications and doing other marketing activities.
There is no automatic individual decision-making by the administrator within the meaning of Art. 22 GDPR.

Who will have access to your data and for how long?

The controller declares that it has taken all appropriate technical and organisational measures to secure your personal data. Only authorised persons have access to personal data. The partners to whom we entrust your data are also able to provide technical and organisational security to prevent unauthorised or accidental access to or other misuse of your data. The third parties who may have access to your personal data to the extent necessary are:
  • persons involved in the delivery of goods/services and the making of payments;
  • persons to whom we provide data for the purpose of analysing traffic to our websites;
  • persons who provide security and integrity of our services, technical operation of a particular service, technology operators and other services that we use in connection with the operation of the e-shop and web services;
  • collection agencies for the purpose of collection or recovery of our company’s debts;
  • operators of advertising systems in connection with targeted advertising;
  • when a recurring payment is set up, the customer’s payment data will also be stored on the side of the respective payment gateway or bank;
  • we are then obliged to transfer some of your personal data to public authorities under certain, precisely defined conditions.
The controller does not intend to transfer personal data to a third country. All data is stored in EU countries or countries designated as safe by the EU. The controller retains the personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims arising from these contractual relationships and subsequently for a period of 10 years from the termination of the contractual relationship. You may exercise any of your rights described below at any time. After the expiry of the retention period, the controller shall delete the personal data.

Is my personal data safe?

We approach the protection of personal data with the utmost care and use. We use sufficient security. All personal data is secured by standard technologies and procedures, which we continuously check and update. In order to better secure your personal data, access to this data is password protected and sensitive data is encrypted during transmission between your browser and our website. It is important to note that even maximum security does not guarantee 100% protection of personal data against access, copying, disclosure, alteration or destruction by a third party. Without your help and responsible behaviour, we cannot fully ensure the security of your data. So keep your passwords to our services secret and choose a password that is not easy to deduce. Observe basic safety guidelines.

Can we process your personal data without your consent?

We may process your personal data without your consent. The lawfulness of such processing follows directly from applicable law. This is a case where your personal data is necessary:
  • for the performance of any obligation arising from a contract between us, the provision of a service or product
  • in order to comply with all generally binding legal regulations, we must process certain personal data notwithstanding your consent for the period of time specified by or in accordance with the relevant legislation, even after any withdrawal of your consent
  • processing that is necessary for the purposes of our legitimate interests (e.g. to ensure the security of our websites).

What rights do you have in relation to data protection?

Please note that you are under no obligation to provide us with any information and that providing such information is voluntary. However, we will not be able to provide you with our service without the information marked as mandatory. According to Regulation (EU) No. 2016/679 of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, you have the right with our company as the controller of your personal data:
  • request access to the personal data we process about you and have the right to access this personal data and other information referred to in Art. 15 Regulation,
  • request the rectification of personal data we process about you if it is inaccurate, request the erasure of personal data (the right to be “forgotten”) in certain cases,
  • to request a restriction of data processing,
  • to obtain personal data relating to you in a structured, commonly used and machine-readable format and have the right to transfer that data to another controller,
  • you have the right to object to or complain about processing in certain cases,
  • the right to be informed of a personal data breach in certain cases,
  • other rights set out in the Data Protection Act and the General Data Protection Regulation No. 2016/679 after its entry into force.
You can exercise each of these rights by contacting us at the contact details below. If we receive your request, we will inform you of the action taken without undue delay and in any event within one month of receiving your request. This deadline may be extended by a further two months if necessary, taking into account the complexity and number of applications. Every user using our services has the possibility to get an overview of all the personal data we record about them. In the event that your request is not accepted, we are obliged to inform you without delay and within one month of receipt of the reasons for not taking action. In certain cases where your request will be unreasonable or unfounded (in particular where the request is unreasonably repetitive), we are not obliged under the Regulations to comply with all or part of your request. In such cases, we may charge you a reasonable fee that takes into account the administrative costs associated with providing the requested information or communication or taking the requested action. As a data subject, you always have the right to directly contact the supervisory authority, which is the Office for Personal Data Protection. If we receive your request but have reasonable doubt about your identity, we may ask you to provide additional information necessary to confirm your identity. If you believe that our company processes your personal data unlawfully or otherwise violates your rights, you have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, or you have the right to seek judicial protection.

How can you contact us?

If you have any questions or if you wish to exercise your legal rights or to object to further receipt of our commercial communications, you can contact us by e-mail: rezervace@vilapenati.cz. The request can also be addressed by correspondence to Vinohrady 230, 664 61 Rebešovice. In order to verify your identity, we may ask you to provide us with appropriate proof of your identity. This is a precautionary security measure to prevent unauthorised persons from accessing your personal data.