PERSONAL DATA PROCESSING AND PROTECTION PRINCIPLES

of the company EMPIRENT a.s.

This document was prepared by EMPIRENT a.s., Company Identification Number: 274 16 445, Registered office: Vlastislavova 152, 140 00 Prague 4 – Nusle, registered in the Commercial Register at the Municipal Court in Prague, Section B, File 10462, in order to provide complete information on the methods and conditions of personal data processing by the company. This document is designed to help you better navigate personal data protection issues and is a tool to easily exercise your rights and address your requirements.

1. Legal framework of processing

EMPIRENT a.s. processes your personal data always and exclusively in accordance with the applicable legislation, i.e. Act No. 101/2000 Coll., on the protection of personal data, as amended, and Regulation (EU) No. 2016/679 of the European Parliament and of the Council (GDPR Regulation). EMPIRENT a.s. places special emphasis on the security of the processing and protection of your personal data, and the protection of your personal data is an absolute priority for us.

Beyond the scope of Act No. 101/2000 Coll., respectively the GDPR Regulation, EMPIRENT a.s. is also obliged to comply primarily with the following legal regulations in the exercise of its business activities, which also stipulate obligations with an impact on the processing of personal data and that are binding for EMPIRENT a.s.:

  • Act No. 634/1992 Coll., on Consumer Protection, as amended
  • Act No. 326/1999 Coll., on the Residence of Foreigners in the Czech Republic and on Amendments to Certain Acts, as amended
  • Act No. 565/1990 Coll., on Local Fees, as amended
  • Act. No. 262/2006 Coll., Labor Code, as amended
  • Act. No. 187/2006 Coll., on Sickness Insurance, as amended
  • Act No. 155/1995 Coll., on Pension Insurance, as amended
  • Act No. 582/1991 Coll., on the Organization and Implementation of Social Security, as amended
  • Act No. 563/1991 Coll, on Accounting, as amended.
  • Act No. 337/1992 Coll., on the Administration of Taxes and Fees, as amended
  • Act No. 586/1992 Coll., on Income Tax, as amended
  • where appropriate, with supplementary, amending or replacing legislation,

EMPIRENT a.s. is subject to supervision by the Office for Personal Data Protection of the Czech Republic, to which you may, if you are not satisfied with the procedures of EMPIRENT a.s. when exercising your rights, respectively file a complaint during the processing of your personal data.

Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7

2. Who the data is processed by

The administrator of your personal data is EMIRENT a.s., Company Registration Number: 274 16 445, Registered office: Vlastislavova 152, 140 00 Prague 4 – Nusle, Registered in the Commercial Register at the Municipal Court in Prague, Section B, File 10462 (hereinafter also referred to as “EMPIRENT”).

You can exercise all your rights against this administrator and direct your questions to it.

EMPIRENT processes your personal data through its authorized employees and selected associates, in each case, the following persons:

  1. are thoroughly selected and audited, are of good repute and capable of ensuring the proper protection of your personal data,
  2. are bound by the obligation of confidentiality under strict sanctions,
  3. are bound by strict rules of processing and at the same time they are obliged to themselves ensure all safety standards set by EMPIRENT and regularly checked by them,
  4. to only process the extent of your personal data that is necessary for the fulfillment of the given processing task, and only for the necessary period of time,
  5. always process your personal data in a secure environment of the EMPIRENT information system on secure computer equipment,
  6. are obliged to record all personal data processing activities carefully,
  7. shall be subject to regular and continuous monitoring of the fulfillment of their duties in the preparation and observance of EMPIRENT safety standards.

3. The personal data that EMPIRENT process

In accordance with the relevant legal regulations, EMPIRENT processes only personal data imposed by the relevant legal regulation and such data that are necessary for the performance of EMPIRENT’s business activities, i.e. only data that is necessary to meet your accommodation requirements. EMPIRENT further processes the personal data of its employees, co-workers and third parties that are necessary for the proper performance of EMPIRENT’s obligations under the relevant legal regulations and specific contracts (employment, cooperation, etc.). To this end, EMPIRENT shall process the following categories of data:

  1. identification data – personal data used to identify you (name, surname, maiden name, title, personal number, date of birth, ID number, Company Registration number, etc.),
  2. contact information – personal information used to contact you (permanent address, mailing address, telephone number, e-mail address),
  3. information about your accommodation – length of accommodation, data of accommodated persons, special requests for accommodation, etc.
  4. personal data of employees, associates and third parties – EMPIRENT processes the personal data of such persons to the extent required by applicable law or to the extent necessary to exercise the rights and obligations under the applicable contractual document, including the health status of employees (e.g. data on incapacity for work, accidents at work, etc.).

    EMPIRENT is obliged to process the personal data mentioned above even without your consent, as their processing is imposed by the relevant legislation or EMPIRENT is entitled to process these in connection with the fulfillment of contractual obligations or based on a legitimate interest (see below). However, it remains solely up to you whether you provide EMPIRENT with your personal data or not. However, if you do not provide personal data to the desired extent, one of the following three situations may occur. EMPIRENT:

    1. must not provide the service, if so specified in a special regulation; or
    2. it is entitled not to trade, respectively not to enter into a contract or not to provide a service.
  5. Personal data for EMPIRENT’s marketing activities – personal data processed by EMPIRENT for the purpose of EMPIRENT’s marketing activities, in particular sending commercial messages or advertising (name, surname, telephone number, e-mail address, mailing address),
  6. photos / videos – these are photos / videos from events organized by EMPIRENT that require separate approval, photos and videos can be used for the marketing promotion of EMPIRENT by publishing them on social networks, web presentations of EMPIRENT, in leaflets etc.

EMPIRENT is entitled to process the personal data listed above only with your consent, always for the necessary period of time, but no longer than for the duration of such consent. Granting of consent to processing is completely voluntary. The above applies with the exception of sending commercial communications by e-mail, which is possible in relation to EMPIRENT’s clients in accordance with Section 7 of Act No. 480/2004 Coll., On Certain Information Society Services and on Amendments to Certain Acts, as amended, to send also without prior express consent until such time as the data subject objects to such sending.

EMPIRENT only processes personal data to the extent necessary for the fulfillment of a given purpose; personal data obtained for one purpose may not be used for another purpose unless these purposes are compatible with each other.

As a rule, EMPIRENT only processes the personal data you have provided.

4. What purpose EMPIRENT processes personal data for

EMPIRENT processes your personal data for the following purposes:

  1. pursuit of its own business consisting in providing accommodation services,
  2. fulfillment of legal obligations,
  3. fulfillment of legal obligations, performance of contractual obligations,
  4. protection of persons, property, data, trade secrets and legitimate interests of persons, including proper identification and authentication of acting persons,
  5. identification, execution and defense of EMPRIENT’s legal claims,

    for the purposes referred to in point a) to e) EMPIRENT is authorized to process your personal data in accordance with the GDPR Regulation, even without your consent.

  6. Marketing events and promotional activities of EMPIRENT – sending marketing offers, advertising, sales events, brand awareness events and sales promotion and development, promotion within the Internet environment,
  7. possibly other purposes.

For the purposes of point f) and g) EMPIRENT processes personal data solely with your consent. The above applies with the exception of sending commercial communications by e-mail, which is possible in relation to EMPIRENT’s clients in accordance with Section 7 of Act No. 480/2004 Coll., On Certain Information Society Services and on Amendments to Certain Acts, as amended , to also send without prior express consent until such time as the data subject objects to such sending.

EMPIRENT is also entitled to process personal data (if applicable) for the purpose of identifying, exercising and defending its own legal claims, even though the personal data were obtained for another purpose. EMPIRENT is entitled to proceed in this way if the original purpose and the purpose of defending legal claims are related in any way, resp. they follow each other.

5. On what legal basis and for how long does EMPIRENT process personal data

EMPIRENT processes personal data within the meaning of Article 6 or Article 9 of the GDPR Regulation on the following legal bases:

  1. data subject’s consent – on this legal basis, personal data are processed in the absence of (if it is not possible to apply) another legal basis for processing, always for the duration of the purpose for which the personal data has been collected, however, at the latest until the consent is withdrawn, and in such cases, you always have the right to withdraw your consent (the ways of withdrawing the consent are listed below),
  2. performance of contractual obligations – if a contract has been concluded between you and EMPIRENT to which you and EMPIRENT are parties, EMPIRENT is entitled to process personal data obtained during the performance of the contract, respectively which are necessary for the exercise of the rights and obligations under the contract for the duration of the contract,
  3. fulfillment of a legal obligation – EMPIRENT is obliged to process selected personal data, if such an obligation is imposed by the relevant legal regulation, for the period specified in the relevant legal regulation. In particular, the following legislation is relevant for the work of EMPIRENT in relation to the processing of personal data:
    1. Act No. 257/2016 Coll., on Consumer Credit, as amended,
    2. Act No. 326/1999 Coll., on the Residence of Foreigners in the Czech Republic and on Amendments to Certain Acts, as amended
    3. Act No. 565/1990 Coll., on Local Fees, as amended
    4. Act No. 262/2006 Coll., Labor Code, as amended,
    5. Act. No. 187/2006 Coll., on Sickness Insurance, as amended
    6. Act No. 155/1995 Coll., on Pension Insurance, as amended
    7. Act No. 582/1991 Coll., on the Organization and Implementation of Social Security, as amended
    8. Act No. 563/1991 Coll, on Accounting, as amended.
    9. Act No. 337/1992 Coll., on the Administration of Taxes and Fees, as amended
    10. Act No. 586/1992 Coll., on Income Tax, as amended
    11. where appropriate, supplementary, amending or replacing legislation,
  4. EMPIRENT’s legitimate interest – in which case EMPIRENT processes personal data for the duration of its legitimate interest. In the event that you object to such processing justified by your individual situation and that objection is upheld after proper assessment by EMPIRENT, then EMPIRENT shall terminate the processing.

    The legitimate interests of EMPIRENT shall in particular mean the legitimate interest of:

    1. in the conduct of its own business,
    2. in determining, exercising and defending EMPIRENT’s legal claims, in this case the scope of processed personal data is limited to the necessary minimum and further access to personal data is restricted only to designated persons (typically if a contract has been concluded between you and EMPIRENT, to which you and EMPIRENT are a party, EMPIRENT processes certain personal data obtained in activities under such a contract even after its termination, as you and EMPIRENT may assert your claims within the statutory limitation periods upon termination),
    3. for the protection of persons, property, data, trade secrets and legitimate interests of persons, including the interest in the proper identification and authentication of acting persons.

Any personal data may be processed on multiple legal bases. Any personal data may be processed provided there is at least one legal basis for its processing. If the last legal basis for the processing of the personal data is omitted, the personal data must be properly destroyed.

6. To whom personal data may be passed

EMPIRENT is authorized to provide personal data to the following entities:

  1. state authorities and other entities within the fulfillment of a legal obligation within the meaning of the relevant legal regulations (e.g. Act No. 326/1999 Coll., On the Residence of Foreigners in the Czech Republic and on Amendments to Some Acts, as amended , Act No. 187/2006 Coll., on Sickness Insurance, as amended, Act No. 155/1995 Coll., on Pension Insurance, as amended, Act No. 582/1991 Coll., on the Organization and Implementation of Social Security, as amended, etc.),
  2. personal data processors under a written agreement on the processing of personal data and providing sufficient technical and organizational safeguards to protect personal data (e.g., IT service providers, accountants, etc.),
  3. employees or other persons in a similar contractual relationship with EMPIRENT for the performance of their work duties on behalf of EMPIRENT,
  4. other entities, if it is necessary for determining, exercising or defending the legal claims of EMPIRENT (e.g. courts, executors, lawyers, etc.),
  5. with the consent of the data subject to other persons,

provided that personal data are only provided to the abovementioned recipients only to the extent necessary for the intended purpose and for the necessary period of time.

7. Principles of personal data protection

EMPIRENT is strictly committed to complying with all security and organizational measures it has implemented to protect personal data.

EMPIRENT regularly and consistently checks compliance with security and organizational measures to ensure the protection of personal data, regularly evaluates the findings and updates its security and organizational measures as necessary.

Personal data is processed solely by authorized persons, who are thoroughly verified by EMPIRENT both before and during the processing. All persons who have access to personal data are bound by the obligation of confidentiality under strict sanctions.

8. What rights you have and how you can exercise them

Art. 15-22 of the GDPR defines the rights that you can exercise against EMPIRENT. To facilitate the exercise of your rights, EMPIRENT has created a simple form that is available here. By using this form, you will avoid unnecessarily prolonging the entire exercise process and any potential complications.

Please send the completed and signed form to the address:

EMPIRENT a.s.
Vlastislavova 152
140 00 Prague 4 – Nusle

In order to protect your personal data, We DO NOT RECOMMEND that you send your signed and completed form via an unencrypted e-mail message.

You may exercise the following rights at your discretion:

  1. the right of access to personal data – EMPIRENT will provide you with an extract (confirmation) of personal data processed about you within the scope of Article 15 of the GDPR upon request (forms) with your officially verified signature,
  2. the right to correct inaccurate personal data – If you find that EMPIRENT is processing inaccurate or outdated personal data, EMPIRENT is obliged to correct inaccurate personal data without undue delay after being notified, this is done upon written request (forms) or through compliance@empirent.cz.
  3. the right of erasure – in the cases provided for in Article 17 of the GDPR Regulation, EMPIRENT will erase the processed personal data (in particular cases where you would withdraw consent to processing and there is no other legal basis for such processing, if you would object to processing and there are no overriding legitimate reasons for EMPIRENT processing, when personal data are no longer needed for the given purpose, etc.), based on a written request (forms) or automatically if personal information is no longer needed for the purpose of processing,
  4. Right to restrict processing – while EMPIRENT assesses the legitimacy of your objection to processing, or until EMPIRENT verifies the accuracy of personal data where you deny its accuracy, or if processing is illegal and you refuse to delete it and instead apply for restrictions on use, EMPIRENT temporarily restricts the processing of personal data. It is done upon written request (forms), if you request a restriction, or automatically in the event of a right of objection or correction,
  5. portability right – if the processing of specific personal data is based on consent or on a contract and is also automated, you have the right to obtain and to transfer to another administrator personal data concerning you. It is done upon written request (forms) with your officially verified signature,
  6. the right to an individual objection – if processing is based on EMPIRENT’s legitimate interest, you have the right to object to such processing for reasons specific to your particular situation. The objection will be thoroughly assessed by EMPIRENT. The objection will be granted if your individual interest outweighs the legitimate interests of EMPIRENT. It is executed based upon written request (forms),
  7. the right to object to direct marketing – if personal data are processed for direct marketing purposes, you may object to direct marketing. Unlike the individual objection under (a) (f) of this Article, this objection is not considered, but processing for these purposes is automatically terminated. It is done on the basis of a written request (forms) or by clicking on the link provided directly in a specific electronic marketing message,
  8. the right to revoke consent to processing – If you have given EMPIRENT permission to process your personal data, it may be revoked either as a whole or for individual processing purposes. EMPIRENT will no longer process personal data whose processing has been revoked unless there is no other legal basis for the processing. The consent can be withdrawn electronically at the e-mail address compliance@empirent.cz or in writing by mail to the address of the registered office of EMPIRENT a.s., Vlastislavova 152, 140 00 Prague 4 – Nusle.
  9. The right not to be subject to any decision based solely on automated processing, including profiling that would have legal effects or would be of similar concern to you – this right does not apply, EMPIRENT does not conduct any automated decision making that has legal or similar effects for you.

In all the above cases, EMPIRENT will provide you, without undue delay, but no later than 1 month after receiving your request, with information on how your request has been resolved. Given the complexity and number of applications, the deadline can be extended by a further 2 months.

In cases where applications are manifestly unfounded or disproportionate, in particular because they are recurring, EMPIRENT may refuse to comply or impose an administrative fee for processing the application taking into account the costs of providing the information.

If you disagree with EMPIRENT’s approach to addressing or protecting your rights or processing your personal data, or if you have other knowledge or comments, you may use the email address compliance@empirent.cz , where you can send us your comments. We will look into each and every one of your comments.

Newsletter

Subscribe to our newsletter and stay updated