TERMS AND CONDITIONS FOR PERSONAL DATA PROCESSING
(“Terms”)

DEFINITIONS

Data Controller / Operator: GF Hospitality s.r.o., ID No.: 238 55 568, Jáchymova 26/2, 110 00 Prague 1 – Staré Město, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 434049
(hereinafter referred to as the “Aparthotel” or the “Operator”)

Customer: A natural or legal person using the services of the Operator

Regulation: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation (GDPR).

GENERAL PROVISIONS

The purpose of these Terms is to ensure the processing of personal data of customers obtained in connection with the business activities of Aparthotel Mádr, Modrava 32, 341 92 Modrava, and to establish the obligation to maintain confidentiality regarding such obtained information, to the extent and under the conditions defined herein.

The Aparthotel undertakes to process personal data of customers in accordance with these Terms. These Terms have been prepared in the scope of rights and obligations arising from applicable legal regulations governing the processing of personal data, in particular the Regulation.

RIGHTS, OBLIGATIONS AND CONFIDENTIALITY

The Aparthotel undertakes to adopt such technical, personnel, and other measures to prevent:

  • unauthorised or accidental access to personal data,
  • their alteration, destruction, or loss,
  • unauthorised transfers and other forms of misuse,
  • any other unauthorised processing.

In connection with the provision of accommodation services, the Aparthotel is obliged to process personal data of guests. These data are handled in particular by:

  • Reception of Aparthotel Mádr
  • Accommodation management
  • Accounting personnel

The above-mentioned persons are trained regarding the sensitivity of personal data and handle them exclusively within the scope of the services provided. Neither the Aparthotel nor its employees transfer personal data of guests to third parties, except where required by law or to contractual data processors.

Personal data processors include:

  • Hotel system HORES
  • Accounting software Helios
  • Alien Police of the Czech Republic (based on statutory obligation)

The terms and conditions for the processing of personal data are governed by data processing agreements concluded between the Aparthotel and the respective processors.

DATA PROTECTION OFFICER (DPO)

The Data Protection Officer of the Aparthotel is:

Ing. Lukáš Kučera
E-mail: lukas.kucera@gfholding.cz

The Aparthotel has ensured that the DPO has received the necessary training in accordance with the Regulation.

INFORMATION ABOUT CUSTOMERS

The Aparthotel has a statutory obligation to store certain personal data of its guests, in particular:

  • name and surname,
  • date of birth,
  • address,
  • length of stay,
  • document number and type, visa if applicable,
  • purpose of stay.

This obligation arises from Act No. 326/1999 Coll. (on the residence of foreigners) and Act No. 565/1990 Coll. (on local fees). The data may be stored for up to 10 years, in accordance with statutory retention periods.

The customer has the right to request an overview of their personal data. These data are stored:

  • in the guest card within the hotel system,
  • in the house register,
  • in the registration book.

In the event of a request for deletion, the Aparthotel shall perform the deletion of data as soon as the statutory retention period allows.

TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

The Aparthotel ensures that personal data are accessible only to authorised persons. These persons access the data under a unique identifier.

The Aparthotel prevents:

  • unauthorised reading, copying, transfer, modification, or deletion of data,
  • unauthorised access to premises where the data are stored,
  • manipulation with records without identifying the person performing such manipulation.

All employees and persons handling personal data are bound by confidentiality and the obligation to protect personal data even after termination of cooperation.

CCTV SYSTEM

The Aparthotel uses a camera surveillance system to ensure the safety of persons and property. The recordings are not provided to third parties. They are stored for a period of 30 days and then automatically deleted.

Date: 12 November 2025

Signature of the data subject: ___________________