General Data Protection Regulation (GDPR)
I process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and other legal regulations. I ensure the security of the personal data you transmit to me. I process it transparently and fairly. No unauthorised person has access to your personal data that I have obtained from you and I do not pass it on to other entities for further processing without your consent, unless required by law or to protect our legal interests.
- VALID FROM 25.5.2018
- PERSONAL DATA CONTROLLER
Ing. Blanka Vašutová IČO 09654747, Nad Rybníčkem 1499/5, Říčany
- SCOPE AND PURPOSE OF PERSONAL DATA PROCESSING
As the controller, I process your personal data in connection with the performance of contracts for mediation and provision of services, legal obligations, consent and legitimate interests. Personal data is obtained directly from you by telephone or e-mail communication and to the extent that:
- Identification data (name, surname, date of birth, permanent address, passport details, driving licence number, visa, nationality)
- Contact details (delivery address, e-mail address and telephone contact)
- Other (e.g. payment details, car registration number, IP address, cookies, etc.)
- Personal data captured by photographs and videos.
Your personal data that is voluntarily entrusted to the controller is processed for the following purposes:
- Performance of the contractual relationship
- Performance of legal obligations
- Providing of services
- Archival records maintained by law
- Answering enquiries (via telephone call, email, online chat, etc.)
- Developing business relationships and activities by sending information and news about our services
- Evaluating the website
- Marketing purposes – e.g. posting photos of your stay on the website and social media.
- RECIPIENT OF PERSONAL DATA
In connection with the provision of services and the performance of the contract, your data will be provided to third parties to the extent necessary, namely service providers, in particular hotels and accommodation establishments, transport companies, foreign embassies, tour guides, insurance companies, external accounting firms or IT companies. In the event that your trip takes place in a destination outside the EU, the data is transferred to the destination (third country). I may also provide your personal data to public authorities.
- METHOD AND DURATION OF PROCESSING OF PERSONAL DATA
The processing of personal data is carried out personally by the controller. The processing is carried out by means of computer technology or, in the case of personal data in paper form, manually, in compliance with all security principles for the management and processing of personal data. In order to protect your personal data, the controller uses the necessary security and technical measures to prevent misuse by unauthorised persons, damage, loss, alteration or destruction. All entities to whom personal data may be disclosed respect your right to privacy and are obliged to comply with applicable data protection laws. The processing of personal data is for an indefinite period of time or until the controller ceases to act.
- DATA PROTECTION RIGHTS AND CONTEXT
As clients whose personal data is processed by the controller, you have the following rights:
- The right to be informed of the purpose, the category of data processed, the recipient to whom your personal data will be transferred, the duration of the data processing.
- If you find your personal data out of date, you also have the right to have your personal data completed and amended
- Right of access to your personal data
- The right to erasure if your personal data is no longer necessary for the purpose for which it was collected, the personal data was unlawfully obtained, a legal or statutory obligation exists or you have withdrawn your consent to the processing of your data. The controller may refuse the right to erasure if it has a legal obligation to retain your personal data
- The right to restrict data processing, provided that you believe that your personal data is inaccurate or that I am processing personal data unlawfully, but you do not want all of the data deleted
- The right to portability of the personal data you have provided to me as controller to another controller
- If you believe that your personal data is not being processed in accordance with the law, you have the right to contact the Data Protection Authority..
- CHANGES TO THE PRIVACY POLICY
The Controller reserves the right to amend or supplement this Privacy Policy at any time. The new version of the privacy policy will be sent to the email address you have provided.
If you have any questions about the processing of your personal data, you can contact me by e-mail at info@yogasurfocean.com.