I. Controller and Data Subject, Source of Personal Data

The business “Apartments Hájovna,” located at Nové Domky 14, 382 76 Loučovice, operated by Bones s.r.o., Company ID: 279 36 333, with its registered office at Radiová 1285/7, Hostivař 120 00 Prague 10, registered in the Commercial Register maintained by the Municipal Court in Prague, section C, file no. 127723 (hereinafter referred to as the “Company”), processes personal data of customers and individuals interested in services (hereinafter collectively referred to as “customers”) in connection with the provided services.

In accordance with Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “Regulation”), and in accordance with Act No. 110/2019 Coll., on Personal Data Processing, as amended (hereinafter referred to as the “Act”), the Company provides this information to customers.

The Company is the data controller of the personal data of the customer, or their employees or other cooperating persons. Customers and these individuals are the data subjects. The Company processes personal data mainly obtained from customers but may also process personal data collected from publicly available sources (Administrative Register of Economic Entities, Commercial Register, Trade Register, Insolvency Register, etc.).

II. Categories of Personal Data Processed

The Company processes the following categories of personal data:

  • Identification and contact information, including name, surname, date of birth, ID number, tax identification number, details in commercial or other registers, residential or business address, ID card number, passport number, email address, and telephone contact.
  • Data related to services provided to the customer, including communication via phone, email, chat, and SMS.
  • Records from the surveillance system located at the Company’s premises.
  • Transaction details between the Company and the customer, including the customer’s bank account details and payment card information.

III. Purposes and Legal Basis for Data Processing

The Company processes the customer’s personal data for the following purposes and based on the following legal grounds:

  • Processing is necessary for the performance of a contract between the Company and the customer, as well as for taking pre-contractual steps at the customer’s request.
  • Processing is necessary for compliance with legal obligations that apply to the Company. The Company has obligations towards public authorities and local self-government authorities under various laws (e.g., Act No. 326/1999 Coll., on the Residence of Foreign Nationals in the Czech Republic, Act No. 565/1990 Coll., on Local Fees).
  • The Company has preventive and precautionary obligations when entering into a contract and for the protection of property rights via surveillance camera recordings.
  • Processing is necessary for the legitimate interests of the Company. The legitimate interests may include enforcing rights under the contract with the customer, sending business communications, or ensuring the security of the Company’s property and rights with the surveillance system.

IV. Legal Basis for Providing Personal Data, Consequences of Not Providing Data

The provision of the above-mentioned personal data by the customer and its processing by the Company is a legal requirement, and the customer is obliged to provide this data. Consent from the customer is not required for processing personal data for the stated purposes. If the customer does not provide personal data before or during the contract, it would not be possible to clearly identify the customer for fulfilling the Company’s legal and contractual obligations. Failure to provide these details would prevent the Company from providing the services in the required scope and content.

The surveillance system’s purpose is to protect the Company’s property, as well as that of its employees, customers, and suppliers. The system is a preventative measure against criminal activity or other unlawful behavior by third parties and may be used to prove such activities. The collection of personal data via the surveillance system is a legal requirement. The system is not primarily used for monitoring or analyzing people’s activities and is not located in areas where individuals’ privacy must be respected.

V. Recipients of Personal Data

The Company may provide personal data to public authorities, individuals, or legal entities (e.g., accounting service providers, IT service providers, and data storage providers) without the customer’s consent, solely for the purposes and reasons listed above. Any further disclosure of personal data to other recipients for non-legal reasons can only occur with the customer’s explicit consent.

VI. Customer Rights

The customer has the right to request access to their personal data, its correction or deletion, or restriction of its processing. The customer may also object to the processing of their data unless the rights and obligations arising from the contract between the Company and the customer or legal regulations are affected. The customer may file a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection.

VII. Retention of Personal Data

The customer’s personal data, except for records from the surveillance system, will be stored for the duration of the contractual relationship between the Company and the customer and for as long as the legitimate interests of the Company persist. In other cases, personal data will be kept for the duration required by special legal provisions, especially the archival law. Surveillance system data will be stored briefly, only as long as necessary to detect potential damage to the Company’s property or any legal violations. The data controller’s identity and contact details are as stated above and can also be found on the Company’s website.