CZ
EN
EN
CZ

Stay in the chateau brewery

+420 739 337 992 recepce@zamecke-navrsi.cz
Choose a room

Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as the "GDPR"), and in accordance with Act No. 110/2019 Coll., on the processing of personal data, as amended, Zámecké návrší p. o., Litomyšl office 570 01, on the protection of personal data and its processing.

Basic concepts of data protection:

Personal data = any information about an identified or identifiable natural person

Sensitive personal data (special personal data) = is personal data that reveals the racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health status or the sex life or sexual orientation of a natural person. Genetic and biometric data are also considered to be a special category of data when they are processed for the purpose of uniquely identifying a natural person Data subject = the natural person to whom the personal data relate.

Controller = any entity which determines the purpose and means of the processing of personal data, carries out the processing and is responsible for it.

Processor = any entity that processes personal data on the basis of a specific law or on the basis of a mandate from the controller

Processing of personal data = any operation or set of operations which the controller or processor carries out systematically on personal data, whether by automated means or by other means. Processing of personal data means, in particular, collection, storage on a medium, disclosure, adaptation or alteration, retrieval, use, transmission, dissemination, disclosure, storage, exchange, classification or combination, blocking and destruction.
Data Protection Officer - the person supervising the processing of personal data, the person charged with the performance of data protection obligations within the meaning of Chapter IV, Section 4 of the GDPR

Contact details of the controller:

Castle Hill p. o.
Jiráskova 133, 570 01 Litomyšl
+ 420 777 100 897
info@zamecke-navrsi.cz
www.zamecke-navrsi.cz
ID: 71294058
Account number: 257996309/0300
PO Box: ts5rwnj

Contact details of the Data Protection Officer:

Ing. Klára Hudečková
Bří Št'astných 1000, 570 01 Litomyšl, office no. 14
+420 720 073 518, poverenec@litomysl.cz

Purposes of processing and legal basis for processing:

Zámecké návrší p.o. processes personal data only in accordance with the legal titles set out in the General Regulation and other generally binding legal regulations.

The Chateau Heritage p.o. collects and processes personal data only for the stated purpose within the scope set out below for the period of time that is strictly necessary and is determined for the individual processing purposes and document types by the General Regulation, the Adaptation Act, generally binding legal regulations (e.g. the Act on Archives and Records Management).

Purposes for processing personal data:

  • The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures taken prior to the conclusion of the contract at the request of the data subject,
  • the processing is necessary for compliance with a legal obligation to which the controller is subject,
  • the processing is necessary for the protection of the vital interests of the data subject or of another natural person,
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
  • the data subject has given consent for one or more specific purposes,
  • the processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

Scope of processing of personal data:

In order to ensure the proper performance of its legal and contractual obligations, the processing of personal data on the basis of public or legitimate interest, or with the consent of the data subject, Zámecké návrší p.o. processes in particular the following categories of personal data:

  • basic identification data - first name, surname, date of birth, place of birth, birth number, identity card number,
  • address and contact data - permanent residence, correspondence address or delivery address, telephone number, email address, etc.
  • information from mutual communication - information from paper mail, emails, telephone records, contact forms, information from employee tax declarations, etc.
  • information on social circumstances - in particular age, gender, marital status, education, occupation, details of last employer, number of children, etc.
  • CCTV footage - footage from CCTV systems installed in the buildings of Chateau Hill p. o.
  • photographs of social, cultural and sporting events or vital events

Recipients or categories of recipients of personal data:

Personal data processed for the fulfilment of obligations arising from special legal regulations are transferred by the Chateau Mounds to third parties only in cases where the law requires it to do so, with the exception of the provision or disclosure of data on the basis of a Processing Contract.

In the case of processing of personal data on the basis of consent, such data is only transferred to the extent of such consent.

Period of storage of personal data:

All documents processed by Zámecké návrší p.o. are stored in accordance with the Act on Archives and Records Management or in accordance with the internal regulations of the organisation.

Rights of the data subject:

Whenever personal data are processed, the data subject shall obtain the rights listed below.

However, the exercise of these rights is subject to certain exceptions and therefore cannot be exercised in all situations. If the data subject exercises his or her rights and the request is found to be justified, the controller shall take the measures requested without undue delay and at the latest within one month (this period may be extended by up to two months in justified cases).

  • right of access to personal data - the data subject has the right to access his or her personal data processed by the controller
  • the right to rectification - the data subject may request the controller to rectify inaccurate personal data
  • right to erasure - the data subject may request the controller to erase the personal data processed, in particular under the conditions set out in Article 17 of the GDPR
  • the right to withdraw consent - the data subject may at any time withdraw the consent already given to the processing and thus prevent further processing for the purpose stated in the consent, the withdrawal of consent does not affect the lawfulness of the processing in the period before its withdrawal
  • the right to object - where the controller processes the personal data of the data subject on the basis of its legitimate interests, the data subject has the right to object to the processing of personal data concerning him or her
  • the right to restriction of processing - in certain cases, the data subject may request that the controller restrict the processing (e.g. pending the resolution of the data subject's objections)
  • the right to data portability - the data subject may request the controller to transmit to the data subject or to a third party the personal data it processes about the data subject in electronic form on the basis of a contract or consent

If the data subject considers that his or her personal data are being processed in breach of the law, he or she has the right to request redress from the controller. If the request is justified, the controller shall rectify the defective situation without delay. This is without prejudice to the data subject's ability to lodge a complaint directly with the Office for Personal Data Protection (supervisory authority of the UOOU, Pplk. Sochora 27, 170 00 Prague 7).

The above specified rights of the data subject may be exercised directly with the controller:

Zámecké návrší p. o.
Jiráskova 133, 570 01 Litomyšl
+ 420 777 100 897
info@zamecke-navrsi.cz
www.zamecke-navrsi.cz

Individual rights can also be exercised with the Data Protection Officer by e-mail to Ing. Klára Hudečková, Bří Št'astných 1000, 570 01 Litomyšl, office No. 1, or by telephone at +420 720 073 518.

For the purpose of unambiguous identification of the other party in the case of a telephone request, only basic and general information can be provided.

Security of personal data:

Hard copies of documents containing personal data are stored in lockable cabinets or in locked offices where they are never left unattended by authorised officials. A CCTV system is installed in the buildings of the Chateau Hills p.o., especially in areas with a higher risk of security breaches.

The rules for the handling of personal data by employees of the Chateau Hills p.o. are contained in the following internal regulations of the Chateau Hills p.o:

  • Data Protection Guidelines

All employees of Zámecký návrší p.o. who are authorised to handle personal data have been informed about the rights and obligations arising from data protection regulations, in particular the GDPR, and are regularly trained.

The technological security of personal data is that all files are protected and access to data files is secured by passwords in accordance with the access rights settings.

Subscribe to news from the hills

Fill in your email and we'll make sure you're the first to know about upcoming events, exhibitions, concerts or festivals.

Follow us on the networks!

We may manage historical monuments, but we don't write reports by candlelight. We tap the highlights for you in statuses and share them online. Check it out!


CONSENT TO THE PROCESSING OF PERSONAL DATA FOR MARKETING PURPOSES The data subject grants the organisation Zámecké návrší p. o., with registered office at Jiráskova 133, Litomyšl Postal Code 570 01, ID No.: 712 94 058, registered with the Regional Court in Hradec Králové, file number Pr 1251, email contact: info@zamecke-navrsi.cz (hereinafter referred to as the "Controller"), consent to the processing of his/her personal data under the conditions set out below: 1. Personal data and sensitive personal data to be processed: - Title, name and surname, email address, telephone contact. 2: - Sending selected commercial communications offering the services of the controller by all means, including the use of electronic means of communication within the meaning of Act No. 480/2004 Coll., on certain information society services (as amended); - sending invitations to professional seminars, training courses, trade fairs or public events, - sending non-addressed commercial communications, - conducting market research and evaluation, - inclusion in a marketing database for profiling and direct marketing, - conducting segmentation (profiling) to target marketing according to the specific needs of the subject, for example, selecting commercial communications with regard to participation in the activities of the controller, identified preferences, age and other information identified from the subject. Said consent is given voluntarily by the data subject and with the knowledge that he/she may withdraw the consent to the processing of personal data at any time, either in writing or via the website of Zámecký návrší p. o. (Subscription to the above information can be revoked at any time by clicking on the relevant link in the footer of the message or by sending a request to info@zamecke-navrsi.cz). 3. The period of processing of personal data is 2 years from the date of consent or until your consent is withdrawn. Commercial communications by electronic means are only sent unless you refuse them. Personal data cannot be disclosed to the following third parties. The controller is only entitled to use the personal data in accordance with the above-mentioned purpose. Furthermore, the aforementioned Controller is only entitled to disclose personal data to entities cooperating with the Controller to achieve the primary purpose for which this consent is granted. With such entities, the Controller undertakes to enter into a contract containing the same terms and conditions for the processing of my personal data. The processing will be carried out in accordance with the relevant legal norms on the protection of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the Adaptation Act, Act No. 110/2019 Coll., on the processing of personal data, as amended. The data subject declares that he/she has been duly instructed by the Controller on the processing and protection of personal data, that the above personal data is accurate and true and is provided to the Controller voluntarily. The Data Subject further declares that he/she is aware of all his/her rights under the GDPR: - to be informed, upon request, of what personal data concerning him or her is processed by Zámecké návrší p.o., for what purpose, the nature of any automated processing and the recipients of the data (Article 15 GDPR); - ¬ in the event that the data subject becomes aware or believes that Zámecké návrší p.o. carries out processing of personal data which conflicts with the protection of his or her private and personal life or infringes the GDPR, in particular if the personal data are inaccurate with regard to the purpose of the processing, to request Zámecké návrší p. o. for an explanation and/or to request the rectification of the situation thus created, in particular, it may be a rectification (Article 16 GDPR) or erasure (Article 17 GDPR), or restriction of the processing of personal data (Article 18 GDPR), or to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection; - in the event that the data subject wishes to transfer his/her data to another controller, obtain from Zámecký návrší p.o. personal data whose processing is carried out by automated means and transfer them to another data controller (Article 20 GDPR); - object to the processing of personal data for direct marketing purposes; if he/she objects, the data will no longer be processed for these purposes (Article 21 GDPR). The data subject is aware that providing consent to the processing of the Data for the purposes set out in point 2 of this document is voluntary and is not a condition for entering into a contractual relationship with Zámecké návrší p.o. The Data Subject may also contact the Data Protection Officer of Zámecký návrší p. o. Ing. Klára Hudečková, either electronically to poverenec@litomysl.cz or in writing to the address.