Personal Data Protection
1. General provisions
1.1. The administrator of personal data, pursuant to article 4 paragraph 7 of the European Parliament and of the Council (EU) 679/2016 “On the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter referred to as the GDPR), is QuestinTour s.r.o. (hereinafter referred to as the Company).
1.2. Contact information for the Company:
Business ID: 06135803
Address: Czech Republic, Prague, Vamberská 262, 199 00
1.3. Personal data is any information that includes the user’s (hereinafter referred to as the Customer) first and last name, location data, and ID documents data.
2. Personal data resources and categories
2.1. The Company receives personal data of the Customer that he/she provide to it for the fulfillment of his/her order.
2.2. The Company processes personal data and contact information of the Customer necessary for the execution of the contract.
3. Legal reason and purpose for the processing of personal data
3.1. Grounds for the processing of personal data
3.1.1. Execution of the contract between the Customer and the Company pursuant to point (e) of Article 6 (1) of the GDPR,
3.1.2. The Company is interested in providing direct marketing (sending commercial messages and newsletters) pursuant to point (e) of Article 6 (1) of the GDPR,
3.1.3. Customer’s consent to the processing of personal data in order to provide direct marketing (for sending commercial messages and newsletters) pursuant to point (a) of Article 6 (1) of the GDPR in combination with § 7 p. 2 of Law no. 480/2004 for some services of an informational nature, in case goods or services were not ordered.
3.2. The purpose of personal data processing
3.2.1. Fulfillment of Customer’s order and exercise of his/her rights and obligations arising from his/her contractual relationship with the Company.
3.2.2. Personal data is necessary for the successful execution of Customer’s order (name and address, contact), and the provision of personal data is imperative when entering into and executing a contract.
3.2.2. Sending business messages and conducting marketing research.
3.3. The Company independently makes / does not make decisions based solely on automated processing pursuant to Article 22 of the GDPR. You have given your explicit consent to such processing.
4. Personal data retention periods
4.1. The Company retains personal data:
4.1.1. for the period necessary for the implementation of the rights and obligations arising from the contractual relationship between the Customer and the Company, and the fulfillment of the conditions in accordance with this contractual relationship (for 2 years since the termination of the contractual relationship).
4.1.2. until the consent to the use of personal data in marketing research is revoked, no more than two years if personal data are processed with consent.
4.2. Once the retention period expires, personal data shall be deleted by the Company.
5. Recipients of personal data (administrative subcontractors)
5.1. Recipients of personal data are individuals who provide:
5.1.1. assistance in the delivery of goods / services / payments under the contract,
5.1.2. services for the continuous operation of the website,
5.1.3. marketing services.
6. Customer’s rights
6.1. In accordance with the conditions set out in the GDPR, the Customer have the right:
6.1.1. to access his/her personal data pursuant to Article 15 of the GDPR,
6.1.2. to correct personal data pursuant to Article 16 of the GDPR or to restrict their use pursuant to Article 18 of the GDPR,
6.1.3. to delete personal data pursuant to Article 17 of the GDPR,
6.1.4. to ban the use of personal data pursuant to Article 21 of the GDPR,
6.1.5. to transfer personal data pursuant to Article 20 of the GDPR,
6.1.6. to withdraw his/her consent to the use of personal data, in writing to the address of the Company or in electronic form to the email address of the Company.
6.2. The Customer has the right to file a complaint with the Office of Personal Data Protection if he/she considers that his/her right to privacy has been violated.
7. Personal data security conditions
7.1. The Company undertakes to take all necessary technical and organizational measures to protect personal data.
7.2. To ensure the security and storage of personal data the Company takes technical measures, such as password protection, antivirus, encryption, backup, and so on.
7.2. The Company guarantees that personal data can be accessible only to authorized persons.
8. Final provisions
8.2. The Customer agrees to these terms by checking the box on the online form when he/she submits the order.
8.3. The Company has the right to change these conditions. If these conditions change, they will be published on the Company’s website and sent to the Customer’s email address.