Personal data protection
1. Gastro Group Service s.r.o.
Gastro Group Service s.r.o. is a company based in the Czech Republic, IN: 24689629
with registered office at: Rašínovo nábřeží 44/2, 12800 Prague 2, Czech Republic
registered in the Commercial Register of the Czech Republic kept by the Municipal Court in Prague, Section C, Insert 166305, Czech Republic. Our business activities are located in the Czech Republic and our data is stored on servers in the European Economic Area (EER).
Gastro Group Service s.r.o. is committed to complying with all applicable Czech and European data protection laws and regulations.
If you would like to use the Service, you will need to enter into a contract with Gastro Group Service s.r.o. . Upon conclusion of the contract ("Contract"), you are a customer of Gastro Group Service s.r.o. ("Customer").
2. Data Processing Contract
3. Term Definitions
The Terms will be defined in this Agreement. If a Term is not defined in this Agreement, it will be defined by Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, the General Data Protection Regulation ("GDPR") and other legislation.
4. What is Personal Data?
"Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject") as defined in the GDPR.
An identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier (e.g. name, identification number, location data, network identifier or to one or more specific elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person).
"Personal Data" means information that identifies an individual (such as a name, address, telephone number, mobile number, email address or other account number) and any information about their location or activities, or their use of the Service, IP addresses or mobile device identifiers, where this can be linked to any personal information.
"Personal Data" also includes demographic data such as date of birth, gender, geographical area and preferences, insofar as this information may be linked to other personal information.
"Personal Data" does not include "Aggregate", or, Summary Data, i.e. data about a group or category of products, services or users, where this "Summary" Information cannot be linked to any Personal Data. Aggregate Data helps us understand the trends and needs of our Customers so that we can better consider new features and functions or otherwise personalize our services.
5. Which Personal Data Do We Collect?
A. Active Collection
Personal Data may be collected in many ways when a Customer uses our Service.
If the Customer makes a reservation on our Website, we will collect the provided registration data. They contain the name, address, e-mail address, telephone, country and demographic data at the time the Customer makes the reservation. From time to time, we may change the information required during registration or with respect to certain features or the Service.
If a Customer contacts us by email or other online means, we may store message content, email addresses, telephone numbers and responses.
Customer registration and / or correspondence with us by means of e-mail constitutes a business relationship and presupposes the Customer's consent to us communicating with the Customer about our Service.
Personal information and demographic information may also be collected if the Customer provides this information in connection with using our online chat service, leaving comments, posting content, sending an email or message to another user, using forums or other features on the Website, and when the Customer uses our Service.
In addition, we may from time to time collect demographic data, contacts, or other information provided by the Customer in connection with voluntary participation in surveys, contests, promotional offers, and other activities.
B. Recording Logs
When a Customer uses the Service, certain Customer information is also automatically collected, such as the IP address, operating system, browser or mobile device type, address of the referring website, Customer activity on the Website, and information about the use of the Service.
We consider this information to be Personal Data if this information can be linked to the above-mentioned Personal Data. Otherwise, it is only used in Aggregate.
By using the Website, the customer agrees that we may automatically collect certain information using "Cookies".
Cookies are small data files that are stored on the user's hard drive at the request of our Website, which allows us to identify Customers who have previously visited the Website. In addition, Cookies, in conjunction with records from our Website, make it possible to calculate the total number of people who visit our Website and which parts are the most popular. This helps us gain feedback to improve our Website and better serve our Customers.
Cookies do not allow the collection of Personal Data about the Customer and do not intentionally store any Personal Data that the browser would provide us in your Cookies.
We may also use third parties to display ads on our Website. These third parties may place Cookies, gif files or other information collection devices on your computer and the information provided by these devices may, among other things, be used to personalise advertisements to you and to better understand the using and visiting of our Website and other websites that these third parties are monitoring. You will continue to be shown generic advertisements. Please note that we do not have access to or control over technologies for the tracking of third parties. To block third-party Cookies, read your browser's instructions or help screen for information about these features.
Identifiers When a Customer accesses the Service by means of a mobile device (including but not limited to smartphones or tablets), we use one or more "Device Identifiers", such as a Universally Unique Identifier ("UUID"). Device Identifiers are small data files or similar data structures stored or associated with a Customer's mobile device that uniquely identify their mobile device. The Device Identifier can be data stored in connection with the device hardware, data stored in connection with the device operating system or other software, or data sent to the device.
The Device Identifier can provide us with information about how the Customer is browsing and using the Service. The Device Identifier may stay on your device permanently, which will help you log in faster and improve navigation across the Service. Some features of the Service may not work properly if the use or availability of Device Identifiers is impaired.
E. User Identifiers
When a Customer accesses the Service, we use one or more "User Identifiers". User Identifiers are small data files or a similar data structure assigned to a Customer that will be used to allow the Customer to continue using the Service. The User Identifier can provide us with information about how the Customer browses and uses the Service. The User Identifier may remain permanently on the Customer's device or computer to help the customer log in faster and improve the Customer's navigation through the service. Some features of the Service may not work properly if the use or availability of User Identifiers is impaired or disabled.
Data When a Customer accesses the Service via a mobile device, we may access, collect, monitor and / or remotely store "Location Data", which may include GPS coordinates (e.g. geographical latitude or longitude) or similar location information in connection with your mobile device. The location of the data may provide us with information about how you browse and use the Service. Some features of the Service, especially location-based services, may not work properly if the misuse or availability of location data is impaired or disabled.
6. The Purpose of Processing Personal Data
(2.) disclose Personal Data to third parties other than subcontractors for the purposes set out below or by law.
The processing for which the Customer must provide consent:
(1.) analysing user characteristics and usage patterns to better understand how the Service is used and how to promote it more effectively;
(2.) requesting feedback and enabling us to develop, adapt and improve the Service and products;
(3.) informing the Customer of other information, events, special offers, products or services that we think will be of interest to the Customer;
If the Customer refuses to provide consent to the processing of their Personal Data for the purposes set out in this Subsection, they will not be prevented from using it. Thus, refusing to provide or withdrawing consent has no negative effect on the use of the Service provided to the Customer.
Processing necessary for the performance of the Contract and the provision of the Service:
(4.) for operating the Website and providing the Service in accordance with our Terms and Conditions;
(5.) processing and / or responding to Customer requests, submissions, comments, complaints and any transactions;
(6.) providing the Customer with required information or services;
(7.) providing technical support and ensuring the continued and smooth operation of the Service;
(8.) making it easier for the Customer to use and operate the Service;
(9.) for the purposes for which the information was provided.
In the event that the Customer refuses the processing of their Personal Data for the purposes set forth in this Subsection, the Customer may not be able to use the Service. We may block or restrict access to the Service and reserve the right to terminate the Contract in accordance with the Contract and / or the Terms of the Contract. The personal information listed in this Subsection is required for the proper functioning of the Service.
Processing necessary to fulfil legal obligations
(10.) facilitating our maintenance of the Service;
(11.) preventing or investigating actual or suspected fraud, hacking, violation or other misconduct relating to our services or Website.
In the event that the Customer refuses the processing of their Personal Data for the purposes set forth in this Subsection, the Customer will not be able to use the Service. We reserve the right to terminate the Contract in accordance with the Contract and / or the Terms of the Contract.
7. How Long Do We Retain Personal Data?
We retain Personal Data for as long as the Service is provided. Below you will find specifications on how long Personal Data is stored and processed.
a) Name - for as long as the Customer is using the Service, up to two years after the termination of the Contract and/or Service, and/or if a legal obligation requires Gastro Group Service s.r.o. to retain personal data (e.g. tax laws, Foreign Police laws, etc.);
b) Address - for as long as the Customer uses the Service, up to two years after the termination of the Contract and/or Service and/or if a legal obligation requires Gastro Group Service s.r.o. to retain Personal Data (e.g. tax laws, Foreign Police laws, etc.);
c) Email address - for as long as the Customer uses the Service; up to two years after the termination of the Contract and/or the Service e) Contact details - for as long as the Customer uses the Service; up to two years after the termination of the Contract and/or Service; and/or if a legal obligation requires Gastro Group Service s.r.o. to retain Personal Data (e.g. tax laws, Foreign Police laws, etc.);
d) Contact details - for as long as the Customer uses the Service; up to two years after the termination of the Contract and/or Service; and/or if a legal obligation requires Gastro Group Service s.r.o. to retain Personal Data (e.g. tax laws, Foreign Police laws, etc.);
d) Demographic and location data - for as long as the Customer uses the Service, up to two years after termination of the Contract and/or Service and/or if a legal obligation requires Gastro Group Service s.r.o. to retain Personal Data (e.g. tax laws, Foreign Police laws, etc.);
f) The content of Customer contact reports - for a period of two years after the issue and/or complaint and/or other reason has been dealt with;
g) Customer opinions, comments and/or reviews - the Customer has provided permission to post ratings, comments and/or reviews online for the period indicated. If the Customer has not given permission for a given period, the ratings, comments and / or reviews will be stored as long as the reviews, comments and / or reviews are published on the Website.
h) IP address - for up to two years from obtaining the IP address.
i) Device Identifiers - for the period during which the Customer uses the Service and two years after the termination of the Contract and / or Service;
j) User Identifiers - for the period during which the Customer uses the Service and two years after the termination of the Contract and / or the Service.
8. Data Processors and Sharing of Personal Data
Gastro Group Service s.r.o. may, in accordance with the Contract, involve subcontractors who assist in the provision of the Service and may, as part of their role in the provision of the Service, process the Personal Data of the Service's users.
Gastro Group Service s.r.o. maintains a list of all processors who can process Personal Data of the Service's users.
We may share Personal Data with a data processor, such as a payment card processor, who works with us in connection with the operation of the Website and / or Service and who needs access to such information in order to perform their work for us. All collected credit card data is passed on for processing as needed. We never store credit card data.
In some cases, the data processor may directly collect information from us on our behalf. If the data processor provides Personal Data to Gastro Group Service s.r.o. , Gastro Group Service s.r.o. will state what Personal Data will be provided by the data processor to Gastro Group Service s.r.o. on a list that Gastro Group Service s.r.o. keeps about its data processors. We inform data processors that they may not use the Personal Data they receive from us other than by providing services for us. We are not responsible for any additional information you provide directly to these processors.
We may also share personal information with third parties from time to time, should you provide consent to it. For example, we may enter into relationships with other parties to make specific services or offers available directly to our users. If a user signs up for these third-party services or marketing offers, we may share the personal information they provide at the time of registration or other Personal Data, such as their name or other contact information, that we deem reasonably necessary or appropriate for our business partner to provide these services or offers or to contact you.
We may disclose personal information in good faith that we are authorized to do so, or that it is reasonably necessary or appropriate to comply with the law or a legal process, to respond to any claims, to protect the rights, property or safety of Gastro Group Service s.r.o. , our users, our employees or the public, including the protection of Gastro Group Service s.r.o. or our users against fraudulent, abusive, inappropriate or illegal use of the Service. Gastro Group Service s.r.o. will promptly notify the Customer of any request received by an executive or administrative agency or other governmental authority that relates to the Customer's Personal Data, unless prohibited by applicable law. The Customer acknowledges and agrees that Gastro Group Service s.r.o. has no responsibility to communicate directly with the entity submitting the application.
9. Personal Data Protection
Gastro Group Service s.r.o. will ensure that it will implement and maintain compliance with appropriate technical and organizational security measures for the processing of personal information. We adhere to the generally accepted standards of Personal Data Protection that have been submitted to us, both during and after data transfer.
We have established physical, electronic and management procedures that are designed to prevent unauthorized access, loss or misuse.
We use secured socket layer (SSL) technology to encrypt the transmission of sensitive information, such as account passwords, credit card numbers and other identifiable payment information.
We limit internal access to Personal Data only to employees who need information to perform their duties. Unauthorized access or use of such information by an employee is prohibited and constitutes grounds for disciplinary action. The employees of Gastro Group Service s.r.o. are bound by a confidentiality clause.
Our information management systems are configured to block or prevent employees from accessing unauthorized information.
You should be aware that our data processors may be responsible for processing, manipulating or storing certain personal information that we receive. They are not authorized to contact you independently. These data processors are contractually processed through a data processing agreement with Gastro Group Service s.r.o., which is required for retaining the Personal Data they receive from us.
No method of transmission over the Internet or the method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
Gastro Group Service s.r.o. must ensure that it has a procedure for regular testing and evaluation of its technical and organizational security measures for the processing of Personal Data.
10. Cooperation and Notification Obligations
Gastro Group Service s.r.o. a Zákazník budou v co největší míře spolupracovat, aby co nejrychleji a účinně zvládli dotazy, stížnosti a nároky týkající se zpracování osobních informací od kteréhokoli státního úřadu nebo orgánu (včetně, ale bez omezení na jakákoli instituce pro prosazování právních předpisů v oblasti ochrany údajů), třetí strany nebo jednotlivce (včetně subjektu údajů).
Gastro Group Service s.r.o. a Zákazník jsou si vědomi, že platné právní předpisy o ochraně údajů mohou ukládat povinnost informovat příslušné orgány nebo dotčené subjekty údajů v případě porušení údajů.
11. How the Customer Can Check, Update, Correct or Delete Personal Data
The Customer can send, update, correct or delete their Personal Data collected through the Website and Service by sending an email to info,gastrogroup,cz
Please note that deleting the Customer's customer data may lead to the termination of the Customer's account and use of the Service.
In order to have access to your Personal Data, you must provide sufficient proof of identification, and we reserve the right to refuse access to any user if we are not convinced that it is your identity. We process all requests for access within 4 weeks.
The Customer may request that we limit or stop the processing of their Personal Data in the future. We will confirm the Customer's request, but the Customer may not be able to use the Service or will no longer be able to use the Service as set forth in Article 4 of these Contract Terms.
The Customer may ask us at reasonable intervals to transfer the Personal Data we process about them to them or to another third party as specified by the Customer, provided that the information requested does not include Personal Data of other individuals and that the information requested has been processed on the basis of the Customer's legal authorisation grounds or the need to provide the Service and perform the Contract. We will process the Customer's request within 4 weeks of receiving the request.
The Customer has the right to lodge a complaint with the relevant data protection authority. For the Czech Republic, this office is the Personal Data Protection Office, which can be contacted at www.uoou.cz.
In the event that the Data Subject contacts Gastro Group Service s.r.o. directly with this request, as stated above, we will redirect the Data Subject to the Customer and only after the Customer's permission will we provide an overview of the Personal Data of the Data Subject.
We reserve the right to retain information in our files if we believe it is necessary or appropriate to resolve disputes, enforce the relevant Contract Terms, and technical and legal requirements and restrictions regarding the Service.
12. Incident Management
Gastro Group Service s.r.o. evaluates and responds to cases that lead to suspicion of unauthorized access to personal information or their unauthorized manipulation. The answer will be to restore the confidentiality, integrity and availability of the Service environment. Furthermore, Gastro Group Service s.r.o. shall determine the basic causes and steps to remedy.
13. Return / Deletion of Personal Data Upon Termination
When the agreement on the use of the Service is terminated for any reason, Gastro Group Service s.r.o. will make all Personal Data of the Customer available for retrieval. After the Personal Data is returned, Gastro Group Service s.r.o. will immediately permanently delete or otherwise make inaccessible all copies of the Customer's Personal Data, except in cases required by law.
This Data Processing Agreement between the Customer and Gastro Group Service s.r.o. will be automatically terminated at the time of termination of the Service Contract. However, the Terms of this Data Processing Contract will continue to apply as long as Gastro Group Service s.r.o. owns the Customer's Personal Data.
15. Applicable law
This Data Processing Contract is governed exclusively by the law of the Czech Republic, unless otherwise provided by law.