Kolačići nam pomažu u isporuci naših usluga. Korištenjem naših usluga pristajete na naše korištenje

Personal Data Processing Policy

(valid from 5 October 2021)

1. Introduction

Reservatic s.r.o. is the owner of all rights and permissions to the online booking system Reservatic, available at www.reservatic.com, which is designed for online booking and management of all types of services (except erotic services) (hereinafter referred to as the "System").

Reservatic s.r.o. processes the personal data of all users of the System who are natural persons (so-called data subjects), regardless of whether these users use the System for their business or not (so-called data subjects). Thus, all personal data is processed by Reservatic s.r.o. primarily for the purpose of the provision of the System’s services and purposes related thereto.

Reservatic s.r.o. ensures that the processing of personal data is lawful, fair, transparent, accurate, confidential and that personal data is processed only to the extent necessary.

Reservatic s.r.o. also warrants that personal data is properly secured and that all the rules set out in the General Data Protection Regulation (hereinafter referred to as "GDPR") as well as other legal regulations in the field of personal data handling and protection are observed within the processing of personal data, and at the same time that all the rules in terms of cyber security are observed, both general regulations and recommendations and specific requirements of the System users arising from their obligations.

Further information on the scope and manner of processing of personal data is provided in other articles of this policy.

2. Scope of processed personal data

Reservatic s.r.o. processes, in particular, identification and contact data of data subjects (name, surname, title, name, identification number, tax identification number, residence, registered office, telephone, e-mail) and other personal data that data subjects enter into the System. The scope of the processed data is always determined by the personal data controller, i.e. the service provider for which the System offers free dates and subsequently enables the creation and management of reservations. This scope should always be minimal, to the extent that it enables the correct offer of dates and the subsequent creation and management of reservations.

In addition, Reservatic s.r.o. may in some cases also process personal data of a technical nature, such as cookies, IP address or other online identifiers, GPS location, etc. Further information regarding cookies can be found in this document below - Information on cookies.

3. Position of controller vs. processor of personal data

In order to inform personal data subjects in a transparent manner, it is necessary to distinguish Reservatic s.r.o.’s specific position in relation to personal data subjects. Namely, whether it is the position of a personal data controller or a personal data processor (or another personal data processor in the case of so-called chaining).

3.1 Identification and contact details

             Company identification data - Reservatic s.r.o., ID No.: 01798715, with its registered office at Technologická 372/2, Pustkovec, 708 00 Ostrava Pustkovec, Czech Republic, a company registered in the Commercial Register maintained by the Regional Court in Ostrava, Section C, Insert 68354.

Representatives of Reservatic s.r.o. can be contacted in particular as follows:

●        Electronically (by e-mail)

○        info@reservatic.com- general information

○        dpo@reservatic.com - Data Protection Officer, hereinafter referred to as "DPO"

●        In writing (correspondence address)

○        Reservatic s.r.o., Technologická 372/2, 708 00 Ostrava Pustkovec, Czech Republic

3.2 Data Protection Officer

             On 5 October 2021, Reservatic s.r.o. appointed its Data Protection Officer (hereinafter referred to as "DPO").

Name and surname of Data Protection Officer:   Ing. Soňa Macíčková

Data Protection Officer‘s contact details:            dpo@reservatic.com

3.3 Controller or processor of personal data

             Reservatic s.r.o. may act in the following positions in terms of personal data protection, always in relation to the purpose and legal basis for processing personal data.

             A detailed distinction of this position is given in the following chapters. The positions’ basic division is as follow:

●        Personal data controller - in the case of normal browsing of the System from the end user's perspective, displaying information pages, creating and managing a user account (without reservations).

●        Personal data processor - in the case of processing of personal data on the basis of the controller's instructions - mainly based on the licence agreement between Reservatic s.r.o. and the client of Reservatic s.r.o. This concerns in particular the process of offering free dates to a specific service provider (i.e. the client of Reservatic s.r.o.) and the subsequent processes of creating and managing reservations.

●        Additional personal data processor - or also a sub-processor, is a specific position where Reservatic s.r.o. has a license agreement with a processor who has its own license agreement with the controller. Reservatic s.r.o. therefore provides the system as a subcontractor.

4. Purpose and legal basis for processing

4.1 Provision of system services

Reservatic s.r.o. processes personal data mainly for the purpose of providing the System services.

Reservatic s.r.o. provides the system on the basis of a license agreement (General Terms and Conditions are available at https://reservatic.com/cs/pages/vseobecne-obchodni-podminky). Processing of personal data for the purpose of providing the services of the System thus means the processing of personal data for the purpose of concluding the license agreement and fulfilling the rights and obligations arising from the concluded license agreement. This processing is a necessary condition for the provision of the System’s services. Without such processing, Reservatic s.r.o. would not be able to provide the System’s services to the users. In this case, Reservatic s.r.o. acts as a processor (or additional processor - depending on the parameters of the specific license agreement).

Reservatic s.r.o. may process personal data for the aforementioned purposes without any consent from the data subjects. The legal basis for this processing is the processing necessary for the performance of a contract to which the data subject is a party, or for the adoption of measures taken before the conclusion of the contract at the request of the data subject (see Article 6(1)(b) GDPR).

4.2 Setting up and maintaining a customer account

A customer account is a prerequisite for using the System’s services. Therefore, Reservatic s.r.o. assumes that every data subject who creates a customer account is interested in using the System’s services at least temporarily. Even when using the System's services free of charge or on a trial basis, a license agreement is concluded (General Terms and Conditions are available at https://reservatic.com/cs/pages/vseobecne-obchodni-podminky). In view of the above, Reservatic s.r.o. will also process personal data for the purpose of setting up and maintaining a customer account.

The legal basis for this processing is the processing necessary for the performance of a contract to which the data subject is a party or for the adoption of measures taken before the conclusion of the contract at the request of the data subject (see Article 6(1)(b) GDPR).

4.3 Fulfilment of Reservatic s.r.o.’s legal obligations

Reservatic s.r.o. also processes personal data for the purpose of fulfilling its legal obligations.

This concerns in particular the legal obligations arising for Reservatic s.r.o. from accounting and tax laws (e.g. VAT Act). In addition, Reservatic s.r.o. is obliged to be able to prove that it processes personal data in accordance with generally binding legal regulations, in particular the GDPR. This purpose of processing personal data also falls under Reservatic s.r.o.’s legal obligations.

Reservatic s.r.o. may also process personal data for the aforementioned purposes without any consent from the data subjects. The legal basis for this processing is the fulfilment of a legal obligation to which Reservatic s.r.o., as the data controller, is subject (see Article 6(1)(c) GDPR).

4.4 Reservatic s.r.o.’s legitimate interests

Reservatic s.r.o. is also entitled to process personal data for the following purposes:

●       customer records;

●       analysis of the Systém’s use by its users;

●       establishing, exercising or defending legal claims (in particular, legal claims arising from a licence agreement).

The processing of personal data for any of the above purposes may also be carried out by Reservatic s.r.o. without any consent from the data subjects. The legal basis for this processing is the legitimate interest of Reservatic s.r.o. (see Article 6(1)(f) GDPR).

Such processing is not possible only if the interests or fundamental rights and freedoms of the data subjects requiring the protection of personal data take precedence over the interests of Reservatic s.r.o.

The data subject may object to processing of personal data based on the legitimate interest of Reservatic s.r.o. at any time (see Article 21 of the GDPR).

4.5 Data subjects’ consent

Based on the consent to the processing of personal data, Reservatic s.r.o. is entitled to process personal data for any purpose specified in the respective consent. The legal basis for this processing is the data subjects' consent to the processing of personal data (see Article 6(1)(a) GDPR).

Consent to the processing of personal data is fully voluntary. Any refusal to grant consent will have no adverse consequences for the data subject.

Each data subject has the right to withdraw consent to the processing of personal data at any time, in particular:

●        By electronic notification sent to the e-mail address dpo@reservatic.com

●        By written notification sent to the address of Reservatic s.r.o.‘s registered office

The withdrawal of consent does affect the lawfulness of the processing of personal data in the period prior to the withdrawal of consent on the basis of which the processing of personal data was carried out.

5. Direct marketing

5.1 General

Processing of personal data for direct marketing purposes means processing of personal data for the purpose of sending commercial communications within the meaning of Act No. 480/2004 Coll., on certain information society services, as amended (hereinafter referred to as "Act No. 480/2004 Coll.").

Commercial communication is any form of communication, including advertising and encouragement to visit the website of the online store, intended to directly or indirectly promote the goods or services or the image of Reservatic s.r.o. (hereinafter referred to as "Communication").

The possibility of sending commercial communications may be regulated (limited) by a specific license agreement between Reservatic s.r.o. and the service provider who uses the System under the license agreement.

5.2 Method of sending communications

The processing of personal data for the purpose of sending the Communication is carried out by Reservatic s.r.o. on the basis of the existence of a legitimate interest (see recital 47 of the GDPR). Also, the actual sending of the Communication may be carried out by Reservatic s.r.o. without consent (in accordance with Article 7(3) of Act No. 480/2004 Coll.), unless the data subject has initially refused it (e.g. by ticking the box "I do not want to receive any emails from Reservatic", which is available in the "My profile" section).

5.3 Termination of processing

Reservatic s.r.o. shall terminate the processing of personal data for direct marketing purposes immediately after the data subject expresses his/her disagreement with such processing. The objection may be made, for example, in one of the following ways:

●        by unsubscribing from receiving Communications (which can be done in each Communication or by checking the "I do not want to receive any emails from Reservatic" box available in the "My Profile" section);

●        by objecting to such processing (subject to Article 21 GDPR).

Notwithstanding the abovementioned, the Operator shall cease processing personal data for direct marketing purposes no later than 2 years after the last active use of the System or logging into a customer account (whichever is later). With each active use of the System or login to the customer account, the processing period is extended for another 2 years.

6. Categories of recipients of personal data

The recipient of personal data is anyone to whom Reservatic s.r.o. provides personal data in connection with the above-mentioned purposes of processing personal data.

Reservatic s.r.o. may provide personal data mainly to recipients whose services it uses mainly in the context of the operation and maintenance of the System. These are in particular entities providing accounting, printing and mailing services, legal services, IT services, cloud services, services for sending Communications or operators of payment gateways and systems, etc.

These recipients will process personal data either as independent controllers (i.e. as entities that determine the purposes and means of processing personal data themselves, independently of Reservatic s.r.o.) or as processors (i.e. as entities that process personal data for Reservatic s.r.o. on the basis of its instructions).

In addition, Reservatic s.r.o. will provide personal data to public authorities if this obligation is imposed on it by generally binding legal regulations. However, public authorities in the exercise of their investigative powers are not considered recipients.

7. Personal data processing period

Reservatic s.r.o. will process personal data only for the period necessary for the purpose of processing, but generally for a maximum of 2 years. The termination of one of the legal bases for processing personal data does not affect the processing of personal data (to the extent necessary) on the basis of another legal basis (and for the relevant purpose).

The Personal data processing period may be regulated by a specific license agreement between Reservatic s.r.o. and the service provider using the System on the basis of the license agreement.

7.1 Provision of system services

For the purpose of providing the System services (performance of the license agreement), Reservatic s.r.o. will process personal data for at least the duration of the obligation under the license agreement.

Setting up and maintaining a customer account

A Customer Account may be cancelled at any time at the same time as the termination of the use of the System services, based on a request for cancellation of the Customer Account sent to any of the contact addresses listed in Article 3 above (in particular, the e-mail addresses dpo@reservatic.com and info@reservatic.com). In the event of termination of the use of the System services, Reservatic s.r.o. shall terminate the processing of personal data entered into the customer account no later than 2 years after the termination of the obligation under the license agreement (termination of the use of the System) or since the last login to the customer account, if the data subject no longer uses the System.

If the data subject has never started to use the System services (e.g. has only set up a customer account), Reservatic s.r.o. will cancel his/her customer account and will stop processing the personal data entered into the customer account immediately upon receipt and confirmation of an e-mail request sent to one of the contact addresses listed in Article 3 above, or at the latest within 2 years from the last login to the customer account.

7.2 Fulfilment of Reservatic s.r.o.’s legal obligations

For this purpose, Reservatic s.r.o. will process personal data for the duration of the relevant legal obligation, as stipulated by generally binding legal regulations (e.g. tax documents containing personal data must be kept by Reservatic s.r.o. for 2 years).

7.3 Reservatic s.r.o.’s legitimate interests

For the purpose of direct marketing (sending of Communications), Reservatic s.r.o. will process personal data until the time of expressing opposition to such processing, but no longer than for a period of 2 years from the last termination of the obligations under the license agreement (termination of use of the System) or logging into the customer account, if the data subject does not use the System.

For the purpose of customer records, Reservatic s.r.o. will process personal data for a period of 2 years from the termination of the obligations under the license agreement (termination of the use of the System) or login to the customer account if the data subject does not use the System.

For the purpose of analysing the use of the System by its users, Reservatic s.r.o. will process personal data for a period of 2 years from the last login of the user.

For the purpose of establishing, exercising or defending legal claims, Reservatic s.r.o. will process personal data for as long as the relevant legal claim exists, but for a maximum of 1 year after the expiry of the limitation period under generally binding legal regulations. In the event of the initiation and continuation of judicial, administrative or any other proceedings in which the rights or obligations arising from the relevant legal claim are addressed, the Personal data processing period for this purpose shall not expire before the final conclusion of such proceedings.

7.4 Data subjects’ consent

For the purpose stated in the respective consent to the processing of personal data (if the data subject has given such consent to Reservatic s.r.o.), Reservatic s.r.o. will process the personal data until the consent is withdrawn, otherwise for a maximum of 2 years from the moment of giving consent to the processing of personal data.

8. Data subjects’ rights

Each data subject has, inter alia, the following rights:

●        the right of access to personal data (under the terms of Article 15 GDPR)

●        the right to rectification of personal data (under the terms of Article 16 GDPR)

●        the right to erasure of personal data (under the terms of Article 17 GDPR)

●        the right to restrict the processing of personal data (under the terms of Article 18 GDPR)

●        the right to object to processing (under the terms of Article 21 GDPR)

●        the right to data portability (under the terms of Article 20 GDPR)

●        the right to lodge a complaint with a supervisory authority (i.e. the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, e-mail posta@uoou.cz)

●        the right to withdraw consent to the processing of personal data

9. Addendum to reservations for COVID-19 testing and vaccination in the Czech Republic

9.1 Status of Reservatic s.r.o.

Reservatic s.r.o., as part of the Central Reservation System (hereinafter referred to as "CRS"), is an additional processor of personal data (the processor of personal data is the National Agency for Communication and Information Technologies, s.p., hereinafter referred to as "NAKIT" and the controller of personal data is the Ministry of Health of the Czech Republic, hereinafter referred to as "MH").

From this position, the company is subject to the orders of the processor and the administrator. Therefore, to exercise the data subjects’ rights, it is always necessary to contact the data controller - specifically the Data Protection Officer of the Ministry of Health - contact information https://www.mzcr.cz/ochrana-osobnich-udaju/  

9.2 Additions within the contractual relationship with the processor

Reservatic s.r.o.'s contractual relationship between Reservatic s.r.o. as a further processor and NAKIT as a processor is significantly limited in the performance of its obligations and policies in the implementation of the CRS project. Based on some inquiries, we therefore provide some basic information for the general public:

  1. The processed personal data has never been and could never be used for direct marketing in accordance with Article 5 of this Policy by Reservatic s.r.o.

  2. From a cybersecurity perspective, it is necessary to use certain third-party systems according to Article 2 of this Policy (specifically Google reCaptcha, and in the past also SecurityMetrics). The data controller is duly informed of these facts.

  3. Reservatic s.r.o. also uses other third-party systems in the performance of its legal and contractual obligations, but only anonymised data (specifically anonymised IP addresses) are transmitted, which cannot be considered personal data. This is specifically the Matomo analytical tool, where the data is processed exclusively on the territory of the Czech Republic.  The data controller is duly informed of these facts.

  4. The Personal data processing period is defined according to the general requirements for the implementation of the CRS project.

9.3 Further information on the CRS

         All information from the point of view of data protection is published on the website of the controller (MZ), in particular:

●        Information on the processing of personal data within the Project: IT support for vaccination (Central booking system - vaccination against covid-19) - https://registrace.mzcr.cz/assets/Informacni_povinnost_CRS_ockovani.pdf

●        Ministry of Health’s information on personal data protection - https://www.mzcr.cz/ochrana-osobnich-udaju/

●        Basic information on the processing of personal data by the Ministry of Health - https://www.mzcr.cz/wp-content/uploads/2019/06/Zakladni-informace-o-zpracovani-osobnich-udaju-Ministerstvem-zdravotnictvi.pdf   

●        Methodological Guidance for the Vaccination Campaign (Implementation Plan) - https://www.mzcr.cz/metodicky-pokyn-pro-ockovaci-kampan-plan-provedeni/ , in particular Annex 4 "IT Support for Vaccination" and Appendix 3 to Annex 4 "Data Protection Impact Assessment (DPIA), Project: IT Support for Vaccination".

10. Information about cookies

  1. We, the company Reservatic s.r.o., ID No.: 01798715, with its registered office at Technologická 372/2, 708 00 Ostrava Pustkovec, Czech Republic, registered in the Commercial Register maintained by the Regional Court in Ostrava, Section C, Insert 68354, as the controller, processor or additional processor (depending on the specific situation) of personal data, would like to inform you that for the purpose of:

●        measuring website traffic

●        generating statistics regarding our website traffic and visitor behaviour on our website

●        the correct functionality of our website

●        customising our website to your needs

●        identifying which pages and features visitors to our website use most often

●        improving the use of our servers

we use small amounts of data that are stored on your end device (cookies). You can find out more about cookies, for example, by visiting the following sources of information:

●        https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies+and+similar+technologies

●        https://cs.wikipedia.org/wiki/HTTP_cookie

●        https://www.uoou.cz/cookies-a-gdpr/d-29966

  1. Cookies are used by almost every website in the world and are generally a useful service because they increase the user-friendliness of a website you visit repeatedly (they allow your computer to remember the pages you have visited and your preferred settings for each page).

  2. The use of cookies can be set using your internet browser. Most internet browsers automatically accept cookies by default. However, you can refuse cookies by setting your internet browser. You can find more information on how to set this on the following pages:

    1. Google Chrome (https://support.google.com/accounts/answer/61416?hl=cs)

    2. Mozilla Firefox (https://support.mozilla.org/cs/kb/povoleni-zakazani-cookies)

    3. Internet Explorer (https://support.microsoft.com/cs-cz/help/17442/windows-internet-explorer-delete-manage-cookies)

    4. Safari (https://www.apple.com/legal/privacy/)

  3. The collection of cookies for the aforementioned purpose may be regarded as processing of personal data, which, with the exception of marketing cookies, is possible on the basis of our legitimate interest within the meaning of Article 6(1)(f) of the General Data Protection Regulation ("GDPR").

  4. However, technical cookies that are necessary for the functionality of our website will only be stored for the time necessary for the functioning of the website.

  5. You can object to the processing of cookies under the terms of Article 21 GDPR. The objection can be sent to Reservatic s.r.o. or its Data Protection Officer via one of the contact addresses listed in Article 3 of this Policy. If you object to the processing of technical cookies, the full functionality and compatibility of our website cannot be guaranteed.

  6. Cookies that are collected for the purpose of measuring traffic to our website and generating statistics on website traffic and visitor behaviour on the website are processed in an almost anonymised form, which allows you to be identified, but only with considerable and professional effort.

  7. All cookies are stored for the period of time indicated below for each type of cookie.

  8. The collected cookies may be processed by additional processors:

    1. Provider of the reCaptcha Enterprise security feature, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

      1. https://policies.google.com/technologies/cookies

      2. https://policies.google.com/privacy/update

    2. The company Railsformers s.r.o., with its registered office at Technologická 372/2, 708 00 Ostrava Pustkovec, Czech Republic, providing the analytical and measuring tool Matomo in the on-premise version for the company Reservatic s.r.o. on the basis of a processing contract. No personal data is stored in this tool (the IP address of the data subject - the end user - is anonymised). This processor also provides and comprehensively manages the infrastructure of the Reservatic system.

  9. In the context of the optional simplified registration or login to a Reservatic customer account, these processors may also (using the Single Sign-On system by the listed processors) create and handle additional cookies in accordance with their contractual terms and conditions available here:

    1. SSO - Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

      1. https://policies.google.com/technologies/cookies

      2. https://policies.google.com/privacy/update

    2. SSO Facebook, Inc., located at 1 Hacker Way Menlo Park, CA 94025, USA

      1. https://www.facebook.com/policy.php

      2. https://www.facebook.com/policies/cookies/

    3. SSO Apple, Inc., located at 1 Apple Park Way Cupertino, CA 95014, USA

      1. https://www.apple.com/legal/privacy/cz/cookies/

      2. https://www.apple.com/legal/privacy/cz/

    4. SSO MojeID - CZ.NIC, z. s. p. o., with registered office at Milešovská 1136/5, 130 00 Prague 3, Czech Republic

      1. https://www.mojeid.cz/cs/zasady/

      2. https://www.mojeid.cz/cs/pravidla/

  10. Within the specific position in the implementation of the project of the Central Booking System for Testing and Vaccination COVID-19, other cookies may be processed in the process of booking the testing or vaccination COVID-19 according to the instructions of the personal data controller, i.e. the Ministry of Health of the Czech Republic, located at Palackého náměstí 375/4, 128 00 Prague - Nové Město, Czech Republic.

  11. In accordance with the GDPR, you have the following rights in terms of cookies - see Article 8 of this Privacy Policy - Data Subjects’ Rights.

  12. For other cookie arrangements, we follow our data processing policy set out in the previous sections of this document.

  13. List of cookies that may (or may not, depending on the functions of the System used by the personal data subject) be processed in the Reservatic System

11. Further information on the processing of personal data

In case of questions regarding the processing of personal data or in case of exercising the rights of the data subject referred to in Article 8 of this Policy, Reservatic s.r.o. or its Data Protection Officer may be contacted via one of the contact addresses listed in Article 3 of this Policy.

General information on the processing of personal data can also be found on the website of the Office for Personal Data Protection available at www.uoou.cz.

This policy shall take effect on 5 October 2021

Additions as of 5 October 2021

This Personal Data Processing Policy is valid from 5 October 2021. For full transparency, we also keep the cookie policy and information valid until 5 October 2021, which can be found in the attached PDF for comparison.

In the framework of the approved amendment to the Electronic Communications Act effective from 1 January 2022, we inform you that by 31 December 2021 there will be a significant modification of this Personal Data Processing Policy, in particular information on cookies.

Prilozi: