PROCESSING OF PERSONAL DATA
Information texts for clients regarding the processing of their personal data
The applicable legislation stipulated in Act No. 101/2000 Sb. on personal data processing and on changes in certain laws, as amended, and in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (General Data Protection Regulation) which comes into force at 25 May 2018 imposes on us a number of duties concerning protection of your personal data processing. It is our utmost priority to meet the said requirements and to provide you with relevant information about processing of your personal data processing.
1. What data are processed?
The Savoy Westend Hotel situated at Petra Velikého 16, 360 01 Karlovy Vary, business ID No.: 27110532 processes the following personal data processing connected with all guest staying in our hotel:
- Contact information provided on a registration sheet which you completed during your arrival at our spa:
- Name, surname or academic degree,
- Date of birth,
- Permanent residence address,
- Telephone and email contact information,
- Information contained in a request for spa treatment – in addition to contact information, we also process this information:
- Health insurance company identification information,
- Health care insurance number,
- Suggested length of a stay,
- Information about your previous therapeutic stays – information about medicinal treatments provided to you in our facilities and any other data required by health insurance companies in the event that spa care and rehabilitation are paid from health insurance,
- Information about your payment for the stay in the event that spa care and rehabilitation are paid by yourself; i.e. by a private client and not from health insurance (your bank account if applicable)
No other personal data processing are subject to processing.
2. On what grounds, for what purpose and for how long are your personal data processing processed?
The data completed on the registration sheet and contained in the request for spa care as well as the data about the payment for the stay are processed on the grounds of a legal relationship established between you and our company with the aim to provide medicinal spa and rehabilitation care and related services (accommodation, catering, etc.). The purpose of such data processing is the provision of the above services. Our spa facility received the requests for spa care from your health insurance company. Similarly, information about your previous medicinal stays is also processed on the same legal basis. In the event that spa care and rehabilitation are paid from health insurance (full payment in case of so-called complex care or partial payment in case of so-called subsidized care) it is also our duty to provide a respective health care insurance with information about medicinal treatments and procedures provided to you in our facility as well as any other data required by health insurance companies and to allow health insurance companies to review such data.
If you gave us your consent with the processing of your contact data and information about your medicinal stays in our facility, we process such data on the basis of your consent. The purpose of such data processing is our ability to inform you about our services and products.
In view of providing medicinal spa and rehabilitation care and related services we process information about provided care during your medicinal stay in our spa facility and after its completion for the time for which your health insurance company is authorized, in accordance with generally binding regulations, to review the information about provided services that are paid from health insurance and the accounting clearance thereof. In the event that subsidized care is provided, or if spa care is paid for by an individual (‘the private client’), we process information about the services provided during the time period with regard to which the private client is authorized to question the provision of spa care.
Accounting and tax documents used for the accounting clearance of provided spa care also contain certain personal data (the name and surname of the patient, type of services provided, document issue date). These documents are kept only to satisfy the requirements of relevant accounting and tax laws and for the time required in such laws.
The services provided by and in our hotel are not questioned by health insurance companies or by you, an individual payer. If our services were questioned, we would have to process information about the care provided throughout the duration of a respective dispute and only for the purpose of protecting our rights in such a dispute. Should this type of your personal data processing take place, we would inform you to the same effect without undue delay.
Personal data processing following your consent is limited to the time period for which your consent is given, usually for 10 years, unless your consent is withdrawn earlier.
3. To whom do we provide or make your personal data available?
We make your personal data available only to a respective health insurance company for the purpose of reviews which must be performed by health insurance companies in compliance with generally binding legal regulations (Act No. 48/1997 Sb. on public health insurance and about changes in certain related laws, as amended). If you are a private client, your personal data are not made accessible or available to any third party.
We can provide your personal data to third parties that ensure supporting services for us; i.e. mailing, recovery of debts or legal services. These third parties are in the capacity as a processor of personal data and we provide them only with the personal data necessary for a specific purpose (mailing, recovery of debts or legal services), whereas we provide only the data concerning the clients to which the support activities relate. The processors of personal data that ensure the above support activities are chosen through a closely scrutinized procedure, they are continually changed and added with new ones. Given the updates of the lists of such personal data processors, you can request – in writing or by email – the current list of personal data processors that might be provided with your personal data.
Your personal data may be provided to a third country under the health information exchange framework within which our databases can be accessed by parent companies whose registered office may be outside EU, e.g. in the Russian Federation. Such information exchange follows generally binding regulations, in particular, Article 46 et al of the Regulation (EU) 2016/679 of the European Parliament and of the Council, or GDPR. If you have any further questions regarding this issue, please contact us at our address below.
4. Your rights according to valid legislation
We would like to inform you that valid legislation about personal data protection gives you the following rights:
- The right of access to the personal data regarding you which are processed by us,
- The right to rectification of your personal data should they be incorrect or inaccurate in any way,
- If you find out or assume that we perform your personal data processing in contradiction to the protection of your private and personal life or in contradiction to the laws, in particular that your personal data are inaccurate with regard to the purpose of their processing, you have the right to request explanation and to further request that we amend the situation (e.g. by blocking, making correction/s, addition/s or liquidating your personal data),
- The right to request erasure of personal data, or limitation of their processing,
- The right to object to personal data processing for the purpose of consideration assessment whether there has been a breach of our statutory duties,
- If we process your personal data on the basis of your consent, you have the right to revoke your consent,
- In addition to the above, you have the right to file a complaint with a supervisory authority; i.e. the Office for Personal Data Protection having its seat at sídlem Pplk. Sochora 27, 170 00 Praha 7,
- You also have the right to the portability of the data you provided us with to be processed by us due to their necessity for the performance of the contract. Should you want to hand over such data to another controller, we will enable you to obtain your data in a structured, customarily used and machine-readable format, or, if it is technically feasible, we will hand over such data directly to another controller.
Should you need further clarification or explanations regarding the processing of your personal data, contract us in writing at this address: Savoy Westend Hotel s.r.o., Petra Velikého 16, 360 01, Karlovy Vary, Czech Republic, or by email at firstname.lastname@example.org