Last updated: May 17, 2024
This Privacy Policy explains how Hotel Hastal, operated by LH Hotels & Resorts s.r.o., collects, uses, stores, and protects your personal information when you visit our website, make a reservation, or use our services.
By using our website or submitting your data, you confirm that you have read and understood this Privacy Policy and agree to its terms.
1. Data Controller
LH Hotels & Resorts s.r.o.
Registered address: Haštalská 103/12, 110 00 Prague 1, Czech Republic
Email: recepce@hastal.cz
Telephone: [insert phone number]
LH Hotels & Resorts s.r.o. (“Hotel Hastal”, “we”, “our”, or “us”) is the data controller responsible for the processing of your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the EU Data Act (Regulation (EU) 2023/2854).
2. What Personal Data We Collect
We collect and process only the personal data necessary to provide our services, including:
- Identification and contact details – name, surname, address, phone number, email address.
- Reservation information – dates of stay, room type, number of guests, preferences, and booking channel.
- Payment details – credit/debit card data (processed through a secure payment gateway; not stored by us).
- Communication data – emails, messages, or inquiries sent to our team.
- Technical information – IP address, browser type, device information, and usage data collected via cookies.
- Account information (if applicable) – username, login details, and booking history.
We do not collect sensitive personal data unless voluntarily provided (e.g., dietary needs or accessibility requirements).
3. How We Collect Your Data
We collect your personal data in the following ways:
- When you make a booking through our website or contact form.
- When you contact us via email, telephone, or in person.
- When you sign up for newsletters or promotional offers.
- When you browse our website and accept cookies.
4. Legal Basis for Processing
We process your data on one or more of the following legal bases:
| Purpose | Legal Basis |
|---|---|
| To manage and confirm your reservation | Performance of a contract (Art. 6(1)(b) GDPR) |
| To process payments | Performance of a contract (Art. 6(1)(b) GDPR) |
| To send booking confirmations and related communication | Legitimate interest (Art. 6(1)(f) GDPR) |
| To comply with legal and tax obligations | Legal obligation (Art. 6(1)(c) GDPR) |
| To improve services and website performance | Legitimate interest (Art. 6(1)(f) GDPR) |
| To send newsletters or marketing offers | Consent (Art. 6(1)(a) GDPR) |
5. How We Use Your Data
Your personal data is used exclusively for:
- Managing and confirming bookings.
- Processing payments securely.
- Communicating about your stay or any special requests.
- Meeting legal, accounting, and tax obligations.
- Improving our website, services, and customer experience.
- Sending marketing offers and updates (only if you have opted in).
We never sell or rent your personal data.
6. Data Sharing
We share your data only with trusted partners when necessary for business operations or compliance:
- Payment processors and banks – to process payments securely.
- IT and hosting providers – to operate our booking system and website.
- Legal, tax, and accounting advisors – to fulfill legal obligations.
- Public authorities – only when required by law (e.g., police, customs, or tax offices).
All third parties process your data in accordance with GDPR and under strict confidentiality agreements.
We do not transfer data outside the European Economic Area (EEA) unless adequate safeguards (such as EU Standard Contractual Clauses) are in place.
7. Data Retention
Your data is kept only as long as necessary for the purpose for which it was collected:
- Reservation and billing data – 10 years (as required by Czech tax law).
- Guest registration forms – 3 years after your stay.
- Marketing and communications – until you withdraw consent.
- Website analytics and cookies – for their set duration or until deleted by you.
Once the retention period expires, your data is securely deleted or anonymized.
8. Cookies
Our website uses cookies and similar technologies to enhance performance, analyze traffic, and personalize content.
You can manage or disable cookies in your browser settings at any time.
For more information, please refer to our Cookie Policy.
9. Your Rights
Under GDPR, you have the following rights:
- Right of access – to request a copy of the personal data we hold about you.
- Right to rectification – to correct inaccurate or incomplete data.
- Right to erasure – to request deletion of your data (“right to be forgotten”).
- Right to restriction of processing – to limit how we use your data.
- Right to data portability – to receive your data in a structured, commonly used format.
- Right to object – to object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent – at any time, where processing is based on consent.
To exercise these rights, please contact us at recepce@hastal.cz.
We will respond within 30 days as required by law.
Data Export and Deletion Requests
If you have created an account on our website or have submitted information (e.g., through a booking or contact form), you may request an exported file of the personal data we hold about you, including any data you have provided to us.
You can also request that we erase any personal data we hold about you.
This does not include any data we are obliged to retain for administrative, legal, or security purposes.
To make such a request, please contact: recepce@hastal.cz
10. Data Security
We apply strong technical and organizational safeguards to protect your data, including:
- SSL encryption on all data transmissions (HTTPS).
- Secure payment gateways with PCI-DSS compliance.
- Restricted employee access to personal data.
- Regular audits, backups, and cybersecurity measures.
In the event of a data breach, we will notify the relevant supervisory authority and affected individuals as required by GDPR.
11. EU Data Act Compliance
In accordance with the EU Data Act (Regulation (EU) 2023/2854), we ensure:
- Transparent and fair data handling practices.
- That users have full control and access to their data.
- That no personal data is shared or monetized without consent.
- That users can export or transfer their data in a structured, machine-readable format.
- That no profiling or automated decision-making occurs without explicit consent.
12. Third-Party Links
Our website may contain links to third-party websites.
We are not responsible for the privacy practices or content of those websites and encourage you to review their respective privacy policies.
13. Changes to This Policy
We may update this Privacy Policy from time to time to comply with legal changes or improve transparency.
The updated version will always be posted on this page with a new “last updated” date.
14. Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:
Hotel Hastal – Data Protection Officer
LH Hotels & Resorts s.r.o.
Haštalská 103/12, 110 00 Prague 1, Czech Republic
Email: recepce@hastal.cz
If you believe your data rights have been violated, you may lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů) – www.uoou.cz.
