Privacy Policy
I.H.FARM s.r.o.
1. General provisions
1. 1 Introduction We take special care to protect the personal data of the visitors on our sites, our potential and existing customers and others who provide us with their personal data. This Privacy Policy (the “Privacy Policy”) provides you with the necessary information on how we, I.H.FARM s.r.o., Id. No.: 24761061, with its registered office in Prague 1 – Nové Město, at Opletalova 1323/15, district of the Capital City of Prague, Postal Code 11000, Czech Republic, receive, store and further process your personal data in our capacity as personal data controller in connection with the operation of our website at https://oblik-resort.com/ including the websites of the individual services provided within our resort (the “Sites”), and in connection with the provision of our services.
1. 2 Use. This Privacy Policy explains and informs you about (i) how we collect and process your personal data, (ii) your rights and how you can exercise them.
1. 3 Acknowledgment. We recommend that you thoroughly familiarise yourself with this Privacy Policy. By continuing to use our Sites and providing your personal data, you confirm that you have been informed about how we use your personal data, as set out in this Privacy Policy and the relevant privacy notices.
1. 4 Applicable legislation. This Privacy Policy provides you with the information that results from Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”).
2.Controller’s contact details
2. 1 Contact details. You can contact us directly at info@oblik-resort.com or at our address.
3. Terms and definitions
3. 1. Personal data – means all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, surname, date of birth, location data, email.
3. 2 Processing of personal data – means any operation or set of operations which is performed on your personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. 3 Controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
3. 4 Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
3. 5 Purpose – the reason for which the controller processes your personal data.
3. 6 Cookies – cookies are small data files (text files) that a website (web) asks your browser to store on your device, when you as a user visit the website, to remember information about you, such as your language preferences or login details. The cookies we use can be divided into cookies used by us (technical cookies), which are essential to provide you with the Sites’ features, and third-party cookies, which are cookies from another domain (for advertising and marketing purposes). This also includes other techniques that work in a similar way. For more information, see the Cookie Policy.
3. 7 Recipient – means the person who receives the personal data.
3. 8 Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons, who, under the direct authority of the controller or processor, are authorised to process personal data.
3. 9 Consent – means any freely given, specific, informed and unambiguous indication of your wishes by a statement or by a clear affirmative action, signifying agreement to the processing of personal data relating to you.
4. Personal data processed, purposes, manner and duration of personal data processing
4. 1 Scope of personal data being processed.
4. 1. 1 Personal data sources We obtain your personal data from various sources, especially directly from you or from our activities, specifically:
when you visit the Sites;
when you subscribe to our newsletter;
when you request the provision of our services;
when you enter into a contractual relationship with us.
4. 1. 2 Data collected. We only process personal data that you or other persons authorised by you provide to us through the sources described above. We process the following personal data, in particular:
Identification data: name, surname, date of birth, place of residence, Id. No., Tax Id. No. and registered office of a business, number of the identity card or similar document, or the visa number for foreign nationals.
Contact details: email address, mailing address, telephone number.
Payment and transaction data: account number, account holder’s name, data concerning payments made.
Contract performance data: subject of the contract, your special requirements for the provision of services, information on the performance of obligations under the contract and the services provided, related communication including bookings, information on enforcement of receivables under the contract, information on the purpose of stay and the organisation booking the stay, etc.
Medical data: data concerning your health, especially your current condition, allergies, past surgeries, pregnancy data, diseases suffered, etc.
Cookie data: we may use cookies and other tracking technologies to automatically collect the following information when you access or use the Sites: device information (hardware model, information about operating system and its version, unique device identifiers, mobile network information, device storage information), location information (IP address, time zone, mobile service provider information), usage data (including, but not limited to: frequency of use, areas and features of our Sites you visit, usage patterns in general, engagement with particular features).
4. 1. 3 Purpose, grounds and duration of processing. We process your personal data for the following purposes:
Keeping you up to date with the latest news. If you subscribe to our newsletter, we use your identification data and contact details to inform you of new developments within our company and to promote our products and services, including via email and telephone contact details. The legal basis for this processing is your consent and we process your personal data until your consent is withdrawn, but for no longer than 3 years.
Answering questions. If you ask a question through our Sites, we will process your identification data, contact details and any other data provided in your query so that we can answer it. The legal basis for this processing is our legitimate interest in answering questions from visitors to the websites and we process your personal data until the query is answered successfully.
Making a booking. If you request our services, we will process your identification data, contact details, payment and transaction data and contract performance data so that we can book our services for you at a specific date. The legal basis for this processing is the performance of the contract and we will process your personal data until the commencement of the provision of the services booked or until the expiry of the booking.
Provision of accommodation services. If you request accommodation services, we use your identification data (in relation to all residents), contact details, payment and transaction data, and contract performance data in order to provide you with accommodation and related services. The legal basis for this processing is the performance of the contract and we process your personal data until all obligations arising from the contractual relationship have been fulfilled.
Provision of catering services. If you visit our restaurant, we use your identification data, contact details, payment and transaction data, and contract performance data to help us respond to your requirements. The legal basis for this processing is the performance of the contract and we process your personal data until all obligations arising from the contractual relationship have been fulfilled.
Provision of wellness services. When you visit our wellness and spa, we use your identification data, contact details, payment and transaction data, contract performance data and medical data to provide you with the wellness services you request. The legal basis for this processing is the performance of the contract and we process your personal data until all obligations arising from the contractual relationship have been fulfilled. At the same time, we always require your express consent to the processing of your medical data, and you can withdraw your consent at any time; therefore, we do not process these data further if your consent is withdrawn. The provision of medical data is not mandatory; however, if the data are not provided, we will not be able to take your medical condition into account when providing wellness services and we may not be able to provide some services to you due to their potential adverse health effects in the case of certain health conditions.
Organisation of events. If you are interested in organising a wedding ceremony or other events, we use your identification data (also in relation to other participants), contact details, payment and transaction data and contract performance data in order for us to be able to organise the required event for you. The legal basis for this processing is the performance of the contract and we process your personal data until all obligations arising from the contractual relationship have been fulfilled. At the same time, in that case, we process your data for the other purposes specified above in this Privacy Policy, depending on the scope of the services you use.
Support and promotion of our products and services. If you are negotiating a contract with us or have already entered into a contract with us, we also use your identification data, contact details and contract performance data to pursue our legitimate interests, which are to promote the sales of our products and services and to disseminate information about them. We process your personal data for a period of up to 3 years from the date of termination of the contractual relationship or the end of the contract negotiations.
Internal records and protection of our rights. Where we process or have processed your personal data for the purposes set out above, we will process your identification data, contact details, payment and transaction data, contract performance data, and medical data to pursue our legitimate interests, namely the protection of our rights and interests (i.e. legal claims), which include the keeping of our internal records and the control of the proper provision of our services. At the same time, we use medical data on the basis of an exemption covering the identification, exercise and defence of our legal claims. For this purpose, we process your personal data for the duration of the limitation period, including the period covering any suspension or interruption thereof, but typically no longer than for 16 years after the termination of the contract concluded with you. In the event of legal, administrative or other proceedings, we also process your personal data to the extent necessary for the duration of such proceedings for the exercise or defence of our legal claims.
Compliance with our statutory obligations. In accordance with the applicable law, we process your identification data, contact details, payment and transaction data and contract performance data in order to fulfil our legal (statutory) obligations. These include, for example, tax and accounting obligations under the act on local fees and archiving obligations. For these purposes, we process your personal data for the period of time specified in the relevant legal regulations.
Sites operation and security (necessary cookies). We process your cookie data that are essential for the operation of the Sites, including their presentation and functionality and ensuring your security. We use this data to identify you as a visitor when you browse or repeatedly access our Sites. The legal basis for this processing is our legitimate interest in the proper functionality and operation of our Sites. We generally retain your personal data for up to 2 years after you visit our Sites.
Site customization (preference cookies). We process your Data from cookies that are necessary to personalize our Sites (preference cookies). This may make it easier for you to browse the Site. For this purpose, we customize the Site - location, language selection and your device to your preferences, while your data may also be transferred to third parties. The legal basis for processing here is therefore your consent, granted via the Cookies sidebar. We retain your data for the duration of your consent, but in any case for no longer than 2 years after we have received your consent.
Promotion and marketing on our Sites (marketing cookies). We process your cookie data that are essential for targeting and displaying our advertising (marketing cookies), and your data may also be transferred to third parties. We use this data to promote products and services on the Sites and display marketing communications to you regarding products and services in which you have expressed an interest and promote our brand through online promotion, and your information may also be transferred to third parties. The legal basis for this processing is therefore your consent given via the cookies sidebar. We retain your data for the duration of your consent, but in any case for no longer than for 2 years after we have received your consent.
Sites traffic analysis (static cookies). We also process your cookie data that are necessary for the analysis of traffic at our Sites (static cookies). We use this data to monitor traffic at our Sites, optimise them, ensure the security of your data and improve continuity and user-friendliness of the Sites, and your data may also be transferred to third parties. We process your data on the basis of your consent, which you have given us via the cookies sidebar. We retain your data for as long as your consent is valid, but in any case for no longer than 2 years after we have received it.
4. 2 Cookies
4. 2. 1 When you use our Sites, we may process your personal data (cookie data) via cookies and other tracking technologies. Cookies are small text files stored in your web browser that allow us or a third party to recognise you. Cookies may be used to collect, store and share parts of information about your activities on various websites, including our Sites. This also applies to other similar technologies used for this purpose.
4. 2. 2 Specifically, we use the following cookies:
necessary cookies are essential to ensure the proper functioning of the website;
optional cookies - preference, statistical and marketing cookies.
4. 2. 3 You can adjust the settings to allow or reject all cookies or only some cookies. Rejecting cookies may negatively affect the functionality of websites, including our Sites. You can modify your choices regarding cookies or delete them from your electronic device at any time. Detailed information regarding cookies can be found on the website of the respective web browser provider. For more information, read the Cookie Policy.
4. 3 Manners of data processing. To the extent and for the purposes described above, we process your personal data by automated means, including the use of statistical methods. In some cases, we may also process your personal data manually.
4. 4 Personal data of children. We do not knowingly collect or require personal data from persons under 16 years of age, except for persons participating in the provision of services together with their legal guardians.
4. 5 Consequences of failure to provide data. The provision of your personal data is a requirement necessary to enter into a contract for the provision of our services, including the operation of the Sites. If you do not provide this data, we may not be able to provide you with our services and display the Sites.
5. Transfer of personal data to third parties and recipients of personal data
5. 1 Transfers of personal data. We may transfer the personal data we collect in the ways described above to third parties that provide certain services related to the provision of our services, including administration or IT support, data analytics, organisation and storage of personal data, etc. At the same time, in some cases, we are obliged to transfer personal data to public authorities. These entities are in the position of processors or controllers of your personal data.
5. 2 Recipients. In particular, we may share the personal data we collect with the following recipients:
our IT system suppliers who may have access to your personal data and act as data processors in certain cases;
analytics and marketing service providers who act as data controllers or data processors;
our external providers of legal services who are necessary for the recovery of our receivables and for the protection of our legal claims and act as processors or data controllers;
public authorities, in particular those regulating local fees (in case of provision of accommodation services), tax and accounting services.
5. 3 Sufficient level of security. We provide a guarantee that we have entered into personal data processing agreements with processors who ensure the same level of security of your personal data as described in this Privacy Policy. We also strive to ensure that all controllers with whom we share any personal data ensure adequate security of the personal data being processed. Where personal data is transferred outside of the European Economic Area, we ensure that in all cases a sufficient level of protection of the personal data so transferred is provided in accordance with the GDPR.
5. 4. Confidentiality and exemptions. We, including all processors and controllers, are obliged to maintain the confidentiality of all personal data. An exception is the obligation to disclose personal data to designated public authorities and other entities that are legally entitled to request personal data (the Police of the Czech Republic, the Tax Authority, etc.).
6. Security of your personal data
6. 1 Security measures and policies. We have implemented the necessary technical and organisational measures in our system for internal control and information security processes that are in line with best practice and correspond to the potential risk. We also take into account the prospect of future technological advances to protect your personal data from unauthorised disclosure, access or loss. These measures include, but are not limited to, employee data protection training, regular data backups, data recovery procedures and liability mechanisms for personal data breaches, as well as software and hardware protection.
7. Your rights
7. 1 Information provided. If you exercise your rights in accordance with this Article 7 of the Privacy Policy or other applicable law, we will inform each recipient who processes your personal data of the action taken, provided that the communication to the recipient is feasible and/or does not require disproportionate effort.
7. 2 Exercise of rights. If you wish to exercise your rights or obtain the relevant information, please contact us using one of our contact details. When you contact us, we must ask you to provide us with your identification details or other personal data that you have previously provided to us. Providing this information is necessary to verify that you are the one who sent the request. We will respond to you not later than within one month of receipt of such a request, where we reserve the right to extend this time limit by two months.
7. 3 Your rights. In accordance with the applicable legal regulations, you may request access to your personal data that we process, you have the right to rectification, right to erasure, and right to portability, the right to lodge a complaint, the right to request restriction of processing and the right to object to personal data processing. You may revoke your consent to personal data processing at any time.
7. 4 Rectification of your personal data. In accordance with the GDPR, you have the right to rectification of your inaccurate or incomplete personal data we process. If you request rectification of your personal data, you can contact us using one of our contact details. We take measures to ensure that your personal data is up to date and correct. You can contact us with your request at any time if we are still processing your personal data.
7. 5 Erasure of your personal data. You can request that we erase your personal data at any time. After you contact us with such a request and if any of the grounds for erasure of data applies, we will erase the personal data concerned from our databases without undue delay unless we process some of your personal data on the grounds of our legal obligation or for the establishment, exercise or defence of our legal claims.
7. 6 Withdrawal of your consent to personal data processing. You may withdraw your consent to the processing of personal data you have granted to us at any time without stating a reason. If you wish to withdraw your consent, please let us know using one of our contact details. Please note that withdrawal of consent does not affect the lawfulness of previous processing based on the consent given.
7. 7 Access to your personal data and their portability. You have the right to obtain information on the processing of your personal data and a copy of the personal data processed by us. If you so request, we may transfer all or only part of the personal data provided by you (processed by automated means on the basis of a contract or consent) directly to a third party (other personal data controller) specified by you in your request for the transfer of personal data, unless such request adversely affects the rights and freedoms of other persons and as long as it is technically feasible.
7. 8. Restriction of processing. If you request restriction of processing of your personal data, in particular in cases where you have doubts as to the accuracy, lawfulness or our need to process your personal data, we will assess your request and we may restrict the processing of your personal data to the minimum necessary scope (processing for the purpose of the assessment, enforcement or defence of our legal claims or for the protection of the rights of another natural or legal person or for other reasons). However, if the restriction of processing is lifted and we continue to process your personal data, we will inform you of this fact without undue delay.
7. 9 Objection to processing. You have the right to object at any time to the processing of your personal data on the basis of your specific situation, if such processing is based on our legitimate interest. We will not further process your personal data unless we can demonstrate a compelling legitimate interest to do so or unless such processing relates to direct marketing.
7. 10 Complaint with the Office for Personal Data Protection. You have the right to lodge a complaint concerning our personal data processing with the Office for Personal Data Protection, with its seat at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, website: https://www.uoou.cz/.
8. Updates to this Privacy Policy
8. 1 Versions and updates. This Privacy Policy is applicable as of 25 October 2024. We regularly update the Privacy Policy. Any amendment to this Privacy Policy is effective after it is published on the Sites.
Questions and comments
If you have any questions or comments about any part of this Privacy Policy, if you need support or if you have any claims, please contact us at info@oblik-resort.com.