fbpx
INFORMATION ON THE PROCESSING OF PERSONAL DATA AND COOKIE POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA AND COOKIE POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA AND COOKIE POLICY

Dear Customers,
One of our priorities is the protection of your personal data. In this document you will find all the necessary information regarding your personal data processed by SIESTA CLOUD s.r.o., ID: 07491441, with registered office at Konopišťská 739/16, 100 00 Prague 10, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 301961 (hereinafter referred to as “SIESTA CLOUD”) within the framework of the operation of the SIESTA CLOUD platform (hereinafter referred to as “Platform”) for the use of the Platform and the portals operated on it (hereinafter referred to as “Portal”) by users – end customers (hereinafter referred to as “Customers”) who use the Portal for the purpose of booking services offered on the Portal (hereinafter referred to as “Services”).

This information about the processing of personal data is provided in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”).This document also contains information about the use of cookies on the Portal.

For any questions regarding privacy and the exercise of your rights, please use this contact:

Contact person.

Electronic address: privacy@siesta.cloud

1. For what purpose and what personal data do we process?
1.1. Conclusion of the contract for the provision of the mediation service and its performance

In order to use the Portal and to use the mediation service provided by SIESTA CLOUD, by registering or making a reservation you enter into a mediation service contract with SIESTA CLOUD (hereinafter referred to as the “Service Contract”). On the basis of this Agreement, we then allow you to use our intermediation service through the Portal by concluding a contract with a third party that provides one of the Services presented on the Portal for the provision of that Service. We thus process the personal data of our Customers using the Portal for the purpose of concluding and implementing the obligations under the Service Agreement. For this purpose, we need your identification data (in the range of first name, last name), contact data (e-mail), data about the requested Service you book, or other personal data that you voluntarily provide in the registration form on the Portal.

For the purposes of concluding and performing the Service Contract, we may also process information from communication with you and information about the performance of the Service Contract.

As a user of the Portal, a user account may be set up for you for the purpose of using the Portal in the performance of the Service Contract. For these purposes, we do not process any other personal data beyond those listed above.

The processing of this personal data is necessary for the performance of our contractual obligations under the Service Contract we have entered into with you.

1.2 Legitimate interests and legal obligations

In justified cases, we also process personal data to protect our interests, typically in the event of legal disputes, court proceedings or inspections by public authorities (Czech Trade Inspection Authority, etc.). Here, we have to prove that we have acted in accordance with our contractual obligations or the law.

Often, we are also required by law to process personal data, here we process personal data typically for bookkeeping and the fulfilment of related tax obligations, or for the fulfilment of obligations imposed by the law on archiving.

1.3 Sending information and news about our services or products (commercial communications)

For customers for whom we have obtained their e-mail and/or telephone number in connection with the conclusion of a Service Contract, or for persons who have subscribed to the newsletter via the Portal and have provided us with their e-mail for this purpose, we process this personal data for the purpose of sending information and news about our services or products. If you do not wish to receive these messages, you can unsubscribe at any time free of charge. The method will always be indicated within such communication. If you do not wish to receive these messages at all, please contact us at privacy@siesta.cloud.

As part of your use of the Portal, we may profile you (for example, to show you offers of Services that are most relevant to your needs). However, we do not make any automated decisions.

In order to determine how the Portal is used and to improve it, we also monitor the behaviour of our users by means of so-called logging and tracking (i.e. the history of logging in and use of individual functions of the Portal).

2. From whom do we receive personal data and to whom do we transfer it?
We receive personal data primarily from you. You are obliged to provide only accurate data to me and if your personal data changes, you must update the data.

We automatically collect data generated by your activity within the Portal (logging, tracking).

As a processor, we process your personal data that you fill in for the purpose of booking Services of individual Providers in the respective booking form. We process this personal data for the individual third parties who present their Services on the Portal and with whom Customers enter into contracts for Services via the Portal. The details of each such entity providing Services are always listed on the Portal for the relevant Service offering. The processing of such personal data is governed by the instructions and rules of the respective entities providing the Services as controllers of such personal data.

We use the following processors to process your personal data:

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, U.S.A.; this may include transfers to the U.S. under the terms of the Privacy Shield.
Personal data is not transferred outside the EU unless otherwise stated.

Personal data may be transferred to public authorities for the purpose of exercising their legal powers.

3. How do we process personal data?
We process your personal data manually in accordance with the relevant purpose where manual processing is necessary or appropriate. Our employees or other persons working for us may act in the management of your data, including for the purpose of correcting errors, inaccuracies, etc. However, such persons may only process personal data under the conditions and to the extent set out above and are bound by the obligation of confidentiality of personal data and security measures, the disclosure of which would compromise the security of personal data.

Personal data is processed in electronic form by automated means, specifically within the Portal and the Platform, or by automated means of the personal data processors listed above and for the purposes set out above.

We always process personal data in accordance with the relevant legal regulations and ensure that it is treated with due care and protection. We take care to ensure that you do not suffer harm to your rights, in particular the right to preserve human dignity, and that your private and personal life is not interfered with.

4. How long do we process personal data?
4.1 Service contract and legitimate interests

We retain your personal data for the duration of the Service Contract.

We then also process the personal data to protect our legitimate interests, i.e. to defend against any claims by users or customers, including in court (e.g. for the duration of the relevant limitation periods, which in the Czech Republic can last up to 15 years from the relevant event). In this context, we process your identification data (name and surname) and contact data (e-mail, telephone), data on the use of the Portal and on the performance of the Service Agreement (its content, information on its performance). Typically, this period is 5 years from the termination of the Service Contract.

We process logging and tracking information within the Portal to protect our legitimate interests (analysis and improvement of the Portal and our services) for a period of 2 years.

4.2 Legal obligations

We process personal data processed on account of our legal obligations within the time limits set by these laws.

Accounting and archiving of documents

We have to process personal data required by law (typically billing data and information about the performance provided) for accounting and tax compliance purposes (possibly for archiving purposes). The processing period is 5 years from the end of the accounting period, in the case of documents relevant for VAT payments it is 10 years from the end of the tax year in which the transaction took place.

We archive the necessary personal data in accordance with the requirements of the Archiving Act.

4.3 Sending commercial communications

We send commercial communications as stated above until you unsubscribe. You can unsubscribe at any time and free of charge. The method will always be indicated within such communication, or you can use the email specified in Article 1.3.

Personal data is not processed on the basis of consent and therefore it is not possible to withdraw consent to processing. However, we will always assess, on request, whether it is no longer necessary to process the data in question.

5. What rights do you have?
In the first place, you have the right to ask us for access to your personal data, including a copy of all your personal data media and a list of the personal data processed.

5.1 We will always inform you of:

(a) the purpose of the processing of personal data,

b) the personal data or categories of personal data, as the case may be, that are the subject of the processing, including any available information about their source,

c) the nature of automated processing, including profiling, and information concerning the procedure used, as well as the significance and expected consequences of such processing for the data subject,

(d) the recipients or categories of recipients,

(e) the intended period for which the personal data will be stored or, if that period cannot be determined, the criteria used to determine that period,

(f) any available information about the source of the personal data, unless it is obtained from you.

5.2 Your other rights include

a) ask us for an explanation,

b) to request that we rectify the situation, which may include blocking, rectifying, supplementing, restricting the processing or destroying the personal data (right to be forgotten),

c) to request personal data relating to you in a structured, commonly used and machine-readable format and to transmit this data to another controller without any hindrance from us,

d) submit a query or complaint to the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7,

e) object to the processing of personal data concerning you.

6. How we protect your personal data
The following security measures are used to secure your data:

Antivirus protection, firewalls, encryption, authorization data, physical security means, security, internal data protection regulations.

7. Cookies policy
In accordance with the provisions of Section 89(3) of Act No. 127/2005 Coll., on Electronic Communications, as amended, we hereby inform you that SIESTA CLOUD uses cookies in the operation of the Portal. Cookies are used for the purpose of operating the Portal and analysing its traffic.

7.1 Consent to the use of cookies

By setting your web browser (enabling cookies) and using the Portal, you agree to the use of cookies under the conditions set out below.

7.2 What are cookies and what are they for?

The Portal uses cookies in order to improve the user experience, as enabling them allows it to remember you and your individual settings and preferences.

A cookie is a simple text file (usually a few KB in size) stored on your computer, laptop or mobile device by the Portal and only the Portal is able to find such cookie and read its contents. These files are not harmful to your user system.

Each cookie is completely unique to your internet browser. The cookie contains certain information such as a unique identifying value, the name of the website, certain digits and numbers.

There are two types of cookies – session cookies and persistent cookies.

Session cookies are temporary cookies stored on your device (e.g. computer, phone, etc.) until you leave the Portal, at which time they are deleted. Such cookies are used by the Portal to remember information as you move between pages, so that you do not have to re-enter or fill in the information you have entered into the Portal.

Persistent cookies remain stored on your device after you leave the Portal to remember you as a returning visitor – however, they do not identify a specific person.

Cookies can be disabled at any time by changing the settings in your web browser.

If you choose to disable cookies, you will not be able to take full advantage of all functionality of the Portal.

If your web browser has cookies enabled in the settings, you confirm your consent to the use of cookies within the Portal.

We use cookies from the following providers for analytical purposes and to improve the Portal:

Google Analytics service of Google LLC, a Google Ireland Limited company, registration number: 368047, with registered office at Gordon House, Barrow Street, Dublin 4, Ireland, the terms and conditions for the processing of cookies can be viewed here: https://www.google.com/policies/technologies/cookies/.