Privacy policy

of Oxygenic s.r.o

PREAMBLE

(A) Oxygenic s.r.o. respects your privacy and protects your personal data and, when processing it, always proceeds in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”) and Act No. 110/2019 Coll., on the processing of personal data, as amended. Oxygenic s.r.o. therefore issues these Personal Data Protection Principles, the purpose of which is to provide you with information about the processing of personal data at Oxygenic s.r.o. (hereinafter referred to as the “Principles”).

(B) These Principles apply to the processing of personal data of Oxygenic s.r.o. customers, interested parties and other business partners of the company and, where appropriate, their representatives or contact persons, always to the extent appropriate to their position vis-à-vis Oxygenic s.r.o..


I. PERSONAL DATA CONTROLLER

1.1. The administrator of your personal data is Oxygenic s.r.o. with its registered office at Zahradní 396, 252 25 Jinočany, Company ID: 28938593, entered in the Commercial Register kept by the Municipal Court in Prague, Section C, Insert 154407.

1.2. You can contact us as a controller:

  • at the address Za tratí 235, 252 19 Chrastany, Czech Republic;
  • by email: info@hotelum.eu

1.3. The company Oxygenic s.r.o. has not appointed a personal data protection officer.


II. CATEGORIES OF PERSONAL DATA, PURPOSE OF PROCESSING PERSONAL DATA, LEGAL BASIS FOR PROCESSING, METHOD OF PROCESSING

2.1. As a personal data controller, we process in particular the following categories of personal data:

Personal identification data

  • first and last name;
  • business firm;
  • Company ID and VAT number;
  • login name and password.

Contact personal information

  • address of the registered office or establishment;
  • delivery address;
  • billing address;
  • phone;
  • e-mail.

Payment details

  • bank account number.

Your order details

  • about the goods you have purchased;
  • about the method of delivery and payment;
  • about complaints.

2.2. We do not request or process special categories of personal data within the meaning of Article 9 of the GDPR, such as information about racial or ethnic origin and political opinions, etc.

2.3. We collect personal data from you, in particular, from your inquiries and orders, including orders at https://www.hotelum.eu/, from communication between us in any form, including the contact form at https://hotelum.eu/contact and further via the registration form at https://www.hotelum.eu/registration.

2.4. We process your personal data on the basis of the legal grounds set out below:

  • Article 6(1)(b) GDPR, according to which processing is necessary for the performance of a contract;
  • Article 6(1)(c) GDPR, according to which processing is necessary for compliance with a legal obligation;
  • Article 6(1)(f) GDPR, according to which processing is necessary for the purposes of legitimate interests.

We do not need your consent to process personal data for the above reasons.

2.5. We need your personal data to be able to make you an offer of goods, respond to your questions and requests, manage your user account on the website https://www.hotelum.eu/, conclude a purchase contract with you, deliver the goods to you on the basis of the contract and subsequently handle your complaints and fulfill our other obligations and exercise our rights under the contract. We therefore need personal data primarily for the conclusion and subsequent performance of the contract. Without the provision of personal data, we would not be able to conclude a contract with you and we would not be able to deliver the goods to you.

2.6. In some cases, we are obliged to process your personal data directly by legal regulations. This is particularly the case for fulfilling obligations required by Act No. 563/1991 Coll., on accounting, as amended. For this reason, we must request certain data from you and must process it at least for the period specified by legal regulations.

2.7. We further process your personal data for the purposes of protecting our legitimate interests. We consider our legitimate interests to be (a) the protection of our rights arising from a concluded contract if it is breached by you, (b) our protection if you assert any claim against us in connection with a sent inquiry, order or concluded contract, (c) improving the quality of the services provided and deliveries of goods, (d) keeping records of completed transactions, (e) sending commercial communications.

2.8. In the event that we do not have another legal basis for processing (in particular any of the reasons stated in paragraph 2.4 above), we process personal data only with your consent pursuant to Article 6, paragraph 1, letter a) GDPR. Providing such consent is voluntary. Consent to processing can be revoked at any time, but the revocation of consent has no effect on previous processing.

2.9. We use your consent to the processing of personal data as a reason for processing your personal data for the purpose of sending commercial communications (in particular e-mail marketing and telemarketing). However, if you do not give us your consent and you are our customer, we may send you commercial communications or call you with an offer even without your consent to the processing of personal data. Even in such a case, we will ask you whether you agree to the sending of commercial communications, and you have the opportunity to withdraw this consent.

2.10. In some cases, the same personal data may be processed for different purposes and its processing may be based on multiple legal grounds.

2.11. Your personal data is processed using computer technology, or manually for personal data in paper form, in compliance with all security principles for the management and processing of personal data in accordance with the relevant legal regulations governing the protection of personal data. For this purpose, we have adopted appropriate technical and organizational measures, which we regularly review and update.

2.12. There is no automated decision-making or profiling when processing your personal data.


III. PERIOD OF PROCESSING PERSONAL DATA

3.1. We process your personal data only for the necessary period, which is individual for each processing purpose. This may be the period necessary to achieve the purpose for which the personal data were obtained, or the period stipulated by law. Unless we have another reason to continue processing personal data, personal data are usually processed in the following cases: 

  • a. personal data necessary for the performance of the contract throughout the duration of the contract;
  • b. personal data processed on the basis of legitimate interests pursuant to paragraph 2.7 letters a) and b) of these Principles for the duration of the limitation periods;
  • c. personal data processed for the purpose of fulfilling legal obligations for the period specified in the relevant legal regulations, e.g. the Accounting Act;
  • d. personal data processed with your consent for a period of five years from the date of obtaining consent, or until such consent is revoked. 


IV. RECIPIENTS OF PERSONAL DATA; TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

4.1. In some cases, we transfer your personal data to other persons (recipients), namely:

  • a) to carriers of goods and other shipments so that we can deliver goods and other shipments to you;
  • b) processors who provide information technology management services for us.

4.2. We do not transfer your personal data to third countries or international organizations.


V. YOUR RIGHTS IN RELATION TO PERSONAL DATA

5.1. You have the right to obtain confirmation as to whether or not your personal data is being processed, and if we are processing your personal data, you have the right to access this personal data and information to the extent required by Article 15 of the GDPR, in particular information about:

  • the purpose of the processing;
  • the category of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed;
  • the planned period for which the personal data will be stored;
  • Your rights in relation to the processing of personal data;
  • any available information about the source of the personal data, unless it was obtained directly from you;
  • the fact whether automated decision-making, including profiling, is taking place. 

5.2. Regarding personal data, you also have, among other things:

  • the right to rectification of personal data pursuant to Article 16 of the GDPR, if we process inaccurate personal data concerning you, or you have the right to have incomplete personal data completed;
  • the right to erasure of personal data ("right to be forgotten") pursuant to Article 17 of the GDPR, on the basis of which we, as the controller, will erase your personal data if any of the reasons are given;
  • the right to restrict the processing of your personal data pursuant to Article 18 GDPR;
  • the right to data portability pursuant to Article 20 GDPR;
  • the right to object to the processing of personal data pursuant to Article 21 of the GDPR;
  • the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection. 

5.3. If we discover that the security of personal data has been breached, or if we suspect that this security has been breached, we will assess whether there has actually been a security breach, evaluate the severity and, depending on the severity (no risk, low risk, high risk), we will inform you and the supervisory authority, which is the Office for Personal Data Protection, about the breach.

5.4. If you would like to exercise any of the rights listed above or if you find or believe that personal data is being processed in a way that is contrary to the protection of privacy and personal life or contrary to the law, please do not hesitate to contact us at any time.

5.5. If your personal data is processed only on the basis of consent, you have the right to withdraw this consent at any time.

5.6. If you find or believe that your personal data protection rights have been violated, you can contact the supervisory authority directly, which is the Office for Personal Data Protection.


VI. USEFUL CONTACTS

Oxygenic s.r.o
Za tratí 235, 252 19 Chrastany, Prague, Czech Republic
E-mail: info@hotelum.eu
www: hotelum.eu

Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
E-mail: posta@uoou.cz
Phone: +420 234 665 111
www: https://www.uoou.cz