CZ: +420776797673
AT: +436505923427

GDPR data protection statement


In this data protection statement, we explain how we handle your personal data. The condition is a valid personal data protection law, in particular the General Data Protection Regulation (GDPR). With the exception of service providers and third party providers that we mention in this data protection statement, we do not transfer any data to third parties (only to the Noona booking portal). If you have any questions, please do not hesitate to contact us.

Content

Liability, General Information, Website Hosting, Cookies, Web Beacons and Mobile Identifiers, Contact, Newsletter, Comments, User Account Registration, Other Third Party Services, Profiles on Social Networks, Rights of Data Subjects, Responsibility for Data Processing.


General information

Provision of data

In order to use our website, the provision of personal data is generally not required by law or contract. If the provision of data is necessary for the conclusion of a contract or if the user is obliged to provide personal data, we inform you of this circumstance and the consequences of failure to provide it in this data protection statement.

Transfer of data to third countries

We may use third-party service providers and suppliers based in countries outside the European Union and the European Economic Area. The transfer of personal data to such third countries takes place on the basis of the European Commission's adequacy decision (Article 45 GDPR) or we have provided suitable guarantees to ensure data protection (Article 46 GDPR). If there is an adequacy decision by the European Commission for the transfer of data to a third country, we will point this out in this data protection statement. In addition, users may obtain from us a copy of the applicable guarantees, if they are not already contained in the data protection statements of service providers or third-party providers.


Automated decision making

If we carry out automated decision-making, including profiling, we will inform you of this circumstance, the logic and extent and intended effects of such processing in this data protection statement. In addition, there is no automated decision-making.

Processing for other purposes

In principle, the data is only processed for the purposes for which it was collected. If they are exceptionally further processed for other purposes, we will inform you about these other purposes before this further processing and make available all other relevant information (Article 13, paragraph 3 GDPR).

Website hosting

Each time you access our website, the user's browser transmits various data. The following data is processed and stored in log files for the duration of the visit to the website and after the connection is terminated:

Browser type and version used, operating system, Pages and files loaded, Amount of data transferred

Date and time of loading, User provider, IP address in anonymous form, URL of the referring page.

The processing of this data is necessary in order to be able to deliver the website to the user and to optimize it for his end device. Log files are used to improve the security of our website (e.g. protection against DDOS attacks). IP addresses are anonymized before being stored in log files.

The legal basis for processing is Article 6, paragraph 1, subparagraph 1 letter f) GDPR. Our legitimate interest lies in providing the website and improving the security of the website. Log files are automatically deleted after 30 days.


Cookies, web beacons and mobile identifiers

We use technologies on our website to recognize the end device used. These may be cookies, tracking pixels and/or mobile identifiers.

In principle, device recognition can be performed for various purposes. It may be necessary to provide features of our website, such as providing a shopping cart. In addition, the aforementioned technologies can be used to understand user behavior on the site, for example for advertising purposes. In this privacy statement, we describe in detail which technologies we use and for what purposes.

For better understanding, below we generally explain how cookies, web beacons and mobile identifiers work:

Cookies are small text files that contain certain information and are stored on the user's device. This is usually an identification number that is assigned to the end device (cookie ID).

A tracking pixel is a transparent graphic file that is integrated on the page and enables analysis of the log file.

A mobile identifier is a unique number (mobile ID) that is stored on the mobile device and can be retrieved by the web.

Cookies may be required for our website to function properly. The legal basis for the use of such cookies is Article 6 paragraph 1 subparagraph 1 letter f) GDPR. Our legitimate interest lies in providing the functionality of our website.

We use cookies that are not necessary for the operation of our website, to make our offer more user-friendly or to understand the use of our website. The legal basis here depends on whether the user's consent is to be obtained or whether we can invoke a legitimate interest. The user can revoke the given consent at any time, among other things, through the settings in their browser.

The user can prevent and object to the processing of data using cookies by making the appropriate settings in his browser. In the event of an objection, it may happen that not all functions of our website are available. We will inform you separately about other options to object to the processing of personal data using cookies in this data protection statement. If necessary, we provide links with which to object. These are marked as "Opt-Out".

Contact

If contact is made, we process user data, date and time for the purpose of processing the request, including any questions.

The legal basis for data processing is Article 6 paragraph 1 subparagraph 1 letter f) GDPR. Our legitimate interest lies in answering the questions of our users. The additional legal basis is Article 6, paragraph 1, subparagraph 1 letter b) GDPR, if the processing is necessary to fulfill the contract or to carry out pre-contractual measures.

The data will be deleted as soon as the request, including any questions, has been answered. At regular intervals, but at least every two years, we check whether the data created in connection with the establishment of contact should be deleted.

Newsletter

Users have the option to subscribe to newsletters on our website. We process the data entered during registration for the purpose of sending a confirmation email to the user's email address. After confirmation, we process the data in order to send newsletters. We may also process a user's name for personalization purposes if the user has provided it.

During registration, the date and time as well as the user's IP address are saved in order to prove the entry. After cancellation of registration, we process this data for verification purposes and delete it after three years at the end of the year.

In order to improve our content, we measure how successful our newsletters are, for example how often users open them and which links are clicked. For this purpose, emails contain a tracking pixel. We do not monitor the activities of individual users.

The legal basis for processing is the user's consent in accordance with Article 6, paragraph 1, subparagraph 1, letter a) GDPR. Otherwise, the processing is carried out in accordance with Article 6 paragraph 1 subparagraph 1 letter f) GDPR. Legitimate interests on our part are sending newsletters, personally addressing the user and proving that the user has registered to subscribe to the newsletter.

Comments

We give users the opportunity to leave their own comments on our website. If a comment is sent to us, we process the information provided by the user. To protect against abuse of the comment function (e.g. through spam or criminal content), we also process the user's date, time and IP address.

The legal basis for processing is Article 6, paragraph 1, subparagraph 1 letter f) GDPR. Our legitimate interest is to be able to offer the comment function and to protect ourselves from abuse.

User account registration

Users can register for our offer on our website. In this context, we process the data entered during registration. We have the e-mail address confirmed by sending a link (double opt-in) to prevent abuse of the registration function. For this purpose, we also process the user's date and time and IP address. For proof

After clicking on the confirmation link, we also process the user's date, time and IP address.

The data will be deleted with the deletion of the user account after three years at the end of the year, unless there is a longer statutory storage obligation.

The legal basis for processing is Article 6, paragraph 1, subparagraph 1 letter a) GDPR if we obtain user consent. If the processing is necessary for the fulfillment of the contract or for the implementation of pre-contractual measures, it is based on Article 6 paragraph 1 subparagraph 1 letter b) GDPR. Otherwise, the legal basis is Article 6, paragraph 1, subparagraph 1 letter f) GDPR. Our legitimate interest is to allow users to access our offer that requires registration, to protect us from misuse of the registration function and to demonstrate proper entry. After deleting the user account, our legitimate interest is also to defend against possible claims.

Other Third Party Services

a) Google Analytics

We use Google Analytics to analyze the use of our website. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In order to track the user's activities on the website, a cookie is set on the end device. We use Google Analytics with the anonymize IP extension. The user's IP address is automatically truncated before being sent to servers in the United States. Among other things, the approximate geographical location, end device, screen resolution, browser and visited pages, including the length of stay, are evaluated.

If we obtain the user's consent, the data is processed on the legal basis of Article 6 paragraph 1 subparagraph 1 letter a) GDPR. Otherwise, it is based on Article 6, paragraph 1, subparagraph 1 letter f) GDPR. Our legitimate interest lies in optimizing our website, improving our offers and online marketing.

Data collected by Google Analytics is automatically deleted after 14 months.

b) Google Adsense

We use Google AdSense. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

We place personalized ads through Google Adsense. Google uses cookies and tracking pixels to analyze user behavior and select appropriate advertising. Among other things, visits to our website and other websites that use AdSense are evaluated and assigned a user ID. The data will not be merged with other user data stored by Google.

If we obtain the user's consent, the processing takes place on the legal basis of Article 6 paragraph 1 subparagraph 1 letter a) GDPR. Otherwise, it is based on Article 6, paragraph 1, subparagraph 1 letter f) GDPR. Our legitimate interest is to provide interest-based advertising.

Users can object to Google's use of data for personalized advertising at any time by opting out below.

c) Facebook

We integrate content and buttons from the social network Facebook via a plugin on our website. Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

In order to retrieve content from Facebook, it is technically necessary to transmit the user's IP address to the company. If the user is logged in to Facebook, the page visit can be assigned to the account.

If we obtain the user's consent, the data is processed on the legal basis of Article 6 paragraph 1 subparagraph 1 letter a) GDPR. Otherwise, it is based on Article 6, paragraph 1, subparagraph 1 letter f) GDPR. Our legitimate interest in integrating Facebook content and buttons is the user-friendly design of our website.

Privacy Policy of Facebook Social Network Plugins

d) Instagram

We integrate content and buttons from the Instagram social network via a plugin on our website. Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

In order to retrieve content from Instagram, it is technically necessary to provide the company with the user's IP address. If the user is logged in to Instagram, the page visit can be assigned to the account.

If we obtain the user's consent, the data is processed on the legal basis of Article 6 paragraph 1 subparagraph 1 letter a) GDPR. Otherwise, it is based on Article 6, paragraph 1, subparagraph 1 letter f) GDPR. Our legitimate interest in integrating Instagram content and buttons is the user-friendly design of our website.

Instagram Privacy Policy

c) Google maps

We use Google Maps to display geographic maps. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Technically, it is necessary to transmit the user's IP address to Google. In addition, the company sets various cookies to identify the user and display personalized advertising.

If we obtain the user's consent, the data is processed on the legal basis of Article 6 paragraph 1 subparagraph 1 letter a) GDPR. Otherwise, it is based on Article 6, paragraph 1, subparagraph 1 letter f) GDPR. Our legitimate interest lies in the user-friendly design of our website.

We have entered into a joint liability agreement with Google.

Google Maps Privacy Policy

d) Google Fonts

We use Google fonts on our website. Provider: Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Fonts are loaded from the Google server. In order to establish a connection with the server, it is technically necessary to provide the user's IP address.

The legal basis for processing is Article 6, paragraph 1, subparagraph 1 letter f) GDPR. Our legitimate interest lies in reducing the loading time and uniform display on different end devices.

Google Fonts Privacy Policy

e) Profiles on social networks

We are present on one or more social networks. Specifically, these are: Facebook or Instagram. If you contact us, we process personal data as described above under contact.

Social network providers process data in accordance with their personal data protection regulations

Facebook / Instagram

If the user is logged in with his account, he can be assigned activities on our profile in the relevant social network. This can be done across devices and possibly without logging in, for example using cookies or mobile identifiers. Social network providers create pseudonymized user profiles on the basis of the collected data, with the help of which they can display, in particular, personalized advertising.

Rights of data subjects

The right to restriction of processing: The data subject has the right to request restriction of the processing of personal data concerning him, in accordance with legal provisions.

Right to data portability: The data subject has the right to receive personal data concerning him in a structured, common and machine-readable format or to request that it be transferred to another responsible person.

The right to object: The data subject has the right, for reasons arising from his specific situation, to object at any time to the processing of personal data concerning him, based on Article 6 paragraph 1 subparagraph 1 letter e) or f). this also applies to profiling based on these provisions. If personal data is processed for the purpose of running direct advertising, the person concerned has the right to object at any time to the processing of personal data concerning him for the purpose of such advertising; this also applies to profiling if it is linked to such direct advertising.

Right to withdraw: The data subject has the right to withdraw his consent at any time

Right to file a complaint: The data subject has the right to file a complaint with the supervisory authority.


Data protection statement status: 07/26/2023




Please note that the entire content of all our websites, including this GPDR statement, are registered with Copyright.eu, against copying or other misuse.

If that happens, we will fight back in court!