Privacy policy

HOTEL & CASTLE SVIJANY, BEER SPA SVIJANY

1. Personal Data Controller

PIVOVAR SVIJANY, a.s.
Registered office: Svijany 25, 463 46 Svijany
Company ID No.: 25035207 | VAT ID: CZ25035207
(hereinafter the “Controller”)

The Controller operates the following facilities:

  • Hotel Zámek Svijany – Svijany No. 30
  • Beer Spa Svijany – Svijany No. 26

Contact details:
info@zameksvijany.cz

2. Basic Definitions

  • Customer (Guest) – a natural person or legal entity using the services of the Controller.
  • Regulation (GDPR) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data.

·

3. Purpose of Personal Data Processing

The Controller processes personal data of its customers for the following purposes:

  • provision and administration of accommodation and spa services,
  • keeping guest records in compliance with statutory obligations,
  • bookkeeping and tax administration,
  • processing reservations, issuing invoices, and communicating with customers,
  • ensuring the safety of persons and property (CCTV system),
  • marketing communication (only with the data subject’s consent).

4. Scope of Processed Data

  • In connection with the provision of services, the Controller may process the following data:
  • name, surname, date of birth, permanent address,
  • ID document number and type, visa details and purpose of stay (in accordance with Acts No. 326/1999 Coll. and No. 565/1990 Coll.),
  • contact details: e-mail, telephone number,
  • stay-related information (arrival and departure dates, type of service),
  • CCTV recordings from publicly accessible areas,
  • payment data to the extent necessary for service billing.

5. Legal Basis for Processing

Personal data is processed on the following legal bases:

  • performance of a contract between the customer and the Controller,
  • fulfilment of legal obligations (e.g., guest registration, tax and accounting obligations),
  • the Controller’s legitimate interests (property protection, customer communication),
  • the data subject’s consent (e.g., for sending marketing communications).

6. Data Retention Period

  • Guest records are retained for the period required by law, typically 6 years from the end of the stay.
  • CCTV recordings are retained for a maximum of 7 days, unless longer retention is required for investigating a security incident.
  • Data processed on the basis of consent is retained until such consent is withdrawn.

7. Authorised Persons and Processors

Access to personal data is granted only to persons authorised by the Controller, including:

  • hotel and spa reception staff,
  • hotel and spa management,
  • accounting department,
  • IT department,
  • marketing consultant.

External processors:

  • Hotel system Previo,
  • Reservation system Reenio (Beer Spa only).

All processors are contractually bound to comply with GDPR and maintain confidentiality.

8. Personal Data Security

The Controller has implemented appropriate technical and organisational measures to prevent:

  • unauthorised or accidental access to data,
  • loss, destruction, or alteration of data,
  • unauthorised transmission or misuse of data.

Personal data is stored in the hotel management system, guest registers, and locked premises accessible only to authorised personnel.
Each authorised person is assigned a unique identifier. Access and data operations are monitored and documented.

9. CCTV System

The premises of Castle Svijany, the hotel, and the Beer Spa are monitored by a CCTV system with recording:

  • the purpose is prevention and protection of persons and property,
  • cameras are located only in publicly accessible areas,
  • no cameras are installed in hotel rooms or spa treatment rooms,
  • CCTV recordings are retained for a maximum of 7 days, unless longer retention is required for investigating a security incident,
  • the CCTV system operates in accordance with the internal directive of Pivovar Svijany a.s. and is registered with the Office for Personal Data Protection (ÚOOÚ).

10. Rights of the Data Subject

Every customer has the right to:

  • access their personal data,
  • request correction or deletion of personal data,
  • request restriction of processing,
  • data portability,
  • object to processing,
  • lodge a complaint with the Office for Personal Data Protection (www.uoou.cz).

Requests may be submitted in writing or by e-mail to the contact details above.
The Controller must respond within 30 days of receiving the request.

11. Confidentiality

All persons involved in the processing of personal data are required to maintain confidentiality regarding the data obtained, even after termination of their employment or contractual relationship with the Controller.

12. Final Provisions

These principles may be updated periodically. The current version is always published on: www.zameksvijany.cz

Previous versions of this Privacy Policy are archived and available upon request. The current version always includes the effective date.

Date of last update: November 2025

By submitting this form, you acknowledge that your personal data will be processed for the purpose of handling your enquiry in accordance with the Privacy Policy.