+420 234 622 600

BoHo: design Hotel in Prague

Member of Small Luxury Hotels of the World

Information on Personal Data Processing

under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “Regulation”)

Hotel Company s.r.o., a company with its registered office at Karolinská 661, 186 00 Praha 8, Id. No.: 271 78 986, registered in the Commercial Register kept by the Municipal Court in Prague under File No. C 102294, e-mail: gm@hotelbohoprague.com (hereinafter also the “Controller”), as a personal data controller within the meaning of the Regulation, hereby provides information on the manner and scope of personal data processing, including the scope of data subjects’ rights related to processing of their personal data by Hotel Company s.r.o.

The Controller processes personal data in conformity with EU law, especially in conformity with the Regulation, and also in conformity with the relevant international

Data subjects may contact the Controller with regard to all issues related to processing of their personal data and to the exercise of their rights. The following contact details serve for these purposes: gm@hotelbohoprague.com.

I. What personal data are processed by the Controller, for what purpose and on what basis?

The Controller obtains personal data directly from the data subjects and from third parties (e.g. booking portals).

The Controller only processes personal data that the Controller has obtained in conformity with the applicable legal regulations; the Controller collects and processes such personal data only for the set purpose, within the scope and for the period necessary for attaining this set purpose, while taking into account the practical functioning of the Controller and its information and personnel capacities. The personal data processed and their purposes and the legal basis for processing differ according to the services provided by the Controller to the data subject. A breakdown is provided in the tables below:


Case I – You have booked accommodation with us

Where have we obtained your personal data from?

  • Your personal data were obtained directly from you if you booked accommodation with us directly by e-mail or on our website.
  • If you used an intermediary in booking the accommodation (travel agency, booking portal), we have the data from the intermediary.

Personal data processed:

  1. Name and surname of the person making the booking and his/her sex
  2. Citizenship/nationality
  3. Credit card or account number
  4. Duration of the stay
  5. E-mail address and/or telephone number of the person making the booking
  6. Number of the identity card

Legal basis for processing

  • We obtain the personal data specified in paragraphs a) to d) and f) from you and we process them on the legal grounds of execution and performance of the contract.
  • We process the personal data specified in paragraph e), if provided to us within the booking, on the basis of a legitimate interest, consisting in the possibility of maintaining direct contact between the hotel and you regarding the booking and any extraordinary events.
  • We process the personal data specified in paragraphs a) to d) above if you cancel your booking at such a notice before the date of arrival that you are charged a cancellation fee, on the basis of our legitimate interest, consisting in enforcement of our claims, and management and administration of receivables.

Purposes of processing

  • We process the personal data under paragraphs a) to d) for the purpose of executing the contract and enforcing our claims if you cancel your booking at such a notice before the date of arrival that you are charged a cancellation fee.
  • We also process the personal data under paragraphs a) to d) for the purpose of confirming your stay with a view to obtaining a visa, if appropriate.
  • We process the personal data under paragraphs a) to e) for the purpose of providing the required services.

Information on the duty to provide personal data

  • The provision of personal data under paragraphs a) to d) is a contractual requirement. Without such personal data, we cannot enter into an accommodation contract with you and we therefore cannot satisfy your booking.

Who we provide your personal data to?

  • We share the above personal data with the company Global Management Solutions which provides us with services in the areas of sales and marketing.
  • Due to the amount of data processed, cloud storage provider services may be used.

Caso II: You are a foreign national and are staying at one of our hotels and have thus become our guest

We have your personal data directly from you

  • Where have we obtained your personal data from?
  • Furthermore, we process your personal data we obtained within the booking – see Case I.

Where have we obtained your personal data from?

  1. Name and surname and your sex
  2. Permanent address
  3. Birth identification number or date of birth
  4. Citizenship/nationality
  5. Identity card/passport and visa
  6. Duration of the stay
  7. Purpose of the stay
  8. Credit card or account number
  9. E-mail address and telephone number
  10. Your movement (through the card key and CCTV)
  11. Your appearance (through the CCTV)
  12. Services ordered and used, satisfaction
  13. Third-party data (jointly accommodated persons)
  14. Licence plate number

Legal basis for processing

  • We process the personal data specified in paragraphs a) to f) on the legal grounds of performing a legal obligation, specifically a duty under Act No. 326/1999 Coll., on the residence of foreigners in the territory of the Czech Republic, as amended.
  • We process the personal data specified in paragraph g) on the legal grounds of performing a legal obligation, specifically a duty under Act No. 565/1990 Coll., on local fees, as amended.
  • We process the personal data specified in paragraphs a) to c), f) and l) on the legal grounds of performing a legal obligation, specifically a duty under Act No. 563/1991 Coll., on accounting, as amended, and Act No. 235/2004 Coll., on value added tax, as amended.
  • We process the personal data specified in paragraphs h) and m) on the legal grounds of execution and performance of the contract.
  • In certain cases, we may continue to process the personal data specified in paragraphs a) to c), e), f) and l), when the personal data are no longer processed on the legal grounds of performing a legal obligation, based on our legitimate interest, consisting in enforcement of our claims, management and administration of receivables.
  • We process the personal data under paragraphs j) and k) on the legal grounds of a legitimate interest consisting in protection of the safety of persons and property on the hotel premises.
  • Beyond the scope of the above, the personal data under paragraphs a) to d), f), g), i) and l) may be processed on the legal grounds of a legitimate interest, consisting in direct marketing or evaluation and improvement of our services.
  • In specific cases, all the personal data may be processed, beyond the scope of the above, on the legal grounds of a legitimate interest consisting in enforcement of our claims and defence against claims raised.
  • We process the personal data under paragraph n) on the legal grounds of performing the agreement on the provision of parking space.

Purposes of processing

  • We process the personal data under paragraphs a) to g) and l) for the purposes of performing our legal obligations specified above.
  • We process the personal data under paragraphs a) to h) for the purpose of executing the contract.
  • We process the personal data under paragraphs j), l) and m) for the purpose of providing the required services and performing the contract.
  • We process the personal data under paragraphs j) and k) for the purpose of ensuring safety of persons and property on the hotel premises.
  • We process the personal data under paragraphs a) to d), f), g) i) and l) for the purpose of direct marketing and improvement of care for our guests.
  • All the personal data may be processed in a specific case for the purpose of conducting litigation.
  • We process the personal data under paragraph n) for the purpose of performing the agreement on the provision of parking space.

Information on the duty to provide personal data

  • The provision of the personal data under paragraphs a) to g) is a statutory requirement and, without being provided with these personal data from you, we cannot arrange accommodation at our hotel for you.

For how long will your personal data be processed?

  • The personal data under paragraphs a) to f), processed on the basis of Act No. 326/1999 Coll., on the residence of foreigners in the territory of the Czech Republic, as amended, must be processed under the law for at least 6 years.
  • The personal data specified in paragraphs a) to c), f), l) and n), processed on the basis of Act No. 563/1991 Coll., on accounting, as amended, and Act No. 235/2004 Coll., on value added tax, as amended, must be processed under the law for at least 5 years.
  • We process your personal data that are processed by us based on your consent for the period for which the consent was granted to us unless it is withdrawn earlier.

Who we provide your personal data to?

  • To public authorities within the exercise of their powers.
  • We share the above personal data with the company Global Management Solutions which provides us with services in the areas of sales and marketing.
  • Due to the amount of data processed, cloud storage provider services may be used.

Case III: You are a citizen of the Czech Republic and are staying at one of our hotels and have thus become our guest

Where have we obtained your personal data from?

  • We have your personal data directly from you
  • Furthermore, we process your personal data we obtained within the booking – see Case I.

Personal data processed

  1. Name and surname and your sex
  2. Permanent address
  3. Birth identification number or date of birth
  4. Citizenship/nationality
  5. Your identity card number
  6. Duration of the stay
  7. Purpose of the stay
  8. Credit card or account number
  9. E-mail address and telephone number
  10. Your movement (through the card key and CCTV)
  11. Your appearance (through the CCTV)
  12. Services ordered and used, satisfaction
  13. Third-party data (jointly accommodated persons)
  14. Licence plate number

Legal basis for processing

  • We process the personal data specified in paragraphs a), b), f) and g) on the legal grounds of performing a legal obligation, specifically a duty under Act No. 565/1990 Coll., on local fees, as amended.
  • We process the personal data specified in paragraphs a) to c), f) and l) on the legal grounds of performing a legal obligation, specifically a duty under Act No. 563/1991 Coll., on accounting, as amended, and Act No. 235/2004 Coll., on value added tax, as amended.
  • We process the personal data specified in paragraphs h) and m) on the legal grounds of execution and performance of the contract.
  • In certain cases, we may continue to process the personal data specified in paragraphs a) to c), e), f) and l), when the personal data are no longer processed on the legal grounds of performing a legal obligation, based on our legitimate interest, consisting in enforcement of our claims, management and administration of receivables.
  • We process the personal data under paragraphs j) and k) on the legal grounds of a legitimate interest consisting in protection of the safety of persons and property on the hotel premises.
  • Beyond the scope of the above, the personal data under paragraphs a) to d), f), g), i) and l) may be processed on the legal grounds of a legitimate interest, consisting in direct marketing or evaluation and improvement of our services.
  • In specific cases, all the personal data may be processed, beyond the scope of the above, on the legal grounds of a legitimate interest consisting in enforcement of our claims and defence against claims raised
  • We process the personal data under paragraph n) on the legal grounds of performing the agreement on the provision of parking space.

Purposes of processing

  • We process the personal data under paragraphs a) to c), f), g) and l) for the purposes of performing our legal obligations specified above.
  • We process the personal data under paragraphs a) to h) for the purpose of executing the contract.
  • We process the personal data under paragraphs j), l) and m) for the purpose of providing the required services and performing the contract.
  • We process the personal data under paragraphs j) and k) for the purpose of ensuring safety of persons and property on the hotel premises.
  • We process the personal data under paragraphs a) to d), f), g) i) and l) for the purpose of direct marketing and improvement of care for our guests.
  • All the personal data may be processed in a specific case for the purpose of conducting litigation.
  • We process the personal data under paragraph n) for the purpose of performing the agreement on the provision of parking space.

Information on the duty to provide personal data

  • The provision of the personal data under paragraphs a) to g) is a statutory requirement and, without being provided with these personal data from you, we cannot arrange accommodation at our hotels for you.

For how long will your personal data be processed?

  • The personal data specified in paragraphs a) to c), f) and l), processed on the basis of Act No. 563/1991 Coll., on accounting, as amended, and Act No. 235/2004 Coll., on value added tax, as amended, must be processed under the law for at least 5 years.
  • We process your personal data that are processed by us based on your consent for the period for which the consent was granted to us unless it is withdrawn earlier.

Who we provide your personal data to?

  • To public authorities within the exercise of their powers.
  • We share the above personal data with the company Global Management Solutions which provides us with statistical and marketing services.
  • Due to the amount of data processed, cloud storage provider services may be used.

II. What are rights of the data subject?

Within the meaning and under the conditions of Article 15 of the Regulation, the data subject is entitled to request that the Controller enable access to the subject’s personal data which are being processed. The data subject shall exercise this right through the form available on request at the hotel reception or at the e-mail address gm@hotelbohoprague.com, which the data subject shall complete and send to the e-mail address gm@hotelbohoprague.com. In such a case, the Controller shall provide the data subject with a copy of the personal data in the pdf format.

In case of a change in the personal data or their inaccurate processing and if the legal regulations, internal regulations of the Controller, the contract or other documents do not indicate the duty to report and prove the change in the personal data to the Controller, the data subject may request that the Controller rectify the inaccurate personal data or supplement incomplete personal data. The Controller may request that it be proven that the proposed data are correct. The data subject shall exercise this right through the form available on request at the hotel reception or at the e-mail address gm@hotelbohoprague.com, which the data subject shall complete and send to the e-mail address gm@hotelbohoprague.com.

The data subject may also request that the Controller erase his/her personal data or to limit their processing. The data subject shall exercise this right through the form available on request at the hotel reception or at the e-mail address gm@hotelbohoprague.com, which the data subject shall complete and send to the e-mail address gm@hotelbohoprague.com. The Controller shall carry out the requested erasure or limitation of processing unless the Regulation or some other law stipulates otherwise.

Further, the data subject is entitled to obtain his/her personal data provided to the Controller, which the Controller processes on the basis of a need for their processing for the purposes of performing the contract or on the basis of consent of the data subject, and to submit these data to another controller (right to personal data portability). The data subject shall exercise this right through the form available on request at the hotel reception or at the e-mail address gm@hotelbohoprague.com, which the data subject shall complete and send to the e-mail address gm@hotelbohoprague.com. The Controller shall send a list of personal data in the pdf format to the data subject unless the Regulation or some other law stipulates otherwise. If technically feasible, the Controller shall transfer the requested personal data directly to another controller.

The data subject has the right to object to the processing of all his/her personal data if they are processed on the legal grounds of legitimate interest. The data subject shall exercise this right through the form available on request at the hotel reception or at the e-mail address, which the data subject shall complete and send to the e-mail address gm@hotelbohoprague.com. The Controller shall not further process these personal data.

Furthermore, the data subject has the right to lodge a complaint with the supervisory authority, i.e. in the Czech Republic, the Office for Personal Data Protection (www.uoou.cz).

If personal data processing is based on granted consent, the data subject has the right to revoke his/her consent at any time. However, revocation of such consent shall in no way prejudice the lawfulness of processing based on the consent granted before its revocation.