Privacy policy
Choose resort
Do not know how to choose the right resort? We will help you decide here!

Call from other countries

+420354978952
EUR
€₽$ Default currency €₽$ EUR Euro USD United States dollar $ AZN Azerbaijani manat AZN. BYN Belarusian ruble CAD Canadian dollar Can$ GBP British pound £ CHF Swiss franc ILS Israeli new shekel KZT Kazakhstani tenge MDL Moldovan leu UAH Ukrainian hryvnia UZS Uzbekistan som
Česky Русский Deutsch English Latviešu Українська Lietuvių
About us Our team Tours Bus tours Transfers Airtickets Medical consultation Without prepayment Support Author's video Help with a visa FAQ Portal References Blog Contacts

Homepage Privacy policy

Rules for the protection of personal data in the company SANATORIUMS.COM s.r.o.

This document contains the Rules for the processing of personal data (hereinafter the "Rules") in the company SANATORIUMS.COM s.r.o. (hereinafter referred to as “Our Company”) as the administrator of personal data in accordance with Regulation of the European Parliament and of the Council 2016/679 on the protection of individuals in connection with the processing of personal data and on the free movement of this data (hereinafter “GDPR”). By these rules, we inform individuals of personal data about how we handle the information and data that you provide to us. The protection of confidentiality and the subsequent protection of personal data associated with it is one of the most important principles for our company, therefore we process your personal data exclusively in accordance with applicable law. We will ask you to familiarize yourself with the Privacy Policy in Our company so that you are confident in the way that we are guided in the processing of your personal data.

Contacts of the personal data protection department in Our company

Information about the administrator for the protection of personal data (hereinafter “Administrator"):

Commercial firm: SANATORIUMS.COM s.r.o.
IN: 031 04 681
TIN: CZ03104681
Legal address: Libushina 2127/19, 360 01 Karlovy Vary
Contact email address: info@sanatoriums.com
Contact phone number: +420355455981
Commissioner for Personal Data Protection in our Company was not appointed.

What is an integral part of these rules:

  1. Information about what personal data we collect.
  2. How we use your personal data.
  3. Where do we get your personal data from.
  4. For what purposes do we process your personal data.
  5. To whom do we transfer personal data.
  6. Your rights in connection with the processing of personal data

1. What personal data do we collect?

In Our company, we collect, in particular, the following personal data. When creating your order, we process the following personal data:

  • First and last name
  • Address of residence or registration address, postal address
  • Date of Birth
  • Phone number
  • Citizenship
  • Passport number
  • IP-address,
  • Medical indications
  • Bank card details

We receive your personal data only to the extent that they were provided at the time of placing the order or to conclude an agreement with our company, that is, to the extent necessary for the realization of the contract.

2. How do we use your personal data?

Personal data is stored in print and/or digital form in accordance with the GDPR regulation. The storage period is determined by the internal rules of our company, which control the legality of the possession of personal data. Through this process, we know for sure that your personal data is not stored illegally for a longer time than necessary.

The Administrator stores all personal data only for the time necessary to realization the rights and obligations arising from the contractual relationship between the Data Subject and Our Company, and due to the possible presentation of claims under these agreements, we store personal data for 10 (ten) years from termination of contractual relationship. If you have given our company consent to the processing of personal data for marketing purposes, we store personal data obtained on the basis of such consent until you withdraw your consent.

Our company is the administrator of all your personal data.

Our company also declares that it has taken all necessary technical and organizational measures to ensure the security of personal data and that only persons authorized by the Administrator have access to all personal data.

In accordance with European Union data security laws, Our company uses adequate procedures to prevent unauthorized access to personal data and its illegal use. To protect and ensure the security of personal data that you provide to us, our company applies the necessary commercial systems and procedures. Our company uses security procedures, as well as technical and physical restrictions on access to personal data and their use on our servers. Access to personal data is only authorized personnel who work with this data.

3. Where do we get your personal data from?

The personal data that you provide to us, we receive in the amount provided in connection with the request and use of our services on the sanatoriums.com Internet portal. In addition, we process personal data obtained in the framework of negotiations on concluding a contract, as well as in connection with a concluded contract. You, as the data subject, are required to provide accurate and truthful data. If any data changes, you must inform us about this so that we always have relevant information.

4. For what purposes do we process your personal data?

We process your personal data for various purposes. In particular, we are talking about the following goals:

  1. Service reservation. We process your personal data primarily in connection with the receipt of your order and its administration. The legal basis for the processing of your personal data is the execution of the contract (Article 6, paragraph 1, paragraph "b)" GDPR). This also includes the possibility of using a transfer from the airport or using the possibility of assistance in obtaining visas.
  2. Customer support. For all clients, when choosing a residence or in case of any problems related to the reservation of accommodation or directly with the accommodation, we offer support by phone or e-mail. We carry out this activity in accordance with the legal basis, which is our legitimate interest (Article 6, paragraph 1, paragraph "f)" GDPR). A legitimate interest is the opportunity to improve our services and help our customers.
  3. The use of direct marketing. We will process your personal data in a limited amount for direct marketing purposes (if you do not express your disagreement with this processing goal). The legal basis for the processing of your personal data is our legitimate interest (Article 6, paragraph 1, paragraph "f)" "GDPR). A legitimate interest is the ability to inform you in the future about more profitable and quality services, compared with the services currently provided.
  4. Fulfillment of tax obligations. We will process tax documents in accordance with the second paragraph of §35 of Law No. 235/2004 of the Code of Value Added Tax Laws.
  5. Subsequent assessment of your stay. At the end of your stay, we may ask you to rate your stay. For this we use information about your place of stay and dates of residence.

Our company processes personal data for precisely defined purposes listed in Article 6 of the GDPR. In our case, we are talking, first of all, about the purpose of fulfilling the contract and providing services in accordance with Article 6, paragraph 2, paragraph "b)" of the GDPR; fulfilling the legal requirements that apply to Our company, keeping records of participants, marketing and commercial offers of services of Our company in accordance with Article 6, paragraph 2, paragraph "c)" GDPR. Last but not least, we also process your personal data obtained on the basis of your possible consent, which we received from you.

5. To whom do we transfer personal data?

The personal data of our customers that we process, we send both to the countries of the European Union and to third countries. We provide personal data to the:

  1. Placement agencies – so that we can complete the reservation of our services, we must send your personal data specified in paragraphs 1.a to 1.f, and other preferences that you specify in the order, to the Accommodation Institutions.
  2. Third party service providers – based on the contracts we use the services of third parties. We may use third-party service providers to send marketing materials or to verify the correct email address that you provided during the booking process.
  3. Payment service providers – if in some cases you require a refund to your account or to a bank card, then we are obliged to provide some information about the reservation to payment service providers and relevant financial institutions.
  4. Business partners – to partners with whom we have concluded work contracts, we provide your personal data only in the required amount. Contractual partners are, in particular, companies providing transfers or excursions.
  5. Stationary offices of our company – as part of improving the quality of services, your personal data can be transferred to the stationary offices of our company in the European Union and beyond.
  6. Public authorities – we are obliged to provide personal data to state authorities in case legislation requires it, or is necessary due to the prevention, disclosure and prosecution of criminal offenses and fraud.
  7. Accounting and Payroll Agencies – in order to fulfill the legal obligations arising from the legal provisions of the Czech Republic, we send the necessary documents to accounting and salary agencies.
  8. Medical specialists – if you fill out the form on the website www.sanatoriums.com to find out which type of accommodation/vacation is most suitable for you, then we process the personal data specified in this form within 72 hours, after which we immediately delete it.

6. Your rights in connection with the processing of personal data

  1. The right to information about your personal data
    You have the right to receive confirmation of whether Our company processes any of your personal data. If our company processes any of your personal data, then you have the right to information about all personal data that we process about you.
  2. The right to a copy of the personal data.
    If our company stores any of your personal data, you have the right to information about the purpose of processing your personal data, what categories of personal data we process, whether other entities have access to this data; you have the right to find out the period during which personal data is stored, the right to file a complaint, etc.
  3. The right to adjust personal data
    If you find that we process any of your personal data that is inaccurate or incomplete, then you have the right to update or supplement inaccurate data.
  4. The right to delete personal data
    You have the right to demand the deletion of your personal data if we no longer need them for the purpose in connection with which we processed them. You also have the right to delete data if you revoked your agreement to their processing or if the data was processed in violation of the law.
  5. The right to restrict the processing of personal data
    You have the right to demand restrictions on the processing of data if you deny the accuracy of personal data, or if their processing is illegal, but at the same time you refuse to delete the data, and require instead only to limit their use; at your request, we can process some data even after it becomes unnecessary for the purpose in connection with which this data was provided by you to our company.
  6. The right to data mobility
    In the case of automated processing of your personal data, you have the right to the so-called portability of this data, which can be provided to you in a structured, widely used machine-readable format.
  7. The right to protest against the processing of personal data
    You have the right to protest at any time against the processing of personal data, including the compilation of a profile that we process based on a legitimate interest. If your data is processed for direct marketing purposes, you can protest, as a result of which your data will not be further processed for this purpose.
  8. The right to withdraw consent
    If your personal data is processed on the basis of your consent, then you have the right to revoke this consent at any time. The data processing that occurred before the withdrawal of consent is legal.
  9. The right to file a complaint with the supervisor
    If you believe that your personal data is being processed illegally or if the rules for protecting personal data have been violated, then you have the right to file a complaint with the supervisor. In the Czech Republic, such authority is the Office for the Protection of Personal Data, located at Pplk. Sochora 27 (Lt. Col. Sochora 27), 170 00 Prague 7.
  10. Providing personal data to data subjects
    If the data subject uses one or more of the above rights, then our company must respond to the request immediately, but no later than one month from the date of receipt of the request. If the data subject reaalize his right by electronic communication, then Our company will provide him with the requested information in the same electronic form, unless the Data subject requires information to be provided in another way. In the event of a repeated or unreasonable request for information, our company has the right to charge a reasonable fee for the associated administrative costs.

Final provisions

  1. All legal relations arising in connection with the processing of personal data are governed by the laws of the Czech Republic, regardless of where the access was obtained from. To resolve any disputes arising in connection with the protection of confidentiality between Our company and the data subject, the powers and jurisdiction of the courts of the Czech Republic are established.
  2. By sending an order or request via the online request form or contact form, you confirm your familiarization with the conditions for the protection of personal data and express your consent to them in full.
  3. Data subjects who provide our company with their personal data on the basis of consent to the processing of personal data do this voluntarily.
  4. Our company reserves the right to change or supplement these Rules for the processing of personal data. We must send information about changes or additions to the data subject at least 30 days prior to their entry into effect by e-mail registered with Our company.
  5. These rules come into effect from 05.25.2018.