Privacy Policy

These Privacy Policy (hereinafter referred to as "Policy") define how the data controller processes your personal data.

Hotel Hoffmeister s.r.o.

Pod Bruskou 144/7, 118 00 Prague 1 – Malá Strana
Registered in the Commercial Register maintained by the Municipal Court in Prague

IČO: 26482045

DIČ: CZ26482045

The above-mentioned company (hereinafter referred to as "Controller") collects, stores, and processes your personal data.

This Policy is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and valid legislation of the Czech Republic effective as of 2026.

1. What data we process and why

We process personal data based on the following legal titles:

A. Performance of contract and provision of services (Art. 6(1)(b) GDPR)

Purpose: Processing your accommodation reservation, wellness services, gift vouchers and communication with you.

Data: Name, surname, e-mail, phone number, billing information, reservation details.

B. Compliance with a legal obligation (Art. 6(1)(c) GDPR)

Purpose: Bookkeeping, tax records and maintaining the house (guest) book according to the Act on the Residence of Foreign Nationals and the Act on Local Fees.

Data: Identity document number, permanent residence address, accommodation period, purpose of stay.

C. Legitimate interest of the Controller (Art. 6(1)(f) GDPR)

Purpose: Protection of property and security (CCTV system), defense of legal claims, direct marketing to existing customers.

Data: CCTV recordings (visual recording without sound), order history, IP address, technical cookies.

D. Consent to processing (Art. 6(1)(a) GDPR)

Purpose: Sending newsletters (if you are not our customer), marketing cookies and advanced analytics.

Data: E-mail address, preferences. Consent is voluntary and can be withdrawn at any time.

2. Data retention period

We retain your personal data only for as long as strictly necessary:

  • Data for contract performance: for the duration of the contractual relationship and subsequently 3 years (limitation period).
  • Accounting and tax documents: 10 years from the end of the tax period.
  • Guest book: 6 years from the last entry.
  • CCTV recordings: maximum 72 hours (unless the recording is used as evidence).
  • Marketing purposes: until consent is withdrawn or an objection is raised, but no longer than 5 years.

3. Recipients of personal data and transfer abroad

Your data may be made available to our contractual processors who provide us with technical and administrative services. All partners are bound by confidentiality obligations.

Key partners and data transfer outside the EU:

We use modern cloud technologies, which may mean transferring data to so-called third countries (outside the EU/EEA). In such cases, protection is ensured in accordance with Chapter V of the GDPR.

  • Vercel Inc. (USA): Web hosting and infrastructure provider. Data transfer to the USA is covered by the EU-U.S. Data Privacy Framework (DPF) or Standard Contractual Clauses (SCC).
  • Google LLC (USA): Provider of analytical tools (Google Analytics 4) and advertising systems (Google Ads). Data transfer is covered by the EU-U.S. Data Privacy Framework.
  • Bookolo System s.r.o. (CZ): Reservation system provider (processing takes place in the EU).
  • External accounting and IT support (processing in the CZ).

4. Your rights

Under valid legislation, you have the following rights:

  • Right of access: You can ask us for information about what data we process about you and request a copy.
  • Right to rectification: If your data is inaccurate or incomplete, you have the right to rectification or completion.
  • Right to erasure ("to be forgotten"): You can request the erasure of your data if the reason for its processing has passed or you have withdrawn consent. (Does not apply to data we must retain by law).
  • Right to restriction of processing: You can request temporary restriction of processing in cases established by law.
  • Right to data portability: You have the right to obtain your data in a structured, commonly used format.
  • Right to object: If we process data based on legitimate interest (e.g. direct marketing), you have the right to object. In the case of marketing, we will stop processing data immediately.

5. Complaint to the supervisory authority

If you believe that the processing of your personal data has violated the law, you have the right to file a complaint with the supervisory authority:

Office for Personal Data Protection (ÚOOU)
Pplk. Sochora 27, 170 00 Prague 7
Web: www.uoou.cz
Email: posta@uoou.cz

6. Security and Cookies

Our website uses encrypted connection (SSL/HTTPS). Personal data is stored in secure databases with limited access. Information about the use of cookies and the possibility of their setting can be found in the footer of the page under the link "Cookie Settings" or in the cookie banner.

7. Contact the Controller

Please direct your requests and questions regarding personal data protection to:

• Email: guest@hoffmeister.cz
• Address: Hotel Hoffmeister, Pod Bruskou 144/7, 118 00 Prague 1 – Lesser Town

These policies become effective on February 17, 2026 and replace previous versions.

Book an Appointment