Privacy policy
Reservio recognizes that its customers, visitors, users and others utilizing the Reservio System or visiting the Reservio website value their privacy. This document (Personal Data Protection Rules) contains important information pertaining to the processing of personal data by our company.
We would therefore like to inform you of the principles and procedures in the processing of personal data, which is conducted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”).
The Privacy policy relate to the Reservio Terms of Use (hereinafter the “Terms”), which are available here.
The following terms, among others, are used within the text – “User”, “Reservio Sites” and “Third Party”, the definition of which is set out in the Terms.
Further, under the term “Agreement”, we mean a legal act on the basis of which the provider undertakes to provide you with its services, whether for payment or free of charge.
The term "Reservio System" refers to software for creating and hosting a scheduling software as per the User's requirements.
The term "Reservio Application" refers to the end-user software used to schedule Reservio System Users.
I. Basic information
Controller’s Identification and Contact Information: Reservio, s.r.o., identification number (IČ) 29376033, with registered office at Brno, Hlinky 995/70, PSČ 60300, contact address: Brno, Hlinky 995/70, PSČ 60300, a company registered in the Commercial Register with the Regional Court in Brno, section C, file 76730 (hereinafter also referred to as “Reservio” or “we”), contact e-mail: support@reservio.com.
Data Protection Officer: A data protection officer has not been appointed.
Transfer of Personal Data to a Third Country or International Organization: Reservio transfers personal data to third countries, specifically the United States of America, but only to companies that have undertaken to comply with the principles of personal data protection imposed through a Privacy Shield. Such companies operate only in the position of personal data processors.
Automated Individual Decision-Making: Reservio does not conduct profiling or automated individual decision-making.
Information on the Nature of the Provision of Data: If personal data are being processed for the purpose of the fulfillment of an agreement or the fulfillment of legal obligations, the provision of data is a statutory requirement. If personal data are being processed on the basis of the consent of the data subject, the provision of data is a contractual requirement.
Supervisory Authority: The supervisory authority is the Office for Personal Data Protection with registered office at Pplk. Sochora 27, 170 00 Praha 7, Czech republic, e-mail: posta@uoou.cz, tel.: +420 234 665 125.
Scheduling system Reservio for business
Reservio acts both as a personal data controller and as a personal data processor. In the position of the Reservio personal data administrator, it acts in relation to the personal data of Users and individuals who visit the Reservio website (Article II of these Rules). In relation to personal data that will be stored on Reservio servers by User's customers (those who make a Reservation on the User on their website), Reservio acts as a processor, providing only Data Space for the purpose of storing data to the User. The user of these personal data is the User himself (Article III of these Terms and Conditions).
II. Reservio as a data controller
Reservio acts as the personal data controller in relation to the personal data of Users and individuals who visit the Reservio website.
Why do we process personal information?
For the purpose of the fulfilment of an agreement or the fulfilment
of legal obligations, Reservio processes primarily the following personal data: name, surname, company name,
identification number, tax identification number, residence/registered address, telephone, e-mail.
Part of our performance of the Agreement is also the sending of educational emails to users, which contain
instructions, tips, or data about advanced features of the Reservio System. The purpose of these
communications is to make the Reservio System Work more efficient. Educational emails never include Reservio
marketing messages or any third parties.
Reservio also processes data that it obtains from the User and other natural persons through their use of
the Reservio system or their visits to the Reservio website: cookie files, protocol files (IP address, or
other online identifiers).
In the event that Reservio intends to process different personal data than as stated in this article, or for
different purposes, it can only do so on the basis of a validly granted consent to the processing of
personal data. Consent to the processing of personal data must be granted in a separate document.
For what period of time do we process personal data?
The personal data of Users are processed for the duration of the contractual relationship. After the account
is cancelled by the User, all data are erased. We process personal data in order to fulfill obligations
arising from special legal regulations for the time as set out by such legal regulations.
Where do we obtain personal data?
We obtain personal data directly from data subjects when entering into the Agreement. We always inform data
subjects as to which of their personal data they must provide for the purposes of fulfilling the Agreement.
III. Reservio as a Personal Data Processor
Reservio provides the User with data space for the purposes of storing data operated within the Reservio system, on Reservio servers. The User’s data may also include the personal data of natural persons. In regard to personal data that the User stores on our servers (personal data of respondents), we operate as a personal data processor. The controller of such personal data is the User itself.
Notice for the User
If you will be collecting the personal data of natural persons through booking form, you become a personal
data collector and you are obligated to comply with all personal data protection rules set out by the GDPR
and by other legal regulations governing such issue. Reservio does not bear any liability for a breach of
personal data protection rules by Users.
Notice for End user
The utilization of the Reservio system may be subject to the principles and rules of the given User, if
Users have such principles. If you provide your personal data to Users, contact the User directly with
any
questions regarding personal data protection, as the User is in the position of a personal data
controller.
We cannot be liable for the personal data protection principles or security procedures used by the User,
which may differ from these Personal Data Protection Rules.
What is the purpose of processing and how do we handle data?
Reservio does not conduct any operations with Users’ data, including personal data, with the exception of
storing them on Reservio servers, does not intervene in them in any manner, does not modify them, does not
make them accessible, nor does it transfer them to third parties (with the exception of making them
accessible to state authorities in accordance with the law), unless the Agreement provides otherwise. The
sole purpose of handling such personal data is their storage and the possibility of them being accessed by
the User.
For what period of time do we process personal data?
We only process such personal data of respondents that will be stored through a Reservio system on Reservio
servers, i.e. data that end users fill into booking form within the Reservio system. These may be primarily
name, surname, gender, age, job position, residence address, e-mail, etc.
How long do we process personal data?
Reservio processes personal data for the duration of the contractual relationship with the User. After the
account is cancelled by the User, all data are erased.
Scheduling system Reservio for end users
IV. Reservio as a data controller
Reservio acts as a personal data controller in relation to end-user personal data using the Reservio Application.
Why do we process personal information?
In order to comply with the Contract or fulfill legal obligations, Reservio handles in particular the
following personal data: name, surname, telephone, e-mail.
In the event that Reservio intends to process a personal data other than that specified in this article, or
for other purposes, it may do so only on the basis of valid consent to the processing of personal data. The
consent to the processing of personal data must be given on a separate document.
Part of our performance of the Agreement is also the sending of educational emails to end users, which
contain instructions, tips or, perhaps, information about the advanced features of Reservio. The purpose of
these communications is to streamline end user work in the Reservio Application. Educational emails never
include Reservio marketing messages or any third parties.
How long do we process personal data?
End-user personal data is processed for the duration of the contractual relationship and subsequently for a
maximum of 5 years after termination of the contractual relationship. We process the personal data processed
for the fulfillment of the obligations arising from the special legal regulations for the period stipulated
by these legal regulations.
Where do we get personal information from?
We collect personal data directly from data subjects when concluding the Agreement, which is closed by the
Reservio Application. We always inform the subjects of the data they have to provide from their personal
data for the purposes of performing the Agreement.
How are personal data being passed on to users?
We pass the end-user personal data to Users for whom end-users are interested in making a reservation.
Without transferring end-user personal data, it would not be possible to make a reservation with Users. Data
is collected as a personal data administrator in relation to the personal data thus obtained, so the
informed consent of the end-user to the transfer of personal data is required for the transfer of personal
data.
Common provisions
V. Recipients of personal data
Reservio does not transmit personal information to any other administrators. The personal data processors are:
- Companies, or business accounting personnel who are responsible for carrying out accounting operations.
- Companies, or business IT executives who are responsible for implementing IT administration and software development programs used by Reservio.
- Companies, or business-to-business individuals providing server services that are authorized to store data.
- Companies providing e-mail messaging services.
- The processing of personal data may be processed by the processors solely on the basis of a contract for the processing of personal data, with the guarantees of organizational and technical security of these data with a definition of the purpose of the processing, and the processors may not use the data for other purposes.
Personal data may, under certain conditions, be made available to public authorities (courts, police, notaries, tax authorities, etc. in the exercise of their statutory powers) or may be provided to other entities to the extent specified by a special law.
VI. Data Security Methods
For the purpose of securing the User’s data against their unauthorized or accidental disclosure, we utilize reasonable and appropriate technical and organizational measures. Technical measures consist in the application of technologies that prevent unauthorized access to the User’s data by third parties. For the purpose of maximum protection, we use encryption of the User’s and end users’ data, primarily including passwords for logging into the Reservio system, communication within the Reservio system and all data stored on servers. Organizational measures comprise a set of rules of behavior for our employees and are incorporated into Reservio’s internal regulations, which are, however, considered confidential due to security reasons. Reservio takes to ensure that, in the event of the placement of servers at a data center operated by a third party, similar technical and organizational measures are also implemented by such third party.
All data are placed only on servers located within the European Union or in countries ensuring personal data protection in a manner equivalent to the protection ensured by the legal regulations of the Czech Republic.
VII. Rights of Data Subjects
As a data subject, you have:
- (a) the right to access to personal data: a data subject has the right to obtain from Reservio a confirmation of whether personal data pertaining to him/her are or are not being processed, and if so, he/she has the right to access to such personal data and to the following information: a) the purpose of processing; b) the category of personal data affected; c) the recipients to whom personal data have been or will be made available; d) the planned time period for which the personal data will be stored; e) the existence of the right to require the rectification or erasure of personal data from the controller or a restriction on their processing, or to lodge an objection against such processing; f) the right to submit a complaint with a supervisory authority; g) all available information on the source of personal data, if not obtained from the data subject; h) the fact that automated decision-making is occurring, including profiling. The data subject also has the right to obtain a copy of the personal data being processed.
- (b) the right to the rectification of personal data: the data subject has the right to require that we rectify inaccurate personal data pertaining to him/her without undue delay, or that we complete incomplete personal data.
- (c) the right to the erasure of personal data: the data subject has the right to require that we erase personal data pertaining to him/her without undue delay in the event that: a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; b) the data subject withdraws the consent on the basis of which the data were processed, and there is no other legal reason for processing; c) the data subject lodges objections against processing and there are no prevailing legitimate reasons for processing; d) personal data have been processed unlawfully; e) personal data must be erased in order to fulfill a legal obligation set out in the law of the Union or of the Czech Republic; f) personal data have been collected in connection with an offer of information society services. However, the right to erasure shall not apply if the processing is necessary in order to fulfil legal obligations, for the establishment, exercise or defense of legal claims, and in other cases set out by the GDPR.
- (d) the right to the restriction of processing: the data subject has the right to require that we restrict processing, in any of the following cases: a) the data subject refutes the accuracy of the personal data, for the period of time necessary in order for us to be able to verify the accuracy of the personal data; b) the processing of data is illegal and the data subject refuses to allow the erasure of the personal data and requests, in place thereof, the restriction of their use; c) Reservio no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims; d) the data subject has lodged an objection against processing, until it is verified whether our legitimate reasons prevail over the legitimate reasons of the data subject.
- (e) the right to lodge a complaint against processing: the data subject has the right, for reasons pertaining to his/her specific situation, to lodge a complaint at any time against the processing of personal data that pertain to him/her and that we are processing on grounds of his/her legitimate interest. In such a case, Reservio does not process the personal data further, unless it proves compelling legitimate interests for processing that prevail over the interests or rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
- (f) the right to data portability: the data subject has the right to obtain personal data pertaining to him/her and that he/she has provided us with, in a structured, commonly-used and machine-readable format, and the right to transmit such data to another controller, without Reservio hindering it, in the event that: a) processing is based upon consent and b) processing is conducted in an automated manner. In the exercise of his/her right to data portability, the data subject has the right for personal data to be transmitted directly by one controller to another controller, if this is technically feasible.
- (g) the right to lodge a complaint with the supervisory authority: if the data subject believes that we are not processing his/her personal data in a lawful manner, he/she has the right to lodge a complaint with the supervisory authority. The supervisory authority is the Office for Personal Data Protection with registered office at Pplk. Sochora 27, 170 00 Praha 7, Czech republic, e-mail: posta@uoou.cz, tel.: +420 234 665 125.
- (h) the right to information regarding the rectification or erasure of personal data or restriction of processing: we are obligated to notify individual recipients to whom personal data have been made available of all rectifications or erasures of personal data or restrictions of processing, with the exception of cases when this proves impossible or requires disproportionate effort. If the data subject requests it, we inform the data subject of such recipients.
- (i) the right to be informed in the event of a breach of personal data security: if it is likely that a certain case of a breach of personal data security will result in a high risk to the rights and freedoms of natural persons, we are obligated to notify the data subject of such breach without undue delay.
- (j) the right to withdraw consent to the processing of personal data: in the event that the processing of some of the personal data is being conducted on the basis of a consent, the data subject has the right to withdraw his/her consent to the processing of personal data in writing at any time, by sending a disapproval of the processing of personal data to the e-mail address support@reservio.com.
VIII. Cookie Files and Protocol Files
We use cookie files, which are small text files that identify the user of the website www.reservio.com and record the user’s user activities. The text in a cookie file is often comprised of a series of numbers and letters that positively identify the user’s computer, but do not provide any specific personal data on the User.
The website www.reservio.com automatically identifies the user’s IP address. An IP address is a number automatically assigned to the user’s computer after connecting to the internet. All such information is recorded in an activity file by the server, which enables the subsequent processing of data.
Why do we use cookies?
Cookie files and similar technologies serve several purposes, which include:
- Log-in and verification: As soon as the User uses a personal account in order to log on, an encrypted cookie file is stored on the User’s device, which enables the User to move between the pages of the website without the need to repeatedly log on. The User can also save their log-in information so that they do not need to log in every time they return to the website www.reservio.com.
- Editing: Reservio uses cookie files in order to adjust the content and information to the requirements of Users in order to ensure the user-friendliness of the website.
- Marketing: Reservio uses cookie files in order to monitor its advertising campaigns, and for the monitoring of User submissions, applications and discount coupons, promotions and contests.
- Diagnostics: Reservio uses cookie files for the purpose of diagnosing and repairing technical problems reported by Users or programmers that are associated with the IP addresses under the control of a specific web company or connection provider.
- Analysis: Reservio uses cookie files and other identifiers for the purpose of collecting data on the use and performance of the website www.reservio.com.
There may also be third party cookie files located on the website www.reservio.com. This may be, for example, because we have authorized a third party to conduct a website analysis. Reservio utilizes the following service providers:
- Microsoft Corporation (bing.com)
- Intercom, Inc. (intercom.com)
- Seznam.cz, a.s. (imedia.cz)
- Facebook, Inc. (facebook.com, facebook.net)
- Google Inc. (googleapis.com, google-analytics.com, google.com, google.cz, googleadservices.com, googletagmanager.com)/li>
- New Relic, Inc. (newrelic.com)
- Hotjar, Ltd. (hotjar.com)
Cookie Settings
The majority of web browsers accept cookie files automatically. However, it is possible to utilize the
controls that enable them to be blocked or removed. Users of the website www.reservio.com are thus entitled
to set their browser in such a way so that the use of cookies on their computer is prevented.
We utilize two types of cookie files – permanent and one-time. A permanent cookie file remains on the hard
disk even after the browser is closed. Permanent cookie files may be used by the browser during subsequent
visits to the website www.reservio.com. Permanent cookie files may be removed. One-time cookie files are
temporary and are erased as soon as you close the browser.
Instructions for blocking or removing cookie files in browsers can generally be found in the personal data
protection principles or in the user guide documentation of individual browsers.
Protocol Files
The User’s browser automatically reports certain information upon every display of the website
www.reservio.com. When registering on the website www.reservio.com or when browsing the website, servers
automatically record certain information that the web browser sends upon every visit to the website. These
server protocols (so-called “log files”) may contain information such as a web request, IP address, type of
internet browser, browser language, linking / exit sites and URLs, platform type, number of clicks, domain
names, entry portals, number of pages seen and the order of such pages, the amount of time spent on certain
pages, the date and time of a submitted request, and one or more cookie files that may positively identify
the web browser.
IX. Applicable Personal Data Protection Legislation
Reservio declares that in the provision of personal data protection, it abides primarily by the following legal regulations:
European Union Legislation
All of the legislation based upon Article 16 of the Treaty on the Functioning of the European Union and
Article 7 and 8 of the Charter of Fundamental Rights of the European Union, specifically:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
- Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector;
- Commission Regulation (EU) No. 611/2013 of 24 June 2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC of the European Parliament and of the Council on privacy and electronic communications (to a limited extent);
- Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (to a limited extent).
Council of Europe Legislation
- Council of Europe Convention No. 108 dated 28 January 1981 for the Protection of Individuals with Regard to Automatic Processing of Personal Data.
Czech Republic Legislation
- Act No. 101/2000 Coll., on the Protection of Personal Data;
- Act No. 121/2000 Coll., the Act on Copyright, on Rights Related to Copyright.
X. Final Provisions
By entering into the Agreement, the User confirms that it has acquainted itself with these Personal Data Protection Rules.
If necessary, Reservio may update these Personal Data Protection Rules. The current version of the Privacy policy will always be available on the website www.reservio.com. If a significant change occurs within these Privacy policy in regard to the manners of handling personal data, Reservio will inform the User by publishing a notification in a visible manner prior to the implementation of such changes. We recommend checking the Privacy policy from time to time when utilizing the Reservio system or the website www.reservio.com.
Last modified 11/27/2018.
