Personal Data Processing Principles

Personal Data Processing Principles

These Personal Data Processing Principles (“Principles”) explain how Pilsenjoy s.r.o. (“Pilsenjoy”, the “Controller”) processes personal data of customers, event participants and other persons it comes into contact with when providing and intermediating travel and event services.

The processing of personal data is governed in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation – “GDPR”) and Czech implementing legislation, in particular Act No. 110/2019 Coll., on the Processing of Personal Data. For commercial communications and certain marketing activities, Act No. 480/2004 Coll., on Certain Information Society Services, and the relevant provisions of Act No. 127/2005 Coll., on Electronic Communications, also apply.

1. Who is the Controller and how to contact us

The controller of personal data is:

Pilsenjoy s.r.o., Company ID No.: 61503487, VAT No.: CZ61503487

Registered office: V Šipce 653/8, Jižní Předměstí, 301 00 Plzeň, Czech Republic

Contact e-mail for personal data protection: info@enjoypilsen.cz

Telephone: +420 724 617 975

Postal address: V Šipce 653/8, 301 00 Plzeň

Data Protection Officer (DPO): Pilsenjoy has not appointed a DPO unless expressly stated otherwise on the website or in contractual documentation.

2. What personal data we process

We process only the data necessary for the specific purpose. Typically:

a) Identification data: first name, last name, date of birth (only if necessary), or company identification (Company ID, VAT No., registered office) for entrepreneurs.

b) Contact data: e-mail, telephone number, address (where necessary).

c) Contractual and transaction data: ordered services, dates, communications, requirements, invoicing data, payments.

d) Data required for a specific service: e.g. data for accommodation, carriers, tickets (may include ID/passport number, nationality, etc. – only if required by the provider).

e) Photos / video: only if you give consent or where processing is necessary for performance of the contract (e.g. event documentation for the client) and always to an appropriate extent.

f) Online identifiers: if you use the Pilsenjoy website, cookies and similar technologies may be processed (see Section 8).

3. Purposes of processing and legal bases

Pilsenjoy processes personal data in particular for the following purposes:

3.1 Performance of the contract and steps prior to entering into the contract

- handling enquiries, preparing offers, reservations and securing/intermediating services, event organisation, customer support.

Legal basis: Article 6(1)(b) GDPR.

3.2 Compliance with legal obligations

- accounting, taxes, archiving, handling complaints, obligations under generally binding regulations.

Legal basis: Article 6(1)(c) GDPR.

3.3 Legitimate interests of Pilsenjoy

- protection of legal claims and defence in disputes, record-keeping of communications, fraud prevention, and, to a reasonable extent, direct marketing to existing customers (see Section 7).

Legal basis: Article 6(1)(f) GDPR.

3.4 Consent

- sending newsletters and marketing to persons who are not customers, use of certain cookies, publication of photos/videos for marketing where it is not possible to rely on another legal basis.

Legal basis: Article 6(1)(a) GDPR (consent may be withdrawn at any time).

3.5 Special categories of personal data

Pilsenjoy does not normally process special categories of personal data (e.g. health data). If, exceptionally, it is necessary to process such data (e.g. to assist with specific service requirements), this will be handled individually and only on the basis of an appropriate legal ground under Article 9 GDPR (typically explicit consent or necessity for the establishment, exercise or defence of legal claims).

4. Obligation to provide data and consequences of not providing it

Providing personal data is generally voluntary; however, to the extent necessary to enter into and perform a contract, providing it is required. If you do not provide data required to secure a specific service (e.g. data required by an accommodation provider or carrier), we may not be able to secure the service.

5. Sources of personal data

We obtain data mainly:

- directly from you (enquiry, order, communication),

- from a person who orders services for your benefit (e.g. an employer or event client),

- from public registers (typically in relation to business partners).

6. Recipients and processors

We make personal data available only to the extent necessary, in particular to:

- providers of intermediated services (accommodation providers, carriers, guides, event organisers, experience operators, ticketing providers, etc.),

- providers of IT services, hosting, e-mail tools, accounting and legal services,

- public authorities where required by law.

7. Marketing and commercial communications

7.1 E-mail/SMS commercial communications

We send commercial communications:

a) on the basis of consent (typically a newsletter for interested persons who are not yet customers), or

b) under the “customer exemption” for existing customers where we obtained your e-mail in connection with a service sale and offer similar services; we will always provide an easy option to opt out (unsubscribe) in each message.

7.2 Telephone marketing (telemarketing)

If we conduct telemarketing, we will proceed in accordance with the rules under the Electronic Communications Act and related guidance of the regulator; typically, prior consent of the addressee or fulfilment of a statutory exemption is required.

7.3 Objection to marketing

You may object to processing for direct marketing purposes at any time (Article 21 GDPR). Once an objection is raised, we will no longer send you marketing communications.

8. Cookies and similar technologies

On the Pilsenjoy website, cookies and similar technologies may be used for:

- ensuring the functionality of the website (necessary cookies),

- measuring traffic and improving the website (analytical cookies),

- marketing purposes (e.g. remarketing).

For cookies that are not necessary, we usually request your consent via a cookie banner. Details (including the list of cookies, their duration and settings) are provided in a separate “Cookies” / “Privacy settings” document on the Pilsenjoy website, if available.

9. Retention period

We keep personal data only for as long as necessary to fulfil the purpose:

a) Contractual relationship and related communication: for the duration of the contract and subsequently for the limitation periods and the time needed to protect legal claims.

b) Accounting and tax documents: for the period required by law. Typically, some accounting records are kept for 5 years and selected documents (e.g. for VAT purposes) for 10 years from the end of the relevant period.

c) Marketing based on consent: for 5 years from granting consent or until its withdrawal (whichever occurs first).

d) Photos/video for marketing: for the duration of the consent or until withdrawal; we will always assess within a reasonable time whether further retention remains justified.

10. Your rights

In particular, you have the following rights:

- the right of access to personal data (Article 15 GDPR),

- the right to rectification (Article 16 GDPR),

- the right to erasure (Article 17 GDPR), if there are no grounds for further retention,

- the right to restriction of processing (Article 18 GDPR),

- the right to data portability (Article 20 GDPR),

- the right to object (Article 21 GDPR), in particular against direct marketing,

- the right to withdraw consent (where processing is based on consent),

- the right to lodge a complaint with a supervisory authority.

11. Automated decision-making and profiling

Pilsenjoy typically does not carry out automated individual decision-making or profiling within the meaning of Article 22 GDPR. If such processing were to occur in a specific case (e.g. within online marketing tools), you will be informed in the relevant part of the website or in related documents (cookies).

12. Security of personal data

Pilsenjoy implements appropriate technical and organisational measures to secure personal data (e.g. access management, encryption/secure transmissions, backups, contractual confidentiality obligations).

In the event of a personal data breach, we proceed in accordance with Articles 33 and 34 GDPR (incident assessment, possible notification to the supervisory authority, and informing data subjects where required).

13. How to withdraw consent

You may withdraw your consent at any time:

- by e-mail to info@enjoypilsen.cz, or

- in writing to the registered office address.

Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.

14. Effectiveness and changes to the Principles

These Principles are effective from 1 January 2026. We may update the Principles from time to time; the current version is available upon request and/or on the Pilsenjoy website.