SIESTA CLOUD s.r.o., company ID: 07491441, seated at Konopišťská 739/16, Vršovice, 100 00 Prague 10, registered in the Commercial Register maintained by the Municipal Court in Prague, section C, file 301961 (hereinafter referred to as the “Operator”) as the personal data controller hereby provides information about the processing of personal data of visitors of the website at the address www.tuscany.guide.com (hereinafter referred to as the “Visitor”), which is carried out by the Operator in connection with the operation of the Website (hereinafter referred to as the “Website”) and with the provision of the intermediation service in relation to the services offers of third parties that are presented on the Website (hereinafter referred to as the “Intermediation Service“). This documents includes information about the rights of data subjects with regard to such processing.

For any questions concerning privacy protection and exercise of your rights, use this contact:

1. For what purpose and what kind of personal data do we process?

1.1. Making and fulfilment of the intermediation agreement by the Visitor

The Operator provides the Intermediation Service on the basis of an agreement made with the Visitor on the conditions and in the manner set out in the applicable Business Terms and Conditions of the Operator (hereinafter referred to as the “Intermediation Agreement”). If there are any problems with the Intermediation Service, the Visitor may contact the technical support provided by the Operator. In order to handle the Visitor’s request and communicate in the course of provision of technical support, the Operator may process the following personal data:

  • e-mail of the Visitor, and information provided by the Visitor in the request for technical support.

Without the aforesaid data the Agreement cannot be fulfilled. The legal ground of processing such data is the making and fulfilment of the Agreement at the Visitor’s request.

1.2. Legitimate interests of the Provider

In justified cases the Operator may also process personal data on the legal grounds of protection of its legitimate interests. However, the Operator always thoroughly assesses and takes care to ensure that the interest in the processing of your data for this purpose does not unreasonably interfere with your privacy.

Proof of agreement to the Operator’s Business Terms and Conditions: The Intermediation Agreement is made electronically. The Visitor expresses their agreement to the Business Terms and Conditions by sending the electronic form for the use of the Intermediation Service on the Website. Therefore, for the protection of legitimate interests of the Operator (in order to have a proof that a particular Visitor expressed agreement to the Operator’s Business Terms and Conditions in the particular wording), the Operator keeps data necessary for identification of the Visitor to the extent stated in section 1.1 of this document and the information about the time of using the Intermediation Service.

Defense and exercise of legal entitlements of the Operator: The Operator may process the personal data stated above in this document for the purposes of protection of the legitimate interest of securing defense of the Operator in any legal disputes or legal proceedings or during inspections by government authorities or other public authorities. The Operator processes these data in order to be able to prove, where required, that the Operator acted in accordance with contractual obligations and legal regulations.

Website analysis and improvement: The Operator may also process data about the Visitor’s activity on the Website for the purpose of protection of a legitimate interest, which is analysis of the Website use and its further improvement. For these purposes the Operator may collect and process data obtained through cookies. The conditions of use of cookies are described in the document “Cookie Policy“ available on the Website.

1.3. Fulfilment of obligations arising from legal regulations

The Operator must process personal data in cases where this is required by a legal regulation. For this purpose the Operator may process especially personal data to the extent required by the applicable legal regulations in connection with the Operator’s obligation to keep the books and in the fulfilment of related tax obligations and, as the case may be, for the fulfilment of obligations set out in the Archiving Act.

2. Who do we get the personal data from and who do we hand them to?

We get personal data primarily from data subjects. We do not collect any other data about you, except for those the Visitors give us themselves or those that are created through their activity on the Website.

On the conditions set out by legal regulations we may transfer personal data to public authorities in situations where we are obliged to do so under a legal regulation or where a given authority requests such data within the scope of its powers.

We use the following processors to process data:

  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, the operator of the software platform Azure.
  • Google Ireland Limited, Gordon House Barrow Street Dublin 4, D04E5W5 Ireland.
  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525 Ireland.

Personal data are not transferred outside the EU, unless stated otherwise above.

3. How do we process personal data?

We process personal data manually in accordance with the respective purpose where manual processing is necessary or suitable. Our employees or other persons working for us may participate in the administration of personal data in order to rectify errors, inaccuracies, etc. and for other purposes. However, these persons may process the personal data only with regard to the conditions and scope defined above and they are pledged to secrecy about personal data and security measures, whose publication would threaten the security of personal data.

The personal data may be processed electronically using automatized means, namely within the software securing the Website operation or systems of individual processors mentioned above.

We always process the personal data in accordance with relevant legal norms and we process them with appropriate care and protection. We make sure you would not suffer any harm of your rights, especially your right to human dignity and your private and personal life.

4. How long do we process personal data?

4.1. Intermediation Agreement

Personal data processed for the purposes of making and fulfilling the Intermediation Agreement are processed for the duration of its making and fulfilling (i.e. for the time necessary to handle the Visitor’s request for technical support).

Afterwards we may process personal data for the following purposes:

4.2. Legitimate interests

After the end of the Agreement we process the personal data for the protection of our legitimate interests (i.e. for the purposes of defense against any claims of Visitors or third parties, even before court, and for the purposes of recording and proving the agreement to the Business Terms and Conditions) for the duration of the limitation periods which may last, in the Czech Republic, up to 15 years from the relevant event. Unless a relevant claim is made, such period is usually 5 years from the end of the Agreement.

Information about the Website use for the purposes of protection of the legitimate interest consisting in the Website use analysis and improvement is processed for 2 months. After expiry of this period we may continue to process such data only in anonymized form.

4.3. Legal obligations fulfilment

Personal data processed on the grounds of our statutory obligations are processed within the periods set out by such laws.

4.4. Longer duration of processing

Personal data may also be processed for a period longer than stated above if there is a relevant ground for further processing, which typically means commencement of administrative or legal proceedings for which the personal data are relevant.

5. What rights do you have?

First, you have the right to request access to your personal data, including obtaining a copy of all your personal data. You may exercise this right through the e-mail address stated at the top of this document.

Withdrawal of consent to the processing: As regards the personal data that are not processed on the grounds of consent, the consent to the processing may not be withdrawn. However, on the basis of your request we will always assess whether it is still necessary to process your personal data for any of the purposes stated above.

Your other rights:

We will always inform you about:

  • the purpose of the personal data processing,
  • the personal data, possibly categories of personal data that are processed including all available information on their sources,
  • the character of automatized decision-making including profiling and the information on the used procedure as well as the meaning and the supposed consequences of such decision-making to the data subject,
  • the recipients, possibly categories of recipients to which the personal data were or will be transferred and, in the event of a transfer of personal data to a third country, the appropriate safeguards applying to the transfer for ensuring security of the personal data,
  • the estimated time period for which the personal data will be preserved or (if it cannot be stated) the criteria used to determine that period,
  • all available information on the source of personal data, if they are not provided by you.

Your rights include the right to:

  • ask us for an explanation,
  • ask us to settle the occurred situation, namely any blocking, rectification, addition, restriction of processing or erasure of personal data (right to be forgotten),
  • ask for a copy of the personal data being processed, or ask for personal data concerning you in a structured, commonly used and machine-readable format and to transmit these data to another controller without any obstructions from our side,
  • submit a question or a complaint to the Personal Data Protection Authority (in Czech: Úřad pro ochranu osobních údajů),
  • object to the processing of personal data concerning you.

This Information about Personal Data Processing takes effect from 01.04.2022.