Privacy Policy – GDPR Information Duty

The company Maximus Resort, a.s., ID No.: 269 65 437, with its registered office at Hrázní 327/4a, Kníničky, 635 00 Brno, registered in the Commercial Register maintained by the Regional Court in Brno, Section B, Insert 4332 (hereinafter referred to as the “Controller”), as the controller of personal data, hereby informs about the processing of personal data carried out in connection with the operation of the Maximus Resort website available at www.maximus-resort.cz (hereinafter referred to as the “Website”), the conclusion of service contracts with the Controller’s clients (hereinafter referred to as the “Client” and the “Service Agreement”) and the conclusion of purchase agreements via the Website with individuals expressing interest in such contracts (hereinafter referred to as the “Buyer” and the “Purchase Agreement”). This document also includes information about the rights of data subjects in relation to the above-mentioned processing.

For any questions regarding privacy and the exercise of your rights, please use the following contact:

  • Email: recepce@maximus-resort.cz

1. For what purposes, on what legal grounds, and what personal data do we process?

1.1 Conclusion and performance of the Service Agreement

To conclude and perform a Service Agreement with the Client, the Controller needs the following personal data of the Client – a natural person:

  • Identification data (name, surname, date of birth, company ID, VAT number, registered address)
  • Contact data (email, phone number, delivery and billing address)
  • Payment details
  • Information from communication with the Client and about the conclusion and performance of the Service Agreement

Without the above data, it is not possible to conclude or fulfill the Service Agreement. The legal ground for processing is the performance of a contract at the request of the Client.

1.2 Conclusion and performance of the Purchase Agreement

To conclude and perform a Purchase Agreement with the Buyer, the Controller needs the following personal data of the Buyer – a natural person:

  • Identification data (name, surname, date of birth, company ID, VAT number, registered address)
  • Contact data (email, phone number, delivery and billing address)
  • Payment details
  • Information from communication with the Buyer and about the conclusion and performance of the Purchase Agreement

Without the above data, it is not possible to conclude or fulfill the Purchase Agreement. The legal ground for processing is the performance of a contract.

1.3 Compliance with legal obligations

The Controller must process personal data when required by legal regulations. This includes data required for accounting, tax obligations, and compliance with laws such as:

  • Act No. 565/1990 Coll., on local fees
  • Act No. 326/1999 Coll., on the residence of foreigners in the Czech Republic (or applicable updated law)
  • Act on Archives

1.4 Legitimate interests of the Controller

In justified cases, the Controller may process data based on legitimate interest. The Controller always assesses that such processing does not unduly infringe on privacy

Hotel surveillance: Public areas (including parking) are monitored by a CCTV system with recording. Processing is based on the Controller’s legitimate interest in protecting property, life, and health. No biometric data is processed. Audio recording is also included. Recordings are continuous.

Identification of persons acting on behalf of Clients or Buyers (legal entities): This includes names, contact details, job positions, and communication records, used for contract purposes and rights enforcement.

Proof of agreement acceptance: Data proving online agreement to terms and conditions (e.g., time stamps) are stored to resolve potential future disputes.

Defense and enforcement of legal claims: Data may be used in court or during official inspections to prove lawful conduct. Typically includes identification, contact data, contracts, and communication records.

1.5 Sending marketing communications

For Clients and Buyers (after contract conclusion) or persons subscribing to newsletters, we process contact details (email, phone) for sending marketing messages.

  • Legal ground: Legitimate interest (in case of clients)
  • Consent: Required for non-clients who subscribed voluntarily

You can unsubscribe at any time via the link in each message or by contacting us directly.

2. From whom do we obtain personal data and to whom do we transfer them?

We primarily collect data directly from data subjects. You are required to provide accurate data and keep it updated.

We may transfer data to public authorities when required by law.

CCTV recordings may be copied and handed over to authorities (e.g., police) in case of incidents or upon legal request.

We use processors, e.g., IT system providers and accountants. A detailed list is available upon request.

Some data may be shared with independent controllers (e.g., payment gateway providers). No data is transferred outside the EU unless otherwise stated.

3. How do we process personal data?

We process data mainly electronically using automated tools in our systems or those of our processors. Some manual processing may occur.

CCTV: Data is collected automatically, evaluation is manual.

Only authorized personnel (bound by confidentiality) can access data.

We ensure compliance with legal regulations and protect your rights and dignity.

4. How long do we process personal data?

4.1 Contracts

We process data for the duration of the contract and then:

4.2 Legal obligations

Data required by law (e.g., accounting, tax) are stored:

  • 5 years after the accounting period (general)
  • 10 years for VAT-related records
  • In compliance with archival laws

Data on foreign guests: 6 years after last record

Local fees: 6 years after last record

4.3 Legitimate interests

For defense of legal claims, data may be kept for up to 5 years after contract end or longer if litigation occurs.

CCTV: Recordings are stored for 48 hours unless an incident requires extended retention.

4.4 Marketing

Until you unsubscribe from marketing communications.

4.5 Longer processing

Data may be kept longer if needed for legal proceedings or inspections.

5. Your rights

You have the right to request:

  • Access to your data
  • Correction or deletion
  • Processing restriction
  • Data portability
  • Objection to processing
  • Withdrawal of consent (where applicable)

You can contact us at any time via the email provided above.

You also have the right to lodge a complaint with the Czech Data Protection Authority.

6. How do we protect your data?

We apply security measures including:

  • Internal policies
  • Antivirus protection
  • Firewalls
  • Encryption
  • Access control and authorization
  • Backups
  • Physical security measures