PRIVACY POLICY AND DATA PROTECTION (GDPR)
Whattodoinczechia.com
- DATA CONTROLLER
The controller of personal data is:
Bc. Marek Kotyza
Business ID (IČO): 75084431
Registered office: Matějkova 1935/12, 190 00 Prague, Czech Republic
Email: info@tourguidematch.com
hereinafter referred to as the “Controller”.
- SCOPE OF PROCESSING
The Controller processes personal data necessary for:
- providing services and products
- processing bookings and payments
- customer communication and support
- legal and regulatory compliance
- fraud prevention and risk management
- analytics and performance measurement
- marketing and remarketing
- improvement of services and user experience
- CATEGORIES OF PERSONAL DATA
The Controller may process:
- identification data (name, surname)
- contact data (email address, phone number)
- booking and transaction data
- payment-related data (transaction identifiers only)
- technical data (IP address, device, browser, logs)
- behavioral and usage data
- approximate location data
- communication data (emails, messages)
IP addresses are treated as personal data and, where possible, are anonymized or shortened.
- LEGAL BASIS FOR PROCESSING
Personal data is processed on the following legal bases:
- performance of a contract (Art. 6(1)(b) GDPR)
- compliance with legal obligations (Art. 6(1)(c))
- legitimate interest (Art. 6(1)(f))
- consent (Art. 6(1)(a))
Legitimate interests include:
- fraud prevention
- service security
- analytics and optimization
- direct marketing where permitted
- DATA SHARING
Personal data may be shared with:
- payment providers (e.g. Stripe)
- booking platforms (e.g. Bokun)
- third-party suppliers (for service delivery)
- analytics providers (e.g. Google Analytics)
- advertising platforms (e.g. Meta, Google Ads)
- email and CRM tools (e.g. Mailchimp, Brevo)
- hosting and IT providers
These entities may act as processors or independent controllers depending on their role.
Links to third-party privacy policies may be provided upon request.
- INTERNATIONAL DATA TRANSFERS
Personal data may be transferred outside the European Economic Area, including to the United States.
Safeguards include:
- Standard Contractual Clauses (SCCs)
- contractual and technical protections
- use of reputable providers with adequate safeguards
- DATA RETENTION
Personal data is retained only for the necessary period:
- booking and accounting data: up to 10 years
- customer communication: up to 3 years
- marketing data: until consent withdrawal or objection
- analytics data: up to 24 months
- security logs: typically 6–24 months
The Controller periodically reviews stored data and deletes or anonymizes data when no longer necessary.
- CUSTOMER RIGHTS
The Customer has the right to:
- access personal data
- rectification
- erasure
- restriction of processing
- data portability
- object to processing
- withdraw consent
Requests can be sent to info@tourguidematch.com.
The Controller will respond without undue delay, typically within 30 days.
The Customer may also file a complaint with a supervisory authority.
- DATA SUBJECT REQUEST HANDLING
The Controller maintains internal procedures to:
- identify stored personal data
- process access and deletion requests
- coordinate with third-party providers if needed
Where data is processed by third parties, the Controller will make reasonable efforts to facilitate the request.
- DATA SECURITY
The Controller implements appropriate measures including:
- encrypted communication (HTTPS)
- access control
- monitoring and logging
- protection against unauthorized access
- AUTOMATED DECISION-MAKING
No automated decision-making with legal or significant effects is carried out. - COOKIES AND TRACKING
The website uses cookies and similar technologies to ensure functionality, analyze usage and support marketing activities.
Cookies are categorized as:
- strictly necessary
- functional
- analytics
- marketing
- COOKIE CONSENT AND CONTROL
Non-essential cookies (analytics and marketing) are only activated after explicit user consent.
Before consent is granted:
- no tracking scripts are executed
- no analytics or marketing cookies are stored
Users can:
- accept or reject cookies
- change preferences at any time
Consent is managed via a cookie banner or consent management platform.
- COOKIE TABLE (OVERVIEW)
Name: _ga
Provider: Google
Purpose: Analytics
Duration: 2 years
Name: _gid
Provider: Google
Purpose: Analytics
Duration: 24 hours
Name: _fbp
Provider: Meta
Purpose: Marketing
Duration: 3 months
Name: _gcl_au
Provider: Google
Purpose: Advertising
Duration: 3 months
Name: cookie_consent
Provider: Website
Purpose: Consent storage
Duration: 6–12 months
Name: session_id
Provider: Website
Purpose: Core functionality
Duration: session
- THIRD-PARTY SERVICES
The website may use services such as:
- Google Analytics
- Google Ads
- Meta (Facebook, Instagram Ads)
- Bokun booking system
- Stripe payment gateway
These providers may process personal data independently under their own privacy policies.
- EMAIL COMMUNICATION
The Controller may send emails related to:
- bookings and transactions
- customer support
- service updates
Marketing emails are sent only where permitted by law or with consent.
Each marketing email contains an option to unsubscribe.
- DATA MINIMIZATION
Only personal data necessary for the defined purposes is processed. - DATA ACCURACY
The Customer is responsible for providing accurate and up-to-date data. - FRAUD PREVENTION AND SECURITY
Personal data may be processed for fraud detection, prevention of abuse and protection of legal claims. - DATA BREACH MANAGEMENT
In case of a personal data breach:
- risks are assessed
- authorities are notified where required
- affected individuals are informed if necessary
- CHILDREN’S DATA
Services are not intended for individuals under 16.
The Controller does not knowingly collect data from minors. - POLICY UPDATES
This policy may be updated at any time.
The current version is always available on the website. - CONTACT
For any questions or requests:
info@tourguidematch.com