Privacy Policy

General use of the website

1. Data Controller

The data controller, in accordance with Art. 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (hereinafter: “GDPR“), is:

CARASTAY s.r.o. ID (IČO): 06621538 Registered Office: Chudenická 1059/30, 102 00 Prague 10, Czech Republic Email: carastay@seznam.cz

2. Sources and Categories of Processed Personal Data

The Controller processes personal data provided by you via the booking form, email, or telephone. This includes:

  • First and last name
  • Email address
  • Phone number
  • Contact address
  • Payment details and booking information (dates, type of accommodation)
3. Legal Basis and Purpose of Processing

The legal basis for processing personal data is:

  • Performance of a contract between you and the Controller according to Art. 6 para. 1 lit. b) GDPR (processing the reservation).
  • Legitimate interest of the Controller in providing direct marketing (specifically for sending commercial communications and newsletters) according to Art. 6 para. 1 lit. f) GDPR.
  • Compliance with legal obligations (specifically accounting and tax regulations).
4. Data Retention Period

The Controller stores personal data:

  • For the period necessary to exercise the rights and obligations arising from the contractual relationship (max. 10 years from the termination of the contractual relationship for tax record purposes).
  • Until consent for the processing of personal data for marketing purposes is withdrawn.
5. Recipients of Personal Data

Recipients of personal data may include:

  • Booking system providers (MotoPress).
  • Payment gateway providers.
  • Persons involved in ensuring the operation of accommodation and services in Zanzibar.
6. Your Rights

Under the conditions set forth in the GDPR, you have:

  • The right to access your personal data.
  • The right to rectification or erasure of personal data.
  • The right to object to processing.
  • The right to lodge a complaint with the Office for Personal Data Protection (www.uoou.cz).

Right to Withdraw Consent You have the right to withdraw your consent to the processing of personal data (e.g., for marketing purposes) at any time with future effect. The withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal. You can withdraw your consent by sending an email to: carastay@seznam.cz.

7. Data Security (SSL/TLS)

To ensure the maximum security of your data, we use SSL (Secure Socket Layer) or TLS encryption on our website. This means that all data you provide to us (e.g., in the booking form) is transmitted in encrypted form and cannot be misused by third parties.

8. Web Analytics and Cookies

This website uses cookies to ensure site functionality and for analytical purposes. By using the website, you agree to their storage. If we use analytical tools (e.g., Google Analytics), it is solely for the purpose of improving our services. You can change your cookie preferences at any time in your browser settings or via the cookie consent bar.

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.

The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

Participants in the ROHO Club newsletter

If you wish to become a member of the ROHO Club and receive the newsletter, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you consent to receiving the newsletter.

1. Email Service Provider

The newsletter is sent via the email service provider MailerLite (MailerLite Limited, Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland). You can view the email service provider’s privacy policy here: MailerLite Privacy Policy.

2. Data Processing Agreement

We have concluded a data processing agreement with MailerLite, in which we obligate the provider to protect our customers’ data and not to disclose it to third parties.

3. Data Collection and Double Opt-In

Subscription to our newsletter uses a double opt-in process. This means that after registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing using someone else’s email address. Newsletter subscriptions are logged to document the registration process in accordance with legal requirements.

4. Statistical Data Collection and Analysis

The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from MailerLite’s server when the newsletter is opened. During this retrieval, technical information such as browser and system details, as well as your IP address and the time of retrieval, are collected. This information is used to technically improve the services.

5. Cancellation/Unsubscription

You can unsubscribe from our newsletter at any time, i.e., revoke your consent. You will find an unsubscribe link at the end of each newsletter or you may send an email to our servicedesk.

Scroll to Top
WordPress Cookie Plugin by Real Cookie Banner