Jindřišská Tower10 floors of culture

Privacy Policy

Data controller

Jindřišská věž s.r.o.
Company ID: 26170736
Registered office: Na Pankráci 53, Prague 4, Czech Republic
Contact email: info@jindrisskavez.cz
Phone: 608 346 521

Introduction

This Privacy Policy (the “Policy”) describes how Jindřišská věž s.r.o. (the “controller”, “we”, “us”) collects, uses, stores and protects personal data of website visitors and customers. The information applies to the processing of personal data in connection with the use of the website, contact forms, reservations, newsletters, marketing and other communication.

Scope and sources of data

We collect personal data that you provide to us directly (e.g. when filling out a form) as well as data obtained automatically when you visit our website (technical and analytics data).

Categories of personal data processed

  • Identification data: first name, last name.
  • Contact data: email address, phone number, home/company address (if provided).
  • Communication data: message text, reservation notes, related information.
  • Payment and invoicing data: if you use services that require invoicing (limited, potentially shared with our accounting processor).
  • Technical data: IP address, browser type and version, language settings, date and time of access, cookies and other tracking technologies.
  • Other data: optional profiles or preferences you share with us (e.g. newsletter interest).

Purposes of processing and legal bases

Handling inquiries and communication (e.g. contact form)

Purpose: answering inquiries, arranging services, technical and organizational communication.
Legal basis: performance of the user’s request / the controller’s legitimate interest (reasonable communication).

Providing services and contract performance

Purpose: processing reservations, ticket sales, issuing invoices, fulfilling contractual obligations.
Legal basis: contract performance / legal obligation.

Marketing and newsletters

Purpose: sending commercial communications, offers and news.
Legal basis: user consent (Art. 6(1)(a) GDPR). Consent is voluntary and can be withdrawn at any time without affecting the lawfulness of processing before withdrawal.

Website analytics and service improvement

Purpose: statistical analysis of traffic and user behavior to improve the website and services.
Legal basis: the controller’s legitimate interest (service optimization) or consent (where non-anonymized tracking is used).

Security and legal compliance

Purpose: fraud prevention, protection of rights, accounting and compliance with legal obligations.
Legal basis: legal obligation or legitimate interest.

Data retention periods

  • Contact and communication data: for as long as necessary to handle the inquiry and any follow-up requests, typically retained for 3 years unless otherwise required by law or contract.
  • Contract performance and invoicing data: for statutory periods (e.g. accounting records – 10 years or as required by local legislation).
  • Marketing consents: until consent is withdrawn.
  • Analytics data: typically anonymized; where it constitutes personal data, retained only as long as necessary for the purpose.

Recipients / processors

Personal data may be shared with:

  • IT service and hosting providers (processors).
  • Email service providers and newsletter distribution tools.
  • Accountants and tax advisors.
  • Other third parties where necessary for contract performance or due to legal obligations. Before sharing, we ensure processors provide adequate safeguards for data protection (data processing agreement).

Transfers to third countries

If personal data is transferred outside the EU/EEA, we safeguard the transfer using appropriate mechanisms (standard contractual clauses, adequacy decisions or other legal mechanisms) and inform you in specific cases.

Cookies and tracking technologies

The website uses cookies and similar technologies for website operation, behavior analytics and marketing. Categories:

  • Necessary cookies: required for the proper functioning of the website.
  • Performance and analytics cookies: used to analyze traffic (e.g. Google Analytics; if used, we ensure IP anonymization / basic settings).
  • Functional and preference cookies: used to remember user settings.
  • Marketing cookies: used for targeted advertising. You can manage cookie settings via consent management tools or browser settings. Disabling certain cookies may limit website functionality.

Your rights

You have the right to:

  • request access to your personal data,
  • request correction of inaccurate data or completion of incomplete data,
  • request erasure (“right to be forgotten”) where there is no legal reason for further processing,
  • request restriction of processing,
  • object to processing based on legitimate interest or for direct marketing purposes,
  • request data portability (in a structured, commonly used and machine-readable format),
  • withdraw consent at any time (withdrawal does not affect the lawfulness of processing before withdrawal),
  • lodge a complaint with the supervisory authority (in the Czech Republic: the Office for Personal Data Protection).

How to exercise your rights

Send requests to exercise your rights to info@jindrisskavez.cz or by post to the controller’s registered office address. In your request, include your name, a description of your request and a copy of an identity document if necessary to verify your identity. We will respond without undue delay, no later than within 1 month (in exceptional cases this may be extended by a further 2 months).

Data security

We use technical and organizational measures to protect personal data (encrypted transmission – HTTPS, access controls, backups, processor agreements). Access to data is limited to authorized staff and contracted processors on a need-to-know basis.

Profiling and automated decision-making

We generally do not carry out fully automated decision-making or profiling based solely on automated processing that would produce legal effects or similarly significantly affect you. If such processing occurs, you will be informed separately and provided information about the logic, significance and expected consequences.

Children’s data

Our services are not intended for minors without the consent of a legal guardian. If we discover that we have processed a child’s personal data without appropriate consent, we will take steps to delete such data.

Changes to this policy

This Policy may be updated. In the event of material changes, we will inform users in advance (e.g. via a notice on the website or by email) and, if necessary, request consent again. We keep records of the Policy version and the time consent was granted (consent_version, consent_timestamp, IP and User-Agent).

Contact and supervisory authority

For questions about personal data processing, contact us at info@jindrisskavez.cz or by post to the controller’s registered office address. You have the right to lodge a complaint with the supervisory authority – in the Czech Republic: the Office for Personal Data Protection (www.uoou.cz).

Don't miss any event

Follow us on Instagram

Follow the activities in Jindřišská Tower on our Instagram and stay updated on exhibitions, events and news.

Jindřišská věž