Privacy Protection

Privacy Protection

This document contains all you need to know about the processing of personal data and your options for exercising your rights.
 

Who will process your personal data?

If you give us your personal data during communication or purchasing a service, ASIANA, spol. s r.o. (referred to as ASIANA) becomes the controller of such information. We put a high priority on the protection of your personal data, to comply with the Regulation of the European Parliament and Council no. 2016/679 on the protection of personal data (GDPR) and the relevant regulations.

What information do we process and why?

ASIANA is an agency providing travel services and as such it inevitably comes into contact with its clients’ personal data. We handle the following types of personal data:

  • Names and surnames
  • Dates of birth
  • Addresses
  • Email
  • Phone numbers
  • IP addresses
  • Passport numbers, country of origin and expiration dates
  • Citizenships

Your personal data may be processed for the following reasons:

  • Providing the ordered services and facilitating payments
  • Answering a non-binding order or question
  • Facilitating the operation of internet servers (IPA logging)
  • Mailing business or marketing messages
  • Facilitating customer competition

How long?


We will keep all personal data only for a reasonably necessary time. If storing personal data is not required by superseding statutory duty (e.g. accounting laws), we will store such information for up to one year. After the conclusion of our contractual relationship, we will store your personal data until the expiration of the statute of limitations, i.e. the time during which it is possible to exercise any claims from the concluded contract, and for one year after the statute of limitations has elapsed as void. We will also process your personal data for the duration of any potential litigation or other proceedings.

 

Exercising the rights of the subject of personal data

In order to exercise your rights, no matter the nature of your relationship with ASIANA, we have prepared a form for the exercising of the right of the subject of personal data, available at the end of this page. If you request it, we will also mail you the form. The form also contains detailed information about where to send it and what must be included. You can exercise your rights, including the withdrawal of your consent, without using the form.
Our foremost priority is to prevent the loss, irreversible change or abuse of your personal data. Therefore, we will always need to safely verify that the submitter of such requests is really you. This is why we must insist on the correct channels and appurtenances when you request to exercise your rights.
Similarly, in case we have doubts whether the submitter is really you or we don’t have enough information necessary to comply with your request, we will request additional information. If you submit your request via the contact form on our website or via email, we will immediately confirm receipt and let you know the time frame for our response, as well as how we will handle your personal data in the meantime.

The Rights of Customers Pertaining to the Management of Personal Data

The right to information
You have the right to be informed about the processing of your personal data. This information will be added to your requests for access to your personal data, as well.
 
Access to personal data
If you need additional information about specific personal data, you have the right to be informed whether we are processing it. You also have the right to obtain copies of your personal data and to be given details about the processing thereof. Last but not least, you have the right to access the list of your rights – to correct, delete, limit the processing of, object against the processing of your personal data, and to lodge a complaint with a supervisory authority.
 
Correction of personal data
It is in our interest to process up-to-date and accurate personal data. You have the right to correct inaccurate personal data and to add to incomplete personal data. Anytime you change your email address or phone number, we will always update this information in order to ensure snag-free communication. Please always inform us about the changes in your personal data or update it yourself.
 
Objection against processing
If you believe that our legitimate interest to process your personal data is unfounded, you have the right to lodge a complaint against the processing of your personal data, including profiling. We will assess your request and if we find that our interest in further processing does not exceed your interest in the termination thereof, we will stop processing your personal data. You can take the same steps if you object to direct marketing not carried out on the basis of consent. If we receive such a complaint, we will end the processing immediately without further procedures.
 
Limiting the processing
You have the right to limit the processing of your personal data to storage and distinguishing it from other processed personal data, if you believe that:

  • your personal data is inaccurate
  • the processing of your personal data is against the law but you do not want it deleted
  • you need the personal data for establish, exercise or defend legal claims, even though ASIANA no longer has need for it
  • you object to the legitimacy of our interest in processing such data, for the duration of ASIANA analyzing the legitimacy of such interest

Deletion of personal data

You have the right to “be forgotten,” i.e. to request that we delete all (or some) of your personal data if we no longer need it for the purposes for which it was processed, and at the same time, there is no legal statute for further processing of such data. This right also pertains to cases when your data was processed illegally. We will also delete your personal data if it is being processed based on your consent and you withdraw the consent. Your data will also be deleted if you object to the processing thereof and we reach the conclusion that our legitimate interest does not exceed your interest in the termination of processing (in cases when your personal data is processed on the basis of our legitimate interest), or if you lodge a complaint against the processing of your data for the purposes of direct marketing. We will also delete your personal data if we are required to do so in accordance with the law.
It may not be possible to delete your personal data in all cases. There are reasons due to which it may be possible to continue processing it in spite of your request. This is mainly the case when there is need for further processing to establish, exercise or defend our legal claims, fulfil our legal responsibilities or to exercise the right to free speech and information, as well as for scientific or historical research and statistics, possibly archiving, but only if it is in public interest. If, however, further processing is not required, we will satisfy your request immediately.

Transferability

You have the right carry your personal data over from us to a different controller. This way, you can transfer all personal data we process automatically, on the basis of your consent or fulfilling a contract. We will make all data available to you or the new controller in a structured, widely used, machine readable format. The finalizing of the transfer process is up to your new controller and their technical equipment needed to read and process the data. We cannot guarantee this.

Withdrawing your consent

If we are processing your personal data on the basis of your consent, you can withdraw it at any time. As soon as we receive the notice of your withdrawal, we will no longer process your personal data for the stated purposes.

Lodging a complaint with a supervisory authority

If you believe that your rights arising from laws or regulations have been breached, you can lodge a complaint directly with the supervisory authority in any member state of the European Union. Primarily, this will be an authority in the member state of your residence, place of employment, or where the alleged breach occurred. In the Czech Republic, the supervisory authority is the Úřad pro ochranu osobních údajů (the Office for Personal Data Protection).