Privacy Policy
Effective from January 1, 2026
1. Data Controller
The data controller is Hostivio s.r.o., with its registered office in Prague, Czech Republic. Contact email: [email protected]
2. Data We Process
We process the following categories of personal data: identification data (first name, last name, email), login credentials, billing information, guest data of the accommodation (to the extent necessary to fulfil legal obligations), and technical data about your use of the service (IP address, browser type, login records).
3. Purpose of Processing
We process personal data for the following purposes: providing and improving our service, fulfilling legal obligations (reporting guests under Act No. 326/1999 Coll.), invoicing and subscription management, communication with Users, and technical support.
4. Legal Basis for Processing
Processing is based on: performance of a contract (Art. 6(1)(b) GDPR), compliance with a legal obligation (Art. 6(1)(c) GDPR), the legitimate interest of Hostivio (Art. 6(1)(f) GDPR), and the User's consent where required.
5. Sharing Data with Third Parties
We share data only with trusted processors: Clerk (authentication), Stripe (payments), Cloudflare (CDN and protection), and government authorities where required by law. All processors are bound by appropriate data processing agreements.
6. Data Retention
We retain personal data for the duration of the contractual relationship and thereafter for the period required by applicable law (typically 5–10 years for billing records). After this period, the data is securely deleted.
7. Your Rights
You have the right to access your data, to have it corrected or erased ("right to be forgotten"), to restrict processing, to data portability, and to object. You can exercise these rights at [email protected]. You also have the right to lodge a complaint with the Office for Personal Data Protection (www.uoou.cz).
8. Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Servers are located exclusively in data centres within the European Union. Access to data is governed by a permission system and audited regularly.
9. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by email. The date of the most recent update is shown at the top of this document.