© 2026 FOR FREE DAYS s.r.o.
🚨 Velikonoce se blíží a s nimi je tu i krásná sleva 12% na lety nad městy a památkami! Nabídku přes 400 měst a 50 památek naleznete 👉 KLIKNUTÍM ZDE 👈
Privacy Policy
I. Basic Provisions
1. The data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: „GDPR”) is:
FOR FREE DAYS s.r.o.
ID No. (IČO): 077 01 489
with its registered office at Formánkova 436/2, 500 11 Hradec Králové
hereinafter: („controller“).
2. The contact details of the controller are
address: Formánkova 436/2, 500 11 Hradec Králové
email: info@forfreedays.cz
phone: +420 499 984 800
3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. The controller has not appointed a data protection officer.
II. Sources and Categories of Processed Personal Data
1. The controller processes personal data that you have provided or personal data that the controller has obtained based on the fulfillment of your order.
2. The controller processes your identification and contact data, data about purchased goods and services received, cookies from the controller's website www.forfreedays.cz and data necessary for the performance of the contract.
III. Legal Basis and Purpose of Personal Data Processing
1. The legal basis for processing personal data is
2. The purpose of personal data processing is
3. There is no automated individual decision-making by the controller within the meaning of Article 22 GDPR.
IV. Data Retention Period
1. The controller stores personal data
2. After the expiry of the retention period, the controller shall erase the personal data.
V. Recipients of Personal Data (Controller's Subcontractors)
1. Recipients of personal data are persons
2. The controller intends to transfer personal data to a third country (country outside the EU) or an international organization only in the case of consent to the sending of commercial communications and other marketing activities and only for this purpose, utilizing entities that comply with GDPR regulations. [A1]
VI. Your Rights
1. Under the conditions set out in the GDPR, you have
2. Furthermore, you have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
VII. Personal Data Security Conditions
1. The controller declares that it has taken all appropriate technical and organizational measures to secure personal data.
2. The controller has taken technical measures to secure data storage and storage of personal data in paper form, keeps documents in secure boxes, has trained employees, and data in the internet interface is protected by encryption.
3. The controller declares that only persons authorized by the controller have access to personal data.
VIII.
Final Provisions
1. By submitting an order from the online order form, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.
2. You agree to this policy by checking the consent box via the online form. By checking the consent box, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.
3. Consent to the processing of personal data for the purpose of sending commercial communications and conducting other marketing activities is not mandatory and operates on the basis of voluntary separate consent. In the event that this consent is not granted, then the personal data will not be used for sending commercial communications and conducting other marketing activities, nor will it be transferred to a third country.
4. The controller is entitled to change this policy. It will publish the new version of the privacy policy on its website and at the same time send you the new version of this policy to your e-mail address that you provided to the controller.
This privacy policy takes effect on May 31, 2020.
Processing of personal data by PayU (applies only to payments made via the PayU payment gateway)
The controller of your personal data is PayU S.A. with its registered office in Poznań (60-166), ul. Grunwaldzka 186, Poland. We will process your personal data in order to perform the payment transaction, inform you of its status, handle any complaints, and also to fulfill the legal obligations we have as PayU.
Entities that cooperate with PayU on the realization of payment transactions may also become recipients of your personal data. Depending on the payment method you have chosen, these may be: banks, payment institutions, credit institutions, payment card organizations, payment models), as well as entities that support PayU's activities, i.e., IT infrastructure providers, payment risk analysis tool providers, and entities authorized to obtain them based on valid legal regulations, including relevant law enforcement agencies. We may disclose your data to Partners to inform them about the progress of the payment realization.
You have the right to access your personal data, correct it, restrict its processing, object to its processing, restrict automated individual decision-making, including profiling, and to transfer or remove it. You provide your personal data to us voluntarily. However, keep in mind that providing it is necessary to perform the payment and that without it, the payment may be refused. More information about the rules for processing your personal data at PayU can be found here in the privacy policy.
