Skip to content
Truhlářská 23, Praha 1+420 773 164 811
Břehová 1, Praha 1+420 775 553 878
Matahari Salón

Privacy Policy (GDPR)

Privacy Policy

1. General Provisions

The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR") is:

mataharispaclub s.r.o.
Registered office: Ke škole 1389, 252 10 Mníšek pod Brdy, Czech Republic
Company ID (IČO): 07328672
File reference: C 299228 maintained by the Municipal Court in Prague
E-mail: info@mataharisalon.cz
Website: mataharisalon.cz

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, phone number, or e-mail address.

The controller has not appointed a data protection officer.

2. What Personal Data We Process

We only process personal data that you provide to us in connection with the use of our services:

  • Reservation form: phone number (required), name, e-mail address, reservation note (optional).
  • Review form: name, review text, consent to processing.

We do not process any special categories of personal data (sensitive data). We do not collect payment data, copies of identity documents, or newsletter subscription data.

3. Purposes of Personal Data Processing

We process personal data for the following purposes:

  • Performance of a contract (Art. 6(1)(b) GDPR) – processing reservations, sending confirmations and appointment reminders via SMS.
  • Legitimate interest (Art. 6(1)(f) GDPR) – application error monitoring to ensure reliable website operation (Sentry).
  • Consent (Art. 6(1)(a) GDPR) – displaying reviews on the website, analytical and marketing cookies.

4. Personal Data Processors (Third Parties)

Personal data may be transferred to the following processors:

  • Google LLC (Google Tag Manager, Google Analytics 4) – analytics purposes, website traffic monitoring. Data may be transferred to the USA in accordance with the adequacy decision (EU–US Data Privacy Framework).
  • Smartsupp s.r.o. (chat widget) – marketing and customer support, communication with website visitors.
  • Functional Software Inc. / Sentry (error monitoring, EU–DE region) – legitimate interest of the controller in ensuring error-free operation of the web application.
  • smsbrana.cz (SMS gateway) – sending reservation confirmations and reminders via SMS as part of contract performance.

The controller does not intend to transfer personal data to any third parties other than the processors listed above.

5. Personal Data Retention Period

The controller retains personal data for the period necessary for the exercise of rights and obligations arising from the contractual relationship and for the enforcement of claims from such relationships:

  • Reservation data: for 3 years from the last reservation.
  • Review data: for the duration of publication on the website, or until consent is withdrawn.
  • Analytical cookies: according to the settings of the respective services (Google Analytics – max. 26 months, Smartsupp – max. 24 months).

After the retention period expires, the controller will delete the personal data.

6. Withdrawal of Consent to Personal Data Processing

If the processing of personal data is based on your consent, you have the right to withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

You can withdraw your consent by e-mail at info@mataharisalon.cz.

7. Method of Personal Data Processing

Personal data processing takes place in electronic form by automated means in the controller's information systems. Personal data is protected in accordance with technical and organisational measures ensuring an appropriate level of security.

No automated decision-making or profiling takes place.

8. Data Subject Rights

Under the GDPR, as a data subject you have the following rights:

  • Right of access (Art. 15 GDPR) – the right to obtain confirmation as to whether your personal data is being processed, and if so, the right to access such data and additional information.
  • Right to rectification (Art. 16 GDPR) – the right to have inaccurate personal data concerning you corrected.
  • Right to erasure (Art. 17 GDPR) – the right to have personal data deleted when the purpose of processing has ceased or consent has been withdrawn.
  • Right to restriction of processing (Art. 18 GDPR) – the right to request restriction of processing of personal data in cases stipulated by the GDPR.
  • Right to data portability (Art. 20 GDPR) – the right to obtain personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR) – the right to object to the processing of personal data concerning you, including profiling.
  • Right to withdraw consent (Art. 7(3) GDPR) – the right to withdraw previously given consent to the processing of personal data at any time.
  • Right to lodge a complaint – the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, www.uoou.cz.

9. Personal Data Security

The controller declares that it has adopted all appropriate technical and organisational measures to protect personal data. The controller has adopted technical measures to secure data storage, in particular:

  • Encrypted data transfer (HTTPS/TLS).
  • Access to data only for authorised persons.
  • Regular database backups.
  • Security headers (CSP, HSTS, X-Frame-Options, and others).
  • Error and security incident monitoring.

10. Contact

If you have any questions regarding the protection of personal data, please do not hesitate to contact us:

E-mail: info@mataharisalon.cz
Website: mataharisalon.cz

11. Final Provisions

This privacy policy is valid and effective as of 20 March 2026.

The controller reserves the right to update this policy at any time. The current version will always be published on the controller's website. We recommend checking this page regularly to stay informed about any changes.

By submitting the reservation form or review form, you confirm that you have read this privacy policy.