Back to home

PRIVACY POLICY

(effective as of January 30, 2025)

File No.: C 404089/MSPH, maintained by the Municipal Court in Prague Company Name: Reservine s.r.o. Registered Office: Herálecká IV 1583/4, Krč, 140 00 Prague Company ID (IČO): 21624267 VAT ID (DIČ): CZ21624267 Legal Form: Limited Liability Company Scope of Business:

  • Manufacturing, trade, and services not specified in Annexes 1–3 of the Trade Licensing Act
  • Intermediation of trade and services
  • Software provision, IT consulting, data processing, hosting and related activities, and web portals
  • Research and development in the fields of natural and technical sciences or social sciences

Contact Details:

Our application is hosted on servers operated by Hetzner Online GmbH.

Introduction

Reservine recognizes that users, partners, end customers, and other persons (“data subjects”) who visit our website or use our services value their privacy. Below you will find information on how Reservine, as the controller of personal data, processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”).

This Privacy Policy is linked to our General Terms and Conditions.

Capitalized terms used in the text are defined in the General Terms and Conditions.

I. BASIC INFORMATION

1. Controller’s Identification and Contact Details

  • Controller: Reservine s.r.o.
  • IČO (Company ID): 21624267
  • DIČ (VAT ID): CZ21624267
  • File No.: C 404089/MSPH, Municipal Court in Prague
  • Registered Office: Herálecká IV 1583/4, Krč, 140 00 Prague
  • E-mail: hello@reservine.me
  • Tel.: +420 735 124 376

Referred to below as “Reservine.”

2. Data Protection Officer

No Data Protection Officer has been appointed, as Reservine is not obliged to designate one under Article 37 GDPR.

3. Transfers of Personal Data to Third Countries

If Reservine transfers your personal data to countries outside the European Union, it always ensures compliance with Articles 44 et seq. GDPR and requires the same from its data processors. Data are transferred only to non-EU countries capable of ensuring an adequate level of protection under the GDPR (for example, based on an adequacy decision or the conclusion of standard contractual clauses).

Reservine currently does not transfer personal data to third countries or international organizations, except for transferring personal data to the following processors:

  • Twilio Inc. (SendGrid), 375 Beale Street, Suite 300, San Francisco, CA 94105, USA. This processor provides e-mail delivery services. It is certified under the Data Privacy Framework and ensures an adequate level of personal data security in compliance with the GDPR. More information: https://sendgrid.com/en-us/resource/general-data-protection-regulation-2

  • Twilio Inc. (SMS/WhatsApp), 375 Beale Street, Suite 300, San Francisco, CA 94105, USA. This processor provides SMS and WhatsApp notification services. It is certified under the Data Privacy Framework and ensures an adequate level of personal data security in compliance with the GDPR.

  • Stripe, Inc., 354 Oyster Point Boulevard, South San Francisco, CA 94080, USA. This processor provides payment processing services (Stripe Connect). It is certified under the Data Privacy Framework and ensures an adequate level of personal data security in compliance with the GDPR. More information: https://stripe.com/privacy

  • Functional Software, Inc. (Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. This processor provides error tracking and performance monitoring services. It is certified under the Data Privacy Framework and standard contractual clauses (SCCs) are in place. More information: https://sentry.io/privacy/

  • Google LLC (Maps Platform), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This processor provides address autocomplete, geocoding, and map display services. It is certified under the Data Privacy Framework. More information: https://policies.google.com/privacy

4. Automated Decision-Making

Reservine does not carry out profiling or automated individual decision-making within the meaning of Article 22 GDPR.

5. Information on the Nature of Providing Data

  • If personal data are processed for the purpose of fulfilling a contract or a legal obligation, providing the data is a legal requirement.
  • If personal data are processed based on consent, providing the data is a contractual requirement.

6. Supervisory Authority

The supervisory authority in the location of Reservine’s registered office is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, e-mail: posta@uoou.cz, tel.: +420 234 665 125.

II. PERSONAL DATA PROCESSING IN THE PROVISION OF SERVICES

A. The Reservine Reservation System and Reservine Marketplace

When providing our services, Reservine may act as both a controller and, in certain cases, a processor of personal data.

1. Reservine as Controller

Reservine acts as a controller of personal data in relation to Users (if they are natural persons), their representatives, and Partners.

Why do we process personal data?

  • For contract performance (concluding and fulfilling the contract, communication with the User) or legal obligations (e.g., issuing invoices, bookkeeping).
  • Part of our contractual performance includes sending educational emails (guides, tips, info on app features). These emails do not contain marketing content.

We process mainly: name, surname, business name, Company ID (IČO), VAT ID (DIČ), address, phone, email. The legal bases are Article 6(1)(b) (performance of a contract) and Article 6(1)(c) (compliance with a legal obligation) GDPR.

We also process personal data for legitimate interests (direct marketing – sending commercial communications), specifically an email address and a phone number. The legal basis is Article 6(1)(f) GDPR.

Retention period: We process personal data during the contractual relationship and up to a maximum of 10 years after its termination, or longer if required by special legislation or if necessary to protect our legitimate interests.

Collection of personal data: Primarily obtained directly from the data subject when entering into a contract.

In addition to e-mail, Reservine may also send SMS and WhatsApp notifications to Users, Partners, and End Customers (e.g., reservation confirmations, reminders, verification codes) via Twilio Inc. The data processed includes phone numbers and message content. The legal basis is Article 6(1)(b) GDPR (performance of a contract) for transactional notifications and Article 6(1)(f) GDPR (legitimate interest) for reminders. SMS and WhatsApp message logs are retained for up to 12 months and then permanently deleted.

Reservine integrates with smart lock providers (Nuki Home Solutions GmbH, Austria; Sciener/TTLock, China) to enable automated access control for Partners' premises. Only technical data is transmitted to these providers: device identifiers, generated PIN codes, and access time windows. No personal data of end customers (such as names, e-mail addresses, or phone numbers) is shared with smart lock providers. The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract). For TTLock, data transfers to China are protected by standard contractual clauses (SCCs) as required by GDPR.

2. Reservine as Processor

We provide the User with data space for storing data (including personal data of end customers) on our servers (operated by Hetzner). In these cases, Reservine acts solely as a processor and the User is the controller of personal data.

Reservine does not perform any operations with these data other than storing them and making them accessible to the User if needed. The User (Partner) is fully responsible for handling the data in the role of the controller.

B. Personal Data of End Customers During Registration

When an end customer registers in the application or on the Marketplace, Reservine is the controller of the personal data (name, surname, email, phone). We process these for concluding a contract and fulfilling legal obligations. Like with Users, we may send educational emails here too. The legal bases are Article 6(1)(b) (contract performance) and Article 6(1)(c) (legal obligations) GDPR. Direct marketing (commercial communications) is based on our legitimate interest (Article 6(1)(f) GDPR).

Retention period: Throughout the contractual relationship and up to 10 years following its end.

Collection of personal data: Directly from the data subject upon registration.

Data sharing with Partners: For the end customer to make a reservation with a specific Partner, it is necessary to share the customer’s personal data with that Partner. The Partner then acts as an independent controller.

When End Customers use the Marketplace or book through Reservine Sites, Reservine may also send transactional notifications (e-mail, SMS) on behalf of the Partner, process payment transactions via Stripe, and store reservation history and booking details.

C. Reservine Payment Service

1. Processing of Personal Data When Activating the Payment Service

When activating the payment service from Reservine, we may process (depending on the type of entity):

  • Identification data (name, surname, company name, Company ID, VAT ID, data on beneficial owners of legal entities)
  • Contact details (email, phone)
  • Billing and banking data (account number for payouts)
  • Other data required by legal regulations (e.g., anti-money laundering legislation)

The legal basis is Article 6(1)(b) (contract performance) and Article 6(1)(c) (legal obligations) GDPR.

Payment transactions are provided in cooperation with Stripe. Therefore, the Partner may be asked to familiarize themselves with Stripe’s personal data processing terms.

Processing is necessary for properly activating and operating the payment service in compliance with regulatory requirements.

Personal data are processed for the duration of the service and for an additional 10 years after its termination or the last transaction.

2. Processing of Personal Data During the Use of the Payment Service

While using the payment service, we process, for example, data on executed transactions, any chargebacks, payment statements, communication details, invoice payments, and possibly bank account details.

The legal basis is Article 6(1)(b) and 6(1)(c) GDPR.

We process personal data for the duration of service provision and for an additional 10 years after its end or the last transaction.

3. Processing of Personal Data of End Customers

If the end customer pays for a Partner’s service via Reservine’s payment service, we process transaction-related data:

  • Purchase details (service, date, price)
  • End customer’s identification and contact data (name, surname, email, address, IP)
  • Payment data (card type, card number, card validity)
  • Claims or other payment-related data (e.g., declined transactions, fraud prevention info)

The legal basis is Article 6(1)(b) and 6(1)(c) GDPR.

The purpose is to enable payment and handle possible issues or refunds. Stripe (and other payment providers) processes this data under its regulatory obligations, particularly AML.

Retention period: 3 years from each transaction. If legislation (e.g., AML laws) requires a longer retention, we store the data for up to 10 years.

III. PERSONAL DATA OF WEBSITE VISITORS

Reservine processes data obtained from individuals using our website (e.g., IP addresses, log files, cookies).

Reservine uses Sentry (Functional Software, Inc., USA) for error tracking and performance monitoring. When users are authenticated, Sentry may collect the user's ID and e-mail address, along with browser and device information, IP address, and technical error details. The purpose is to identify and resolve technical issues and maintain platform stability. The legal basis is Article 6(1)(f) GDPR (legitimate interest in ensuring reliable platform operation). More information: https://sentry.io/privacy/

For detailed information on cookie usage, see Section VI below.

IV. DATA SUBJECTS’ RIGHTS

As a data subject, you have (among others) the following rights:

  1. Right of Access to your personal data
  2. Right to Rectification of inaccurate or outdated personal data
  3. Right to Erasure (the “right to be forgotten”)
  4. Right to Restriction of processing
  5. Right to Object to processing (especially for direct marketing)
  6. Right to Data Portability
  7. Right to Lodge a Complaint with the supervisory authority (Office for Personal Data Protection)
  8. Right to Withdraw Consent (where processing is based on consent)

V. DATA SECURITY

Reservine employs appropriate technical and organizational measures to protect personal data against unauthorized access or accidental disclosure. Data are stored on servers in EU countries and in data centers meeting high security standards (Hetzner). Data transmission is protected by encryption. Reservine employees are bound by confidentiality and adhere to internal security regulations.

VI. SENDING COMMERCIAL COMMUNICATIONS AND DIRECT MARKETING

1. Commercial Communications

We adhere to Czech Act No. 480/2004 Coll. when sending commercial communications (newsletters). You can unsubscribe at any time using the “unsubscribe” link in each email.

2. Right to Object

If we process your data for direct marketing purposes, you have the right to object. If you do so, we will no longer process your personal data for this purpose.

VII. RECIPIENTS AND PROCESSORS OF PERSONAL DATA

Reservine does not disclose personal data to other controllers, except as required by law (e.g., to state authorities).

To fulfill certain tasks, Reservine uses the following processors:

| Processor | Purpose | Data Processed | Location | |-----------|---------|---------------|----------| | Hetzner Online GmbH | Server hosting, infrastructure | All service data | Germany (EU) | | Twilio Inc. (SendGrid) | E-mail delivery | E-mail addresses, e-mail content | USA | | Twilio Inc. (SMS/WhatsApp) | SMS and WhatsApp notifications | Phone numbers, message content | USA | | Stripe, Inc. | Payment processing (Stripe Connect) | Payment data, identity data, bank details | USA | | Functional Software, Inc. (Sentry) | Error tracking, performance monitoring | User ID, e-mail, device info, error data | USA | | Google LLC (Maps Platform) | Address autocomplete, geocoding, maps | Address queries, coordinates, IP address | USA | | Amazon Web Services EMEA SARL | File storage (S3) | Uploaded files (photos, documents) | EU (Frankfurt) | | Nuki Home Solutions GmbH | Smart lock access control | Device IDs, PIN codes, access time windows | Austria (EU) | | Sciener (TTLock) | Smart lock access control | Device IDs, PIN codes, access time windows | China |

External accounting and tax advisors also act as processors where applicable.

For TTLock (Sciener), data transfers to China are protected by standard contractual clauses (SCCs) as required by GDPR. No personal data of end customers is transmitted to smart lock providers — only technical device identifiers and generated access codes.

As part of the payment service, payment service providers — particularly Stripe — and possibly card issuers and banks also have access to the necessary data for proper payment processing.

Every processor is bound by a data processing agreement and may not use the data for other purposes.

VIII. COOKIES AND LOG FILES

Reservine uses cookies on its websites to distinguish users and store their activity. In compliance with applicable legislation, we use:

  • Necessary Cookies (legitimate interest) – required for website functionality and cannot be turned off.
  • Analytics and Performance Cookies (based on consent) – help us measure traffic, site performance, and monitor errors (e.g., Sentry).

You can adjust or block cookies in your browser settings or via our cookie banner.

Third-Party Cookies

Our website may place cookies from the following service providers:

  • Functional Software, Inc. (Sentry) – for error tracking and performance monitoring

Log Files

Reservine’s servers may automatically record certain information (so-called logs) upon each website visit, such as IP addresses, referral URLs, operating systems, and other technical data. We use this information to diagnose technical issues and maintain system security.

Local and Session Storage

Reservine also uses browser localStorage and sessionStorage to store authentication tokens, user theme preferences, and application state. This data is stored locally on the user’s device and is not transmitted to third parties.

IX. APPLICABLE LEGISLATION

When processing personal data, Reservine complies with, in particular:

  • Regulation (EU) 2016/679 (GDPR)
  • Act No. 110/2019 Coll., on the Processing of Personal Data (Czech Republic)
  • Act No. 480/2004 Coll., on Certain Information Society Services (Czech Republic)

X. FINAL PROVISIONS

This Privacy Policy may be updated. The current version will always be published on our website. If there are significant changes in how we handle personal data, we will inform you in a suitable manner (e.g., via a notice on our website).

If you have any questions, please contact us at hello@reservine.me or by phone at +420 735 124 376.

Effective Date: January 30, 2025

Back to home