Personal Data Processing Principles

Who is the Controller

The controller of personal data of natural persons by Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as GDPR) is ATD stav s.r.o., with a place of business at Rooseveltova 584/9, 602 00 Brno, ID No.: 01424076. The operator of the Lazaretní Hotel, Lazaretní 902/6, 615 00 Brno, and the operator of the website

What Data We Process

We process data provided by customers directly or through booking portals, primarily identification and contact personal data, which include name, surname, telephone, email address, and dates and times of service usage. Data provided by users of the hotel website, including contact forms, newsletter registration, event comments, and hotel reviews, which may include name and email address.

No cookies are knowingly processed on this website.

ATTENTION on Facebook! Please be aware that with each “like” you give your data to Facebook automatically, to a greater extent than the GDPR’s processing adequacy principles. We use Facebook to support our image and business, but by using the LIKE buttons, you agree to this process. If you do not agree, do not click the Facebook “like” buttons.
We do not collect or process any special and sensitive personal data, such as data about health, religion, beliefs, trade union membership, etc.


  • Order Processing: For fulfilling the contract between our hotel and the customer. Data processing includes registration, processing, and payment of the order. Without the necessary data, we cannot process your order.
  • Legal Obligations: For fulfilling obligations to the municipality, reporting to the foreign police, and issuing sales documents, based on legal obligations.
  • Marketing: For sending news and promotional offers to existing customers based on legitimate interest, and to registered users of the website based on their voluntary consent.
  • Property Protection: For protecting property and persons in designated hotel areas through a camera system,based on legitimate interest.

Who Has Access to the Data

Access is limited to the controller and authorized personnel (employees and external processors). All persons with access are bound to confidentiality. Data is shared with processors only with your consent. Our processors include:

  • (website publishing system)
  • WEDOS Internet a.s. (web hosting, domain rental, email boxes)
  • Facebook, Inc. (online marketing tools)

How Long We Process Data

Personal data is processed for the duration of order processing and retained for legally required periods. Job applicant data is processed until the end of the selection procedure. Commercial communications are sent sporadically for the duration of the consent or objection period, up to 3 years.

Your Rights

You have the right to be informed about your data, access, rectify, or amend it if it is outdated. You can request restriction of processing, erasure (to be forgotten), and data portability to another controller. You can withdraw consent or object to data processing at any time. Contact : or call +420 777 595 634 to exercise your rights..

In case of a breach, you can complain to the Data Protection Authority (

How Data is Secured

We handle personal data by GDPR and applicable laws. Data is secured through organizational and technical measures. Access to electronic data is protected by passwords, firewalls, and room security locks. Security is regularly tested.


For comments or rights requests, email or call +420 777 595 634.