Personal data protection

The operator of the ZUUNO service processes personal data of customers in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in connection with the processing of personal data (GDPR) and Act No. 110/2019 Coll., on the processing of personal data.

1. Administrator of personal data

The administrator of personal data is the operator of the ZUUNO service, based in the Czech Republic. Contact address: hello@zuuno.co, phone +420 721 930 256.

2. Scope of processed data

When making a reservation, we process the following personal data:

• Name and surname
• E-mail address
• Telephone number
• Booking information (date, rental type, price)
• IP address and time of form submission (security log)

Payment data (card numbers, etc.) are processed exclusively by the Stripe payment gateway and the operator does not have access to them.

3. Purpose and legal basis of processing

We process personal data on the basis of the following legal titles according to Article 6 GDPR:

• Fulfillment of the contract (Article 6, paragraph 1, letter b) — reservation management, sending a confirmation e-mail with a PIN code, communication with the customer
• Legitimate interest (Article 6(1)(f) — fraud protection, security logs, transaction backups
• Fulfillment of legal obligations (Article 6, paragraph 1, letter c) — keeping accounting and tax records

4. Recipients of personal data

Personal data may be transferred to the following third parties in the role of processor:

• Stripe, Inc. — payment gateway; processes payment transactions according to its own GDPR principles (stripe.com/privacy)
• Resend — service for sending transactional emails
• Supabase — cloud database (EU region)
• Vercel — application hosting (EU region available)

No personal data is sold or passed on to third parties for marketing purposes.

5. Retention period

Personal data are stored for the period necessary to fulfill the purpose of processing:

• Reservation data: for the duration of the contractual relationship + 3 years after its end
• Accounting documents: 5 years according to the Accounting Act
• Security logs: 6 months

After the retention period, the data is securely deleted or anonymized.

6. Your Rights

In accordance with the GDPR, you have the right to:

• To access — receive a copy of the personal data we process about you
• For correction — request correction of inaccurate or incomplete data
• For erasure — to request the deletion of data (the right to "be forgotten") if the purpose of the processing has ceased
• To restrict processing — request the suspension of processing in cases provided by law
• For portability — to receive data in a machine-readable format
• Object — to processing based on legitimate interest

Send requests for the exercise of rights to hello@zuuno.co. We will respond to your request within 30 days. You also have the right to file a complaint with the Office for the Protection of Personal Data (uoou.cz).

7. Cookies

The zuuno.co web application uses exclusively technically necessary cookies:

• admin_auth — admin authentication (httpOnly, Secure, SameSite=Strict)

We do not use any analytical, advertising or tracking cookies. Third-party cookies are not loaded.

8. Security

All communication with the application is encrypted using TLS (HTTPS). Passwords and sensitive keys are only stored as environment variables on the server side and are never exposed on the client side. Access to customer data is limited to the minimum necessary.

9. Policy Changes

The operator reserves the right to update this policy at any time. The current version is always available at zuuno.co/privacy. We will inform customers about significant changes by e-mail.