Personal Data Protection Declaration

Who we are

Our website address is:

Which personal data are we processing?

Personal data means any and all data related to an identifiable person that can be directly or indirectly identified by these data. Our company, in accordance with the principle of minimizing personal data, is gradually implementing rules to process only those personal data that are  needed for pursuing its activities or required by law. Personal data are identification data such as name, surname, degree, birth certificate number, date of birth, place of residence, IN, tax number, and also contact data such as address, telephone number, fax, and e-mail address. We only process data provided in excess of the legal regulation with your consent.

Why are we processing your personal data?

If a legal obligation, public interest or protection of vitally important interests of a subject does not require it (Article 6 GDPR), the personal data processing is voluntary. We are processing your data given to us primarily for purposes of providing our services, for our internal needs, and for marketing or business purposes. If you decide to reject processing or to erase your personal data, you can do it in written at this e-mail address We guarantee to erase your personal data within one month, unless there is another legal requirement.

To whom the data could be provided?

We will not share any data with third parties in the future without proper notification. If we share the data with third parties, the third parties will be bound by a data protection compliance agreement. Internationally, our company may share personal data in cooperation with third parties only when bound by data protection compliance memorandum to respect the GDPR. In some occasions there may be legally imposed obligation to provide your personal data to public authorities. Even in such cases, we will request the entire documentation to protect your interests.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

We are protecting our clients‘ personal data responsibly. Read more. 

Krumlov Tours is aware of continuously arising importance of privacy, esp. protection and security of personal data of our customers, clients, partners, employees and actually all personal data subjects all over the world. As a global organisation, whose international scope of business extends beyond borders. We are making continuous efforts to ensure and further develop personal data protection, and to exceed minimal requirements set by legal regulations while applying consistent and transparent enforcement rules. The purpose of this regulation is to inform the public about our procedures and possibilities of participation in making decisions in which ways their personal data will be processed and used by electronic or non-electronic tools.

The basic scope of personal data and privacy protection is represented by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). These legal regulations are complemented and specified by laws of the member states as well as by internal rules of the company, which are gradually implemented to fulfil the aim of the company to reinforce rights of the personal data subjects and protection of their privacy.

How we guarantee the security of your personal data?

All personal data are processed and kept safely for the time necessary for the purposes for which they were collected. We will keep our commitments and protect your rights according to the GDPR for the whole period. We use modern computing techniques capable to protect your personal data avoiding their destruction, alteration, loss, unauthorized access or processing or other misuse.


Giving a consent

 With the exception of cases set by law, we are processing personal data solely with your consent.

Your rights

 Under the personal data protection according to GDPR you have these rights:

  • In accordance with the Transparency Principle, the Company has the information obligation to provide you Controller’s contact information, the processing purpose, the period for which the data will be gathered, the intention of transfer the data to third countries and inform about rights below. These data will be provided to you by the company automatically when your contest with processing will be given.
  • Another right is the access to your personal data. Compared to the previous ones, they are provided on a request. You have the right to request the information if the company processed your data, which category of personal data is being processed and the period for which the data is processed. Upon a request you will be allowed to have an access or copy of processed data free of charge.
  • Another GDPR principle is the accuracy of personal data. The company will take reasonable measures to process accurate and updated data. The company has the obligation to verify that it is processing accurate data, otherwise it has to delete or repair it. Even in this case, the company has the information obligation. You have the right to complete your personal data via an electronic form or a statement addressed to the company.
  • GDPR gives you the right to be forgotten or the right to be erased. This right gives you the option to require the company to erase your data and doesn’t keep them anymore unless there is another legal impediment – for example because of the public interest or legal obligation that requires processing. If there is such an exception, the company has to inform you within one month.
  • You have the right to request restrictions to process your data. In case of  inaccurate data, the company must restrict its processing during verification period. Other cases include their illegal handling and inappropriate processing, except when it is in your interest to erase the data. The last reason is to file a complaint of processing, for as long as the company considers your objections.
  • You have the right to data portability. This right allows you to move or transfer your personal data between controllers.
  • As mentioned above, GDPR gives you the right to make a protest against the personal data processing anytime. You will be notified of this right during the first communication with our company. In case of making a protest, the company will stop processing your data until legitimate reasons for the processing will be established..
  • And last but not least, GDPR gives you the right not to be the subject of any decision based solely on the automated processing of your personal data.

Contact us

We know that personal data protection is a sensitive issue. Please do not hesitate to contact us at e-mail address with any questions or request for explanation.