Log in Get started free

Privacy policy

Guesti is owned and operated by Evacanza s.r.o., U půjčovny 968/5, Nové Město (Praha 1), 110 00 Praha, Czech Republic, Company ID (IČO): 143 79 724, registered in the Commercial Register.

Your privacy is important to us. This Privacy Policy explains what personal data Evacanza s.r.o. collects in connection with the Guesti service, and how we store, use, and protect that data.

When you use the Guesti website or application, Evacanza s.r.o. acts as the data controller within the meaning of Regulation (EU) 2016/679 (GDPR) and Act No. 110/2019 Coll. on personal data processing, as amended.

Throughout this notice, "we", "us", and "our" refer to Evacanza s.r.o.

If you are staying at a property whose owner uses our service to send you a guidebook or other information, we hold your details on their behalf as a data processor. In that case, we act on the property owner's instructions, and they are responsible for determining how your information is used through our service. Any requests relating to that information should be directed to the property owner.


1. Legal Bases for Processing

Data protection law sets out a number of legal bases on which personal data may be collected and processed. We rely on the following:

Consent

In specific situations, we collect and process your data with your consent — for example, when you opt in to receive marketing communications from us.

Contractual Necessity

In certain circumstances, we need your personal data to fulfil our contractual obligations to you — for example, collecting your email address when you create an account so that we can deliver important notices about the service.

Legal Obligation

Where required by law, we may need to collect or share your personal data — for example, disclosing information to law enforcement authorities in connection with fraud or other criminal activity.

Legitimate Interest

In certain situations, we process your data in pursuit of our legitimate business interests, provided that this does not override your rights and freedoms — for example, reviewing how guidebooks are used in order to improve our service, or sending you helpful guidance during your subscription.


2. When Do We Collect Your Personal Data?

We may collect personal data about you in the following circumstances:

  • When you visit our website or use our application.
  • When you create an account with us.
  • When you engage with us on social media.
  • When you contact us with queries, support requests, or complaints.
  • When you complete any surveys we publish.
  • When you comment on or review our service.
  • When a third party with whom you have shared your data passes it to us with your permission.
  • When you subscribe to, or request, information or resources from us.

3. What Personal Data Do We Collect?

Depending on how you interact with us, we may collect the following categories of personal data:

  • Account data: If you have an account with us, we collect your name, billing and mailing address, email address, and telephone number. You must provide this information for us to deliver the service. We also store an encrypted record of your login password.
  • Interaction data: Details of your interactions with us through contact forms, support channels, or within the application (including, on an aggregated level, how guidebooks were viewed and interacted with).
  • Website usage data: Details of your visits to our website, including the source from which you arrived.
  • Cookie data: Information gathered through cookies placed in your web browser. Cookies do not store sensitive information such as your name, address, or payment details — they hold a session key associated with your account once you are signed in. You may restrict, block, or delete cookies through your browser settings, or withdraw consent using our cookie consent banner.
  • Payment data: Payment card information is collected and processed directly by our payment service provider, Stripe, in accordance with their privacy policy. We do not store or have access to your full payment details.
  • Marketing data: If you are subscribed to our marketing communications, we use your contact details to send those communications. When we send marketing emails, we may use tracking technologies (such as web beacons) to collect information about when you open the email, your IP address, and your browser or email client type. If you unsubscribe, we retain your details on a suppression list to ensure we do not contact you again.
  • Social media data: Your social media username, if you choose to interact with us through social channels, so that we can respond to your comments or questions.
  • Business contact data: If you work for a supplier or business partner, we may hold your professional contact details and information about our relationship with you.

4. How and Why Do We Use Your Personal Data?

We use your personal data for the following purposes:

  • To process payments and prevent fraud: We need your payment and account data to fulfil your subscription and to detect and prevent fraudulent transactions. Without this data, we cannot provide the service or comply with our contractual obligations.
  • To respond to queries and complaints: We use the information you provide when contacting us to respond appropriately and to keep a record of our communications. We do this on the basis of our contractual obligations, legal obligations, and our legitimate interest in providing a high-quality service.
  • To protect your account and our business: We use your data to maintain and safeguard your account, detect unauthorised access, and prevent illegal activity, including automated monitoring of login activity. This is done in our legitimate interest.
  • To provide and manage the service: This includes using your data to operate the platform and, where relevant, to interact with third-party services (including AI-based tools) in order to enhance your experience.
  • To send service communications: We may send you communications required by law or necessary to inform you of changes to the service, such as updates to this Privacy Policy, significant feature changes, or legally required subscription information. These messages are not promotional and do not require your prior consent.
  • To improve and develop our service: We use aggregated and anonymised data about how the service is used to develop, test, and improve our systems. This is done on the basis of our legitimate business interests.
  • To comply with legal obligations: We may process or share your data where required by applicable Czech or European Union law, including disclosure to law enforcement or regulatory authorities.

5. Marketing

We may contact you from time to time with marketing communications, including newsletters, product updates, promotions, surveys, and event invitations. If you are a business user, the legal basis for this processing is our legitimate interest in promoting our services and keeping customers informed of relevant developments.

If you are a guest staying at a property whose owner uses our service, we may ask for your separate consent to send you our own marketing communications (for example, about other properties or services that may interest you). In that case, we act in our own right and not on behalf of the property owner.

We may also, on behalf of a property owner, collect your consent for them to send you marketing communications. In those cases, the property owner is the sender and is responsible for those communications. To unsubscribe from their marketing, please contact the property owner directly.

You may opt out of our marketing communications at any time. Every marketing message we send includes an unsubscribe option.


6. How We Protect Your Personal Data

We take data security seriously and apply appropriate technical and organisational measures to protect your personal data, including:

  • All transactional areas of our website and application are protected using HTTPS encryption.
  • Access to personal data is password-protected and restricted to authorised personnel.
  • Sensitive data, such as payment information, is tokenised and secured by our payment service provider.

7. How Long Do We Keep Your Personal Data?

We retain personal data only for as long as is necessary for the purpose for which it was collected. At the end of the applicable retention period, data will be securely deleted or anonymised, unless we are required by law to retain it for longer (for example, for accounting, legal, or compliance purposes).

Our standard retention periods are as follows:

  • Subscription and account data: We retain your personal data for up to seven (7) years after the termination of your subscription, in order to comply with our legal and contractual obligations. This retention period is consistent with Czech accounting and tax law requirements (Act No. 563/1991 Coll. on Accounting and Act No. 280/2009 Coll., the Tax Code).
  • Website visitor data: Data collected through cookies and website analytics is retained for up to five (5) years.
  • Marketing data: Retained until you unsubscribe, at which point your details are added to a suppression list.
  • Other communications: Data arising from enquiries, support interactions, or other correspondence is retained for up to five (5) years, unless it relates to a subscription or contract (in which case the subscription retention period above applies).

8. Who Do We Share Your Personal Data With?

We only share your personal data with third parties where necessary. We apply the following principles to all such sharing:

  • We provide third parties only with the information they need to perform their specific services.
  • They may only use your data for the purposes we specify in our contract with them.
  • We take steps to ensure that your privacy is respected and protected at all times.
  • If we stop using a third-party service, any of your data held by them will be deleted or anonymised.

The types of third parties we may share data with include:

  • IT service providers who support our website, application, or infrastructure (including AI service providers where relevant).
  • Email marketing platforms that help us manage communications with you.
  • Advertising platforms (such as Google or Meta) to show you relevant content while you browse online, based on your cookie consent or marketing preferences.
  • Payment processors (Stripe) for processing subscription payments.

We may also share your data with third parties in the following specific circumstances:

  • With your consent: For example, passing your data to a property owner if you have consented to this while viewing their guidebook.
  • For fraud prevention: We may share information about fraudulent or potentially fraudulent activity with law enforcement or relevant authorities.
  • Legal obligations: We may be required to disclose your data to the Police, courts, or other regulatory or government bodies upon a valid legal request. Each request is assessed individually with regard to your privacy.
  • Business transfers: In the event of a merger, acquisition, or sale of Evacanza s.r.o., your personal data may be transferred to the new owner or controlling party, subject to this Privacy Policy.

We never sell personal data to third parties.


9. Where Your Personal Data May Be Processed

We primarily process your personal data within the Czech Republic and the European Economic Area (EEA). In some cases, we may transfer data to processors located outside the EEA — for example, to provide payment processing or to use AI-based services (such as OpenAI).

Any transfer of personal data outside the EEA is made in accordance with applicable data protection law, including GDPR Chapter V. We ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission. If you would like more information about the safeguards we use, please contact us.


10. Your Rights

Under GDPR and Czech data protection law, you have the following rights in relation to your personal data:

  • Right of access: You may request a copy of the personal data we hold about you, free of charge in most cases.
  • Right to rectification: You may request correction of inaccurate, incomplete, or outdated data.
  • Right to erasure: You may request deletion of your data in certain circumstances — for example, when you withdraw consent or when the data is no longer necessary for the purpose for which it was collected.
  • Right to data portability: You may request a copy of your data in a commonly used machine-readable format (such as CSV), and have it transferred to another controller where technically feasible.
  • Right to restriction: You may request that we restrict the processing of your data in certain circumstances — for example, while we assess an objection you have raised.
  • Right to object: You may object to the processing of your data where we rely on legitimate interest as our legal basis. We must cease processing unless we can demonstrate a compelling legitimate ground that overrides your interests.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
  • Right to opt out of direct marketing: You may object to the use of your data for direct marketing at any time, including through specific channels only. We will always comply with such requests.

To exercise any of these rights, please contact us at info@guesti.co. We may ask you to verify your identity before processing your request. If we are unable to fulfil your request, we will explain why.


11. How to Stop Direct Marketing

You can stop receiving marketing communications from us at any time using any of the following methods:

  • Click the "unsubscribe" link included in any marketing email we send.
  • Log in to your account, go to Settings, and update your communication preferences.
  • Email us directly at info@guesti.co.

Please note that it may take a short period for our systems to update your preferences. You may therefore receive a small number of communications after submitting your request.


12. Contacting the Data Protection Regulator

If you believe that your personal data has not been handled correctly, or you are unsatisfied with our response to a request you have made, you have the right to lodge a complaint with the relevant supervisory authority.

In the Czech Republic, the supervisory authority is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů — UOOU):

If you are based in another EU member state, you also have the right to lodge a complaint with the data protection authority in your country of residence.


13. Contact Us

If you have any questions about this Privacy Policy or the way we handle your personal data, please contact us:

Evacanza s.r.o.
U půjčovny 968/5, Nové Město (Praha 1), 110 00 Praha
Czech Republic
Email: info@guesti.co