cleanQR

GENERAL TERMS AND CONDITIONS (GTC)

including the Data Processing Agreement (Annex No. 1)

Language notice: This document is a translation of the original Czech legal documentation. In the event of any conflict or discrepancy between the Czech and English versions, the Czech version shall prevail, as it constitutes the legally authoritative text.

Operator and Service Provider:
Wootera Digital Technologies, s.r.o.
Company ID (IČ): 19160526 | VAT ID (DIČ): CZ19160526
Registered office: Oldřichova 255/20, Nusle, 128 00 Prague 2
Registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Entry 382101
Contact: cleanqr@wootera.com
(hereinafter "Provider")

Article 1 — Introductory Provisions and Definitions

1.1 These General Terms and Conditions (hereinafter "GTC") govern the rights and obligations between the Provider and the User in connection with the use of the CleanQR software service (hereinafter "Service").

1.2 User means a natural or legal person (typically an accommodation facility operator — hotel, guesthouse, apartment; hereinafter "Hotel") who registers for the Service or otherwise uses it.

1.3 CleanQR Service is a web and mobile application designed exclusively as an internal communication and room service request management tool (primarily housekeeping requests) via QR codes. The Service is not a payment gateway, reservation system, or platform for concluding purchase contracts with third parties.

1.4 Agreement means the contractual relationship established between the Provider and the User under the conditions set out in Article 2 of these GTC.

1.5 Guest means a natural person — a hotel client — who submits a room service request via QR code. The Guest is not a contracting party in relation to the Provider.

Article 2 — Formation and Duration of the Agreement

2.1 The Agreement between the Provider and the User is formed at the moment the User:

  • completes registration in the CleanQR system and confirms acceptance of these GTC, or
  • actually begins using the Service, if registration has not taken place.

2.2 At that moment, the User declares that they have read, understood, and agreed to these GTC, including Annex No. 1 (Data Processing Agreement).

2.3 The Agreement is concluded for an indefinite period.

2.4 The User may terminate the Agreement at any time by sending a written notice of termination to cleanqr@wootera.com or by deleting their account through the Service interface. The Agreement terminates upon expiry of 30 days from receipt of the notice, unless the Provider specifies otherwise.

2.5 The Provider may terminate the Agreement with 30 days' notice without stating a reason, or with immediate effect in the event of a material breach of these GTC by the User.

Article 3 — Service Provision and Access

3.1 The Provider undertakes to make reasonable efforts to ensure the Service is available and functional. The Provider does not guarantee uninterrupted availability of the Service.

3.2 The Provider reserves the right to carry out planned and unplanned service outages for maintenance, updates, or security reasons.

3.3 Access to the Service is conditional on registration and may be subject to fees in accordance with the current price list published on the Provider's website. A basic version of the Service may be provided free of charge.

3.4 Access credentials (username, password, tokens) are personal and non-transferable. The User is obliged to maintain their confidentiality and to notify the Provider without undue delay of their loss or misuse.

Article 3a — Service Level and Support (SLA)

3a.1 The Provider makes reasonable efforts to achieve Service availability of 99% measured on a monthly basis, excluding planned outages and force majeure events. This figure does not constitute a contractually guaranteed service level (SLA), and failure to achieve it does not give rise to any right to a discount or compensation beyond the scope of Article 6.

3a.2 Technical support is provided exclusively by electronic means at cleanqr@wootera.com. The Provider undertakes to respond to submissions on business days, typically within 3 business days of receipt. This timeframe is not binding and does not give rise to a claim for damages in the event it is exceeded.

3a.3 The Provider does not offer telephone support, on-site support, or guaranteed response times unless otherwise agreed between the parties in a separate written agreement.

Article 4 — Rights and Obligations of the User

4.1 The User undertakes to use the Service solely for the purposes for which it is intended (room service request management) and in compliance with applicable legislation.

4.2 The User bears full responsibility for:

  • the physical security of QR codes placed on hotel premises;
  • the management and protection of access tokens and login credentials;
  • verifying the authenticity of received service requests;
  • all actions of persons who access the Service through the User's account;
  • the compliance of their own personal data processing with applicable legislation (see Annex No. 1).

4.3 The User is prohibited from:

  • using the Service for illegal purposes or in a manner that causes harm to third parties;
  • sending unsolicited messages (spam) via the Service or using it for purposes other than room service request management;
  • copying, decompiling, reverse engineering, or otherwise interfering with the source code of the Service;
  • reselling or sublicensing access to the Service to third parties without the prior written consent of the Provider;
  • intentionally attempting to compromise the security, integrity, or availability of the Service (including penetration testing without prior written consent of the Provider);
  • misusing QR codes or access tokens to gain unauthorised access to other Users' data;
  • accessing the Service in an automated manner (bots, scrapers) beyond normal operational use without the Provider's consent.

Article 5 — Intellectual Property

5.1 All intellectual property rights in the CleanQR Service, including the software, graphical interface, logo, trade name, and documentation, belong exclusively to the Provider or are lawfully used by the Provider.

5.2 These GTC do not grant the User any ownership rights in the Service. The User is granted only a non-exclusive, non-transferable licence to use the Service for the duration of the Agreement, solely for the User's internal operational purposes.

5.3 Data entered by the User into the Service (room settings, requests, system users) remains the property of the User. The Provider processes it only to the extent necessary for the operation of the Service and in accordance with Annex No. 1.

Article 6 — Limitation of Liability

6.1 The Service is provided "as is". The Provider gives no warranties regarding the fitness of the Service for a particular purpose, error-free operation, or uninterrupted performance.

6.2 The Provider is not liable for:

  • loss of profit, loss of revenue, loss of data, or any indirect or consequential damages suffered by the User or third parties as a result of a Service outage, error, or unavailability;
  • damages caused by unauthorised access by third parties (QR code misuse, phishing, cyber attack), provided the Provider has implemented reasonable technical and organisational security measures within the meaning of Article 32 GDPR and applicable technical standards; the adequacy of such measures shall be assessed with regard to the state of the art, implementation costs, and the nature of the data processed;
  • damages caused by failure of third-party infrastructure (hosting providers, CDN, email services), provided the Provider exercised reasonable diligence in their selection.

6.3 The Provider's total cumulative liability for all damages arising in connection with the Service during any 12 consecutive months is limited to the amount of fees paid by the User for the last 2 (two) billing months preceding the damage event. For the free version of the Service, the Provider's liability is excluded to the maximum extent permitted by law.

6.4 The limitations set out above do not apply to damages caused intentionally or by gross negligence on the part of the Provider, or to personal injury damages, in accordance with Sections 2898 and 2899 of the Civil Code.

Article 7 — Force Majeure

7.1 The Provider is not liable for failure to perform or delay in performing its obligations caused by circumstances excluding liability within the meaning of Section 2913(2) of the Civil Code (force majeure), including in particular natural disasters, armed conflicts, large-scale cyber attacks on critical infrastructure, power supply failures, or decisions of public authorities.

Article 8 — Amendments to GTC and the Service

8.1 The Provider is entitled to unilaterally amend these GTC. Users will be notified of changes by email to the address provided at registration or by a notice in the Service interface, at least 14 days before the changes take effect.

8.2 If the User does not agree with the changes, they are entitled to terminate the Agreement in accordance with Article 2.4 before the effective date of the changes. Continued use of the Service after the effective date of the changes constitutes acceptance of the new GTC.

8.3 The Provider reserves the right to modify, restrict, or discontinue the Service at any time, with reasonable advance notice as appropriate, but no less than 30 days prior to discontinuation of the Service, except in cases of force majeure or serious security incidents.

Article 9 — Governing Law and Dispute Resolution

9.1 These GTC and all relationships arising from them are governed by the law of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code, as amended.

9.2 All disputes arising in connection with these GTC shall be resolved by the competent courts of the Czech Republic. The court with local jurisdiction for resolving disputes is the court having jurisdiction over the registered office of the Provider.

9.3 In the case of consumer disputes (if the User considers themselves a consumer), the User has the right to contact the Czech Trade Inspection Authority (www.coi.cz) or the competent court.

Article 10 — Final Provisions

10.1 Severability: If any provision of these GTC proves to be invalid or unenforceable, this shall not affect the validity of the remaining provisions. The invalid provision shall be replaced by a valid provision that most closely approximates the meaning and purpose of the original provision.

10.2 Entire Agreement: These GTC together with Annex No. 1 constitute the complete and exclusive agreement between the Provider and the User with respect to the subject matter of the Agreement and supersede all prior arrangements.

10.3 Language: These GTC are drawn up in the Czech language.

10.4 Notices: Communication between the parties takes place primarily electronically. A notice sent to the email address provided by the other party at registration or in these GTC is deemed to have been duly delivered.

ANNEX NO. 1 TO THE GTC

Data Processing Agreement

(pursuant to Article 28 of the GDPR)

This Data Processing Agreement (hereinafter "DPA") forms an integral part of the GTC and is concluded at the moment the User accepts the GTC.

Controller: The User (Hotel) — identified by registration data in the Service.
Processor: Wootera Digital Technologies, s.r.o., Company ID: 19160526, registered office: Oldřichova 255/20, Nusle, 128 00 Prague 2.

DPA Art. 1 — Subject Matter and Purpose of Processing

1.1 The Processor processes personal data on behalf of and on the instructions of the Controller for the purpose of operating the CleanQR Service — providing the technical means for the transmission, recording, and management of room service requests at the Controller's accommodation facility.

1.2 Processing takes place for the duration of the Agreement under the GTC.

DPA Art. 2 — Categories of Personal Data and Data Subjects

2.1 The following categories of personal data are processed within the CleanQR Service:

Data SubjectCategories of DataPurpose
Hotel staff (employees)Name, email address, system activity logs (time, actions performed)User account management, audit trail
Hotel guestsNo personal data. Requests are identified solely by room number/ID.

2.2 The CleanQR system is intentionally designed so that it does not require or collect any personal data from hotel guests.

DPA Art. 3 — Obligations of the Processor

3.1 The Processor undertakes to:

  • process personal data solely on the basis of documented instructions from the Controller and in accordance with this DPA;
  • ensure that persons authorised to process personal data are bound by a duty of confidentiality;
  • implement appropriate technical and organisational security measures pursuant to Article 32 GDPR;
  • notify the Controller without undue delay of any personal data breach that becomes known to the Processor;
  • assist the Controller in fulfilling its obligations under Articles 32–36 GDPR to the extent reasonably available to the Processor;
  • at the end of the contractual relationship, delete or return all personal data at the Controller's choice, except where an obligation to retain data arises under specific legislation.

DPA Art. 4 — Sub-processors

4.1 The Controller hereby grants the Processor general prior authorisation to engage sub-processors (providers of cloud and hosting services necessary for the operation of the Service).

4.2 The current list of sub-processors is available at cleanqr@wootera.com. The Processor shall inform the Controller of planned changes to sub-processors with at least 14 days' advance notice, and the Controller shall have the right to object.

4.3 The Processor shall enter into an agreement with each sub-processor imposing on them the same data protection obligations as those set out in this DPA.

DPA Art. 5 — Rights of Data Subjects

5.1 The Processor shall assist the Controller in ensuring fulfilment of requests from data subjects (hotel staff) concerning the exercise of their rights under the GDPR, to the extent technically available to the Processor.

5.2 The Controller (Hotel) bears primary responsibility for handling data subject requests. Requests may be submitted to the Processor at: cleanqr@wootera.com.

DPA Art. 6 — International Data Transfers

6.1 The Processor does not transfer personal data to third countries outside the European Economic Area (EEA) without appropriate safeguards pursuant to Chapter V of the GDPR, unless such a transfer is necessitated by the use of a specific sub-processor. In such cases, transfers are covered by Standard Contractual Clauses (SCCs) or another appropriate instrument under the GDPR.

DPA Art. 7 — Audits and Inspections

7.1 The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations set out in this Article 28 GDPR and shall allow for audits and inspections by the Controller or an auditor mandated by the Controller, with reasonable advance notice and at the Controller's cost.

These General Terms and Conditions take effect on 1 April 2026.