GDPR                             Protection of personal data

R 1. General statement 1.1. MgA. Jan Páleníček

Chairman of ČESKÁ KULTURA, z.s. ID No .: 266 07 565 (hereinafter referred to as "the Association") fulfills the obligations relating to the processing of personal data transmitted to it for the performance of contractual and legal obligations. 1.2. The protection of personal data results mainly from the EU Data Protection Regulation No. 2016/679 / EU GDPR (General Data Protection Regulation). 1.3. The Association acts as a personal data controller if it determines, in accordance with Article 4 (7) of the GDPR, the purpose and means of processing personal data. 1.4. The Company acts as a processor of personal data in case it processes personal data for the administrator in accordance with Article 4 (8) of the GDPR. 2. Principles of personal data processing 2.1. When processing personal data, we comply with privacy standards and, in particular, we comply with the following principles: a) We always process personal data for a clear and comprehensible purpose, by means, in a determined manner, and only for the time required for the purposes of processing; we process only accurate personal data and their processing corresponds to the specified purposes and is necessary to fulfill these purposes; (b) personal data are protected in a manner consistent with current technology developments; the availability of this data security is assured, preventing any unauthorized or accidental access to, alteration, destruction or loss of personal data, unauthorized transfers, other unauthorized processing and other misuse; (c) data subjects are informed of the processing of personal data and of claims for accurate and complete information on the circumstances of such processing as well as other related rights; (d) the Association shall comply with appropriate technical and organizational measures to ensure a level of security appropriate to all possible risks; all persons who come into contact with the clients' personal data are obliged to keep confidential information obtained in connection with the processing of such data; 3. Information on the processing of personal data 3.1. General information: ČESKÁ KULTURA, z.s., IČ: 266 07 565, with its registered office at Nad Stráněmi 343, 251 66 Senohraby, Czech Republic. Contact point for personal data for data subjects is GSM: +420 777 838 016, email: palenicek@ceske-kulturni-slavnosti.cz

3.2. The Association processes personal data in order to: a) comply with statutory obligations when it acts as a personal data controller; (b) performance of contractual obligations where personal data have been transmitted by data subjects; c) fulfillment of contractual obligations, when personal data were transferred to the personal data administrator and the Association acts as a processor; (d) for the performance of contractual obligations where the data subject is a party to the contract; (e) protecting the rights and legitimate interests of the Association; f) for commercial and marketing purposes and is a legitimate interest of the Association in the case of clients and cooperating entities of the Association. 3.3. Scope of Personal Data Processing: The Association processes personal data to the extent necessary to meet the above objectives. In particular, the following personal data are processed: a) first and last name; (b) address; c) email address; (d) telephone number; (e) and other personal data which the Association is required to administer under the law or performance of the contract and which it has obtained from the data subjects or through its own activities. The Association does not process special categories of personal data unless there is a legitimate reason to process them. 3.4. Method of personal data processing: The way the Association processes personal data includes manual and automated processing in the Association's information systems. Personal data are processed primarily by authorized representatives of the Association and, to the extent necessary, by third parties. Prior to any transfer of personal data to a third party, a contract is concluded with that person that contains the same personal data processing safeguards as the Association maintains in accordance with its legal obligations. The Association has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, their alteration, destruction or loss, unauthorized transfers, their unauthorized processing and other misuse of personal data. 3.5. Recipients of personal data: Personal data are made available, in particular, to employees of the Association in connection with the fulfillment of their work duties, where personal data must be handled, but only to the extent necessary and with all security measures. Personal data may be disclosed to third parties involved in the processing of personal data, or such personal data may be made available to them for other reasons in accordance with the law. Prior to any transfer of personal data to a third party, a written agreement is always concluded with that person that regulates the processing of personal data to include the same safeguards for the processing of personal data as the Association itself observes in accordance with its legal obligations. In accordance with applicable law, the Association is authorized or directly obliged to transmit your personal data to: a) competent authorities, courts and law enforcement authorities for the purpose of carrying out their duties and for enforcement purposes; (b) payment service providers, where necessary for the prevention, investigation or detection of payment fraud; (c) public authorities and other public authorities for the purpose of complying with legal obligations; (d) other persons to the extent provided for by law, such as third parties for the purposes of recovery; (e) outsourced service providers and personal data processors; 3.6. Transmission of Personal Data Abroad: Personal data are processed in the Czech Republic and other EU countries that share the same standards of personal data protection as the Czech Republic. Entities involved in the processing of clients 'personal data do not pass on the clients' personal data to countries outside the European Union. 3.7. Period of processing of personal data: The Association processes personal data only for the period necessary for the purposes of their processing. The retention period of personal data is based on individual legal regulations under which the Association processes personal data. If personal data are processed for the purpose of fulfilling the contractual obligation, it is necessary to process personal data for the period of 5 years from the date of termination of the contract in order to protect the rights and legitimate interests of the Association. Where personal data are processed on the basis of the data subject's consent, these data are processed for 5 years from the date of granting the consent. 3.8. Data subjects' rights: In particular, the data subjects have the following rights in relation to individual GDPR articles: (a) the right to information about the personal data controller, the processor and the data protection officer; (b) the right to be informed of the purpose of the processing of personal data; (c) the right of access to personal data and whether or not personal data are processed; (d) the right to lodge a complaint; (e) the right to rectify personal data; (f) the right to delete personal data (right to be forgotten); g) withdraw consent to the processing of personal data; (h) the right to limit processing; (i) the right to portability of personal data; (j) the right to object; (k) any other rights conferred by the Regulation; The Data Protection Authority is the supervisory body for the processing of personal data. 4. Final Declaration The Association is responsible for the protection of personal data that it processes in its activities. In case of questions or suggestions from data subjects it is possible to contact MgA. Jan Páleníček