Information on the processing of personal data

On the basis of EU Regulation 2016/679 of 27/04/2016 with effect from 25/05/2018

This information is provided by:
Barbora Šmídová
Prague, Czech Republic
Website: https://www.barborasmidova.com
contact phone: +420 734 273 008,
contact email: obrazybarasmidova@seznam.cz

based on Article 13 of EU Regulation 2016/679 (hereinafter referred to as the Regulation).

1. Explanation of terms:
1.1. Personal data are data leading to the identification of a natural person in particular: name and surname, residential address, email address, telephone number, identification number of a natural person doing business and tax identification number of a natural person doing business, further as a data subject.
1.2. The administrator (the above-mentioned person) is the entity that determines the purpose and means of personal data processing, performs the processing and is responsible for it. With the processing of personal data, the administrator can authorize or authorize the processor, unless a special law provides otherwise.
1.3. A processor is any entity that, on the basis of a special law or on the authority of the administrator, processes personal data in accordance with the Act and Regulation, on the basis of a concluded contract for the processing of personal data or on the basis of the consent of the data subject.
1.4. The database is an internal list of data on natural persons and their personal data, maintained by the administrator.
1.5. Profiling is any form of automated processing of personal data consisting of the evaluation of some personal aspects related to a natural person, in particular the analysis or estimation of aspects related to his work performance, economic situation, state of health, personal preferences, interests, reliability, behavior, location , where it is located, or movement.
1.6. Cookies are small amounts of data that the WWW server sends to the browser, which stores them on the user’s computer. Every time you visit the same server again, the browser sends this data back to the server. Cookies are normally used to distinguish individual users, user preferences etc. are stored in them.
1.7. The Commissioner for Personal Data Protection is a professionally qualified representative of the administrator who oversees the transparency and legal processing of personal data by the administrator, and also oversees the provision of data integrity – their backup and security.

2. The administrator (the above-mentioned company) processes personal data according to the Regulation according to the following
policies:
2.1. Legality – processes only those data that are necessary to fulfill contractual obligations
2.2. Purpose – data is collected only for certain, explicitly expressed and legitimate purposes,
2.3. Minimization – processes the maximum amount that is necessary to perform the expressed tasks
2.4. Storage period – personal data is processed only for the time it is necessary for the given tasks
2.5. Integrity and confidentiality – the administrator has taken appropriate technical and organizational measures to secure and protect against unauthorized or illegal processing and against loss, destruction or damage.

3. Personal data protection and processing information
3.1. The administrator obtains personal data from the subjects themselves as part of negotiations on the conclusion of a contract, e.g. by personal delivery, email, inquiry form or order.
3.2. The administrator informs the data subject when the provision of personal data is necessary for the fulfillment of contractual relationships, or when it is voluntary.
3.3. Personal data will be processed for the duration of negotiations on the conclusion of the contract and for the duration of the contractual relationship.
3.4. Personal data will be further processed in the absolutely necessary form to fulfill the legal obligation to archive accounting documents for the period specified by legislation.
3.5. Personal data will be processed and stored for the next 24 months in case of a possible dispute between the administrator and the data subject.

4. Reasons for processing
4.1. The Administrator processes Personal Data for the following purposes:
* fulfillment of the administrator’s legal obligations (accounting, tax and archival management).
* marketing and business offers of the administrator (newsletter, offer of exhibitions, workshops and other events).
* management of the Database of natural persons.
* protection of the administrator’s rights and legally protected interests (legitimate interest).

5. Rights and obligations of the data subject
5.1. The entity is obliged to provide the administrator with only true and accurate personal data.
5.2. The subject is obliged to provide the administrator with verification of the provided data.
5.3. The subject has the right to request access to his personal data from the administrator
5.4. The subject has the right to correct the personal data provided
5.5. The entity has the right to delete the provided personal data
5.6. The entity has the right to limit the processing of personal data
5.7. If the subject’s consent is required for the processing of personal data, the subject may revoke it at any time.
5.8. The entity can exercise its rights:
5.8.1. By email: obrazybarasmidova@seznam.cz
5.8.2. By mail (the signature must be officially verified, see point 5.1.)

6. Rights and obligations of the administrator
6.1. The administrator has the right to verify the truthfulness and accuracy of the provided personal data
6.2. The administrator is obliged to provide the data subject with information on the scope and manner of provided personal data, if the subject requests it. The administrator shall do so without delay and within 30 working days at the latest.
6.3. The Administrator has the right to refuse to provide such information, or to charge a fee for providing it, in case of repeated and unreasonable requests.
6.4. The administrator will provide information in electronic form, unless the data subject requests otherwise. In such a case, you can refer to point 5.3.

7. Legitimate interest of the administrator – purposes
7.1. Protection of the administrator, his fundamental or other rights resulting from general legal obligations, regulations and contracts. Especially in the context of various disputes, controls, investigations and in relation to contractual partners. The processing period is determined by generally binding regulations, but no longer than 10 years after the termination of the contractual relationship.
7.2. Protection of the administrator’s property, life and health of employees and persons entering the administrator’s premises.
For a period of up to 3 days from the recording.
7.3. Debt collection for the duration of statutory limitation periods, but no longer than 10 years.

8. Consent to the processing of personal data
8.1. The data subject gives consent to the processing of data, which for its purposes are not required by law, or for the fulfillment of the contractual relationship, or among the legitimate interests of the controller. Consent is granted by written form or confirmation of the electronic version of consent.
8.2. According to point 4.7, the data subject can revoke this consent at any time.
8.3. The purposes and processing of data provided on the basis of consent are stated on the consent form.

9. Method of personal data processing
9.1. The subject’s personal data is processed both automatically and manually
9.2. Personal data may be made available to authorized employees of the administrator if it is necessary to fulfill the contractual relationship and if it is absolutely necessary to fulfill their work duties.
9.3. Personal data may be made available to processors with whom the administrator has a contract for the processing of personal data and possibly to other persons in accordance with the law and the Regulation.

10. Cookies
10.1. The administrator uses “cookies” on its website, which are stored on the visitor’s computer and are automatically recognized on the next visit. Cookies make it possible, for example, to adapt the website to the interests of the data subject or to save a user name, which then does not have to be entered again every time. If the data subject does not want his computer to be recognized, it is necessary to adjust the Internet browser settings in such a way that cookies are removed from the computer’s hard drive, block cookies or set a warning before saving cookies. (You can find more information about cookies HERE.)

11. Validity
11.1. The wording of the Information on the processing of personal data can be changed or supplemented by the administrator. The Administrator shall inform the natural person of each such change by e-mail or other suitable communication channel at least 5 days before the changes take effect. If a natural person does not agree to the change, he has the right to request deletion from the database without any penalty.
11.2. This document becomes effective on the date of publication.