The purpose of this document Personal Data Protection Policy (hereafter the “Policy”) is to explain the conditions for the processing of personal data when this site is being browsed and during other activities on this site and to provide you with an overview of your rights, including the manner of asserting them.
Personal data controller
The controller of the personal data resulting from this website is Luboš Gorgan, Stárkov 77, ID No 86673882 (hereafter the “Controller”).
The Controller is available to deal with any of your questions, requests or information at the following contact address.
You can, for example, revoke your consent, lodge objections or assert complaints against the Controller at this address.
Means of processing personal data and recipients
The Controller processes only that data which you directly have provided during communication with this website, data which the Controller has gained during the provision of services, or data which was gained from publicly available sources.
The Controller processes personal data for the below purposes, and does so in the manner and under the conditions defined for each purpose.
The Controller cooperates with the following categories of personal data processors:
- server and technological solution providers;
- suppliers of services for the management of internet solutions and presentations;
- communication tool providers;
- accountancy and tax service providers;
- administrative and delivery service providers.
Browsing the website
Which data do we process?
In order to deal with a request via the contacts on this website, i.e., for the sending of messages, information, email or telephone contact etc., the Controller collects your personal data so that the Controller can react to and deal with your requests.
This data consist of first name and surname, contact data (such as email address, telephone number), content of message or requirement, and as needs be other information you provide in the forms.
Your consent constitutes the legal title for this purpose. Consent is voluntary, and even if you provide it you can revoke it at any time.
The Controller processes and archives the personal data thus obtained for 10 years in order to ensure follow-up communication and provision of services arising on the basis of the initial contact.
Protection of own rights
If the Controller performs the aforementioned processing, after its end it collects a limited scope of documents and personal data for the purpose of protection of own rights and defence against asserted claims, and also for the purposes of mounting a defence in court/administrative/supervisory and other proceedings.
For this purpose the Controller retains a limited scope of documents, such as consents, records of legal proceedings and other legal documents.
The legal basis of processing for this purpose is the legitimate interest of the Controller in the protection of their rights, proving of compliance and defence against supervision authorities.
The Controller keeps the data thus collected for 3 years from the expiry of the period of processing designated by another purpose pursuant to this policy, or until court of other proceedings are completed and for the associated periods for appeals.
Protection of personal data
In order to ensure a sufficient level of security of processing and protection of personal data, the Controller has adopted suitable technical and organisational measures reacting to the current development of technical resources contributing to the security of personal data processing, primarily to the provision of unauthorised access to personal data, their theft or abuse.
Rights of data subjects
During all processing of personal data you have the following rights:
- right to access to personal data – the right to have the Controller give you, without undue delay, information about which of your personal data are being processed and for what purpose, the recipients, period and information about rights.;
- right to rectification – right to have incorrect data rectified or missing data completed by the Controller without undue delay;
- right to erasure (“right to be forgotten”) – the right to have the Controller erase, without undue delay, the personal data concerning you;
- right to restrict processing of your personal data – should you wish to assert this right, please contact the Controller using the above contact information;
- right to data portability – the right to gain personal data concerning you and which you have provided to the Controller and which is processed automatically on the basis of your consent, in a structured, commonly used and machine readable format, the right to pass this data to another controller, and the right to have the personal data transferred directly to another controller if technically feasible;
- the right to object to the processing of personal data concerning you. The Controller will no longer process the personal data unless they prove they have serious legitimate reasons for processing which outweigh your interests or rights and freedoms, or for determination, exercise or defence of legal claims. If your personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for such a purpose, which also includes profiling. If you object to such processing, your personal data will no longer be processed for these purposes;
- right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, with its headquarters at the address: Pplk. Sochora 727/27, 170 00 Praha 7 – Holešovice, Czech Republic.
- you have the right not to be subject to a decision based solely on automated processing, including profiling which has legal effects for you or significantly impacts you in a comparable manner. CRS does not base any of its decisions solely on automated processing.
- You have the right to require, at any time, the partial or full erasure of your personal data or its blocking, or to require information about the data about your person stored with us and to ask for the rectification of this data. It is not necessary to fill in any form for this – you simply need to contact us using the above contact details;
- we will deal with all your requests without undue delay, at most within 30 days in justified cases.
The Controller reserves the right to amend this Policy at any time. If a new version of this text is published herein, it comes into force immediately.
This policy comes into force and effect on January 10, 2023.