GDPR

GDPR – General Data Protection Regulation

STATEMENT OF THE ASSOCIATION ON THE PROCESSING OF PERSONAL DATA

Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter "GDPR")

 

I. Personal Data Administrator

Improve Yourself limited company, with its registered office at Frýdlantská 1888, Frýdek-Místek, 738 01, identification number: 09229221, entered in the Federal Register kept by the Regional Court in Ostrava under No. C 82477 (hereinafter also referred to as the “Association” or “Administrator”) in accordance with Article 12 of the GDPR informs about the processing of your personal data and about your rights.

The aim of the association is mainly to support a healthy lifestyle and the development of sports, exercise discipline-parkour in the Czech Republic and abroad. The subject of the ancillary economic activity of the association is the mediation of parkour clothing, accessories, equipment, publications or other work to support self-improvement in the industry.

If you have any questions regarding the processing of your personal data, you can contact us by email: info@improve-yourself.cz.

 

II. Principles of processing

The administrator declares that he observes the following principles when processing personal data:

• legality, correctness, transparency of processing
• purpose limitation - personal data are collected for certain and legitimate purposes and are not processed in an incompatible manner with these purposes,
• data minimization - personal data are adequate and relevant in relation to the purpose for which they are processed,
• accuracy - personal data is accurate,
• storage restrictions - personal data are stored in a form that allows the identification of the data subject only for the time necessary for the purposes for which they are processed,
• integrity and confidentiality - personal data are processed in a way that ensures their proper security, including their protection by appropriate technical or organizational measures against unauthorized or unlawful processing and against accidental loss, destruction or damage.

III. Scope of personal data processing

Personal data are processed to the extent that the competent data subject has provided them to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or which the controller has collected on the basis of the consent given.

IV. Sources of personal data

• directly from data subjects (in person, by post, e-mail, telephone, via websites, business cards, etc.)

V. Categories of personal data that are subject to processing

• address and identification data used for unambiguous and unmistakable identification of the data subject (eg name, surname, title, date of birth, permanent residence address, ID number, VAT number) and data enabling contact with the data subject (contact data - eg contact address, telephone number , fax number, e-mail address and other similar information)
• other data necessary for the performance of the contract
• data provided in addition to the relevant laws processed within the framework of the consent granted by the data subject

VI. Categories of data subjects

• administrator clients
• members of the administrator
• employees of the administrator
• service providers
• other persons who are in a contractual relationship with the administrator

VII. Categories of recipients of personal data

• processors
• state and other bodies within the framework of fulfilling legal obligations stipulated by relevant legal regulations

 

VIII. Purpose of personal data processing

• purposes contained in the consent of the data subject
• negotiation of a contractual relationship
• performance of the contract
• protection of the rights of the administrator, beneficiary or other persons concerned (eg recovery of the administrator's receivables)
• fulfillment of legal obligations by the administrator

IX. Method of processing and protection of personal data

The processing of personal data is performed by the administrator. Processing is usually performed at the administrator's registered office by individual authorized members or employees of the administrator, or processor.

The processing takes place through computer technology, or also manually for personal data in paper form in compliance with all security principles for the management and processing of personal data. To this end, the controller has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to, alteration, destruction or loss of personal data, unauthorized transfers, unauthorized processing and other misuse of personal data.

All entities to which personal data may be disclosed respect the right of data subjects to privacy and also guarantee the standards of protection under the GDPR and have concluded agreements with the administrator on the protection of our clients' personal data. These are mainly IT service providers, suppliers of goods, accountants, law firms and delivery companies.

X. Time of personal data processing

In accordance with the deadlines specified in the relevant consent to the processing of personal data, relevant contracts or in the relevant legal regulations, this is the time strictly necessary to ensure the rights and obligations arising from both the contractual relationship and the relevant legal regulations.

XI. Lessons learned

The controller processes the data with the consent of the data subject, except in cases stipulated by law where the processing of personal data does not require the consent of the data subject.

In accordance with Article 6 (1) of the GDPR, the controller may process the following data without the consent of the data subject:

• the data subject has given his consent for one or more specific purposes,
• processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures taken before the conclusion of the contract at the request of the data subject,
• processing is necessary to fulfill the legal obligation applicable to the controller,
• processing is necessary to protect the vital interests of the data subject or of another natural person,
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller,
• processing is necessary for the purposes of the legitimate interests of the controller concerned or of a third party, except where those interests take precedence over the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

XII. Rights of data subjects

The controller shall hereby inform data subjects of their fundamental rights relating to the processing of their personal data, in accordance with Article 13 (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data (hereinafter referred to as "GDPR"):

a. The right of access to personal data.

Pursuant to the provisions of Article 15 of the GDPR, each data subject is entitled to obtain from the controller a confirmation of the processing of his personal data, access to the processed personal data (including a possible copy of the processed personal data) and access to the following additional information:

• processing purposes,
• the category of personal data concerned,
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or in international organizations (and, in such cases, the appropriate safeguards applicable to the transfer);
• the planned period for which personal data will be stored
• the existence of the right to request or object to the rectification or deletion of personal data concerning the data subject or to limit their processing;
• the right to lodge a complaint with the supervisory authority;
• all available information on the source of the personal data, if not obtained from the data subject;

b. Right of explanation.

Any data subject who discovers or suspects that the controller or processor is processing personal data which is contrary to the protection of the data subject's private and personal life or in breach of the Data Protection Act may request an explanation and removal from the controller or processor. the resulting state.

c. Right of repair.

Each data subject has the right to have the controller correct inaccurate personal data without undue delay or to supplement incomplete personal data concerning him or her, taking into account the purposes of the processing.

d. Right of Deletion.

Each data subject shall have the right to have the controller without undue delay delete personal data concerning that data subject, provided that one of the grounds for erasure referred to in Article 17 of the GDPR is given, in particular if:

• personal data will no longer be needed for the purposes for which they were collected or otherwise processed;
• the data subject objects to the processing on grounds relating to his specific situation and there are no overriding legitimate reasons for the processing or the data subject objects to the processing for direct marketing purposes;
• personal data has been processed illegally. The controller's obligation to delete personal data at the request of the data subject shall not apply if the processing is necessary for one of the reasons set out in Article 17 (3) of the GDPR, in particular if the processing is necessary for the determination, exercise or defense of legal claims.

e. The right to restrict processing.

Each data subject has the right to have the controller restrict processing in any of the following cases:

• the data subject denies the accuracy of the personal data for the time necessary for the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject refuses to delete the personal data and calls instead for restrictions on their use;
• the controller no longer needs the personal data for processing purposes, but the data subject requires them to determine, enforce or defend legal claims;
• the data subject has objected to the processing on grounds relating to his or her specific situation until it is verified that the controller's legitimate grounds outweigh the data subject's legitimate grounds. If processing is restricted, the relevant personal data, with the exception of their storage, shall be processed only with the consent of the data subject or for the purpose of determining, exercising or defending legal claims, or for other reasons referred to in Article 18 (2) of the GDPR. The data subject will be notified in advance by the controller of the cancellation of the processing restriction.

f. Right of Portability.

The data subject has the right to obtain his personal data provided to the controller in a structured, commonly used and machine-readable format, and the right to transfer this data without interference by the controller to another controller, or to have personal data transferred directly by one controller to the controller. , if technically feasible.

g. The right to file a complaint.

The rights and obligations of data subjects and the controller in the area of ​​personal data protection are fully governed by the valid legal regulations. Any data subject who believes that the processing of his personal data has violated the Personal Data Protection Act, GDPR or other legal regulations is entitled to file a complaint with the supervisory authority, which is the Office for Personal Data Protection (www.uoou.cz)

h. The right to object.

The data subject shall have the right at any time to object to the processing of his or her personal data processed by the controller on the grounds that this is necessary for the purposes of the legitimate interests of the controller or of a third party.

i) The right to withdraw consent.

In accordance with Article 7 (3) of the GDPR, the data subject has the right to withdraw his consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing based on the consent that was given before its revocation. The entity must be informed before consent is given. The data subject may revoke his consent by sending a sufficiently specific notice of revocation of consent to the email info@improve-yourself.cz, or in person at the address of the administrator's registered office.

This statement is publicly available on the administrator's website and at the administrator's registered office.