GDPR

GDPR

DECLARATION BY THE PHYSICAL PERSON ON PERSONAL DATA PROCESSING

Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter referred to as „GDPR“)

I. Personal Data Administrator

Natural person Lubomír Baum with registered office at Frýdlantská 1888, Frýdek – Místek, 738 01, IČ: 04851811, registered in the public register kept by the Regional Court in Ostrava under the number L 23535 (hereinafter also referred to as “natural person” or “administrator”) in accordance with Article 12, the GDPR shall report on the processing of your personal data and your rights.

The aim of the natural person is especially to support a healthy lifestyle and the development of sport, movement discipline – parkour in the Czech Republic and abroad.

If you have any questions regarding the processing of your personal data, you can contact us at: info@luboparkour.cz.

II. Processing principles

The controller declares that it respects the following principles when processing personal data:

legality, correctness, transparency of processing
Purpose limitation – personal data is collected for certain and legitimate purposes and is not processed incompatible with those purposes,
data minimization – personal data are adequate and relevant to the purpose for which they are processed,
accuracy – personal information is accurate,
storage restrictions – personal data shall be stored in a form allowing identification of the data subject only for the necessary period for the purposes for which they are processed,
integrity and confidentiality – personal data is processed in a manner that ensures adequate security, including protection by appropriate technical or organizational measures against unauthorized or unlawful processing and accidental loss, destruction or damage.
III. Scope of processing personal data

Personal data shall be processed to the extent that the relevant data subject has provided it to the controller in connection with the conclusion of a contractual or other legal relationship with the controller, or collected by the controller with the consent given.

IV. Sources of personal data

directly from data subjects (personally, by post, e-mail, telephone, via websites, business cards, etc.)
V. Categories of personal data subject to processing

Address and identification data used for unambiguous and unmistakable identification of the data subject (eg name, surname, title, date of birth, permanent address, identification number, VAT number) and data enabling contact with the data subject (contact data – eg contact address, telephone number) , fax number, email address, and other similar information)
other data necessary for performance of the contract
data provided in excess of applicable laws and processed under the consent of the data subject
VI. Categories of data subjects

administrator clients
members of the administrator
manager employees
service providers
other persons who are in a contractual relationship with the trustee
VII. Categories of recipients of personal data

processors
state and other bodies within the fulfillment of legal obligations stipulated by the relevant legal regulations
VIII. Purpose of personal data processing

purposes contained in the data subject’s consent
contractual relationship negotiations
performance of the contract
protection of the rights of the trustee, recipient or other persons concerned (eg recovery of the trustee’s claims)
fulfillment of legal obligations by the administrator
IX Method of processing and protection of personal data

The processing of personal data is carried out by the administrator. The processing is usually carried out at the headquarters of the administrator by individual authorized members or employees of the administrator. processor.

The processing takes place through computer technology, or. also in manual form for personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the controller has taken technical-organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to, alteration, destruction or loss of personal data, unauthorized transfers, unauthorized processing and other misuse of personal data.

All entities to whom personal data may be disclosed respect the data subjects ‚right to privacy and also guarantee GDPR standards of protection and have concluded our clients‘ privacy agreements with the controller. These are mainly IT service providers, goods suppliers, accountants, law firms and delivery companies.

X. Time of processing personal data

In accordance with the deadlines specified in the relevant consent to the processing of personal data, the relevant contracts or the relevant legislation, this is the time necessary to ensure the rights and obligations arising from both the obligation relationship and the applicable legislation.

XI. Lessons learned

The controller processes the data with the consent of the data subject, except in cases stipulated by law where the processing of personal data does not require the consent of the data subject.

In accordance with Article 6 (1) of the GDPR, the controller may process the following data without the consent of the data subject:

the data subject has given its consent for one or more specific purposes,
processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures taken prior to the conclusion of the contract at the request of that data subject,
processing is necessary to fulfill the legal obligation applicable to the controller,
processing is necessary for the protection of the vital interests of the data subject or of another natural person,
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller,
processing is necessary for the purposes of the legitimate interests of the data controller or of a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data take precedence over those interests.
XII. Data subjects‘ rights

The controller hereby informs data subjects of their fundamental rights related to the processing of their personal data, in accordance with Article 13 (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data ( hereinafter referred to as ‚GDPR‘):

a. Right of access to personal data.

Each data subject shall be entitled, in accordance with the provisions of Article 15 of the GDPR, to obtain from the controller a certificate confirming the processing of his personal data, access to the personal data being processed (including any copy of the personal data being processed) and access to the following additional information:

processing purposes,
the categories of personal data concerned,
recipients or categories of recipients to whom personal data have been or will be disclosed, in particular recipients in third countries or in international organizations (and in these cases, appropriate safeguards applicable to the transfer);
the planned period for which personal data will be stored
the existence of the right to require the controller to rectify, delete or object to personal data concerning the data subject or to limit their processing;
the right to lodge a complaint with the supervisory authority;
any available information on the source of the personal data, unless it is obtained from the data subject;
b. Right of explanation.

Any data subject who discovers or considers that the controller or processor is processing personal data that is contrary to the privacy of the data subject or to the data protection law may ask the controller or processor for explanation and removal state of origin.

c. Right of repair.

Any data subject shall have the right to have the controller rectify inaccurate personal data without undue delay or to add incomplete personal data relating to him, having regard to the purposes of the processing.

d. Right of erasure.

Each data subject shall have the right to have the controller erased without undue delay on personal data concerning the data subject, provided that one of the grounds for deletion referred to in Article 17 of the GDPR is given, in particular if:

personal data will no longer be necessary for the purposes for which they were collected or otherwise processed;
the data subject objects to the processing on grounds relating to his particular situation and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing for direct marketing purposes;
personal data were processed unlawfully. The controller’s obligation to delete personal data at the request of the data subject shall not apply if processing is necessary for any of the reasons referred to in Article 17 (3) of the GDPR, in particular where processing is necessary to identify, exercise or defend legal claims.

e. Right to Restrict Processing.

Each data subject shall have the right to have the controller restrict processing in any of the following cases:

the data subject denies the accuracy of the personal data for the time necessary to enable the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject refuses to delete personal data and requests instead to restrict their use;
the controller no longer needs personal data for the purposes of processing, but the data subject requires them to identify, exercise or defend legal claims;
the data subject has objected to the processing for reasons relating to his particular situation until it is verified that the legitimate reasons for the controller outweigh the legitimate reasons for the data subject. In the case of processing restrictions, the relevant personal data, with the exception of their storage, shall be processed only with the consent of the data subject or for the determination, exercise or defense of legal claims or for other reasons referred to in Article 18 (2) of GDPR. The data subject shall be notified in advance by the controller of the removal of processing restrictions.

f. The right to portability.

The data subject shall have the right to retrieve his personal data which he has provided to the controller in a structured, commonly used and machine-readable format, and to transmit such data to another controller without prejudice to the controller, or , if technically feasible. The exercise of the right to portability shall not adversely affect the rights and freedoms of others.

g. Right to lodge a complaint.

The rights and obligations of data subjects and the controller are fully governed by applicable law in the area of ​​personal data protection. Any data subject who believes that the processing of his / her personal data violated the Personal Data Protection Act, GDPR or other legal regulations is entitled to file a complaint with the Supervisory Authority, which is the Office for Personal Data Protection (www.uoou.cz) .

h. Right to object.

The data subject shall have the right at any time to object to the processing of his personal data processed by the controller on grounds relating to his specific situation because it is necessary for the legitimate interests of the controller or of a third party

(i) Right to withdraw consent.

In accordance with Article 7 (3) of the GDPR, the data subject has the right to withdraw his consent to the processing of personal data at any time. The withdrawal of consent shall not prejudice the legality of the processing based on the consent given prior to its withdrawal. The entity shall be informed before consent is given. The data subject may withdraw his consent by sending a sufficiently specific notice of withdrawal of consent to info@luboparkour.cz, or personally at the address of the administrator’s registered office.

This statement is publicly available on the administrator’s website and at the administrator’s registered office.