Lobkowicz Events Management, s.r.o., ID No. 267 47 367, with its registered office at 277 51 Zámek Nelahozeves čp. 1, registered in the Commercial Register at the Municipal Court in Prague, Section C, Insert 91183, is the controller of personal data (hereinafter referred to as the “Company”, “Controller”, “we” and/or “us”).
The protection of personal data is regulated by the act no. 110/2019 Coll., on personal data processing, as amended (the “Act”) and the Regulation (EU) 2016/679 of the European parliament and of the Council, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “Regulation” or “GDPR”). When controlling and processing personal data (“personal data”) we apply the GDPR, the Act and other related legislation.
Particular or more detailed information on the processing of personal data for specific purposes may be contained in documents intended for those purposes, in which case the information contained in those documents shall prevail and this general information shall only supplement it.
To data subjects, whose contacts are included in our database, we send newsletters, invitations to our events, information brochures or other information we consider it useful for them. We also use the data of such subjects also for other purposes specified below.
Please find below brief information about:
- what personal data we collect;
- the purposes for which personal data are used and the legal basis for it;
- persons having access to personal data;
- the rights and guarantees the GDPR provides to data subjects.
- Scope of processed personal data
The Company collects the following data of data subjects:
- name and surname;
- address of residency;
- phone number(s);
- e-mail address(es);
- IP address(es);
- Your location;
- Account and Invoice Data;
- other data that may be necessary in certain cases or relevant to provision of services (e.g., date of birth, information necessary for purposes of compliance in connection with provision of services (nationality, ID card and/or passport numbers, etc.) or other data the data subjects choose to share with us.
- Purpose of processing of personal data
The personal data are used for:
- provision of our services;
- fulfilment of legal obligations based on contracts, agreements or other arrangements and laws;
- managing and coordinating our relationship with our clients, potential clients and business partners;
- replying to the questions or requests of data subjects;
- requiring feedback on our offers, and other information or communication, including on the services we provide;
- providing with newsletters, commercial communications, brochures, publications, invitations to our events, as well as presenting special offers of our services; and;
- for other legitimate business purposes including developing our business activities, relations with our clients, potential clients, business partners and cooperating persons and entities, providing the clients with information about our services, protecting the interests of our group, protecting the interests of our clients, fulfilling the obligations imposed on us by the applicable legislation or authorities.
If a data subject refuses to provide us with some or all of the personal data necessary for the respective purpose stated above, we may not be able to provide the respective service (e.g., to provide accommodation services) or to fulfil our respective statutory requirements (e.g., to enable the data subject to exercise his/her rights under the GDPR).
- Legal basis for processing
We process personal data based on our legitimate interests or legitimate interest of a third party for the performing of business activity, for the performance of an agreement to which the data subject is a party, in order to take steps at the request of the data subject prior to entering into an agreement and/or for compliance with legal obligations (e.g., obligations related to provision of accommodation services, providing information to public authorities, etc.). We usually do not process special categories of personal data and personal data relating to criminal convictions and offenses. In certain cases of processing of personal data, a data subject’s consent could be applied as legal ground for data processing as well.
- Sources of personal data
We obtain personal data directly from the data subjects or, from other persons, including our (current or former) clients, potential clients, business partners, cooperating entities and individuals, employees as well as their representatives or other persons acting on their behalf. We also obtain personal data from publicly accessible sources or public authorities when providing services to our clients.
- Withdrawal of consent to the processing of personal data
Consent to the processing of personal data is granted voluntarily and may be withdrawn at any time free of charge in person at the Controller‘s address, in written by letter sent to the Controller‘s address or by a message to the e-mail address email@example.com.
From the day when the withdrawal of consent is notified to the Collector, personal data may be processed only to the extent corresponding to the legal reason for processing, i.e. in particular for the performance of legal obligations or for the purposes of protecting the rights and legal claims of the Controller.
- Period of personal data processing
The period for which the Controller may process personal data is determined on the basis of the purpose of processing personal data. The length of this period is always specified in the wording of the consent, if it is required. In the case of the period specified in the consent, if required, the period for processing specified in the consent applies. When the processing is based on a data subject’s consent, the data will be processed for as long as there is valid consent for the processing.
Personal data of clients, employees, collaborators and supporters are processed for a period of three from the termination of the contract with the data subject, or the termination of cooperation with the data subject or the provision of the service to data subject. The data provided when concluding the contract or providing the service may be accompanied by other data necessary for the purpose.
Personal data for the purposes of communication with data subjects (especially sending news, acknowledgments, informing about the activities of the Controller, etc.) are processed until the withdrawal of consent or objection or disagreement with the sending of such communications.
Other personal data are processed for the necessary time and to the extent necessary to achieve the relevant purpose. The Controller processes the personal data for the above purposes in accordance with the Regulation and the Act.
- Access to personal data, processors and other recipients
The data is accessible to the management, employees and contractual partners of the Controller, which need them for fulfilling legal obligations, for providing the services and/or for performing the business activities. The term “contractual partners” means providers that, based on commercial arrangements with the Company, participate in the provision of services to the clients. The term also means providers of services in favour of the Company or any of its branches in order to fulfil contractual and legal obligations (such as tax advisors, accountants, IT service providers, servicing organizations and all other entities from the Company’s group).
Based on the applicable legislation or requests of public authorities, the data may also be accessible to public authorities.
Personal data may be transferred within the EU. In case of transfers to third countries (outside the EU), the transfer of personal data shall be subject to appropriate safeguards (e.g., standard contractual clauses). There are currently no transfers of personal data to third countries.
- Cookies and web analytics services
- Rights of data subjects in connection with the processing of personal data
The data subjects may exercise the following rights provided by the GDPR by contacting the Company via e-mail at firstname.lastname@example.org:
- request access to their personal data, which means the data subjects are entitled to ask information about whether we process their personal data and receive copies of the set of personal data. However, there are certain exemptions, meaning that data subjects may not always receive all of the information we process;
- request rectification of their personal data if the data subjects consider the personal data to be inaccurate or incomplete;
- request erasure of their personal data from our database in certain circumstances (e.g., when the personal data are no longer necessary for the stated purposes or the personal data have been unlawfully processed). We cannot erase personal data which we are legally obliged to keep;
- cancel (withdraw) their consent to the processing of the personal data. This will not affect the lawfulness of processing based on consent before its withdrawal;
- request a restriction on the processing of their personal data, which means the data subjects can limit the way we use their personal data if the personal data subject is concerned about the accuracy of the personal data or how the personal data are being used. We can still use restricted data in certain circumstances (e.g., personal data needed for legal claims or to protect another data subject’s rights);
- object to the processing of their personal data, in which case we will cease using the personal data for the particular purpose unless we have overriding legitimate grounds to do so. The data subjects are always entitled to object to the processing of their personal data for direct marketing purposes.
If we, upon the request of a data subject, erase his/her personal data from our database, we will keep only the information that may be necessary for protecting our legitimate interests as defined above or for public authorities.
We keep the data and information provided confidential, in particular in accordance with the relevant laws and contractual arrangements. We do not trade the personal data.
We have implemented organizational, administrative, technical and physical measures to protect data from being disclosed to third parties and accessed by unauthorized persons, such as using usernames and passwords to protect personal data stored in an electronic form and preventing unauthorized access to data carriers by depositing data in locked cabinets which may only be accessed by authorized persons.
If a data subject is of the opinion that his/her rights related to the protection of his/her personal data were breached, he/she may submit a complaint to the supervisory authority in the Czech Republic, which is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, Phone number: +420 234 665 111 (switchboard); fax: +420 234 665 444, E-mail: email@example.com; Data mail box ID: qkbaa2nm, website: https://www.uoou.cz.
In case of questions or requests regarding the processing of personal data and the exercise of their rights, the data subject may contact the Company in writing at the following e-mail address: firstname.lastname@example.org.