Asociace společenské odpovědnosti, o.p.s., ID No.: 014 67 115, with registered office at Drtinova 557/10, Smíchov, 150 00 Prague 5, Czech Republic, registered in the register of public benefit societies kept by the Municipal Court in Prague, section O, file 1565 (“Data Controller” or “we”), in its capacity as data controller in accordance with the Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the Protection of Natural Persons with Regard to the Processing of Personal Data (“GDPR”), informs in connection with the Global Goals Summit 2022 (“Summit”) all interested persons, participants, other persons providing us with personal data in connection with the Summit and visitors to the website www.globalgoalssummit.cz (“Website” and “Data Subjects” or “You”) about the processing of their personal data.
The Data Controller is Asociace společenské odpovědnosti, o.p.s., ID No.: 014 67 115, with its registered office at Drtinova 557/10, Smíchov, 150 00 Prague 5, Czech Republic, registered in the register of public benefit societies kept by the Municipal Court in Prague, Section O, Insert 1565 (“Data Controller”).
Contact Details of the Data Controller:
- by post to: Drtinova 557/10, Smíchov, 150 00 Prague 5, Czech Republic;
- by e-mail to: firstname.lastname@example.org;
- by phone at +420 607 279 323; or
- in any other manner set out on the Website.
Please read the following carefully to understand our practices regarding your personal data and how we will handle it.
We take a clear approach to explaining our data protection practices as recommended by the supervisory authorities. This means that we aim to provide you with only relevant privacy information in connection with the hosting of the Summit, and we use this simple Policy to do so. If you have any feedback or questions, please do not hesitate to reach out to us.
Data processed about you in connection with the Summit
It is important for us to let you know what and how we process your personal data and for what purposes we use it, in order to operate more efficiently in providing you with professional information on data protection and to enable you to obtain essential information on data protection in connection with the Summit.
We may collect and process personal data about you when you are going to attend the Summit, whether as an attendee or a speaker, when you enter into a contract with us and/or when you otherwise communicate with us or visit our Website.
These data are mainly:
- your name and surname;
- address (permanent residence/delivery address);
- phone number;
- your e-mail address;
- likeness – a photograph or audio-visual recording taken during the Summit;
- billing information;
- information already communicated under the SDGs and/or ESG Rating;
- any other information related to the Summit.
This is especially the case when:
- it is necessary for the performance of a contract (e.g. the processing of personal data in connection with your Summit registration and ticket payment) to which you or a company or other legal entity to which you have a relationship is a party or for the performance of a pre-contractual measure (Section 6(1)(b) GDPR); or
- we are required to do so by applicable law (e.g. tax legislation) (Section 6(1)(c) GDPR); or
- you have given us your consent (e.g. your email address for receiving the newsletter), where you can withdraw your consent at any time (Section 6(1)(a) GDPR or Section 9(2)(a) GDPR); or
- the processing is necessary for the protection of the vital interests of the data subject or of another natural person (Section 6(1)(d) GDPR) or the processing is necessary for the protection of the vital interests of the data subject or of another natural person where the data subject lacks the physical or legal capacity to give consent (Section 9(2)(c) GDPR); or
- it is our legitimate interest in connection with informing you about news relating to the Summit and/or, for example, protecting the network against harmful conduct (Section 6(1)(f) of the GDPR).
You may provide us with some of this information by communicating with us, for example, by telephone, email or otherwise. We also collect some of this information automatically, for example by using cookies when you visit our website.
The provision of any information is voluntary except where otherwise indicated (legal obligations to provide data) and where the provision of data is a condition of attending the Summit (e.g. providing personal data as part of a participant’s registration for the Summit).
We respect the principle of data minimisation by storing only personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
Recipients of personal data
Your personal data may be transferred and further processed by other persons in connection with the organisation of the Summit, in particular:
- company smsticket s.r.o., ID No.: 292 98 814, with registered office at Štefánikova 836/1, Veveří, 602 00 Brno, registered in the Commercial Register maintained by the Regional Court in Brno, Section C, File 72264, which is the operator of the website smsticket.cz, an online platform for ticketing;
- state authorities (the Office for Personal Data Protection, law enforcement authorities, the Police of the Czech Republic, prosecutors, courts, tax administrators) and other entities on the basis of other legal regulations; or
- to entities that provide us with related services (in particular lawyers and other advisors) and with whom we have concluded the relevant contract for the processing of personal data;
- company Indep s.r.o., ID No.: 284 87 010, with registered office at Zvonková 3048/2, Záběhlice (Prague 10), 106 00 Prague, registered in the Commercial Register maintained by the Municipal Court in Prague, C 145153/MSPH.
We ensure adequate procedures are in place to prevent unauthorized access to and misuse of personal data. We use necessary and appropriate systems and procedures to protect and secure the personal information you provide to us.
We also employ security procedures and technical and physical restrictions on access to and use of personal information on our servers. Only authorized personnel who work with the data have access to personal data.
Time for which personal data are stored
When handling your personal data for specific purposes, we respect the principle of storage limitation, whereby we keep your personal data only for the necessary period of time.
We retain your personal data for the duration of the Summit and after the Summit for other necessary purposes such as compliance with our legal obligations, contractual obligations, dispute resolution or for any administrative proceedings. These needs vary depending on the specific reason for retention, and therefore the retention period for different types of your personal data varies significantly in specific cases and can be up to 10 years after the Summit.
Automated individual decision-making, including profiling
The processing of your personal data does not involve any decision-making based solely on automated processing, including profiling, which would have legal effects on you or would significantly affect you in a similar way.
As a data subject, you have legal rights in relation to the processing of your personal data, which you can exercise at any time. These are the right (i) to access personal data, (ii) to rectification and completion of inaccurate and incomplete personal data, (iii) to erasure of personal data (the so-called “right to be forgotten”), (iv) to restriction of processing of personal data, (v) to data portability and (vi) to object.
- Right of access to personal data – you have the right to obtain information from us about whether or not we are processing personal data relating to you and, if so, you have the right to access that personal data.
- Right to rectification of personal data – if you believe we are processing inaccurate or incomplete personal data concerning you, you have the right to rectification, or you have the right to complete incomplete personal data, including by providing an additional statement.
- Right to erasure of personal data (“right to be forgotten”) – if you ask us to erase your personal data, we will do so without undue delay, in particular if:
- your personal data is no longer needed for the purposes for which it was collected or processed,
- your personal data is processed on the basis of your consent and you withdraw this consent and there is no other legal basis for the processing,
- you object to the processing of your personal data and there are no overriding or legitimate grounds for processing your personal data,
- your personal data is processed unlawfully,
- there is no longer a legal obligation to process the data under European Union law or national law.
- Right to restriction of processing of personal data – you have the right to ask us to restrict the processing of your personal data if:
- you deny the accuracy of the personal data,
- the processing is unlawful and you have also refused the erasure of your personal data and requested a restriction on its use,
- we no longer need your personal data for the purposes of processing, but you require it for the establishment, exercise or defense of legal claims,
- you have objected to the processing of your personal data and it has not yet been verified whether our legitimate grounds outweigh your legitimate grounds.
- Right to data portability – you can exercise your right to data portability. Upon your request, we will transfer your personal data in a structured, commonly used and machine-readable format to you or another Controller, which we will process on the basis of the contract or consent you have provided to us. If the exercise of this right would adversely affect the rights and freedoms of others, we will not be able to comply with your request.
- Right to object – you have the right to object to the processing of your personal data for public interest purposes or for the purposes of our legitimate interest. If the processing of your personal data is based on our legitimate interest (including direct marketing), you can object to this processing if it relates to the objected purpose. In this case, your personal data will no longer be processed for this purpose.
Please also note that if you have given us your consent to the processing of your personal data, you have the right to withdraw this consent at any time, by post to our registered office or by email to email@example.com.
We would also like to draw your attention to the possibility of lodging a complaint with the supervisory authority for personal data protection, which is the Office for Personal Data Protection, based at: Pplk. Sochora 727/27, Holešovice, 170 00 Prague 7, Czech Republic, email: firstname.lastname@example.org, if you believe that the processing of your personal data violates a legal regulation or your rights.
If you wish to exercise any of your rights, please contact us by email: email@example.com or by post at our registered office.
Any changes we may make to this Policy in the future will be posted on this page and, if appropriate, we will notify you by email. So please check this page for any updates and changes to our Policy.
You can contact us at any time regarding the processing of your personal data by sending an email to borovcova@-csr.cz or by post to the address of our registered office.
We provide all communications and statements regarding the rights you have exercised free of charge. However, if the request is manifestly unfounded or unreasonable, in particular because it is repetitive, we are entitled to charge a reasonable fee considering the administrative costs involved in providing the information requested. In the event of repeated requests for copies of the personal data processed, we reserve the right to charge a reasonable fee for administrative costs for this reason.
We will provide you with a statement and, where appropriate, information on the measures taken as soon as possible, but no later than one (1) month after receipt of the complete communication. We are entitled to extend the deadline by two (2) months if necessary and in view of the complexity and number of requests. We would inform you about the extension including the reasons.
This Policy is effective as of 1st June 2022 and will be updated periodically. The current version can always be found here.
Asociace společenské odpovědnosti, o.p.s.