for the Golden Prague International Television Festival
I. Basic information
Identity and contact details of the controller:
Czech Television, with its seat at Kavčí hory, 140 70 Prague 4, Id. No.: 00027383, as the organiser of the Golden Prague International Television Festival (hereinafter the “Festival”), is the controller of personal data provided by the applicants, Festival visitors and persons visiting the organiser’s website.
Controller’s contact details: firstname.lastname@example.org
The Czech Television processes the personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as amended (hereinafter the “GDPR”), and pursuant to Act No. 110/2019 Coll., on personal data protection.
Purposes and legal grounds for personal data processing:
Personal data of the applicants, Festival visitors and persons visiting the organiser’s website (hereinafter the “data subjects”) are processed to the extent necessary for administration activities related to the Festival, including, without limitation, to comply with the legal obligations to which the controller is subject, as well as for the purpose of performance of a contract and based on the data subjects’ consent, depending on the manner in which the data subjects’ personal data are provided to the controller.
Application to participate in the competition
Data subjects’ personal data specified in the application to participate in the competition are processed for the purpose of inclusion of the programme in the competition, the applicant’s accreditation, and communication with the applicant; the legal grounds for the processing are performance of a contract and compliance with the legal obligations to which the controller is subject.
Data subjects’ personal data specified in the registration form are processed for the purpose of free access to public festival events and participation in the festival programme; the legal grounds for processing are performance of a contract and compliance with legal obligations to which the controller is subject, as well as the controller’s legitimate interest in identifying and communicating with the data subjects.
Subscription to the Newsletter
Data subjects’ personal data provided upon subscription to the Newsletter are processed on the basis of consent of the data subject, i.e. on the basis of voluntary checking the consent field, whereby the data subject is included in the database of recipients of the Newsletter; the legal ground for processing is the consent of the data subject, who may revoke the consent at any time.
Categories of personal data concerned:
Contact details, such as e-mail address, telephone number
Identification details, such as the name, surname, academic degree, place of residence, job position at the applicant’s organisation, IP address
Duration of data processing:
Personal data processed on the legal ground of performance of a contract are processed during the term of the contractual relationship and subsequently for the period necessary to secure the legal claims following from the contract (i.e. for the period during which the mutual rights and obligations following from mutual contracts may become the subject of a court dispute).
Personal data processed on the legal ground of compliance with legal obligations are processed for the period stipulated by the applicable legal regulations.
Personal data processed on the legal ground of the data subject’s consent are processed until the consent of the data subject is revoked, but not longer than for a period of 5 years after granting of the consent.
Recipients of personal data:
The recipients of personal data are suppliers and media and business partners whose performance is related to organisation, promotion and course of the Festival, in each case within the scope that is strictly necessary for the given performance.
The Controller uses the MailChimp service for dissemination of the Newsletter.
II. Rights of data subjects
In relation to personal data processing, data subjects have the right to access personal data, the right to rectification or supplementation, the right to erasure, the right to restriction of processing, the right to data portability, the right to object and the right not to be subject to automated individual decision-making, including profiling.
Right of access
Access to personal data means the data subject’s right to obtain from the controller information (confirmation) as to whether or not his/her personal data are being processed and, if they are being processed, the data subject has the right to obtain such personal data, and also the right to be informed of the purpose of the processing, on the categories of personal data concerned, on the recipients or categories of recipients to whom the personal data have been or will be disclosed, on the planned period for which the personal data will be stored, on the existence of the right to request that the controller correct or erase the personal data, on the right to object, and on the right to lodge a complaint with the supervisory authority, and to obtain all available information on the source of the personal data not provided by the data subject, and to be informed whether or not automated individual decision-making, including profiling, is being carried out.
Right to rectification
The data subject has the right to rectification of inaccurate personal data concerning him/her. This does not involve the controller’s duty to actively seek inaccurate data; however, if the data subject believes that his/her personal data are not accurate and/or complete, (s)he has the right to notify the controller and the controller is obliged to correct his/her personal data on request of the data subject.
Right to erasure (“to be forgotten”)
The data subject has the right to erasure of personal data, i.e. destruction of personal data processed by the controller, provided that at least one of the following conditions is met:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the data subject withdraws his/her consent and there is no other legal ground for the processing;
the data subject has objected to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data have to be erased to comply with a legal obligation;
the personal data were collected in relation to the offer of information society services pursuant to Art. 8 (1) of the General Data Protection Regulation.
Right to portability
The data subject may request the transfer of personal data provided to the controller and processed by the controller with the consent of the data subject by automated means to another controller in a structured, commonly used and machine-readable format, if technically feasible. The following common conditions for exercise of the right to portability apply:
the processing must be based on a legal ground, consent or contract;
the processing is carried out by automated means.
The exercise of the right to data portability may not adversely affect the rights and freedoms of others.
Right to restriction of processing
The data subject has the right to request that the controller restrict the processing of personal data concerning him/her. The data subject has the right to restriction of processing only in the following specified cases:
the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the personal data are no longer necessary for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
In the cases specified above, the controller shall restrict the processing of personal data to the necessary minimum (storage) and, where applicable, process the data only for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for other limited reasons stipulated by the applicable legal regulations. If the restriction is cancelled and the controller resumes the processing of the personal data, the data subject shall be notified accordingly without undue delay.
Right to object
The data subject may object to the processing of personal data, in particular where the data are processed on the basis of a legal ground where processing is necessary for the purposes of legitimate interests of the controller or a third party. In such a case, the controller shall terminate the processing of personal data unless it is proven that there are serious legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. An objection may also be raised against personal data processing for the purposes of direct marketing or profiling. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right to lodge a complaint
The data subject has the right to lodge a complaint concerning the processing of personal data with the supervisory authority, specifically the Office for Personal Data Protection, with its seat at Pplk. Sochora 27, 170 00 Prague 7, website www.uoou.cz.
III. Security, protection and confidentiality of personal data
The controller has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of the transferred, stored or otherwise processed personal data, or the risk of unauthorised access to personal data. However, if, despite all efforts, a personal data breach occurs and such breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall notify the data subjects of this fact without delay.
Unless the user disables third-party cookies in his browser and stays on the operator’s website or clicks on the “I Understand” or “I Agree” button forming part of the advice, the operator will consider this as the user’s consent to the use of such cookies.