Last revised: 21 April 2020
This document describes how DDC Financial Group s.r.o. uses the personal data that they receive from you. This document is in accordance with the General Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), under which you have the right to be informed of the data that are being processed by the Controller.
1. TO WHOM THE CONSENT TO PROCESS YOUR PERSONAL DATA IS GRANTED?
1.1 Your consent is granted to DDC Financial Group s.r.o., address: Boušovická 230/12, 190 00 Prague, Czech Republic, ID: 03945839, the company registered in the commercial register maintained by Municipal Court in Prague, Section C, File No. 239933, (the Controller).
A Controller is a person who determines the purposes and means of the processing of personal data.
1.2 Data Protection Officer
Data Protection Officer (DPO) is appointed by the Controller. The DPO may be reached via email at firstname.lastname@example.org or via phone at the number: +420 222 535 535.
DPO is a person qualified in data protection area and her/his main responsibilities are:
(i) informing and advising the Controller and its employees in fulfilment of their obligations pursuant to the GDPR;
(ii) monitoring compliance with the processing of personal data with the GDPR;
(iii) providing advice when requested as regards the data protection impact assessment and monitoring its performance; and
(iv) cooperation with the supervisory authority.
2. WHAT PERSONAL DATA BEING PROCESSED?
(i) The personal data that are being processed are the following:
(ii) Identification information (name, surname);
(iii) Business affiliation related to your person (company name, e-mail address, business postal address, phone number, company URL, job title),
(iv) Physical features and voice recordings captured during the events organised by the Controller (photography, video and voice recordings). These materials will be used anywhere in the world for promotional, marketing and other purposes of the Controller.
(v) Information on your utilization of our services, including information in your requests for services;
(vi) Information from our personal, telephone and electronic communication with you;
(vii) Information from the internet browser that you use or mobile applications;
(viii) A copy of your business card if you have asked us to share with other participants;
(ix) as well as any information which the Controller processes in relation to the contract fulfilment, legal obligation and for the purposes of the Controller’s legitimate interest.
3. SOURCES OF PERSONAL DATA
The Personal Data are being obtained directly from you or from a person that you appointed to provide us with such data, from social networks and internet where you have personally posted them for receiving marketing information, from surveys regarding the market situation, from automatized processing analysing the Personal Data to target the advertisement, from own Controller’s activity and from publicly available sources (such as company websites, etc.).
4. PURPOSE OF PROCESSING
The Controller processes the Personal Data for the purpose of offering the services of the Controller. The activities that fall within this purpose include, in particular, the processing for marketing purposes, sending the newsletters, marketing analysis and profiling with the aim to accommodate our offer to your needs and improve the provided services. The Controller processes your personal data for purpose of registering you as a participant in the event organised by the Controller, to offer, contract and execute the sponsorship services, to offer networking meetings at the event, etc. The Controller processes the Personal Data for the purpose of recruitment of employees.
5. HOW ARE THE PERSONAL DATA PROCESSED?
The processing of your Personal Data may be manual but also automated. Some of the collected Personal Data are used for automated decision-making. Your Personal Data is being processed mainly by the designated employees of the Controller.
6. WHAT ARE THE LEGAL GROUNDS FOR PROCESSING OF PERSONAL DATA?
Legal grounds for processing of the Personal Data is set by Article 6(1) of GDPR pursuant to which the processing is lawful, if it is necessary for the performance of a contract or services that you have requested to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract or registration for events organised by the Controller. Personal data processing is lawful if it is based on the consent of the data subject to the processing of his or her personal data for one or more specific purposes.
7. WHO WE SHARE YOUR PERSONAL DATA WITH?
If you are attending one of our physical or virtual events, and unless already specified by you, we will share your basic Personal Data (name, company name and job title) with other participants via printed materials and electronic networking software applications used before, during and immediately after the event. We may share your Personal Data (name, company name and job title and business email address) with Sponsors of the event that you are attending.
A key purpose for any individual or company attending our business conferences is to network and meet new potential business partners. For the purpose of scheduling a networking meeting during the event (virtual or physical), your certain personal information (name, company name, job title) will be therefore made available to other participants of the particular event.
We may also share your personal information with third-parties to whom we outsource certain support services such as printing, translation, video and photography services, registration for the event, scheduling and holding networking meetings (including video meetings) with other participants before, through and shortly after the event, as well as other third parties involved in the hosting or organising of our events.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new DDC Financial Group's entities or to third parties through which the business of DDC Financial Group will be carried out.
If participating at the event as a speaker, we may use social media sites such as Facebook, LinkedIn, Twitter and Instagram to advertise your attendance at one of our events.
We may share your Personal Data within the statutory limits to the state authorities, for example, tax offices, courts, law enforcement and judicial authorities or supervisory authorities.
We do not sell, rent or otherwise make Personal Data commercially available to any third party, except with your prior permission.
8. HOW YOU MAY REVOKE YOUR CONSENT
The consent is freely given and you may decide not to grant it or to revoke it at any time by the applicable way of filing up the form/unticking the box/sending a request to the email or postal address of the Controller/via unsubscribe link in e-mail communication.
Once the revocation of your consent is obtained by the Controller, we will assume that you no longer wish to have your Personal Data processed for the marketing purposes, and we will consider all other marketing consents consider as revoked.
9. RIGHTS RELATING TO THE PROCESSING OF THE PERSONAL DATA
The Controller ensures that your Personal Data are processed in secure and accurate manner. You may exercise all the rights described in this clause with the Controller.
How can you exercise your rights?
You may exercise each individual right via sending an email to email@example.com or by calling to +420 222 535 535, eventually by sending a written request to the postal address of the Controller.
A statement or information on measures adopted shall be provided to you by the Controller as soon as possible, but not later than within 1 month from receipt of the request. The Controller is entitled to extend this period by 2 months taking into account complexity of the issue and number of requests submitted. The Controller will inform you of such an extension.
9.1 Right to be informed - at least about:
(i) the identity and the contact details of the Controller and of the Controller's representative;
(ii) the contact details of the DPO;
(iii) the purposes of the processing of the Personal Data as well as the legal basis for the processing;
(iv) the legitimate interests pursued by the Controller;
(v) the recipients or categories of recipients of the Personal Data;
9.2 Right of access
You may request access to your Personal Data and obtain information what Personal Data concerning your person is being processed, and access the following information:
(i) the purposes of the processing;
(ii) the categories of Personal Data concerned;
(iii) the recipients or categories of recipient to whom the Personal Data have been or will be disclosed
(iv) the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine such period;
(v) the existence of the right to request from the Controller rectification or erasure of the Personal Data or restriction of processing of the Personal Data concerning you or to object to such processing;
(vi) the right to lodge a complaint with a supervisory authority;
The Controller shall provide a copy of the Personal Data undergoing processing. For any further requested copies, the Controller may charge a reasonable fee based on administrative costs. The DPO or other authorized person may decide that you should be asked to cover the costs or that your request can be rejected. Where the request is made by the electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.
9.3 Right to rectification
(i) You have the right to request the Controller to rectify your inaccurate Personal Data.
(ii) You have also right to have your incomplete Personal Data completed, including by means of providing a supplementary statement. While executing this right, the purposes of the processing must be taken into account and the DPO shall decide whether it is appropriate or not.
9.4 Right to erasure
You have the right to ask the Controller to erasure your Personal Data. The Controller shall have the obligation to erase your Personal Data where one of the following grounds applies:
(i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(ii) you object to the processing and there are no overriding legitimate grounds for the processing;
(iii) you revoke the consent and there is no other reason for the processing;
(iv) the Personal Data has been unlawfully processed;
(v) the Personal Data have to be erased for compliance with a legal obligation in the European Union or Member State law to which the Controller is subject.
Right to erasure shall not apply to the extent that processing is necessary for the establishment, exercise or defence of legal claims.
9.5 Right to the restriction of processing
You have the right to restrict the processing where one of the following applies:
(i) you contest the accuracy of the Personal Data, for a period enabling the Controller to verify the accuracy of the Personal Data;
(ii) the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its processing instead;
(iii) the Controller no longer needs the Personal Data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims;
(iv) you have objected to processing pending the verification whether the legitimate grounds of the Controller override those of yours.
9.6 Right to object
You have the right to object, on grounds relating to the particular situation, at any time to the processing of your Personal Data, including profiling.
The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
9.7 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (Czech Data Protection Authority), of the alleged infringement if you consider that the processing of the Personal Data infringes your rights.
9.8 Right to portability
In relation to the Personal Data that you have provided to the Controller and that is subject to automatized processing, you have the right to receive it in a structured, commonly used and machine-readable format and the right to transmit this Personal Data to another controller without hindrance from the Controller.
10. HOW TO CONTACT US?
In case of any questions regarding the processing of your Personal Data you may contact us in writing, via e-mail or telephone on below contact details:
DDC Financial Group s.r.o., Bohušovická 230/12, 190 00 Prague, CZ
Telephone: +420 222 535 535
11. GENERAL INFORMATION
The Controller may change, amend, repeal or replace this notification any time, if necessary.
DDC Financial Group s.r.o.
Identification No.: 039 45 839
Registered office: Bohušovická 230/12, 190 00 Prague, Czech Republic