EXPLANATION AND ADVICE
in line with Act No. 110/2019 Coll., on the processing of personal data, as amended (hereinafter only the “Act”), and within the meaning of Regulation No. (EU) 2016/679 of the European Parliament and the Council on the protection of individuals in terms of personal data processing and on the free movement of data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR").
Administrator and processor
The administrator and processor of personal data is the statutory city of České Budějovice, Company ID: 00244732, registered office nám. Přemysla Otakara II., 1/1, 370 92 České Budějovice (hereinafter only referred to as the "Administrator"). Within this document the customer provides the Administrator with information in accordance with the relevant provisions of the GDPR, in particular, with contact details.
The customer is hereby instructed about:
- the purpose of the processing for which the personal data is intended,
- the period for which personal data will be stored,
- the existence of the right to request the Administrator to provide access to their personal data (applicant or data subject), and to make corrections, deletions or apply processing restrictions,
- the right to submit objections against data processing,
- the existence of the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, with its registered office at Sochora 27, 170 00 Prague 7
Scope of personal data processing
The processed personal data includes all information provided by the customer to the Administrator through the registration process, which is necessary for booking and purchasing tickets online through the Cbsystem City Booking System operated by the Administrator (hereinafter only “Personal Data”).
Principles and purpose of Personal Data processing
Personal Data will be processed by the Administrator in accordance with the principles of personal data processing as defined in the relevant provisions of the GDPR and the Act.
Personal Data will be processed by the Administrator for the purposes of providing services related to the CBsystem, which includes, among other things, contacting the customer about Event changes for which the customer booked tickets, or which were directly purchased through their registration. For analytical and statistical purposes.
Personal Data may be provided to the following third parties:
We use Google Inc. codes (Google Tag manager, Adwords, Google Analytic). Seznam.cz, a.s. (Sklik) and Facebook Ireland Ltd., which help us analyse the behaviour of visitors and customers who use the portal.
Personal Data is only collected and stored in a secure data repository in electronic form. Data transmitted between the customer's device and the Administrator/CBsystem server is always encrypted with SSL protocol.
Personal Data processing period
Personal Data is processed and stored by the Administrator while the registration remains active.
Personal Data processing
Personal Data is received, collected and processed by the Administrator. Personal Data can be processed manually or automatically. Personal Data can also be provided to a third party, in particular, to Event Organisers, for which the customer has purchased or reserved a ticket.
Measures to ensure Personal Data protection
The Administrator hereby informs the customer that several levels of security are implemented at the level of the information system used to process the Personal Data.
Data subject (customer) rights
The customer has the right to access Personal Data within the extent stipulated by the Act and the GDPR.
The customer can submit a request to the Administrator and request information regarding the processing of Personal Data, and the Administrator is obliged to provide this information to the customer without undue delay. This information shall always include a statement specifying
- the purpose of the processing,
- Personal Data or Personal Data categories that are processed, including all available information about the source,
- beneficiaries or categories of beneficiaries.
The Administrator has the right to demand a reasonable fee for providing this information, which shall not exceed the costs necessary for the provision of the relevant information.
Further, the customer also has the rights defined in the Act and GDPR. Should the customer discover or believe that the Administrator is processing their Personal Data in conflict with the requirements on the protection of private and personal life, or in violation of the Act, especially if Personal Data is inaccurate with respect to the purpose of its processing, the customer can exercise their right to
- ask the Administrator for an explanation,
- require the Administrator to remedy the situation, in particular, this can include blocking, repairing, supplementing or deleting Personal Data.
If the customer's request, defined in the previous sentence, is justified, the Administrator shall inform the customer about it and shall immediately remedy the defective situation.
Should the Administrator fail to comply with the request, the customer is entitled to contact the Office for Personal Data Protection (www.uoou.cz).
Withdrawal of consent for Personal Data processing
The customer is entitled to revoke their consent with the processing of Personal Data in writing at any time and deliver their withdrawal note to the Administrator at nám. Přemysla Otakara II., 1/1, 370 92 České Budějovice The customer is entitled to request (in writing) the Administrator to destroy Personal Data and the Administrator is obliged to comply with such request no later than one week after the request is delivered to the Administrator.
The Administrator is not obliged to destroy Personal Data if so required by a special law governing the storage of personal data, archiving and protection of rights in civil proceedings, criminal proceedings and administrative proceedings.
The Administrator is not obliged to destroy Personal Data if such action is necessary to fulfil a legal obligation of the Administrator in relation to court or administrative proceedings where the Administrator is involved and the Administrator can do so to protect its rights or to protect the personal safety of the Administrator.
The customer expressly declares that they have been instructed in accordance with the above-mentioned laws governing the protection of Personal Data. By completing the registration and by keeping Personal Data updated, the customer grants the statutory city of České Budějovice, registered address nám. Přemysla Otakara II, 1/1, 370 92 České Budějovice, and the Personal data administrator their consent to the processing of Personal Data within the following extent. Personal Data processing refers to any operation or set of operations that the Administrator or processor systematically performs, either automatically or through the use of other processing means. Personal Data processing includes, in particular, collection, storage, disclosure, modification, changes, retrieval, use, transmission, dissemination, publication, exchange, sorting or combining, blocking and disposal or deletion of Personal Data.
Information on the processing of Personal Data in line with Article 13 of the GDPR (hereinafter the "Information") – Joint processors of CBsystem
1. Who is the Personal Data processor?
1.1 Jihočeské divadlo, (South Bohemian Theatre), non-profit organisation, Company ID: 00073482, registered address: Dr. Stejskala 424/19, České Budějovice 1, 370 01 České Budějovice, registered at the Regional Court in České Budějovice, under file No. Pr 112 (hereinafter only the "Theatre") and the City of České Budějovice, Company ID: 00244732, registered office nám. Přemysla Otakara II. 1/1, České Budějovice 1, 370 01 České Budějovice (hereinafter only the "City") jointly determined the purposes and means of spectator and audience Personal Data processing while purchasing tickets for the Theatre through the central booking system operated by the City (CBsystem), and therefore they are regarded as joint Administrators within the meaning of Article 26 of the GDPR (hereinafter only collectively referred to as Administrators").
1.2 Hereby we would like to inform you about the way the Administrators handle your Personal Data. The Administrators process all Personal Data in accordance with the relevant legal regulations, in particular, according to GDPR and other related legal regulations.
1.3 Please note that only persons over the age of 16 are allowed to purchase tickets or fill out forms and provide Personal Data.
1.4 Please make sure that the data you provide to the Administrators is accurate and complete. Please inform us of any changes to your Personal Data without undue delay, but no later than within 8 days after the change occurred.
1.5 In case of any questions, please contact us at: email@example.com
2. Data subjects – whose and to what extent is Personal Data processed by the Administrators?
2.1 The Administrators process the Personal Data of visitor and audience Personal Data, that is data the Administrators obtained in connection with the sale of Theatre tickets, in particular:
2.1.1 Identification and contact details (name, surname, residential address, telephone number, e-mail address);
3. Why do the Administrators process Personal Data and what entitles them to do so?
3.1 Data Administrators process the Personal Data specified in Article 2.1 for the following reasons or purposes:
3.1.1 Conclusion and performance of the contract, i.e., reservation or purchase of Theatre tickets and products, subscription orders, notices of performance or other service cancellation in accordance with Article 6/1 b of the GDPR – performance of contract. The data subject is not obliged by any law to provide Personal Data, however, without this necessary information the contract cannot be concluded and/or fulfilled.
3.1.2 Registration and organisational purposes, as required by Article 6/1 f GDPR – legitimate interest. Administrators process Personal Data based on legitimate interests (keeping data subject databases including contact details, records of receivables, records of consent, marketing purposes, etc.). The data subject is not obliged by law to provide Personal Data or information. Objections may be raised against this processing.
3.1.3 Direct marketing services of the Theatre based on Article 6/1 f of the GDPR regarding visitors and audience/clients who have provided their contact details – e-mail through the purchase of the relevant services. The customer is entitled to reject the receipt of commercial messages by sending a notification to: firstname.lastname@example.org, or later, by submitting notifications individually.
3.1.4 Provision of customer and technical service by the City for the Theatre in line with Article 6/1 f of the GDPR – legitimate interest. Administrators process Personal Data based on legitimate interest (the City operates the CBsystem platform used to sell tickets on behalf of the Theatre) and provides the Theatre with technical and customer services. The data subject is not obligated by any law to provide Personal Data for this purpose, as the data subject may purchase tickets and products in other ways, for example, at the Theatre box office. Objections may be raised against this processing.
4. How do the Administrators process the Personal Data of data subjects and to whom do they provide this data?
4.1 The Personal Data processing of data subjects is done manually as well as automatically. For example, registration or payments made via the payment portal are processed automatically. Personal Data is processed by:
4.1.1 The Administrators or their employees.
4.1.2 Perfect System, s.r.o., Company ID: 26480981, registered office Radlická 3301/68, Smíchov, 150 00 Prague 5, which administers and ensures the proper functioning of the CBsystem for this processing in line with the GDPR requirements and contract for data processing the City has concluded with Perfect System s.r.o.
4.1.3 External processors, with whom the Administrators cooperate and with whom they have concluded the necessary contracts on the processing of Personal Data. Should any changes related to the processors or to a larger number of processors be applied, the data subject will be informed about it upon request.
4.2 The Personal Data of data subjects may also be provided to:
4.2.1 Entities or institutions that are entitled to request Personal Data in accordance with the relevant legal regulations (e.g. the Police of the Czech Republic, inspection authorities, etc.).
4.3 Unless otherwise stated in this document, Personal Data is not transferred to any third country or international organisation (i.e. outside the EU).
5. How long do the Administrators keep Personal Data?
5.1 Unless stated otherwise, the Administrators store the Personal Data of data subjects while the relevant contractual relationship or legitimate interests of the Administrators last, or for a period specified by applicable laws, or until the relevant deadlines established to protect the rights of the Administrators expire. Specific information shall be provided to the Data Subject upon request
6. What are the data subject rights?
6.1 The data subject has the right to:
6.1.1 Request a disclosure of Personal Data, correction of inaccurate data or modification of incomplete data.
6.1.2 Withdraw their consent regarding the processing of Personal Data.
6.1.3 Request deletion of Personal Data if the purpose or legal reason for data processing no longer exists.
6.1.4 Request restrictions on the processing of Personal Data and, at the same time, the right to object to the processing if the request is based on a legitimate interest.
6.1.5 Request information on third parties to whom Personal Data has been provided/disclosed.
6.1.6 Be notified about a Personal Data security breach where there is a high risk to their rights and freedoms, unless the Administrators have already implemented technical and organisational safeguards or measures to ensure that the high risk is unlikely to materialise.
6.2 Should the data subject believe that the Administrators have violated any legal regulations while processing Personal Data, the data subject has the right to file a complaint with the Office for Personal Data Protection (www.uoou.cz) or to seek judicial protection.
6.3 Data protection officers – contact information:
City – KRUCEK, s.r.o., Company ID: 02037297, registered address Táboritská 1000/23, Žižkov, 130 00 Prague 3, contact person: lng. Rodan Svoboda, e-mail: email@example.com
This information is valid as of 14.10.2021
1 Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and on free movement of data and repealing Directive 95/46/EC (General Data Protection Regulation).