Neodent GDPR WEB

PERSONAL DATA PROCESSING DECLARATION
Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter referred to as "GDPR")
Personal Data Manager
Neodent Study Club, Haštalská 27, 110 00, Czech Republic, IČ: 28481887, registered by the Trade Department Prague 2,
(hereinafter referred to as the "Administrator")
Hereby informs you in accordance with Article 12 of the GDPR about the processing of your personal data and your rights.
Scope of processing personal data
Personal data shall be processed to the extent that the relevant data subject has provided it to the controller in connection with the conclusion of a contractual or other legal relationship with the controller, or collected by the controller otherwise and processed in accordance with applicable law or to fulfill the controller's legal obligations .

Sources of personal data
directly from data subjects (registration and purchases via websites, e-mails, telephone, chat, web contact form, social networks, business cards, etc.)
• publicly accessible registers, lists and records (eg business register, trade register, real estate register, public telephone directory, etc.)
Categories of personal data that are subject to processing
address and identification data used for unambiguous and unmistakable identification of the data subject (eg name, surname, title, possibly birth number, date of birth, permanent address, identification number, TIN) and data enabling contact with the data subject (contact details - eg. contact address, phone number, fax number, email address, and other similar information)
• Descriptive data (eg bank details)
• other information necessary for performance of the contract
• data provided in excess of the relevant laws processed within the consent of the data subject (photo processing, use of personal data for the purpose of personnel management, etc.)
Categories of data subjects
administrator site visitor
• Customer Manager
• Administrator's employee
• service provider
• another person who is in a contractual relationship with the trustee
Categories of recipients of personal data
processor
• financial institutions
• public institutions
• state and other bodies within the fulfillment of legal obligations stipulated by the relevant legal regulations
• other recipients (eg transfer of personal data abroad - EU countries)
Purpose of personal data processing
purposes contained in the data subject's consent
• Negotiating a contractual relationship
• performance of the contract
• protection of the rights of the trustee, recipient or other persons concerned (eg recovery of the trustee's claims)
• archiving under the law
• fulfillment of legal obligations by the administrator
• the protection of the vital interests of the data subject
Method of processing and protection of personal data
The processing of personal data is carried out by the administrator. The processing is carried out in its premises and in the headquarters of the administrator by individual authorized employees of the administrator. processor. The processing takes place through computer technology, or. also in a manual way for personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the controller has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to, alteration, destruction or loss of personal data, unauthorized transfers, unauthorized processing and other misuse of personal data. . All entities to whom personal data may be disclosed respect the right of data subjects to privacy and are required to comply with applicable data protection legislation.

Processing time of personal data
In accordance with the deadlines specified in the relevant contracts or legislation, this is the time necessary to ensure the rights and obligations arising from both the obligation relationship and the applicable legislation.
Lessons learned
The controller processes the data with the data subject's consent, except in cases stipulated by law, where the processing of personal data does not require the data subject's consent.
In accordance with Article 6 (1) of the GDPR, the controller may process the following data without the consent of the data subject:
the data subject has given its consent for one or more specific purposes,
• processing is necessary for the performance of the contract to which the data subject is party or for the implementation of the measures taken prior to the conclusion of the contract at the request of the data subject;
• processing is necessary to fulfill the legal obligation applicable to the controller,
• processing is necessary to protect the vital interests of the data subject or other natural person;
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller;
• processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data take precedence over those interests.
Data subjects' rights
1. In accordance with Article 12 of the GDPR, the controller shall, at the request of the data subject, inform the data subject of the right of access to personal data and to the following information:

the purpose of processing,
• the category of personal data concerned;
• recipients or categories of recipients to whom personal data have been or will be disclosed,
• the planned period for which personal data will be stored,
• all available information about the source of personal information,
• if not obtained from the data subject, whether automated decision making, including profiling, is taking place.
(2) Any data subject who ascertains or considers that the controller or processor is processing his or her personal data that is contrary to the protection of the privacy and personal life of the data subject or to the law, in particular where personal data are inaccurate with regard to the purpose of their processing may:
Ask the administrator for an explanation.
• Require the administrator to remedy the situation. In particular, it may be blocking, correcting, supplementing or deleting personal data.
• If the data subject's request under paragraph 1 is found justified, the controller shall immediately remedy the defective condition.
• If the controller fails to comply with the data subject's request pursuant to paragraph 1, the data subject shall have the right to contact the supervisory authority, ie the Office for Personal Data Protection.
• The procedure under paragraph 1 shall not preclude the data subject from contacting the supervisory authority directly.
• The administrator has the right to demand reasonable compensation for providing the information, not exceeding the costs necessary to provide the information.
So much this statement, which is publicly available on the administrator's website.