If you are our customer, news subscriber or website visitor, you entrust us with your personal data. We are responsible for its protection and security.
Please familiarize yourself with the protection of personal data, policies and rights that you have in connection with the GDPR (Personal Data Protection Regulation).
Who is the data controller?
We are the Tourism Authority of South Bohemia , ID: 720 53 127, VAT: CZ 720 53 127, with its registered office at: U Zimního stadionu 1952/2, České Budějovice, 370 76, incorporate in the Commercial Register administered by the Regional Court in České Budejovice, under the file number No. 539 Pr, which operates the website: www.sbcb.cz . We process your personal data as a data controller, i.e. we determine how your personal data shall be processed and for what purpose, for how long, and we select any other processors who will assist us with the processing.
Should you like to contact us during processing, you can contact us by phone at +420 387 201 283 or by e-mail: firstname.lastname@example.org .
We declare that, as the data controller of your personal data, we comply with all legal obligations required by applicable legislation, in particular by Act No. 101/2000 Coll. on Personal data protection and the GDPR, and:
- we will only process your personal data on the basis of a valid legal reason, in particular legitimate interest, performance of the contract, legal obligation or granted consent.
- We fulfil the information obligation under Article 13 of the GDPR before starting the personal data processing.
- We will enable and support you in exercising and enforcing your rights under the Personal Data Protection Act and the GDPR.
Scope of personal data and processing purposes
We process personal data that you entrust to us, for the following reasons (to fulfil these purposes):
- Provision of services, performance of the contract – We need the following personal data from you: e-mail, name and surname, address, phone, (or company name, ID number, VAT number and a contact person) to perform contracts (e.g. provision of services, etc.). We also record your business transactions with us.
- Accounting – If you are a customer, we necessarily need your personal data (billing information) in order to comply with legal obligations to issue and record tax documents.
- Marketing – Sending newsletters – We use your personal information (e-mail and name), gender, what you click on in your email, and when you most often open it for the purpose of direct marketing – sending business messages. If you are our customer, we act in this way for a period of 10 years from the last order . This is due to a legitimate interest, as we reasonably expect that you are interested in our news.
If you are not our customer, we will only send you newsletters based on your consent for a period of 10 years from the date of granting the consent . In either case, you can revoke this consent by using the logout link that can be found in each email sent.
- Advanced marketing based on the consent – Only with your consent can we send you inspiring third-party offers or use an email address, e.g. for remarketing and targeting Facebook advertising < strong> for 10 years after granting the consent . Of course, this can be revoked at any time by using our contact details.
We retain your personal data for the duration of the limitation periods, unless the law stipulates a longer period for their retention (e.g. the Accounting Act, VAT Act) or we have not stated otherwise in specific cases. Due to our legitimate interests (post-warranty service, service improvement, etc.), we keep your personal data and order history for 10 more years, thus together for a maximum of 20 years.
Security and protection of personal data
We protect personal data as much as possible by using modern technologies that correspond to the level of technical development. We protect them as if they were our own. We have adopted and maintain all possible (currently known) technical (antivirus SW, password-protected access, etc.) and organizational measures to prevent the misuse, damage or destruction of your personal information.
Transfer of personal data to third parties
Our employees and co-workers have access to your personal data.
To ensure specific processing operations that we cannot arrange on our own, we use the services and applications of data processors who can protect data even better than we do and specialize in the relevant processing.
These are the providers of the following platforms: Facebook, Google, Seznam, accounting company, and external suppliers.
It is possible that in the future we will decide to use other applications or data processors to facilitate and improve processing. However, we promise you that in such a case, when selecting, we will place at least the same demands on the data processor regarding security and quality of processing as we place on ourselves.
Transfer of data outside the European Union
We process data exclusively in the European Union or in countries that provide an adequate level of protection based on the decision of the European Commission.
Your rights in connection with personal data protection
You have a number of rights with regard to the protection of personal data. If you would like to exercise any of these rights, please contact us by email: email@example.com .
You have a right to the information that is already fulfilled by this privacy information page.
Thanks to the right of access , you can ask us at any time and our company will prove to you within 30 days which of your personal data has been processed and why.
If something changes for you or you find your personal information out of date or incomplete, you have a right to add and change your personal information. It is impossible to edit billing information for accounting reasons.
You may exercise the Right for limitations of processing if you assume that we inaccurately process your data, we process illegally but you do not want to delete all data, or if you have raised objections against processing. You can limit the scope of personal data or the purposes for processing. (For example, by unsubscribing from a newsletter, you limit the purpose of processing to sending business information.)
Right for portability
If you would like to take your personal data and transfer it to someone else, we will proceed in the same way as when exercising the right of access – except that we will send you the information in machine-readable form. In this case, we need at least 30 days to do so.
Right to delete (to be forgotten)
Your next right is the right to delete (to be forgotten). We do not want to forget about you, but if you wish, you have the right to ask for this. In such a case, we will delete all your personal data from our system as well as from the system of all sub-processors and backups. We need 30 days to arrange the right to delete.
In some cases, we are bound by a legal obligation, and for example, we must register the issued tax documents for the period specified by law. In this case, we will delete all such personal data that is not bound by another law. We will inform you by e-mail about the completion of the deletion.
Complaint at the Office for Personal Data Protection
If you feel that we are not handling your data in accordance with the law, you have the right to contact the Office for Personal Data Protection at any time with your complaint. We would be very happy if you first inform us of this suspicion so that we can do something about it and correct any mistakes.
Unsubscribe from newsletters and business information
We send you inspirational e-mails, articles or products and services if you are our customer based on our legitimate interest .
If you are not yet our customer, we will send the e-mails to you only based on your expressed consent. In either case, you can unsubscribe from our e-mails by pressing the unsubscribe link in each email sent.
We want to assure you that our employees and associates who process your personal information are required to maintain the confidentiality of personal information and security measures whose disclosure could jeopardize the security of your personal information. At the same time, this confidentiality continues even after the end of your contractual relations with us. Your personal data will not be disclosed to any other third party without your consent.
These principles of personal data processing apply from 31 December 2019.