The company provides information about the processing of personal data, which the subject of the data provided
the data controller within the terms of commencement of activities during performance of a contract:
(1) Representative for protection of personal data:
The representative for protection of personal data is JUDr. David Borovec.
E-mail: gdpr@prevent.cz
(2) Purpose of processing:
The data controller shall process personal data of subjects of data for the purpose of performance of a contract
in the field of on-line education, consultancy or auditing, including the related activities, such as issue of
certification, etc.
(3) Legal basis:
The consent of subjects of data: for the purpose of sending business messages not related to the provided
service, for the purpose of obtaining audio-visual recordings and their use for promotion in printed or
electronic form.
Performance or conclusion of a contract: for the purpose of delivery of the arranged services, including records
in on-line educational systems, issue of certificates and other related services.
Legal duty (Act No. 89/2012 Sb., Civil Code; Act No. 499/2004 Sb., on archiving and file services; Act No.
455/1991 Sb., Trade Licensing Act; Act No. 563/1991 Sb., on accounting; Act No. 235/2004 Sb., on value added
tax)
Legitimate interests: personal data recorded in on-line educational systems may be stored in relation to keeping
records, traceability or defence of the Controller’s legal claims.
(4) Processors of personal data:
Within the terms of performance of a contract personal data may be provided by the data controller for the
purpose of further processing to independent providers of accounting services, legal services and work medical
services, the specific categories of which shall be announced of the subjects of data on request.
(5) Other recipients:
For the purpose of its legitimate interests the data controller may disclose the provided personal data to
contractual partners authorised by the data controller in the field of IT services and technologies, marketing
services, consultancy services and certification services, the specific categories of which shall be announced
to the subjects of data on request.
Due to necessary transfer, back-up and archiving of electronic data, the personal data may be provided outside
the EU (certified cloud services with servers outside the EU guaranteeing a high degree of
security).
(6) Other third parties:
The data controller provides the personal data to the relevant public bodies or other subjects, who are
authorised to process personal data, for reasons related to government supervision, prevention, investigation,
discovery or prosecution of criminal acts or execution of sentences, including protection against threats to
public safety and their prevention.
(7) Other purposes for processing:
The data controller may also use the provided personal data for business and marketing purposes within the terms
of its legitimate interests or after consent to do so is granted.
(8) Period of storage of personal data:
The data controller stores personal data for the duration of performance of the contract and also for the period
required by the legal regulations. The exception to this may be storage of personal data for business and
marketing purposes, in relation to the controller’s legitimate interests for the purpose of keeping records,
traceability or defence of the controller’s legal claims.
(9) Automated processing of personal data:
During assessment of undergone testing the results are announced automatically. In such cases the subject of
data has the option of discussing the test results with a company employee and refrain from being part of an
automated decision.
(10) The rights of subjects of data:
The right to access to personal data – the subject of data is entitled to access to its personal data,
the data controller is required to provide a copy of the processed personal data.
The right to correction and supplementation of personal data – the subject of data is entitled to have
the data controller immediately correct or supplement its inaccurate personal data.
The right to deletion – e subject of data is entitled to have the data controller immediately delete its
personal data if:
- the personal data is no longer necessary for the purposes it was processed for
- the subject of the data withdraws its consent to the processing of its personal data
- the subject of the data raises objections against processing
- the personal data was processed illegally
- no other relevant legal regulations prescribe storage of personal data
- this does not concern public interest in the field of public health, archiving, scientific of historic
research, statistics
- this does not concern execution or defence of legal claims.
The right to restrict processing – the subject of data is entitled to require that the data controller
restrict processing of personal data in justified cases.
The right to the transferability of personal data – the subject of data is entitled to obtain its
personal data in the normally used structure and in machine-readable forma, and is entitled to pass this data on
to another controller.
Individual automated decisions – the subject of data is entitled to refrain from being the subject of any
decision based exclusively on automated processing, including profiling, if this is not essential for
performance of a contract.
The right to submit a complaint to the supervisory authority – the subject of data is entitled to submit
a complaint to the supervisory authority, i.e. the Personal Data Protection Office.
The right to raise an objection - the subject od data is entitled to raise an objection against the
processing of its personal data, the data controller must not continue processing this data in unwarranted
cases. An objection may be raised against processing for the purpose of direct marketing at any
time.
(11) Failure to provide personal data:
The subject of data must provide the personal data for legal reasons or for reasons given in the business
contract, otherwise this will prevent performance of the business contract.
(12) Other provisions:
If the subject of the data gives the data controller its consent to dispose of its personal data or does not
conclude a business relationship with the controller and there are no other reasons for processing the data, its
personal data in written form will be shredded and data in electronic form will be deleted.
Additional personal data, which the subject of data did not provide to the data controller personally, may be
obtained from publically accessible sources.