User

The company PREVENT s.r.o. (hereinafter referred to as "processor") processes personal data provided by individual persons (hereinafter referred to as "data subject/s") to entities that process personal data for the purposes arising from their activities (hereinafter referred to as "data controller/s"), and who are customers of the processor using the INSTRUCTOR service a contractual relationship basis.

(1) Representative for protection of personal data:
The representative for protection of personal data is JUDr. David Borovec.
E-mail: gdpr@prevent.cz

(2) Purpose of processing:
The processor shall process personal data of data subjects for the purpose of performance of a contract in the field of on-line education, consultancy or auditing, including the related activities, such as issue of certification, etc.

(3) Legal basis:
The consent of the data subject: for the purpose of sending commercial messages not related to the provided service, for the purpose of obtaining audio-visual recordings and their use for promotion in printed or electronic form.
Performance or conclusion of a contract: for the purpose of delivering agreed services, including registration in online education systems, issuing certificates and other related services.
Legal duty (Act No. 89/2012 Sb., Civil Code; Act No. 499/2004 Sb., on archiving and file services; Act No. 455/1991 Sb., Trade Licensing Act; Act No. 563/1991 Sb., on accounting; Act No. 235/2004 Sb., on value added tax)
Legitimate interests: personal data recorded in online educational systems may be stored as part of records, traceability or defense of the data controller's legal claims.

(4) Processors of personal data:
As part of the performance of the contract, personal data may be provided for further processing to external providers of accounting services, legal services, occupational health services, the specific categories of which will be communicated to data subjects upon request.

(5) Other recipients:
Due to legitimate interest, the processor may make personal data available to authorized contractual partners in the field of IT services and technologies, marketing services, consulting services, certification services, the specific categories of which will be communicated to data subjects upon request.
Due to the necessary transmission, backup and archiving of electronic data, personal data may be provided outside the EU (verified cloud services with servers outside the EU guaranteeing a high level of security).

(6) Other third parties:
For reasons of state supervision, prevention, investigation, detection or prosecution of criminal offenses or execution of sentences, including protection against threats to public safety and their prevention, the processor provides personal data to relevant public authorities or other entities authorized to process personal data.

(7) Other processing purposes:
The processor may also use the provided personal data for business and marketing purposes within the framework of a legitimate interest or after granting consent.

(8) Period of storage of personal data:
The processor keeps personal data for the duration of the performance of the contractual relationship and for the period imposed by law. An exception may be storage of personal data for business and marketing purposes, as part of a legitimate interest for the purposes of records, traceability or the defense of the legal claims of the processor and data controller.

(9) Automated processing of personal data:
During the evaluation of completed tests, the results are displayed automatically.

(10) Rights of the data subject:
Right of access to personal data – the data subject has the right to access personal data concerning him, the data controller is obliged to provide a copy of the processed personal data.
The right to correct and supplement personal data – the data subject has the right to have the data controller correct or supplement inaccurate personal data concerning him without any delay.
Right to erasure – the data subject has the right to have the data controller erase personal data concerning him without any delay, if:
- personal data are not needed for the purposes for which they were processed
- the data subject withdraws consent to the processing of personal data
- the data subject objects to the processing
- personal data were processed illegally
- the retention of personal data is not prescribed by other relevant legal regulations
- it is not a matter of public interest in the field of public health, archiving, scientific or historical research, statistics
- this is not the exercise or defense of legal claims.
The right to restrict processing – the data subject has the right to restrict the processing of personal data through the data controller in justified cases.
The right to portability of personal data – the data subject has the right to obtain personal data concerning him in a structured, commonly used and machine-readable format, and the right to transfer this data to another administrator.
Automated individual decision-making – the subject has the right not to be the subject of any decision based solely on automated processing, including profiling, if this is not necessary for the performance of the contract.
The right to lodge a complaint with the supervisory authority – the data subject has the right to lodge a complaint with the supervisory authority, i.e. Office for Personal Data Protection.
The right to object - the data subject has the right to object to the processing of personal data, the data controller may not further process such data in unjustified cases. You can object to processing for direct marketing purposes at any time.

(11) Failure to provide personal data:
The data subject must provide personal data for legal reasons or stated in the business contract, otherwise the fulfillment of the business contract would be impossible.

(12) Other provisions:
If the data subject does not give the data controller consent to the handling of personal data or does not enter into a business relationship with the data controller and there are no other reasons for processing, his personal data will be shredded in written form and deleted in electronic form.
Other personal data that the data subject did not provide to the data controller personally may be obtained from public sources.