Ochrana osobních údajů (GDPR) Personal Data Protection (GDPR)
Privacy Policy
1. Introductory provisions and controller
1.1. The association Děti fitness aneb sportem proti drogám (Children's Fitness or Sports Against Drugs), ID No.: 27010813, with its registered office at Písková 288/17, Modřany, 143 00 Prague, an association registered in the Association Register maintained by the Municipal Court in Prague, file no. L 16118 (hereinafter referred to as the "Controller" or "Association") hereby, as the controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 94/46/EC (hereinafter referred to as the "GDPR"), hereby informs natural persons (hereinafter referred to as "Data Subjects") about the conditions for the processing of personal data in connection with the organization of the Competition and the registration of Data Subjects in the Competition.
1.2. These personal data protection rules may be supplemented, modified, or otherwise updated on a regular basis without prior notice. However, personal data (as defined below) will always be handled in accordance with the Personal Data Protection Rules that were in effect at the time of its collection.
1.3. The Controller can be contacted in writing at its registered office, by email at info@miafestival.cz, or by telephone at +420 608 735 523.
1.4. The Controller has not appointed a data protection officer.
2. Processing of personal data; legal basis for the processing of personal data
2.1. The Controller hereby informs the Data Subjects that it processes their personal data on the basis of the legal grounds set out below, for the purposes set out below, to the extent specified and for the period specified below.
2.2. The controller processes the following personal data: date of birth, gender, age, start number, points achieved in the Competition, ranking in the Competition, ranking in the category, sports club, photograph (this data is necessary for classification in the correct results category according to the rules of the Competition, determination of the official ranking in the Competition, and identification as a specific Participant); first name, last name, home address, e-mail, telephone number (this data is necessary for the conclusion of a contract for registration for the Competition between the Organizer and the Competition Participant who registers for the Competition).
2.3. The legal basis for the processing of personal data is:
● performance of the contract between the Participant and the Administrator (hereinafter referred to as "Performance of the Contract"),
● registration of Participants in the Competition,
● recording the results of the Competition,
● administration of the Participant's user account,
● accounting and tax purposes,
● fulfillment of our obligations under the law,
● the Controller's legitimate interest in providing direct marketing – in particular for sending commercial communications and newsletters (hereinafter referred to as "Legitimate Interest"),
● Participant's consent to the processing of personal data for direct marketing purposes (in particular for sending commercial communications and newsletters) in the event that no goods or services have been ordered (hereinafter referred to as "Consent").
2.4. The Controller carries out automatic individual decision-making within the meaning of Article 22 of the GDPR. You have given your explicit consent to such processing.
3. Purpose of personal data processing
3.1. Personal data is processed for the purposes listed below:
3.1.1. creation and administration of the Participant's user account for the purpose of placing the Participant in the appropriate category according to the Competition Rules,
3.1.2. to implement/perform a contract concluded with the Data Subject,
3.1.3. to fulfill our obligations under the law (e.g., legal obligations in the area of accounting and taxes, accounting and tax regulations, etc.),
3.1.4. for the purpose of direct marketing, e.g. sending commercial communications and newsletters,
3.1.5. for the purpose of news and publishing activities,
3.1.6. for the purpose of promoting the Organizer and the Competition,
3.1.7. for the purpose specified in the consent given by the Data Subject.
4. Scope (categories) and source of personal data
4.1. Personal data is processed to the extent specified below and from the following sources:
4.1.1. identification data (first name, last name, date of birth, document number, etc.);
4.1.2. contact details (address, email address, telephone number, etc.);
4.1.3. transaction data (account number, information about payments for services, etc.);
4.1.4. photographs and videos from the Competition.
4.2. Personal data comes primarily from Data Subjects, i.e. mainly from Competition Participants by filling out the registration form and/or Competition application, and also from third parties.
5. Period of personal data processing
5.1. Unless otherwise stated in the previous points, the Controller stores personal data
● for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Participant and the Controller and to enforce claims arising from these contractual relationships, if the legal basis is the performance of the contract;
● for the period specified by law, or for the period necessary to fulfill the purposes of processing, if the legal basis for processing is the fulfillment of legal obligations;
● for the period necessary to fulfill the purposes of processing, or until legitimate objections are raised, if the legal basis for processing is legitimate interests;
● for the period for which consent has been given, or until it is revoked, if the legal basis for processing is the consent of the Data Subject.
5.2. After the expiry of the personal data retention period, the Controller shall delete the personal data.
5. Period of personal data processing
5.1. Unless otherwise specified in the previous points, the Controller shall store personal data
● for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Participant and the Controller and to enforce claims arising from these contractual relationships, if the legal basis is the performance of the contract;
● for the period specified by law, or for the period necessary to fulfill the purposes of processing, if the legal basis for processing is the fulfillment of legal obligations;
● for the period necessary to fulfill the purposes of processing, or until legitimate objections are raised, if the legal basis for processing is legitimate interests;
● for the period for which consent has been given, or until its revocation, if the legal basis for processing is the consent of the Data Subject.
5.2. After the expiry of the personal data retention period, the Controller shall delete the personal data.
6. Data recipients
6.1. In justified cases, the processed personal data may be transferred to processors whose cooperation is necessary for the organization and implementation of the Competition. The data is provided to processors only to the extent necessary and is done so on the basis of a concluded processing agreement. The personal data of Participants is not provided to partner entities that are not directly involved in the implementation of the Competition and is not provided to other third parties in any way.
6.2. These are primarily entities providing accounting and tax advisory services, IT service providers, entities providing printing of competition materials, post-race reporting services, entities whose products are part of the registration process, and components of the integrated rescue system. Personal data is provided to entities on the basis of, among other things, a specific action taken by a Competition Participant (e.g., the purchase of a given product) or in the event of an exceptional event affecting the Participant. If data is sent to these entities, it is done so only to the minimum extent necessary to ensure the provision of services of appropriate quality and to comply with the relevant Regulation.
7. Rights of Data Subjects
7.1. The Data Subject may exercise the following rights, provided that the conditions set out in the legislation have been met:
1. the right to access personal data concerning the Data Subject, i.e. the right to request confirmation as to whether data concerning the Data Subject are being processed and, if so, to obtain information about the processing in question or a copy of the data being processed;
2. the right to rectify personal data, i.e. the right to request the rectification of inaccurate data or the completion of incomplete data;
3. the right to erasure of personal data, i.e. the right to request the immediate erasure of processed data if any of the reasons specified in the legal regulations apply;
4. the right to restriction of processing of personal data;
5. the right to object to processing, i.e. the right to object to the processing of data on the legal basis of legitimate interests or for direct marketing purposes;
6. the right to data portability.
7. Withdrawal of consent.
7.2. Rights can be exercised by sending a request via the Controller's contact details.
7.3. The data subject also has the right to lodge a complaint with the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00, Prague 7.
8. Cookies
8.1. Cookies are text files containing small amounts of information that are downloaded to your device when you visit our website. Cookies are then sent back to the website or another website that recognizes them on each subsequent visit.
8.2. Cookies perform various tasks, such as enabling efficient navigation between web pages, remembering visitor preferences, and generally improving the user experience. They can also ensure that advertisements displayed online are better tailored to the user and their interests.
8.3. We use the following cookies on our website:
● Necessary cookies: these are required for the website to function, for example, to log in to secure areas of the site and other basic site functionality. This category of cookies cannot be disabled.
● Analytical/statistical cookies: these allow us, for example, to recognize and count the number of visitors and see how our visitors use the website. They help us improve the way the site works, for example, by enabling users to easily find what they are looking for. We only run these files with the user's prior consent.
● Advertising cookies: these are used to track preferences and allow us to display advertising and other content that best matches the user's interests and online behavior. We only run these files with the user's prior consent.
8.4. Please note that third parties (including, for example, external service providers) may also use cookies and/or access data collected by cookies on the website.
8.5. Information about cookies and their current list can be found through individual internet browsers, most often in the Developer Tools section.
8.6. Consent can be expressed by checking the box in the cookie bar. You can also subsequently reject cookies in your web browser settings or set up the use of only certain cookies.
8.7. For more information on managing cookies in individual browsers, please visit the following links:
● Internet Explorer – https://support.microsoft.com/cs-cz/help/17442/windows-internet-explorer-delete-manage-cookies
● Google Chrome – https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
● Firefox – https://support.mozilla.org/cs/kb/povoleni-zakazani-cookies
● Safari – https://support.apple.com/cs-cz/guide/safari/sfri11471/mac
● Opera – https://help.opera.com/cs/latest/security-and-privacy/
● Microsoft Edge – https://docs.microsoft.com/cs-cz/sccm/compliance/deploy-use/browser-profiles
8.8. Consent to the storage of cookies can be revoked at any time using the individual settings of the end device (internet browser). However, blocking or deleting cookies may affect the proper functioning of the Administrator's website.
9. Conditions for the security of personal data
9.1. The Administrator declares that it has taken all appropriate technical and organizational measures to secure personal data.
9.2. The Administrator has taken technical measures to secure data storage and personal data storage in paper form.
9.3. The Administrator declares that only persons authorized by it have access to personal data.
10. Final provisions
10.1. By completing the inquiry form, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in their entirety.
10.2. The controller is entitled to change these terms and conditions. The new version of the personal data protection terms and conditions will be published on its website and sent to the email addresses of the data subjects.
These terms and conditions shall take effect on March 14, 2025.