Information regarding processing of personal data in compliance with GDPR regulation of European Parliament and Council (EU) 2016/679 named “Regulation and protection of personal data processing” for visitors of the web page czequestria.cz (referred to as “website”), customers of CZ/SK bronies z.s. association (referred to as “customers”) and attendees of events held by CZ/SK bronies z.s. association (referred to as “event visitors”).
Controller
CZ/SK bronies z.s., IČO: 02191041, of address V podvrší 1350/5, 182 00 Praha 8 – Libeň, Czech Republic registered in the Business Register in Prague City court, file mark L 2622 (referred as “controller”)
Controller contact email: info@czskbronies.cz
Purposes of processing personal data
We process website visitors’ personal data in order to fulfill the following operation requirements:
- safety & security of the website
- required and expected website functionality
- fulfillment of general obligatory law requirements
- protection of legitimate controller interests
We process customers’ personal data in a necessary manner for these purposes:
- postal delivery & returns of the ordered goods and services
- long term personal data storage required by accounting law
We process event visitors’ personal data in a necessary manner for these purposes:
- postal delivery & returns of the ordered goods and services
- long term personal data storage required by accounting law
- event entry
- planning the language scope of information materials and necessary language skills of event organizers
- audio and video recordings: for propagation purposes
- underage attendees: for acknowledgment of legal representative with event attendance
- underage attendees: Contact in case of unexpected event/emergency
- LARP attendees: in case of necessary assistance during the live game in the field
The personal data we process
Website Visitors
- Identity data – we process your IP address in order to authenticate access for the website administration and to ensure adequate website application security.
- Website usage data – for total site usage statistics, we process data on the number of unique accesses and impressions of individual parts of the site. This data is anonymized and uses the hashed IP address of the visitor (IP is encrypted to make identification pairing not possible).
- Embedded content – posts on this website may contain embedded content (such as videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if a visitor visited another site. This website may collect data about you, use cookies, insert third-party tracking and track your interaction with this embedded content – including tracking interactions with the embedded content if you have an account and are logged in to that website.
Customers
- Identity data – we process your name and surname to ensure the delivery of the ordered goods and/or services
- Contact details – in order to ensure the delivery of the ordered goods and/or services we may need to communicate with you in regard to the specifics of your order. For this purpose, we process your email, bank account information, and in the case of delivery by post also your address, city, zip code, and country.
Event visitors
- Identity data – we process your name and surname to ensure access to the event. Additionally, to provide the best event features for you (due to the necessity of language knowledge), we also process the country of the event visitor’s origin. In order to clearly identify when the visitor enters the event for the first time and the necessity of consenting to participation by minors, we also process the date of birth or age.
- Contact details – we process your e-mail, street address, and bank details to ensure delivery of the ticket, the goods associated with the ordered entry, and the information necessary for participation. For minors, we process the name, surname, and contact telephone of the legal representative for the purpose of informing legal representatives in case of an emergency during the event. For LARP attendees we also process a phone number to be able to provide assistance from the organizers of the infield play.
- Attendance event data – we use anonymized visitors data for the statistics of past events and the planning of future ones, ranging from numbers, types of sold tickets or rewards and distribution of sales over time, participation in LARP, the age of visitors, and country of visitor’s origin.
- Audiovisual materials – for the purpose of promoting the event, we acquire audiovisual recordings from events that capture the atmosphere of the event and its participants. These are then published on the website czskbronies.cz, on the website of the organized event, and on the selected sites (e.g. on social networks). The specific places where the audiovisual materials will be published are in compliance with GDPR to the best of our knowledge. These places are announced together with other information about the specific event and you can find them at the end of the event rules.
Processors of personal data
The website is managed by administrators who process the personal data of visitors of the website to the necessary extent to perform tasks (technical management and moderation) specified by the controller.
Customers’ data is processed by the members of the organization responsible for order processing and dispatching.
Event visitors’ data is processed by members of the association to the necessary extent for planning and ensuring the safe course of the event. In addition, personal data necessary for the issuance of purchased tickets, rewards at the venue, and actions related to this activity are processed by the person/s appointed by the controller. Audiovisual materials are further processed by authorized people and published at designated locations.
Recipients of personal data
The website is operated by the website provider Active 24 s.r.o, ID No: 25115804, registered office at Sokolovská 394/17, 186 00 Praha 8, registered with the Municipal Court in Prague, file number C.51029, and all personal data is stored in this provider’s database.
Backups, exports, and processed data from website applications are stored in a cloud storage GDrive with secure access.
How long do we keep Your personal data?
We keep your personal data only so long as we need it to provide the website to you and fulfill the purposes described above. Statistical anonymized visitors’ data are kept for the time of the association’s existence.
Customer’s personal data are kept for a period specified by law for accounting purposes or for the duration of the warranty of the service or the goods.
The personal data of event visitors are kept for the duration of the event and for the time necessary for the delivery of the purchased rewards that are part of the ticket, but no later than five years after the end of the associated event. After this time (or sooner) data of attendees is anonymized. Consents of participation of minors are kept for as long as legally necessary in case of an insurance claim regarding the associated event. In the case of telephone contact to the LARP attendees, these are deleted within 30 days after the event.
Audiovisual materials associated with organized events are kept for the time of the association’s existence.
Your rights
Your personal data is in accordance with GDPR and generally binding legal regulations. You have the right to access your data and the right to repair them.
In cases where your data are processed to which you have given consent, you are entitled to withdraw this consent at any time. If you wish to revoke your consent to the processing and there is no other legal reason for processing your data, you have the right to delete or restrict the processing.
As a visitor of the event if you want to withdraw a previously published Audiovisual material on which you’re displaying, contact the controller (see Controller section) and provide a link or other unambiguous description of the material in question.
You can apply the right to access your data and your other rights by sending an e-mail request to the controller’s email address (see Controller section).
If you believe that your data processing is not in order, you may file a complaint with the Personal Data Protection Authority (https://www.uoou.cz/)
If you have any questions regarding the processing of your personal data or this policy, contact your controller directly via e-mail (see Controller section).