cs en
0 CZK 0 Ks
Tělovýchovná jednota Ostrava - Homepage

Processing of personal data

Information about the processing of personal data in the GOLFERIS MARKET APP
Your personal data is processed by the following company as the controller: name: Tělovýchovná jednota Ostrava ID No.: 00561916 with registered office: Varenská 3098/40a, 702 00 Ostrava sp. nr. L 98/KSOS registered at the Regional Court in Ostrava (hereinafter referred to as the "Administrator"), which hereby informs you about the processing of your personal data. 
This document contains detailed information about the processing of your personal data by the Administrator within the meaning of Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "GDPR"), in particular:
* what personal data the Controller processes about you;
* for what purpose and for how long the Controller processes your personal data;
* what rights you have and how you can exercise them.
Overview of basic terms For better clarity, we provide below a short overview of the basic terms that apply to the processing of personal data, in accordance with their definition under the GDPR:
Personal data - any information about a natural person (data subject, in this case the members of the Controller) from which the data subject is identified or identifiable, whether directly (from the data itself) or indirectly (in conjunction with other data held by the Controller), for example, a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of personal data - any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure or destruction.
Controller - A controller is a person (natural or legal), public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Processor - a processor is a person (natural or legal), public authority, agency or other body which carries out the processing of personal data for the controller.
Recipient - the recipient is the person (natural or legal), public authority, agency or other body to whom the personal data are disclosed.
Profiling - any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to the data subject, in particular to analyse or estimate aspects of the data subject's work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Principles, policies and procedures for processing personal data The Controller complies with the following principles and procedures when processing your personal data:
▪ Processes your personal data in a fair, lawful and transparent manner; ▪ Processes your personal data only for the purposes as described in this document and only to the extent necessary to fulfill such purposes; ▪ Considers your personal data to be true, accurate and up-to-date at all times, and asks you to update your personal data in the event of any changes to your personal data; ▪ Processes your personal data only for the time necessary to fulfill the purposes of processing as specified below in this document; 
▪ protects your personal data in such a way as to prevent its unauthorised use or disclosure to persons who are not authorised to process it, or to prevent any other breach of security of your personal data; ▪ does not process your personal data by means of decision-making based solely on automated processing, including profiling, which would have legal effects on you or similar effects that would significantly affect you in a similar way;
▪ the Controller has properly selected its processors, as listed below in these terms and conditions, to prevent the misuse of your personal data. 

Categories of personal data processed 1.1. To register for the Application, you must provide your personal data to the Administrator, including your name, surname, e-mail address and home address. You will provide these details to the Administrator by completing the membership application form which is available online on the Administrator's website / at the Administrator's premises on request from an authorised person of the Administrator (manager, secretary, etc.). 1.2. After your registration by the Administrator, further personal data is obligatorily entered into the Application by an authorized person of the Administrator to fulfill the purposes of processing. This includes the following personal data: 1.2.1. title; 1.2.2. birth number; 1.2.3. handicap - a unique number representing the quality of golfers; 1.2.4. telephone number; 1.2.5. Email address; 1.2.6. Membership number; 1.2.7. Membership period; 1.2.8. Information about payments you have made; 1.2.9. Details of text messages and emails sent to you from the Application; 1.3. We obtain your personal data directly from you when you provide this data to the Administrator for the purpose of registering for the Application by completing the membership application form available online on the Administrator's website / at the Administrator's premises; 1.4.
Purpose, legal basis and duration of processing
Purpose of processing 2.1 The Controller processes your personal data for the following purposes: 2.1.1. provision of performance on the basis of the membership contract with the Controller, the content of which is defined by the terms of membership; 2.1.2. sending commercial communications; 2.1.3. settlement of any claims between you and the Controller; 2.1.4. performance of legal obligations arising for the Controller under the law; 2.1.5. handling of your requests, suggestions or complaints.
The Controller cannot process your personal data for purposes other than those mentioned above.
Legal basis for processing 2.2 The Controller processes your personal data so that you can be registered as a member of the Controller on the Application and so that the Controller can manage the agenda of its members. It processes your data on the basis of your acceptance of the terms and conditions of membership, which therefore constitutes the legal basis for processing. 2.3 The processing of your personal data for the purpose of sending you commercial communications is based on the legitimate interest of the Administrator in promoting its activities and informing members of planned events. 2.4 The Administrator further processes your personal data to settle any claims between you and it based on its legitimate interest in protecting its rights. 
2.5 Processing for the purpose of fulfilling the legal obligations imposed on the Controller is necessary for the fulfilment of the legal obligations imposed on the Controller. 2.6 The Controller processes your personal data in order to deal with your requests, suggestions or other complaints based on its legitimate interest in dealing with your request in accordance with the law.
Processing period 2.7 The Controller processes your personal data for the period necessary to fulfil the purposes of processing as described above. If the Controller ceases to have a purpose and legal basis, then the Controller is no longer entitled to process your personal data. 2.8. In the case of providing performance based on the terms of membership, your registration on the Application and enabling the Controller to manage the agenda of its members, the Controller processes your personal data for the duration of your membership. 2.9. If you have consented to the processing of your personal data for the purpose of sending you commercial communications for the period following the termination of your membership by completing the membership application form available online on the Administrator's website / at the Administrator's premises, your data will continue to be processed for this purpose after the termination of your membership until you withdraw your consent. By withdrawing your consent, the Administrator can no longer process such data. 

2.10. Subsequently, the Administrator processes your personal data for a period of 10 years after the termination of your membership. This period is used to fulfil the legal obligations of the Administrator and to settle any claims between you and the Administrator and is also related to the operation and technical maintenance of the Administrator's systems and the Application. The above does not apply to data about the member's handicap, sporting results from the CGF system, these data are only processed after the termination of your membership if you have given your consent to such processing when completing the membership application form available online on the Administrator's website / at the Administrator's premises and will only be processed until you withdraw your consent. 2.11. If you are under 15 years of age, your legal guardian (parent) and you consent to the processing provided that you are intellectually and freely mature enough to understand the contents of this document and give consent, otherwise only your legal guardian. In the event that consent is given by a member under the age of 15 who is unable to understand the contents of this document, the Controller will delete such data and will require that in such a case the consent to processing is given by a legal representative. If you believe that a member under the age of 15 has given consent to the Controller without having sufficient understanding of the contents of the document, please contact the Controller at golf@golf-ostrava.cz so that the Controller can rectify the situation. 2.12.

Recipients of your personal data 3.1 Your personal data is processed by the Controller or by the processor(s) authorised by the Controller to process your personal data. For this purpose, the Controller provides your personal data or part thereof to processors as one of the categories of recipients of personal data. The processors are: 3.1.1. our company GolferIS.cz s.r.o. 3.1.2. Tělovýchovná jednota Ostrava 3.2. All obligations of the Controller in relation to the processing of your personal data always apply also to the processors authorised by the Controller. 3.3.
Security of your personal data 4.1 The Controller applies appropriate technical and organisational measures to ensure the protection of your personal data processed in such a way that unauthorised or accidental access to your personal data, their alteration, destruction or loss, unauthorised transfers, other unauthorised processing or other misuse of personal data cannot occur. For this purpose, the Controller has chosen in particular appropriate technical measures and predetermined procedures, the compliance with which it controls.
Your rights arising from the processing of personal data and their exercise
Overview of rights 5.1 In connection with the processing of your personal data, you are entitled to rights under Articles 15 to 22 and 77 of the GDPR, which you can exercise against the Controller. These rights are:
5.1.1. the right to access your personal data;
5.1.2. the right to rectification of your personal data;
5.1.3. the right to erasure of your personal data;
5.1.4. the right to restrict the processing of your personal data;
5.1.5. the right to the portability of your personal data;
5.1.6. the right to object;
5.1.7. the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on you or significantly affects you in a similar way;
5.1.8. the right to lodge a complaint with a supervisory authority.
Right of access to personal data 6.1 You have the right to receive information from the Controller about whether it processes your personal data. If the Controller processes your personal data, you also have the right to receive information from the Controller about:
6.1.1. the purposes for which it processes your personal data;
6.1.2. what categories of personal data are concerned;
6.1.3. the recipients of your personal data, i.e. whether it transfers your personal data to anyone, in particular recipients in countries outside the European Union or in international organisations; in the case of a transfer to a third country or an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR;
6.1.4. the planned period for which the personal data will be kept, or the criteria for determining this period;
6.1.5. the right to rectification, erasure or restriction of the processing of your data, or the right to object to such processing;
6.1.6. the right to lodge a complaint with the supervisory authority, which is usually the Office for Personal Data Protection;
6.1.7. any available information about the source from which it obtained your personal data, if it did not obtain it directly from you;
6.1.8. whether automated decision-making, including profiling, is taking place and information regarding the process used and the significance and foreseeable consequences of such processing for you.
6.2 You have the right to have a copy of your personal data processed sent to you. The copy is provided free of charge. Please note that the Controller is already entitled to charge a reasonable fee for additional copies that you repeatedly request. The amount of the fee will be in line with the administrative costs incurred by him.
Right to rectification of personal data 7.1 The Administrator processes all personal data in good faith and makes every effort to ensure that it is accurate and up-to-date. However, it may happen that your personal data processed is inaccurate due to an error. In this case, you have the right to request the Controller to correct or complete your inaccurate personal data.
Right to erasure of personal data 8.1 You have the right to request that the Controller erase your personal data that it processes. He is obliged to comply with your request if:
8.1.1. your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
8.1.2. you withdraw your consent if your personal data has been processed on the basis of that consent, but only if there is no other legal basis for the processing;
8.1.3. object to processing based on legitimate interest or public interest, but only if there are no overriding legitimate grounds for processing or if you only object to processing for direct marketing purposes;
8.1.4. your personal data is processed unlawfully by the Controller;
8.1.5. your personal data must be erased by the Controller in order to comply with a legal obligation under Czech or European Union law as a data controller;
8.1.6. you are 15 years of age or older and your personal data has been collected in connection with the offer of information society services on the basis of your consent or, if you are under 15 years of age, on the basis of the consent of your legal representative.
8.2 Please note that there are exceptions to the above obligations. The controller is not obliged to delete your personal data, even if it would otherwise be obliged to do so, where the processing is necessary: 8.2.1. for the fulfilment of a legal obligation requiring processing under Czech or European Union law to which it is subject as a controller, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in it as a controller; 8. 8.2.2. for the establishment, exercise or defence of legal claims; 8.2.3. and for other reasons contained in Article 17(3) GDPR. 

Right to restriction of personal data processing 9.1 You have the right to request that the Controller restrict the processing of your personal data. We are obliged to comply with your request if:
9.1.1. you contest the accuracy of the personal data processed, for the time necessary to enable it to verify its accuracy;
9.1.2. the processing of your personal data is unlawful and you request only the restriction of its use instead of the erasure of your personal data;
9.1.3. it no longer needs your personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims;
9.1.4. you have objected to the processing based on legitimate interest, it will restrict the processing of your personal data until it has verified that its legitimate grounds outweigh your objection.
9.2 It will only process your personal data on the basis of your consent to such processing during the period for which the processing of your personal data is restricted. Please note that, even without consent, it is entitled to store your personal data and to process it for the establishment, exercise or defence of legal claims for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or its Member States.
Right to data portability 10.1 You have the right to request that the Controller transfer your personal data to you if all of the following conditions are met simultaneously: 10.1.1. you have provided the Controller with such personal data on the basis of your consent to the processing of your personal data or in connection with the performance of a contract to which you are a party; and 10.1.2. the Controller processes said personal data by automated means. 10.3. If all of the above conditions are met simultaneously, you have the right to transfer the file with your personal data so provided to another controller or to require the Controller to transfer the said file with personal data directly to another controller. Your request to transmit the personal data file directly to him/her will be granted if it is technically feasible for him/her to do so.
Right to object 11.1 You have the right to object to the processing of your personal data where the Controller processes it on the basis of a legitimate interest or public interest, including profiling. 11.2 The Controller or a third party may have a legitimate interest in the processing. If the Controller receives an objection, it will not process your personal data further. However, this does not apply where the Controller has compelling legitimate grounds for such processing of your personal data which override your interests, rights and/or freedoms, or where it is necessary to process that personal data for the establishment, exercise or defence of legal claims. 11.3 You have the right to object to the processing of your personal data if the Controller processes such data for direct marketing purposes, including profiling. If the Controller receives your objection, it will no longer process your personal data.
Right to lodge a complaint with a supervisory authority 12.1 You have the right to lodge a complaint directly with a supervisory authority in a member state of the European Union. For the Czech Republic, please contact the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7. For more information about its activities and how to lodge a complaint, please visit its website at www.uoou.cz or the Office's headquarters.
Information on the exercise of your rights ◦ You can exercise your rights at the Administrator's e-mail address golf@golf-ostrava.cz or you can also send it to the Administrator's address: Varenská 3098/40a, 702 00 Ostrava.
◦ Once the Administrator receives your request, from which it is not clear who the applicant is, he will have to verify your identity, i.e. the fact that the request was made by an authorised person. If he/she is not sure of your identity, he/she may provide your personal data to a third party. If you refuse to cooperate with the Controller in verifying your identity, the Controller will not be able to comply with the request.
◦ The Controller will respond to your request without undue delay, but no later than one month after receiving your request. If, for certain reasons, it is not possible to process your request within this time limit, the Controller will send you a notice to that effect, extending the time limit by a maximum of two more months (i.e. a maximum of three months in total). ◦ The Controller will send a response to your request to the email from which the request was received. If you insist that the Controller inform you of the processing of your request in another way, for example by post, please provide this information directly in the submitted request.
◦ Your request will be processed by the Administrator free of charge. However, the Controller may require you to pay the costs of providing the requested information or communication or of taking the requested action if the request made would be unfounded or unreasonable (in particular if it is repetitive). In such a case, the Controller may also refuse to comply with the request outright.