Principles for personal data processing

QUIX EVENT, s.r.o., Company ID No. 027 23 832, a company with its Registered Office at Zelený pruh 1560/99, Braník, 140 00 Prague, recorded in the Commercial Register administered by the Municipal Court in Prague, section C 221305, as the administrator of personal data,

hereby in connection with the effect of the Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter only as the “GDPR”) informs data subjects (in particular, its employees and customers) of the following:

1. QUIX EVENT, s.r.o. (hereinafter only as “QUIX”) is designated the “administrator” of personal data in accordance with the GDPR, and employees, customers and visitors are designated as personal data “subjects”.

2. QUIX hereby declares that it provides sufficient guarantees that processing the personal data of data subjects fulfils the requirements of the GDPR and that it protects the rights of data subjects in accordance with Article 24 of the GDPR. QUIX has put in place suitable technical and organisational measures based on the current state of technology and implementation costs, the nature, extent, context and purposes of processing, and various probability and severity of risk assessments on the rights and freedoms of natural persons.

3. QUIX processes the personal data provided by customers and employees and involves automated or manual recording, storing and archiving of personal data in electronic or hard copy form without additional processing for the purposes of providing services in organising social events. QUIX is also authorised to provide personal data to third parties but is obliged to ensure that these third parties (such as accounting companies, server operators, computer application developers, etc.) protect personal data at least to the same extent as that provided by QUIX.

4. QUIX declares that it will not forward the personal data of data subjects for marketing or similar purposes. QUIX does not process any genetic or biometric data or data concerning health.

5. QUIX processes personal data provided by data subjects in its business activities in accordance with Act No. 90/2012 Coll., on commercial corporations, and other legal regulations of the Czech Republic when this processing is necessary for the purposes of the administrator’s justified interests under Article 6 of the GDPR.

6. QUIX processes the following personal data of a data subject in its business activities:

* personal identification data: name and surname, date of birth, residential address, permanent address;

* contact details: mailing address (if different from residential address), e-mail address, telephone number;

* other data necessary for the performance of business activities, bank account number;

* to protect persons and assets, QUIX applies justified interest in accordance with Article 6(f) and operates a camera security system which processes personal data in the form of descriptive data from recording devices: appearance, activities, time. This personal data belongs to the persons moving near the business premises of QUIX;

* to protect persons and assets, QUIX applies justified interest in accordance with Article 6(f) and operates a chip entry/security system which processes personal data in the form of a unique identifier – chip and times of entry.

7. If a data subject is in an employment or any similar relationship to QUIX (if a data subject receives remuneration for discharging their office, receives wages, or performs tasks for QUIX under a contract for work or an agreement to perform work), QUIX processes information about the data subject’s health insurance, birth registration number and amount of income in addition to the data listed in paragraph 6 of this document.

8. QUIX obtains personal data from data subjects based on their information, or in certain cases personal data is entered by data subjects in an application operated by QUIX.

9. QUIX processes the personal data of the following data subjects:

* customers or their designated contact persons;

* employees of QUIX.

10. QUIX stores the personal data of data subjects for five years.

The personal data of data subjects retained in connection with an employment or similar relationship is retained by QUIX for ten years. QUIX retains the data necessary for the purposes of social insurance for thirty years.

The time limits referred to above always begin to elapse on the first day of the month following the end of the relevant accounting period.

Once the specified time limit expires, the data administrator shreds all hard copies of documents containing the personal data of data subjects and erases all electronic copies of documents. If shredding or erasure of documents is not possible, QUIX anonymises these documents within the same time limit.

Recordings from the camera system are kept for up to 14 days before they are loop overwritten.

11. QUIX undertakes to maintain the confidentiality of all personal data encountered while processing this personal data. QUIX declares that all employees who come into contact with personal data undertake to maintain its confidentiality and that if personal data is processed by a designated processer, QUIX will bind this processer to the same commitment of confidentiality.

12. At the request of a data subject and after checking the data subject’s identity, QUIX will provide, free of charge, either at the QUIX headquarters or in electronic form, confirmation whether the data subject’s personal data is being processed, and if this is the case, QUIX will provide the data subject with, in particular, the following information:

* the purpose of processing;

* the type of personal data affected;

* the recipient or type of recipients who have been or will be given access to the personal data;

* the planned period of retention of the personal data;

* existence of the right to request that the administrator corrects or erases the data subject’s personal data or restricts its processing, and the right to raise an objection against this processing.

For each subsequent confirmation of personal data processing, QUIX will charge the data subject a reasonable fee determined according to the administrative costs.

13. If a data subjects discovers or believes that their personal data is being processed contrary to the protection of their private or personal life or contrary to a legal regulation, the data subject may request an explanation and that QUIX eliminate this situation or restrict processing.