The Controller approaches your personal data responsibly and, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR Regulation”), as well as Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Supplements to Certain Acts (hereinafter referred to as the “Act”), provides you as a data subject (a natural person whose personal data is being processed) with not only its identification and contact details and the contact details of the Data Protection Officer but also other necessary information, which can be found in the tabs on the left side of the website.
In accordance with Article 24 of the GDPR Regulation and Section 31 of the Act, the Controller has implemented appropriate technical, organizational, personnel, and security measures and safeguards, taking into account in particular:
- The principles of personal data processing, including lawfulness, fairness, and transparency; purpose limitation and compatibility; data minimization; pseudonymization and encryption; as well as integrity, confidentiality, and availability;
- The principles of necessity and proportionality (applicable to the scope and volume of processed personal data, storage periods, and access to personal data of the data subject) with regard to the purpose of the processing operation;
- The nature, scope, context, and purpose of the processing operation;
- The resilience and recovery of personal data processing systems;
- The training and awareness of the Controller’s authorized personnel;
- The implementation of measures for the prompt detection of personal data breaches and timely notification of the supervisory authority and the Data Protection Officer;
- The implementation of measures to ensure the correction or deletion of inaccurate data or the execution of other rights of the data subject;
- The assessment of risks with varying probability and severity for the rights and freedoms of natural persons (including accidental or unlawful destruction, loss, or alteration of personal data; unauthorized access or disclosure; risk assessment considering the origin, nature, likelihood, and severity of risks related to processing; and the identification of best practices for mitigating these risks).