Personal data protection statement
“Personal data” is any information about a natural person (data subject) on the basis of which a natural person can be identified.
A “data subject” is a living natural person whose personal data is processed. The data subject as defined by the GDPR is not a legal entity and data that is processed regarding a legal entity is therefore not covered by GDPR, because data relating to a legal entity are not personal data. GDPR does not apply to the personal data of deceased persons.
Controller and Processor
Both the controller and the processor are legal or natural persons who handle personal data.
The controller (in this case Cool Critters z.s.) is the one for whose “benefit” personal data is processed. Therefore, the controller is always primarily responsible for data processing. The controller decides on the purpose, manner, scope, and means by which personal data will be processed.
The processor (in this case Cool Critters z.s. and entities entrusted by Cool Critters z.s. with processing), on the other hand, is the person who performs the processing of personal acts on the basis of instructions (authorization) and for the benefit of the controller. A contractual relationship is established between the controller and the processor. The controller is always primarily responsible in relation to the data subject, not the processor; however, in some cases the data subject may turn to the processor directly.
Cool Critters z.s. processes and stores personal data in accordance with applicable laws – i.e. with Act No. 101/2000 Coll. and with effect from 25 May 2018 also in accordance with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016.
What personal data do we process?
The personal data we process includes:
- Email address
- Phone number (if provided)
- Address (if provided)
- ID and VAT number (if provided)
How we obtain your personal data
Provision of your personal data is voluntary. However, due to the regulation of another standard, there are cases in which we must retain your personal data. For example, if you give us a financial donation, it is our responsibility to keep this fact in our accounting records for ten years.
How is your personal data handled?
Cool Critters z.s. uses your personal information for the following purposes:
- For processing donations
- For communication with donors
- To inform about our projects and their results
- To process your requests or questions
- To obtain feedback
- To modify your personal data and exercise your rights in accordance with the standards governing the protection of personal data. For example, to give you access to your personal information.
- To fulfil obligations arising from applicable legal norms
We share your personal information with several third parties. The third parties are:
- service providers for whom it is necessary to have access to your personal data for the provision of services (including providers who process personal data for us on our behalf for the purpose of informing donors, storing and editing data, providing IT and marketing services and data analytics)
- public authorities
- professional consultants (accountants, auditors, lawyers and other business contacts)
These third parties may be located in the Czech Republic or in other countries within the European Economic Area (EEA). The wording of applicable data protection laws may vary in these countries. We enter into contractual relationships exclusively with third parties who we believe are in compliance with the appropriate level of data protection to protect all personal data held in your country and that these third parties will always comply with applicable data protection laws.
Your rights regarding your personal data
It is your right to ask us for a list of your personal data that we have stored in our database and to obtain a description of the purposes for which it was used. Should you find that the data we store about you is inaccurate or that the purpose for which it was obtained is no longer applicable, please contact us. Contacts are listed below.
You also have the following rights:
- The right to restrict processing – if you want to temporarily stop supporting us, if you question the accuracy of your data (until we make a correction), or if you raise an objection to the processing of your data (before we investigate the complaint).
- The right to be removed or erasure – you also have the right to require us to remove or delete your personal data from the database (including consent to direct marketing, however, this does not apply in cases where we have other legal justification to continue processing or processing your data in our legitimate interest).
- The right to object to the processing due to a legitimate interest – to the extent that your personal data is processed.
You can contact us at:
Kadlín 21, Mšeno U Mělníka 277 35
Or call us at: +420 607 901 042
If you would like to lodge a complaint about the way your personal information has been handled, please contact us and your complaint will be investigated. You also have the right to lodge a complaint with the supervisory authority (Office for Personal Data Protection of the Czech Republic, Pplk. Sochora 27, 170 00 Prague 7).
Changes to this statement
Cool Critters z.s. reserves the right to amend this statement in light of developments in the implementation and interpretation of the General Data Protection Regulation (GDPR).
List of third parties cooperating with Cool Critters z.s.
- Česká pošta, s.p.
CONDITIONS FOR PERSONAL DATA PROTECTION
1. Basic Provisions
The controller of personal data pursuant to Article 4 (7) of Regulation 2016/679 of the European Parliament and of the Council (EU) on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”) is Cool Critters z.s., Kadlín 21, Mšeno U Mělníka, 277 35, IČ: 09154639 (hereinafter: “controller”).
Controller’s contact details:
Address: Kadlín 21, Mšeno U Mělníka, 277 35
An identifiable natural person is an individual who can be identified directly or indirectly, in particular by reference to a specific identifier, such as name, ID number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The controller did not appoint a data protection officer.
2. Sources and categories of processed personal data
The controller processes the personal data you have provided to it directly or by filling in the contact form.
3. Lawful reason and purpose of personal data processing
The lawful reason for processing personal data is
– performance of the contract between you and the controller pursuant to Article 6 (1) (a) b) of the GDPR,
– the legitimate interest of the controller in the provision of direct marketing (in particular for the sending of commercial communications and newsletters) pursuant to Article 6 (1) (a); f) of the GDPR,
– your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6 (1) (a). a) GDPR in connection with §7 paragraph 2 of Act No. 480/2004 Coll., on certain information society services, in the event that no goods or services have been ordered.
The purpose of processing personal data processing is:
– handling your questions
– processing requests for virtual adoption
– sending commercial communications and carrying out other marketing activities.
There is no automatic individual decision by the controller within the meaning of Article 22 of the GDPR. You have given your express consent to such processing.
4. Data retention period
The controller stores personal data
– for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller, and to assert claims under these contractual relationships (for a period of 10 years from the termination of the contractual relationship).
– until the consent to the processing of personal data for marketing purposes is revoked, if the personal data are processed on the basis of the consent.
After the retention period of personal data, the controller deletes the personal data.
5. Recipients of personal data (subcontractors of the controller)
The recipients of personal data are persons
- providing marketing services.
The controller does not intend to transfer personal data to a third country (to a non-EU country) or to an international organization.
Operated services that provide marketing and support services
- Mailchimp – distributes newsletters and business offers
6. Your rights
Under the conditions set out in the GDPR, you have:
- the right to request access to your personal data pursuant to Article 15 of the GDPR,
- the right to correct personal data pursuant to Article 16 of the GDPR, or restrictions on processing pursuant to Article 18 of the GDPR.
- the right to request erasure of your personal data pursuant to Article 17 of the GDPR.
- the right to object to processing pursuant to Article 21 of the GDPR.
- the right to data portability according to Article 20 of the GDPR.
- the right to withdraw the consent to processing in writing or electronically to the address or email of the controller specified in Article III of these conditions. You can revoke consent at any time in your own customer account.
You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
7. Conditions for personal data protection
The controller declares that it has taken all appropriate technical and organizational measures to secure personal data.
The controller has taken technical measures to secure data repositories and personal data repositories in paper form, in particular secure / encrypted web access, encryption of customers’ passwords in the database, regular system updates, regular system backups.
The controller declares that only persons authorized by them have access to personal data.
8. Final provisions
By sending a message via the contact form, you confirm that you have familiarised yourself with the conditions of personal data protection and that you accept them in full.
You agree to these conditions by ticking the consent box via the contact form. By ticking the consent box, you confirm that you have familiarised yourself with the conditions of personal data protection and that you accept them in full.
The controller is entitled to change these conditions. The new version of these terms and conditions will be published on their website and at the same time the new version of these terms and conditions will be sent to you at the e-mail address you provided to the controller.
These conditions take effect on 15.10.2020.