Data Processing Declaration according to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals concerning the processing of personal data (hereinafter referred to as "GDPR")
I. Personal Data Controller
The company CodeStory s.r.o., with its registered office at Jiránkova 1137/1, 163 00 Prague 6, Company ID: 09992324, VAT ID: CZ09992324, is registered in the Commercial Register maintained by the Municipal Court in Prague under file number C 345542/MSPH, (hereinafter referred to as the "controller") hereby, in accordance with Article 12 of the GDPR, informs you about the processing of your personal data and your rights.
II. Scope of Personal Data Processing
Personal data is processed to the extent provided by the relevant data subject to the controller, in connection with the conclusion of a contractual or other legal relationship with the processor, or which the processor has otherwise collected and processed in accordance with applicable legal regulations or to fulfill legal obligations.
III. Sources of Personal Data
Directly from data subjects (e-mails, telephone, websites, contact form on the website, social networks, and the like).
IV. Categories of Personal Data Subject to Processing
Address and identification data used for the unique and unmistakable identification of the data subject (e.g., name, surname, title, date of birth, permanent address, ID, tax ID) and data enabling contact with the data subject (contact details - e.g., contact address, phone number, email address, and the like).
Descriptive data - data necessary to fulfill the contract.
Data provided beyond relevant laws processed with the consent of the data subject (e.g., processing of photographs).
V. Categories of Personal Data Recipients
Processor (CodeStory s.r.o.)
Potential employers
State authorities in the performance of legal obligations stipulated by relevant legal regulations
VI. Purpose of Personal Data Processing
Purposes contained within the consent of the data subject
Negotiation of a contractual relationship
Fulfillment of a contract
Fulfillment of legal obligations by the controller
VII. Method of Personal Data Processing and Protection
The processing of personal data is carried out by the controller and the processor - the company CodeStory s.r.o. Processing is performed in its premises, branches, and the registered office of the processor by authorized employees of the processor. Processing is carried out through information technology while adhering to all security principles for the management and processing of personal data. To this end, the controller has taken measures to protect personal data, in particular to prevent unauthorized or accidental access to personal data, their alteration, destruction or loss, unauthorized transfers, unauthorized processing, as well as other misuse of personal data. All entities that may have access to personal data respect the data subject's right to privacy and are required to act in accordance with applicable legal regulations on the protection of personal data.
VIII. Duration of Personal Data Processing
In accordance with the deadlines based on the purpose of processing or stated in the consent of the data subject, in the relevant contracts, or in the relevant legal regulations, it is the time necessary to ensure the rights and obligations arising from both the contractual relationship and the relevant legal regulations.
IX. Information
Any data subject who finds or believes that the processor is processing his personal data in violation of the protection of privacy or in violation of the law, especially if the personal data is inaccurate in relation to the purpose of their processing, may:
Request an explanation from the controller.
Request that the controller correct the situation. In particular, this may involve blocking, correcting, supplementing, or erasing personal data.
If the data subject's request under paragraph 1 is found to be justified, the controller will promptly rectify the faulty state.
If the controller does not comply with the data subject's request under paragraph 1, the data subject has the right to contact the supervisory authority directly, the Office for Personal Data Protection.