The protection of personal data (GDPR) is handled by our company in accordance with the EU regulation:General Regulation on Personal Data Protection No. 2016/679 of the European Parliament and the Council of the EU.
Company: Tantra & Relax, s.r.o.
Legal form: limited liability company
Registered office address: Nové sady 988/2, Staré Brno, 602 00
Identification number: 09495347
Acting person and its function: Hana Barančíková
Person responsible for data protection: Hana Barančíková
Position / position: Executive Officer
Contact telephone number: 702 693 212
What is GDPR (General Data Protection Regulation)?
This is a new unifying EU-wide legislation on personal data protection. It was approved in April 2016 and enters into force on 25 May 2018. In the Czech Republic, it replaces the currently valid Personal Data Protection Act 101/2000 Coll. GDPR is fundamentally changing the current approach to the processing of personal data. It applies to all companies, institutions and individuals who handle personal data. The regulation is equivalent in all EU countries and is enforceable regardless of the state or size of the company. It brings new rules that need to be followed and also documented compliance. GDPR is binding on all those who collect or process personal data of individuals. The GDPR seeks to increase the security and trust of EU citizens vis - à - vis administrators and processors of their personal data.
What is considered personal information?
GDPR considers as personal data any information that may lead to an identified or identifiable natural person. These are name, surname, permanent residence, delivery address, date of birth, place of birth, age, birth number, personal status, state of health, handicap, photographic recording, video recording, audio recording, e-mail address, private and business telephone number, IP address, identification number, tax number, OP number, driver's license number, passport number, bank account number, education, employment income, retirement income, performance, health insurance company, number of children, maternity, sickness, benefits, plan and statement of work, nationality, racial and ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, sexual orientation, criminal offenses, final convictions, DNA, blood type, Rh blood factor, facial image, fingerprint, iris image , a picture of the retina, signature, voice, name, surname and gender of the family member, the address of the family member and, in fact, everything about the family member.
Who has to follow GDPR?
The general regulation will govern, in particular, the entity carrying out the processing of personal data in terms of obligations. Such an entity is called a personal data controller. The general regulation also governs the processor, which is the entity that processes personal data for the controller. As for the rights deriving from the General Regulation, they arise for a natural person, which is a data subject. Furthermore, the General Regulation will be governed by the supervisory authorities, ie the Office for Personal Data Protection, which will exercise its delegated powers in order to perform the set tasks.
Basic principles of handling personal data
Principle of responsibility: only the administrator and no one else is responsible for complying with the principles of processing OÚ in accordance with the GDPR and at the same time the administrator is obliged to demonstrate compliance with the GDPR.
Principle of risk-based approach: The administrator is obliged to constantly take note of and evaluate the level of risk in the collection and processing of OU.
Personal information is any information that relates to individuals that the administrator is able to identify.
1. Basic personal identification data and address data necessary for the conclusion and performance of the contract.
2. Contact details.
3. Data on purchased goods, purchased services, use of services and payment morale.
4. Data from communication between the administrator and the customer during consultations.
5. In addition, data processed on the basis of consent.
Purposes, legal reasons and times of processing of personal data:
The extent of the data processed depends on the purpose of the processing. For some purposes, it is possible to process data directly on the basis of a contract, the legitimate interest of the controller or on the basis of law (without consent), for others only on the basis of consent.
1. Processing for the performance of the contract, the fulfillment of legal obligations and the legitimate interests of the controller.
2. Processing customer data of the administrator's services with consent for marketing and business purposes.
3. Processing of data of entities that have given their consent to the marketing address.
Rights of entities with regard to the processing of personal data:
1. Right of access to personal data.
2. Right to correct inaccurate data.
3. Right of deletion.
4. Right to restrict processing.
5. The right to be notified of a correction, deletion or restriction of processing.
6. The right to the portability of personal data.
7. The right to object to the processing of personal data.
8. The right to withdraw consent to the processing of personal data.
9. Automated individual decision-making, including profiling.
10. The right to contact the Office for Personal Data Protection (www.uoou.cz).