Pursuant to Section 13 and 14 of Regulation (EU) 2016/679 of the European Government and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
General information on Controller
The National Agency for Cyber and Information Security, Mučednická 1125/31, 616 00 Brno, ID number: 05800226,
databox ID: zzfnkp3, as a central body of public administration.
As the personal data Controller, the Agency determines the purpose, means and manner of personal data processing, carries out and supervises over processing.
The processing of personal data is carried out in accordance with the GDPR and in accordance with the relevant national legislation governing personal data protection.
As the Controller and on the basis of the obligation imposed by special laws in the processing of personal data, the Controller respects the right to the protection of private and personal life of data subjects.
Field of engagement of Controller and associated purposes of personal data processing
The purpose of personal data processing is to organize “Prague Cyber Security Conference 2024” and handle requests sent through the web form (submitted by potential visitors to the conference).
The Controller also processes personal data on the basis of its legitimate interest. The purpose of processing of personal data, i.e. email address, is to disseminate information on upcoming conferences, newsletters, requests for feedback and similar commercial messages.
We will process your email address for the above purpose until you notify the Controller you no longer want to receive commercial messages as the data subject. Furthermore, the legal basis for processing personal data is the legitimate interest of the controller (ensuring security).
Your personal data will not be used for automated decision-making, i.e. not even for profiling.
Personal data subjects
NUKIB processes the personal data of event guests.
Categories of personal data
Identification and contact data – title, name, surname, e-mail address, date of birth, gender, profile photo, function, organisation, ID card/passport number and date of issue, nationality, category of guest.
Method and duration of processing of personal data
The processing of personal data is performed by the Controller. The Controller will process the provided personal data for at least one year, and maximally for statutory period under legal regulations governing Controller´s obligations associated with bookkeeping, file service and archiving, or for the period arising from the rules of the financial sponsor of the conference.
Personal data will be processed only for a period strictly necessary to secure the rights and obligations arising from contractual obligations and applicable legal regulations.
To whom the personal data is provided
Access to your personal data is granted to the controller’s employees who are responsible for carrying out this processing operation. In some cases, NUKIB is required by law to provide personal data to other data controllers. These cases are in particular:
a) the provision of personal data to public authorities for the exercise of their powers;
b) the provision of personal data to other Member States of the European Union or international organisations if this results from directly applicable European Union legislation, an international treaty to which the Czech Republic is bound or other international obligations. Information on basic rights of data subjects.
Information on basic rights of data subjects
Data subjects are entitled to exercise their rights arising from the GDPR vis-à-vis the personal data controller by sending a request to the Controller´s address or to the e-mail address of the data protection officer.
Data subjects have the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing of personal data concerning them or to object to processing as well as the right to data portability.
Where processing is based on consent, the data subject is entitled to withdraw such consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Data subjects may lodge a complaint against personal data processing with a supervisory authority. The competent authority in the Czech Republic is the Office for Personal Data Protection, with the registered office at Pplk. Sochora 27, 170 00 Prague 7, e-mail: email@example.com, databox ID: qkbaa2n.