pursuant to Section 13 and 14 of Regulation (EU) 2016/679 of the European Government and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
- General information on Controller
Controller: The National Agency for Cyber and Information Security, Mučednická 1125/31, 616 00 Brno, ID number: 05800226, e-mail: firstname.lastname@example.org, databox ID: zzfnkp3, as a central body of public administration. As the personal data Controller, the Agency determines the purpose, means and manner of personal data processing, carries out and supervises over processing.
Controller´s data protection officer: Mgr. Pavel Král, e-mail: DPO@nukib.cz
The processing of personal data is carried out in accordance with the GDPR and in accordance with the relevant national legislation governing personal data protection. As the Controller and on the basis of the obligation imposed by special laws in the processing of personal data, the Controller respects the right to the protection of private and personal life of data subjects.
- Field of engagement of Controller and associated purposes of personal data processing
The Controller processes personal data to conclude and perform contracts. The purpose of personal data processing is to organize “Prague 5G Security Conference” and handle requests sent through the web form (submitted by potential visitors to the conference).
The Controller also processes personal data on the basis of its legitimate interest. The purpose of processing of personal data, i.e. email address, is to disseminate information on upcoming conferences, newsletters, requests for feedback and similar commercial messages. We will process your email address for the above purpose until you notify the Controller you no longer want to receive commercial messages as the data subject.
- Data subjects
The National Agency for Cyber and Information Security will personal data of the following data subjects in particular:
- potential conference visitors
- Personal data categories
- potential conference visitors – identification and contact data – name, surname, degree, nationality, institution, job, email address,
- Means and period of personal data processing
The processing of personal data is performed by the Controller. The Controller will process the provided personal data for at least one year, and maximally for statutory period under legal regulations governing Controller´s obligations associated with bookkeeping, file service and archiving, or for the period arising from the rules of the financial sponsor of the conference. Personal data will be processed only for a period strictly necessary to secure the rights and obligations arising from contractual obligations and applicable legal regulations.
- Receivers of personal data
The Agency for Cyber and Information Security is mandated to provide personal data to other controllers under legal regulations in certain cases, including but not limited to:
- provision of personal data to state prosecution bodies;
- provision of personal data to other public administration bodies in the performance of statutory obligations;
- the provision of personal data to other Member States of the European Union or international organizations, if required by directly applicable regulations of the European Union, an international agreement binding on the Czech Republic, or other international obligations.
- Information on basic rights of data subjects
Data subjects are entitled to exercise their rights arising from the GDPR vis-à-vis the personal data controller by sending a request to the Controller´s address or to the e-mail address of the data protection officer.
Data subjects have the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing of personal data concerning them or to object to processing as well as the right to data portability.
Where processing is based on consent, the data subject is entitled to withdraw such consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Data subjects may lodge a complaint against personal data processing with a supervisory authority. The competent authority in the Czech Republic is the Office for Personal Data Protection, with the registered office at Pplk. Sochora 27, 170 00 Prague 7, e-mail: email@example.com, databox ID: qkbaa2n.