Statement on personal data processing in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the Regulation) and Act No. 110/2019 Coll., on Personal Data Processing.
A. Data Controller
Endowment fund AthleteBox, Company identification No.: 07546874, with the registered office at Penízovková 202, 104 00 Praha 10, listed in the Foundation Register kept by the Metropolitan Court in Prague, Section N, Insert 1645 (hereinafter referred to as the Fund). Contact e-mail for any queries: email@example.com.
B. Scope of Personal Data Processing
Personal data are processed to the extent provided by the data subject to the data controller, in relation to establishing a contractual or another legal relationship with the Fund; personal data are processed in accordance with applicable laws and regulations and to meet statutory obligations.
C. Personal Data Sources
Directly from the data subject.
D. Personal Data Categories
- Address and identification information intended for clear and definite identification of the data subject: name, surname, date of birth, personal ID number, permanent residence address.
- Data necessary for evaluating the donation application: age, health status, financial situation, sport performance information
- Data allowing contact with the data subject: contact address, phone number, e-mail address.
- Data provided above and beyond the applicable legislation processed based on a consent granted by the data subject: photo, personal story of the applicant.
E. Data Subject Categories
- Employees and co-workers.
- Donation applicants.
- Service providers.
F. Categories of Personal Data Recipients
- Fund employees and other persons involved in its activities.
- Members of the Management Board, founders, auditor, donors.
G. Purposes of Personal Data Processing
- HR and payroll purposes.
- Processing of donation applications and registration in the application database.
- Communication with applicants and donors.
- Publishing information about activities of the Fund.
H. Methods of Personal Data Processing and Protection
Personal data processing is performed by the Fund. Processing is performed at the registered office of the Fund or by the individual assigned employees of the data controller. Processing is performed using computer technology, or even manually for personal data in paper form, while complying with all the safety rules for personal data controlling and processing. For this purpose, the Fund has implemented technical and organizational measures in order to ensure personal data safety and protection, including but not limited to measures preventing unauthorized transfers, unauthorized processing or any other form of abuse of the personal data. Any and all subjects that the data may be disclosed to shall respect the right of the data subject to privacy and are obliged to comply with the applicable laws and regulations governing personal data protection.
CH. Personal Data Storage Period
The period for which the data subject grants their consent to their personal data processing and for which the processed personal data are stored is specified in the respective consent of the data subject; the period shall be a period necessary to ensure all the rights and responsibilities arising from the obligational or other relationships and applicable laws and regulations.
I. Consent to Personal Data Processing
The Fund processes the data based on the consent granted by the data subject, except for cases defined by the law, where the personal data processing is not subject to consent of the data subject.
J. Rights of the Data Subject
In relation to personal data protection, data subjects have the following rights, without limitation:
- Right to ask the Fund for explanation;
- Right of access to personal data;
- Right to rectification, erasure and restriction of personal data processing;
- Right to object;
- Right to file a complaint with the supervisory authority;
- Right to be notified of a data breach resulting in a high risk to the rights and freedoms of natural persons;
- Right to address the Office for Personal Data Protection with their suggestion anytime, at the registered office: pplk. Sochora 727/27, 170 00 Praha 7 – Holešovice, tel. 234 665 111