cs en de
0 CZK 0 Ks
PLZEŇSKÝ GOLF PARK, a.s. - Homepage

Processing of personal data

Information on the processing of personal data
IN THE GOLFERIS MARKET APP

Your personal data is processed as an administrator by the company: 
name: PLZEŇSKÝ GOLF PARK, a.s.
ID number: 26336588
with registered office: Horomyslická 1, 330 02 Dýšina
sp. zn. B 941 registered at the Regional Court in Pilsen (hereinafter referred to as the "Administrator"),
which hereby informs you about the processing of your personal data. 
This document contains detailed information about the processing of your personal data by the Administrator within the meaning of Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "GDPR"), in particular:

what personal data the Administrator processes;
for what purpose and for what period of time the Administrator processes your personal data;
what rights you have and how you can exercise them.

Overview of basic terms
For better clarity, below is a brief overview of the basic terms that apply to the processing of personal data, in accordance with their definition under the GDPR:

Personal data - any information about a natural person (data subject, in this case the members of the Controller) from which the data subject is identified or identifiable, whether directly (from the data itself) or indirectly (in conjunction with other data held by the Controller), for example, a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing of personal data - any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure or destruction.

Controller - A controller is a person (natural or legal), public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. 

Processor - a processor is a person (natural or legal), public authority, agency or other body which carries out the processing of personal data for the controller. 

Recipient - the recipient is the person (natural or legal), public authority, agency or other body to whom the personal data are disclosed.

Profiling - any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to the data subject, in particular to analyse or estimate aspects of the data subject's work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Principles, policies and procedures for processing personal data
The Controller complies with the following principles and procedures when processing your personal data:
   ▪ Processes your personal data in a fair, lawful and transparent manner;
 ▪ Processes your personal data only for the purposes as described in this document and only to the extent necessary to fulfill such purposes; 
 ▪ Always considers your personal data to be true, accurate and up-to-date, and hereby asks you to update your personal data in the event of any changes to your personal data;
 ▪ Processes your personal data only for the time necessary to fulfill the purposes of processing as specified below in this document; 
  ▪ protects your personal data in such a way as to prevent its unauthorised use or disclosure to persons who are not authorised to process it, or to prevent any other breach of security of your personal data;
   ▪ the processing of your personal data does not involve decision-making based solely on automated processing, including profiling, which would have legal effects on you or similar effects that would significantly affect you in a similar way;

 ▪ the Controller has properly selected its processors, as listed below in these terms and conditions, to prevent the misuse of your personal data.

Categories of personal data processed
 1.1. To register for the Application, you must provide your personal data to the Controller, which includes your first name, last name, email address and home address. You will provide these details to the Administrator by completing the membership application form, which is available online on the Administrator's website / at the Administrator's premises on request from an authorised person of the Administrator (manager, secretary, etc.). On the basis of this personal data, the authorized person of the Administrator registers you in the Application. 

      1.2.1. Title;
 1.2.2. Birth number;
 1.2.3. Handicap - a unique number showing the quality of golfers;
 1.2.4. Telephone number;
 1.2.5. Email address;
 1.2.6. Membership number;
 1.2.7. Membership period;
 1.2.8. Information about payments you have made;
 1.2.9. Information about sms messages and emails sent to you from the Application;
 1.3. We obtain your personal data directly from you when you provide this data to the Administrator for the purpose of registering for the Application by completing the membership application form available online on the Administrator's website / at the Administrator's premises. 
 1.4.

Purpose, legal basis and duration of processing

Purpose of processing
 2.1 The Controller processes your personal data for the following purposes:
 2.1.1. provision of performance on the basis of a membership contract with the Controller, the content of which is defined by the terms and conditions of membership;
 2.1.2. sending commercial communications;
 2.1.3. settling any claims between you and the Controller;
 2.1.4. fulfilling legal obligations arising for the Controller under the law;
 2.1.5. dealing with any requests, suggestions or complaints you may have.
The Controller cannot process your personal data for purposes other than those mentioned above.
Legal basis for processing
 2.2 The Controller processes your personal data so that you can be registered as a member of the Controller on the Application and so that the Controller can manage the agenda of its members. It thus processes your data on the basis of your acceptance of the membership terms and conditions, which therefore constitute the legal basis for the processing. 
 2.3. The processing of your personal data for the purpose of sending you commercial communications is based on the legitimate interest of the Controller in promoting its activities and informing members of planned events.
 2.4. The Controller further processes your personal data to settle any claims between you and it based on its legitimate interest in protecting its rights. 
        2.5 Processing for the purpose of fulfilling the legal obligations imposed on the Controller is necessary for the fulfilment of the legal obligations imposed on the Controller.
 2.6 The Controller processes your personal data in order to deal with your requests, suggestions or other complaints based on its legitimate interest in dealing with your request in accordance with the law.
Processing period
 2.7 The Controller processes your personal data for the period necessary to fulfil the purposes of processing as described above. If the Controller ceases to have a purpose and legal basis, then it is no longer entitled to process your personal data.
 2.8. In the case of providing performance based on the terms of membership, your registration on the Application and enabling the Controller to manage the agenda of its members, the Controller processes your personal data for the duration of your membership.
 2.9. If you have consented to the processing of your personal data for the purpose of sending you commercial communications for the period following the termination of your membership by completing the membership application form available online on the Administrator's website / at the Administrator's premises, your data will continue to be processed for this purpose after the termination of your membership until you withdraw your consent.  By withdrawing your consent, the Controller can no longer process such data.
 2.10. Subsequently, the Controller will process your personal data for a period of 10 years from the termination of your membership. This period is used to fulfil the legal obligations of the Administrator and to settle any claims between you and the Administrator and is also related to the operation and technical maintenance of the Administrator's systems and the Application. The above does not apply to data on handicap, on the member's sports results from the CGF system, such data is processed after the termination of your membership only if you have given your consent to such processing when completing the membership application form available online on the Administrator's website / at the Administrator's premises and will be processed only until you withdraw your consent.

  2.11. You consent to the processing of personal data pursuant to paragraph 2.10 of this document as a member of the Controller, provided that you have reached the age of 15. If you are under 15 years of age, your legal guardian (parent) and you consent to the processing provided that you are intellectually and freely mature enough to understand the contents of this document and give consent, otherwise only your legal guardian. In the event that consent is given by a member under the age of 15 who is unable to understand the contents of this document, the Controller will delete such data and will require that in such a case the consent to processing is given by a legal representative. If you believe that consent has been given to the Controller by a member under the age of 15 without sufficient understanding of the contents of the document, please contact the Controller at info@greensgate.cz so that the Controller can rectify the situation.
 2.12. For the purposes of dealing with your requests, suggestions or complaints, the Controller will process your personal data for the period necessary to deal with them, including the period necessary to demonstrate that the processing has been carried out in accordance with the law.
 
Recipients of your personal data
 3.1. Your personal data is processed by the Controller or the processor(s) authorised by the Controller to process your personal data. For this purpose, the Controller provides your personal data or part thereof to processors as one of the categories of recipients of personal data. The processors are:
 3.1.1. our company GolferIS.cz s.r.o.
 3.1.2. Golf Club z.s.
 3.2. All obligations of the Controller in relation to the processing of your personal data shall always apply to the processors authorised by the Controller.
 3.3.

Security of your personal data
 4.1. The Controller applies appropriate technical and organisational measures to ensure the protection of your processed personal data so that unauthorised or accidental access to your personal data, their alteration, destruction or loss, unauthorised transfer, other unauthorised processing, as well as other misuse of personal data cannot occur. To this end, the Controller has chosen in particular appropriate technical measures and predetermined procedures, which it controls.
Your rights arising from the processing of your personal data and their exercise

Overview of rights
 5.1. These rights are:

 5.1.1. the right to access your personal data;

 5.1.2. the right to rectification of your personal data;

 5.1.3. the right to erasure of your personal data;

 5.1.4. the right to restriction of the processing of your personal data;

 5.1.5. the right to portability of your personal data;

 5. 5.1.6. the right to object; 

 5.1.7. the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects concerning you or significantly affects you in a similar way;

 5.1.8. the right to lodge a complaint with a supervisory authority.

Right of access to personal data
 6.1 You have the right to receive information from the Controller about whether it processes your personal data. If the Controller processes your personal data, you also have the right to receive information from the Controller about:

 6.1.1. the purposes for which your personal data are processed;

 6.1.2. which categories of personal data are concerned;

 6.1.3. the recipients of your personal data, i.e. 6.1.3. whether it transfers your personal data to anyone, in particular recipients in countries outside the European Union or in international organisations; in the case of a transfer to a third country or an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR;

 6.1.4. the intended period for which it will retain the personal data or the criteria for determining that period;

 6.1.5. The right to rectification, erasure or restriction of the processing of your data, or the right to object to such processing;

 6.1.6. The right to lodge a complaint with a supervisory authority, which is usually the Data Protection Authority;

 6.1.7. Any available information about the source from which it has obtained your personal data, if it has not obtained it directly from you;

 6. 1.8. whether automated decision-making, including profiling, is taking place and information regarding the process used and the significance and foreseeable consequences of such processing for you.

 6.2. You have the right to have a copy of your personal data processed sent to you. The copy is provided free of charge. Please note that the Controller is already entitled to charge a reasonable fee for additional copies that you repeatedly request. The amount of the fee will be in line with the administrative costs incurred by him.

 

The right to rectification of personal data
 7.1 The Company processes all personal data in good faith and makes every effort to ensure that it is accurate and up-to-date. However, it may happen that your personal data processed is inaccurate due to an error. In this case, you have the right to request the Controller to correct or complete your inaccurate personal data.

Right to erasure of personal data
 8.1 You have the right to request that the Controller erases your personal data that it processes. We are obliged to comply with your request if:

 8.1.1. your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

 8.1.2. you withdraw your consent if your personal data were processed on the basis of that consent, but only if there is no other legal basis for the processing;

 8. 1.3. you object to processing based on legitimate interest or public interest, but only if there are no overriding legitimate grounds for processing or if you only object to processing for direct marketing purposes;

 8. 8.1.4. your personal data is processed unlawfully by the Controller;

 8.1.5. your personal data must be erased by the Controller in order to comply with a legal obligation as a data controller established by the legislation of the Czech Republic or the European Union;

 8.1.6. you are 15 years of age or older and your personal data was collected in connection with the offer of information society services on the basis of your consent, or on the basis of the consent of your legal representative if you are younger than 15 years of age.

 8.2. The controller is not obliged to delete your personal data even if it would otherwise be obliged to do so, where the processing is necessary:
 8.2.1. for the fulfilment of a legal obligation requiring processing under Czech or European Union law to which it is subject as a controller or for the performance of a task carried out in the public interest or in the exercise of official authority vested in it as a controller;
 8. 2.2. for the establishment, exercise or defence of legal claims;
 8.2.3. and for the other reasons contained in Article 17(3) GDPR.
 8.3. Please note that in other cases the Controller is not obliged to erase your personal data processed by it. 

Right to restriction of processing of personal data
 9.1 You have the right to request that the Controller restrict the processing of your personal data. The Controller is obliged to comply with your request if:

 9.1.1. you contest the accuracy of the personal data processed and for the time necessary for the Controller to verify its accuracy;

 9.1.2. the processing of your personal data is unlawful and you request only the restriction of its use instead of the erasure of your personal data;

 9.1.3. it no longer needs your personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims;

 9.1.4. you have objected to processing based on legitimate interest, it will restrict the processing of your personal data until it has verified that its legitimate grounds override your objection.

        9.2 It will only process your personal data on the basis of your consent to such processing during the period for which the processing of your personal data is restricted. Please note that, even without consent, it is entitled to store your personal data and to process it for the establishment, exercise or defence of legal claims for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or its Member States.

The right to data portability
 10.1. You have the right to request that the Controller transfer your personal data to you if all of the following conditions are met simultaneously:
 10.1.1. you have provided the Controller with such personal data on the basis of your consent to the processing of personal data or in connection with the performance of a contract to which you are a party and
 10.1.2. the Controller processes said personal data by automated means.
 10.2. It will transmit the structured file with your personal data to you in a format that is commonly used and at the same time machine-readable.
 10.3. Your request to transmit the personal data file directly to him/her will be granted if it is technically feasible for him/her to do so.

Right to object
 11.1 You have the right to object to the processing of your personal data where the Controller processes such data on the basis of a legitimate interest or public interest, including profiling. 
 11.2 The Controller or a third party may have a legitimate interest in the processing. If the Controller receives an objection, it will not process your personal data further. However, this does not apply where the Controller has compelling legitimate grounds for such processing of your personal data which override your interests, rights and/or freedoms, or where it is necessary to process that personal data for the establishment, exercise or defence of legal claims. If the Controller finds compelling legitimate grounds, it will inform you immediately.
 11.3 You have the right to object to the processing of your personal data where the Controller processes such data for direct marketing purposes, including profiling. If the Controller receives your objection, it will not process your personal data further.

Right to lodge a complaint with a supervisory authority
 12.1 You have the right to lodge a complaint directly with a supervisory authority in a member state of the European Union. For the Czech Republic, please contact the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7. For more information about its activities and how to lodge a complaint, please visit its website at www.uoou.cz or the Office's headquarters.
Information on the exercise of your rights
 ◦ You can exercise your rights at the Administrator's e-mail address info@greensgate.cz or you can also send it to the Administrator's address: Horomyslická 1, 330 02 Dýšina.
        ◦ Once the Administrator receives your request, from which it is not obvious who the applicant is, he will have to verify your identity, i.e. the fact that the request was made by an authorized person. If he/she is not sure of your identity, he/she may provide your personal data to a third party. If you refuse to cooperate with the Controller in verifying your identity, the Controller will not be able to comply with the request.
        ◦ The Controller will respond to your request without undue delay, but no later than one month after receiving your request. If, for certain reasons, it is not possible to process your request within this period, the Controller will send you a notice to that effect, extending the period by a maximum of two more months (i.e. a maximum of three months in total).
 ◦ The Controller will send you a response to your request by email to the email address from which the request was received. If you insist that the Controller inform you of the processing of your request in another way, for example by post, please provide this information directly in the submitted request.
     ◦ Your request will be processed by the Administrator free of charge. However, the Controller is entitled to charge you for the costs of providing the requested information or communication or taking the requested action if the request made would be unfounded or unreasonable (in particular if it is repetitive). In such a case, the Controller may also refuse to comply with the request outright.