Personal Data Protection

 Information on the processing and protection of personal data

1. The protection of your personal information is important to us

The South Moravian Tourist Authority (SMTA), registered address at Radnická 2, Brno, 614 00 (hereinafter the “Data Controller”), takes the protection of your personal data very seriously. We process your personal data on the http://www.ccrjm.cz/ website always in accordance to valid and effective legislation regulating the protection of personal data, in particular the EU Regulation 2016/679 (GDPR).
 
In addition to introducing technical measures, we've trained our staff who have access to data and are now required to keep your data confidential. In case of any questions, please contact us at info[at]ccrjm.cz.

 2. The data we collect

Based on your consent to the processing of the data, the Data Controller is authorized to process your data in accordance with valid and effective legislation.
Data processing at www.ccrjm.cz
Based on your consent to the processing of the data contained on our website, the Data Controller will record such data that the Data Controller uses to processes and evaluate the performance of the website. The data is used by the Data Controller only internally and, in accordance with the processing contracts between the Data Controller and the individual Processors (see Article 7 below), the data is only passed on to those Processors and to no other entities. The data is collected by the Data Controller for the following purposes:
 
• web site analysis, market research and subsequent website optimization,
• editing the content of the site according to visitors’ needs,
• improving user satisfaction and user friendliness.
 
The data that the Data Controller collects and processes are as follows: IP address and type of web browser, cookies, e-mail address in case of newsletter subscription, contact details when the contact form is completed.

There is no profiling or automated decision making taking place on the website.


3. IP addresses and type of web browser

The IP address and web browser type are processed in order to display the website correctly, by evaluating user data, such as testing software and site changes. The IP address is further processed to prevent and protect Data Controller’s server from cyber-attacks. The storage and processing of personal data for the above purposes lasts for 3 years from the last access to the website.
IP addresses are collected by the Google Tag Manager programme, which anonymises them and passes them on to Google Analytics. It makes it possible to observe visitor behaviour on a website, but it is not possible to trace a specific person.


4. Cookies

The Subject person agrees to storing of cookies on their computer or other device. These are small files that allow users to revert to previous user settings (language version etc.) when they visit the site repeatedly. Cookies do not enable access to other data on the Subject's computer. The Data Controller uses cookies to improve the structure of the content on the site and to accommodate the needs of the visitors, improving the navigation structure, resulting in better user convenience.
Each internet browser usually accepts all cookies for 30 days from the last visit. However, you can set your browser settings to not accept any cookies or delete them automatically when your internet session ends.
 

5. E-mailing

A visitor to the site can voluntarily subscribe to a newsletter with information on tourism in South Moravia presented by experts. In addition to the above-mentioned GDPR, E-mailing is operated in accordance with Act No. 480/2004 Coll., On Information Society Services. When signing in, you need to fill in:
 
a. Name and surname 
b. Check the consent to receive box
c. Confirm consent in the so-called double opt-in email, that is, an e-mail that arrives in the visitor's mailbox immediately after being registered for the newsletter and confirming their consent to receiving the newsletter for the second time. This is to prevent third persons from being subscribed.
 
The e-mail address is kept for the duration of the e-mail distribution, for at least 3 years from 25 May 2018. One can leave the e-mail database by sending an e-mail to info[at]ccrjm.cz, by sending a letter to the SMTA or by clicking the appropriate opt-out link in the footer of each e-mail.
 
A visitor to the site is obliged to enter their personal data (e-mail address in this case) correctly and truthfully and is obliged to inform about a change in this information without undue delay. If a visitor is under 16 years of age and wants to subscribe to a newsletter, this must be supported by the consent of a legal representative.


6. Contact form

In the Contacts section, you can find a contact form where you enter your name, email, profession and message. The message is sent to info[at]ccrjm.cz. This data is collected and processed on a one-off basis, and they are irrevocably deleted after the query has been processed.
 

7. Data Processors

The Data Controller is a data Processor and Data Controller; the following Processors also help with processing:

a. Google Analytics and Google Tag Manager software provider: Google Czech Republic, s.r.o., registered address at Stroupežnického 17, 150 00, IČ 276 04 977
b. Mailchimp software provider: The R. S. Group, LLC, registered address at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 303 08 USA 
c. Webmaster: Agentura Kreatura, s.r.o., registered address at Kameníčkova 2, Brno 616 00 
d. Alternatively, other providers of processing software, services, and applications that are not currently used by the SMTA.
The Processors section is regularly updated. The Data Controller has a signed a data processing contract with each Processor and each one is selected to guarantee the lawful and safe use of the data.


8. Data Subject

The Data Subject gives his / her consent voluntarily and freely. One’s consent can be revoked at any time by e-mailing the data Data Controller at info [at]ccrjm.cz. The request is effective at the time of delivery to the Data Controller. The Data Subject also has the right to:

a. Request information from the Data Controller on what personal data they are processing, and request an explanation from the Data Controller concerning the processing of personal data (right to information)
b. Request access to this data from the Data Controller and update or correct it (access rights),
c. Have the Data Controller correct or supplement the data (right to correct),
d. Require the Data Controller to delete such personal data (right of cancellation);
e. Revoke one’s consent, or limit the processing of the data (right of limitation),
f. Have the data transferred (transferability);
g. Object (right of objection),
h. In case of doubt about compliance with the obligations linked to the processing of personal data, contact the Data Controller or the Personal Data Protection Authority.