1. The controller of personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) is Community Dancers Brno, z. s., Company ID 68728930, registered office: Banskobystrická 2072/178, 621 00 Brno–Řečkovice, registered with the Regional Court in Brno under file No. L 7323, Data Box ID: 4gm54d2 (the “Controller”).

2. The Controller’s contact details are:

   • address: Banskobystrická 2072/178, 621 00 Brno–Řečkovice
   • email (association): community@dingosoft.cz
   • Data Box: 4gm54d2

3. “Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The Controller has not appointed a Data Protection Officer.

1. The Controller processes personal data you provide when applying/registering for an event (course, workshop, etc.) or when ordering ancillary services, as well as data obtained in the course of contract performance.
2. The Controller primarily processes identification and contact data and data necessary for contract performance.

1. The legal bases for processing are:
   • performance of a contract between you and the Controller pursuant to Article 6(1)(b) GDPR,
   • the Controller’s legitimate interest in providing direct marketing (in particular sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR,
   • your consent to processing for the purposes of direct marketing (in particular sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, where no goods or services have been ordered.
2. The purposes of processing are:
   • to process your order and exercise rights and obligations arising from the contractual relationship between you and the Controller; when ordering, the personal data necessary for successful processing (name and contact details) are required. Providing personal data is a necessary requirement for concluding and performing the contract; without providing personal data, the contract cannot be concluded or performed by the Controller,
   • to send commercial communications and carry out other marketing activities.
3. The Controller does not engage in automated individual decision-making within the meaning of Article 22 GDPR. Any such processing would only take place with your explicit consent.

1. The Controller retains personal data:
   • for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the Controller and to assert claims arising from such relationships (for 15 years after the end of the contractual relationship);
   • until consent to processing for marketing purposes is withdrawn, but for no longer than 1 year where the processing is based on consent.
2. After the retention period expires, the Controller will delete the personal data.

1. Recipients of personal data may include:
   • persons involved in organising events, supplying goods/services, or processing payments under a contract,
   • persons involved in ensuring service operation (IT/hosting and support providers),
   • providers of marketing and communication services.
2. The Controller may transfer personal data to a third country (outside the EU) or to an international organisation. Recipients in third countries may include providers of mailing and/or cloud services.

1. Under the conditions set out in the GDPR you have:
   • the right of access to your personal data under Article 15 GDPR,
   • the right to rectification under Article 16 GDPR and, where applicable, the right to restriction of processing under Article 18 GDPR,
   • the right to erasure under Article 17 GDPR,
   • the right to object to processing under Article 21 GDPR,
   • the right to data portability under Article 20 GDPR,
   • the right to withdraw consent electronically to the Data Box address or the Controller’s email stated in Section III of this policy.
2. You also have the right to lodge a complaint with the supervisory authority if you believe your data protection rights have been infringed. The competent authority in the Czech Republic is the Úřad pro ochranu osobních údajů (Office for Personal Data Protection).

1. The Controller declares that all appropriate technical and organisational measures have been adopted to secure personal data.
2. Technical measures have been implemented to secure data repositories.
3. The Controller declares that only authorised persons have access to personal data.

1. By submitting an order via the online form / application / registration, you confirm that you have read and fully accept this Privacy Policy.
2. You give your consent by ticking the consent box in the online form. By ticking the box, you confirm that you have read and fully accept this Privacy Policy.
3. The Controller may amend this policy. The new version will be published on the Controller’s website and/or sent to the email address you have provided.
4. This policy is drawn up in the Czech language and may also be available in other language versions. In the event of any discrepancies in interpretation between the language versions, the Czech version shall prevail and be binding.

This policy takes effect on: 1 September 2025