This guideline is dedicated to the issue of personal data protection in connection with the general regulation for the protection of personal data of natural persons (GDPR – General Data Protection Regulation).
In our general business terms and conditions, GPtickets s.r.o. (hereinafter the “Company”) www.Tickets.GP expresses our commitment to protecting the personal data of our customers, suppliers and business partners. The rules set forth herein define how this commitment will be implemented and the company’s position in the role of the personal data controller.
We understand the importance of protecting your privacy while processing your personal data. To this end, we have adopted policies and rules of conduct that meet or exceed existing legislation.
We emphasize cooperation with companies that uphold the applicable legislation and perform their activities in accordance with the Regulation of the European Parliament and the Council (EU) concerning personal data protection.
Our employees are bound by the company’s internal rules regarding the strict confidentiality of your data. The company provides employees with training about the rules and other obligations concerning data security and protection. Further, the company performs internal audits to assure the fulfilment of our obligations when working with personal data. Access to personal data by employees is strictly controlled so that employees view only such information necessary to perform their work. Employee access to data is limited to perform their work.
When you visit our website, personal data is collected and processed in accordance with the legal regulations valid in the Czech Republic. To optimize the system performance of our website we automatically collect and store information. This information typically consists of your IP address, type of browser and language settings, operating system, internet service provider (ISP) and the date and duration of your visit.
We use this information for the effective management of the website, to obtain information about website user behaviour, to analyze trends and collect demographic data about our users as a whole. This collected information may be used for marketing and promotional purposes and for communication.
The company’s website may include links to other websites. Should you choose to visit these other websites, you would be subject to rules of use of personal data and cookies in use by those other websites.
The organization’s website, e-mail messages, online services, advertising and interactive applications may use “cookies” to optimize service.
A “cookie” is a small file, usually consisting of letters and numbers, which we send to your browser’s cookie file on the hard drive of your computer. This allows us to identify the device of the given user. The main purpose of cookies is to allow our internet server to provide the user with the website to which the user is accustomed, to make the experience of visiting the company’s website more personal and to react better to the user’s individual needs.
The company uses two types of cookies on the website:
Personal data is collected and processed only with your express consent.
With regard to your personal data, we collect only that information which is reasonable and relevant for the given business purpose. This refers to personal data for the identification and communication with you and special categories of personal data which are needed for our business activity in accordance with the respective legal regulations.
Categories of personal data
Within the framework of our activity, we collect the following personal data of customers, business partners and suppliers as unique identifiers:
We collect personal data about employment applicants and employees in accordance with applicable legislation. This information includes:
We work with your personal data:
Upon termination of the stipulated term for processing and storing personal data, your data will be safely deleted or destroyed, anonymized or transferred to the archive.
In the event that you consent for marketing purposes (incl. profiling for the purpose of offering suitable products and services), data is processed for the time necessary to meet such purpose.
The data we process is obtained primarily from the subjects of the personal data. However, we may also learn about you from other sources in order to confirm the information provided.
We process personal data, which is disclosed to us upon entering into a contract and during the term of the contract. In the case of establishing a new business relationship, we process your personal data disclosed by you when entering into a new contract.
If you are our employee or applicant for employment, the source of data may be referenced from former employers or references from internet sources, e.g. social networks such as LinkedIn or other job portals.
We may obtain your personal data and sensitive personal data for the purpose of fulfilling a contractual obligation to you.
We also process personal data legally obtained from publicly available information or in cooperation with government bodies and institutions (in the meaning of Act No. 253/2008 Coll., on selected measures against money laundering and financing of terrorism).
Personal data provided by a third party may be processed but only with your consent.
The company processes personal data only in the scope required to fulfil the respective business purpose. Personal data may be processed under one or more of the following circumstances:
Legitimate purposes of processing
If you are dealing with GPtickets s.r.o. as a customer, business partner or supplier, we will ask you to provide personal data for the following purposes:
Satisfying an employment contract, meeting contractual obligations and/or for human resources management.
If none of the variants is in question or if consent is required by other legal requirements, consent will be obtained from the owner of personal data before processing. When granting consent, we will provide you with the following information:
If processing is reasonably required to handle the request, then consent is assumed (e.g. visiting the website, using the applications of GPtickets s.r.o., personal visits or attendance at social events).
Consent should be the voluntary, specific, informed and definite permission of the subjects of data to the processing of personal data relating to them, expressed in the form of a written statement (also electronically) or oral declaration.
The subject of data has the right to refuse or at any time revoke consent to the processing of personal data.
With the validity of the General Data Protection Regulation, the owners (subjects) of personal data have the right to:
The roles in which we can register your personal data and perform the definite identification of your person are:
Please note that in some cases your rights relating to personal data protection may result in the limitation of our activities with you as well as our contractual relationship.
To learn more about the nature of information processed about you and/or to exercise any rights provided herein, you may submit a request at our address GPtickets s.r.o., Nové sady 988/2, 602 00 Brno, or at our electronic address email@example.com
The request can be accepted in the case of definite identification of the person.
We will process your request/complaint without undue delay and inform you of its handling within 30 days from receiving the request/complaint.
In some cases, the rights and obligations of GPtickets s.r.o. may be superior to the rights of individuals, if under the given specific circumstances there is a justified interest that outweighs the interest of the individual (prevailing interest). The prevailing interest exists if it is necessary:
Within the framework of our activity, your personal data may be provided to:
Third parties are provided with personal data only as necessary to perform a business purpose.
GPtickets s.r.o. cooperates only with processors who provide adequate guarantees of the implementation of suitable technical and organizational measures, so that the given processing meets the legal requirements and ensures the protection of rights of our clients and our employees.
GPtickets s.r.o., Nové sady 988/2, 602 00 Brno (company ID No.: 14176262)
Internal audits of processes and procedures involving personal data processing are performed at our company in order to make sure that we are fulfilling our obligations as mandated by law and by our contract.