The Controller of personal data
Brutal Assault Agency s.r.o., with its registered office at Na Harfě 916 / 9a, 190 00 Prague 9 - Vysočany, ID No. 241 98 161, registered in the Commercial Register of the Municipal Court in Prague under the file number C 187858, as the administrator of personal data (hereinafter referred to as “we” or “the Controller”) issued this information within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95 / 46 / EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”) hereby to inform about the processing of your personal data and about your rights. The Controller did not appoint a data protection officer. You can exercise your rights at the Controller’s address or at the e-mail address shop@brutalassault.com.
Data subjects
Data subjects are customers (i.e. festival visitors), potential customers, representatives of legal entities in business dealings with the Controller, employees of the Controller, external suppliers and other cooperating natural persons. This information page describes the processing of personal data of customers, potential customers, representatives of legal entities in business dealings with the Controller and external suppliers. Employees and cooperating individuals are informed in a different way.
Scope of processing
The Controller processes or may process the following personal data: name and surname, position in the company, address of residence, correspondence address, employer, date of birth, ID number, VAT number, telephone number, e-mail address, bank details. Personal data is generally collected from data subjects directly, in exceptional cases also from publicly available registers (e.g. from the commercial or trade register).
Purposes and legal bases (titles) of processing
The Controller processes or may process your personal data for explicit and legitimate purposes on the basis of several legal titles. If you have already concluded a contract with us or if it is a matter of concluding it, the related processing of your data falls under the legal title of performance of the contract. The processing of some of your personal data is also required by special legal regulations (e.g. in the field of bookkeeping and tax collection), in which case the legal title is the fulfillment of the legal obligation of the Collector. If a contract has already been concluded, we try to provide the most out of our products. Therefore, the Collector can send you newsletters, offers of related services and many other useful information. We may process some of your personal data for the protection of our interests, e.g. for the purposes of defense in an impending legal dispute. All this is done on the basis of our legitimate interest. If you are not our customer and we still send you information in the form of e-mail messages, this is done on the basis of the consent you have given us.
Processing time limit
If the legal title for the processing of personal data is the performance of the contract, we process your data for the duration of the contract. We can then process your personal data on the basis of a legitimate interest (e.g. for our own records of business cases or for the possibility of defense in the event of a legal dispute), usually for a period of 5 years after the sale. Processing on the basis of a legal obligation is based on individual legal regulations, which set specific deadlines. If the legal title of the processing of your personal data is consent, we process it for the period specified in the specific text of the consent.
Personal data transfer
As such, personal data is not systematically passed on to third parties. However, the transfer may occur as a result of the Collector’s usage of certain information technology services or accounting and tax advice. Personal data is not transferred outside the EU. We are ready to provide more detailed information on request.
Your rights
Withdrawal of consent: For some purposes, we may only process your personal data with your consent. This consent is voluntary and you can revoke it at any time by the means listed in the text of the relevant consent or by contacting us at the above listed contacts. If you decide to do so, your personal data may not be further processed for the relevant purposes. However, your personal data may still be processed for other purposes, which are based on legal regulations.
Right of access: At any time you have the right to obtain information about which personal data we process. We will handle your request immediately and free of charge. As part of the right of access, we also provide copies of the personal data that we process.
Right to rectification and processing restrictions: If you find any of your personal data outdated, incomplete, or incorrect, you have the right to request the rectification of this data and to stop its processing until the process is done. You can also ask for restrictions on the processing of personal data for selected purposes.
Right to deletion: You can request us to erase without undue delay the processed personal data. If the processing of personal data was based on consent, the deletion of such data will be considered as a revocation of consent; in the case of contract negotiations, this request will lead to the termination of these negotiations.
Right to object: You may object at any time to processing of the data based on a legal basis of legitimate interest (see above). If the objection concerns processing for direct marketing purposes, your personal data will no longer be processed for these purposes. In other cases, we will only process your personal data if we demonstrate serious legitimate reasons for the processing that outweigh your interests or rights and freedoms.
Other information: If you have any doubts about the processing of personal data, you can contact us with an inquiry for explanation. You can also make a complaint to the Office for Personal Data Protection. Information memorandum
This document is effective as of January 01, 2019.