Skip to content
A place where the creative spirit lives.
CZ
Contact
Insights

Our Offer

Set up

Expand

Innovate

Work

Invest

Know

Organize

Our Region

Our Network

Contact

Personal data

pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

These rules on the protection and processing of personal data (hereinafter referred to as the “Rules”) describe which personal data of clients who are natural persons, or also of other customers in relation to natural persons acting on their behalf (hereinafter referred to as the “Data Subject”), are processed in the course of activities of Technologické inovační centrum s.r.o., Company ID No.: 26963574, with its registered office at Zlín, Vavrečkova 5262, Postal Code: 760 01, registered in the Commercial Register maintained by the Regional Court in Brno, Section C, Insert 48562 (hereinafter referred to as the “Controller”).

These Rules set out the types of personal data we collect and process when you use our services, as well as the manner in which your personal data are used, shared, and protected. You will also find an explanation of the options available to you in relation to your personal data, and how you can contact us. We hereby inform you below about the processing of your personal data and your rights in accordance with Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter also referred to as “GDPR”).

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

PROCESSORS AND RECIPIENTS OF PERSONAL DATA

The Controller is entitled to disclose personal data to entities with which it has concluded a personal data processing agreement and which will process personal data for the Controller as processors, and at the same time, personal data of the Data Subject may be further disclosed to the following recipients/categories of recipients:

– the Controller’s suppliers,
– customers,
– employees of the Controller,
– persons in another contractual relationship with the Controller (e.g., providers of marketing and advertising services, auditors, security agencies, business plan evaluators),
– financial institutions and insurance companies,
– state authorities in fulfilling legal obligations laid down by relevant legal regulations (e.g., the Zlín Region, supervisory authorities).

CATEGORIES OF PROCESSED PERSONAL DATA

The Controller is authorized to process in particular the following personal data of the Data Subject:

– address and identification data used for the unique and unmistakable identification of the Data Subject (e.g., name, surname, title, date of birth, or personal identification number, permanent residence address, place of business, mailing address, company ID, tax ID) and data enabling contact with the Data Subject (e.g., phone number, fax number, email address, contact address, and other similar information),
– descriptive data (e.g., bank details, payment information or credit card data, order history),
– images, photographs, and videos,
– login information to the account, including the username used on the Internet, password, and unique user ID,
– data provided beyond the scope of relevant laws, processed under consent granted by the Data Subject (e.g., use of personal data for personnel proceedings, use of personal data for promotional purposes, etc.),
– personal settings (preferences), including settings related to marketing and the use of cookies by the Data Subject,
– other data necessary for fulfilling a contract,
– other personal data provided to the Controller by the Data Subject.

PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

The Controller processes personal data of the Data Subject for the purposes of:

a) performance of a contract, based on Article 6(1)(b) of the GDPR,
b) compliance with a legal obligation of the Controller laid down by generally binding legal regulations, based on Article 6(1)(c) of the GDPR (e.g., the obligation of the Controller to retain accounting and tax documents, obligations related to provided subsidies, etc.),
c) the establishment, exercise, or defense of legal claims of the Controller, based on Article 6(1)(f) of the GDPR (e.g., informing the subsidy provider about the participation of Data Subjects in events),
d) sending commercial communications, based on Article 6(1)(f) of the GDPR due to the legitimate interest of the Controller in direct marketing,
e) other marketing purposes of the Controller related to the offering of products and services; sending information about organized events, provided services, and other activities (e.g., in the form of newsletters, telemarketing); contacting for market surveys and marketing research; contacting to send Christmas, Easter, or other holiday greetings and discount vouchers, etc., based on Article 6(1)(a) of the GDPR.

DURATION OF PERSONAL DATA PROCESSING

Personal data will be processed only for the period necessary with regard to the purpose of their processing. In view of the above:

– for the purpose under letter a) above, personal data will be processed until the obligations from the contract expire (this does not affect the Controller’s right to further process such personal data – to the necessary extent – for the purposes under letters b), c), d), and/or e) above),
– for the purpose under letter b) above, personal data will be processed for the duration of the relevant legal obligation of the Controller,
– for the purpose under letter c) above, personal data will be processed until the end of the 4th calendar year following the expiration of the warranty period under the contract (if a quality guarantee was agreed in the contract), but at least until the end of the 5th calendar year following the expiration of the obligations from the contract,
– in case of initiation and duration of judicial, administrative, or other proceedings in which the rights or obligations of the Controller are addressed in relation to the relevant Data Subject, the period of personal data processing for the purpose under letter c) above shall not end before the conclusion of such proceedings,
– for the purpose of sending commercial communications under letter d) above, personal data will be processed until the Data Subject expresses their objection to such processing,
– for the purposes under letter e) above, personal data will be processed for the period for which the Data Subject granted the Controller consent under a separately agreed consent to personal data processing. The Data Subject acknowledges that before the expiry of this period, the Controller may contact them to renew their consent.

No later than the end of the calendar quarter following the expiration of the processing period mentioned above, the relevant personal data for which the purpose of processing has ceased will be destroyed (by shredding or other means ensuring that unauthorized persons cannot access the data) or anonymized.

METHOD OF PERSONAL DATA PROCESSING

The processing of personal data is carried out by the Controller. Processing is carried out at the Controller’s registered office by the Controller’s authorized employees or by Processors. Processing is carried out via computer technology or manually in the case of paper-based personal data, in compliance with all security principles for the management and processing of personal data. For this purpose, the Controller has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, their alteration, destruction or loss, unauthorized transmission, unauthorized processing, as well as other misuse of personal data. All entities to which personal data may be disclosed respect the Data Subjects’ right to privacy and are obliged to comply with applicable legal regulations on the protection of personal data.

No automated individual decision-making or profiling will be carried out based on the provided data. Personal data of Data Subjects may be transferred to third countries (i.e., countries outside the EU and EEA). The Controller is entitled to provide the personal data of Data Subjects obtained in accordance with these rules also to relevant recipients/categories of recipients located outside the EU and EEA. In the event of the transfer of personal data to third countries, the Controller uses adequate mechanisms to protect the data, including in particular: analysis of the level of protection in the third country, conclusion of standard contractual clauses approved by the European Commission, or verification of “Privacy Shield” certification if the recipient is located in the USA (more information about this certification is available at: https://www.privacyshield.gov/list).

When providing personal data of Data Subjects to a third party located outside the EU and EEA, the Controller proceeds as follows:

● internal check for the existence of a European Commission adequacy decision under Article 45 GDPR: The Controller transfers personal data of Data Subjects to data recipients in third countries for which the European Commission has assessed that they provide an adequate level of data protection (so-called Adequacy Decision). As of the date of publication of these rules, the following countries are considered adequate: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Switzerland, Jersey, New Zealand, Uruguay, Isle of Man, Japan, and the United States of America (limited to the “Privacy Shield”). More information about the European Commission’s decisions is available at: https://ec.europa.eu/info/law/law-topic/data-protection_cs.

● verification of certification type of measures approved by the European Commission to ensure appropriate protection for the transfer of personal data: The Controller transfers personal data of Data Subjects to recipients in third countries for which the European Commission has not issued an adequacy decision. To comply with data protection regulations, the Controller uses data transfer mechanisms approved by the European Commission (standard contractual clauses, available at: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:CS:PDF, https://eur-lex.europa.eu/legal-content/CS/TXT/PDF/?uri=CELEX:32004D0915&from=CS). Where necessary, the Controller also verifies whether the recipient has binding corporate rules for data protection (these constitute a protective mechanism approved by the European Commission under Article 47 GDPR).

INFORMATION PROVIDED TO DATA SUBJECTS UNDER GDPR

In connection with the processing of their personal data, Data Subjects have a number of rights, including the right to request from the Controller:

– access to their personal data (under the conditions of Article 15 GDPR),
– rectification or erasure of personal data (under the conditions of Article 16 or 17 GDPR),
– restriction of personal data processing (under the conditions of Article 18 GDPR),
– objection to the processing of personal data (under the conditions of Article 21 GDPR),
– the right to data portability (under the conditions of Article 20 GDPR),
– the right to withdraw consent to the processing of personal data, either in writing or electronically to the address or email of the Controller provided in these Rules.

If the Data Subject discovers or believes that their personal data are being processed in violation of the protection of the private and personal life of the Data Subject or in violation of legal regulations, they have the right to contact the Controller with a request for explanation and/or for remedy. The request must be submitted in writing by letter or email to the Controller’s contact details: gdpr@ticzlin.cz.

If the Data Subject’s request is found to be justified, the Controller will immediately remedy the defective situation. This does not affect the right of the Data Subject to contact the supervisory authority, the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, +420 234 665 555, www.uoou.cz.

CONCLUSION

The Controller reserves the right to change the rules for the protection and processing of personal data in any way and at any time, and the current version will always be published on the following websites operated by the Controller:
www.ticzlin.cz; www.katalogfiremzk.cz; www.mujprvnimilion.cz; www.zlin.jobs; www.ris3meet.cz; www.createdinzlin.cz; www.liveinzlin.cz; www.mejsvujsmer.cz; www.podnikatelskaakademie.info; www.tictalk.cz; www.zlinbusinessregion.cz; www.zlinbusinessregion.com; www.zlintalentregion.cz; www.zlintalentregion.com.

We are creatives, innovators and
entrepreneurs. We are the Zlín Business Region.