Personal Data Processing Policies of Beskydská Golfová, a.s.

Introduction

Protection of natural persons in connection with processing of personal data and also protection of the personal data belong to the basic obligations we fulfil in our business activities. The personal data we process are under our control at all times; and thanks to the technical and organizational measures we have adopted, we are able to secure the personal data from unauthorized access, loss or destruction. The purpose of this document is to provide you with information about what personal data of yours we process, from what sources we obtain them, for what purpose and how we process them, to whom they may be further transferred, the duration of their processing and what your rights are related to data protection.

 

Information about the Personal Data Controller

Your personal data are processed by Beskydská Golfová, a.s., with the registered office at 415, 739 61 Ropice, Business ID 25352920; the company registered in the Commercial Register maintained by the Regional Court in Ostrava, Section B, File 1463 (hereinafter also referred to as the “Data Controller”). If you need information regarding the processing of your personal data or if you need to exercise your rights listed here below, you may do so in writing - by a registered letter sent to the address of the company's registered office or electronically to the following e-mail address: anna.cieslarova3@trz.cz, or by calling the number +420 724 478 520.

 

Personal data we process

1) Identification data:

  • Name and surname, degree:
  • date of birth
  • address of residence
  • tax identification number and business ID number of the natural person - entrepreneur

 

2) Contact details:

  • telephone number
  • fax number
  • e-mail address
  • delivery address, if applicable

 

3) Other data:

  • name of the golf club of which you are a member
  • membership number and handicap (HCP)
  • results of the golf tournament
  • details of payments billed and paid for a game
  • bank account in case of commercial transactions

The scope of processing of the personal data depends on the purpose for which the personal data are processed in a particular case.

 

Sources we Obtain Personal Data from

We obtain the personal data primarily from you, in connection with arranging a game on the golf course of the Ropice Golf Resort, when organizing and holding golf competitions or when concluding business and supplier relationships. In some cases, we also obtain the personal data from the records of the Czech Golf Federation, which are publicly available, or from the organisers of golf tournaments. However, we act very transparently in all the cases.

 

What Purposes are the Personal Data Processed for and on what Legal Basis

We process the personal data primarily for the purpose of providing services related to your playing on the golf course of the Ropice Golf Resort and also related to your participation in golf tournaments and competitions organized in this golf resort. The legal basis to process the personal data in this case is the performance of the contract for provision of services related to playing on the golf course of the Ropice Golf Resort, concluded with you or on your behalf.

We also process your personal data for the purposes of concluding and performing business contracts in connection with provision of goods and services for our company. The legal basis for the processing in this case is the performance of the contract we are entering into with you.

We also process personal data for the purpose of fulfilling our legal obligations under generally binding legal regulations, in particular the obligations arising from the Accounting Act and tax regulations.

We also process your results achieved at golf tournaments and competitions held at our golf facility; and in the cases stipulated by the regulations of the Czech Golf Federation, we provide them to the golf federation for publication on their websites.

Photographs (snapshots) or video footage (video recording) are usually taken from the golf tournaments. However, we do not create any records of the natural persons depicted from such photographs or video recordings, nor do we associate any other personal data with them; which means that we do not further process such image data. However, you are entitled to refuse the taking of photographs or image records from which your identity can be determined.

 

Recipients of Personal Data

Your personal data are processed by our company (the Data Controller) only for the above-mentioned purposes, while the entire processing is organizationally and technically secured to prevent unlawful or unauthorized processing of personal data, especially by third parties. Your personal data are taken as confidential. However, the Data Controller may also provide your personal data to the following persons to the extent necessary and for the defined purpose:

  • persons who provide the Data Controller with services involving the disclosure of personal data (e.g. IT services, game registration system, processing of tournament results, accounting and tax advice)
  • golf tournament organisers (in particular the results)
  • the Czech Golf Federation, business ID: 45251100 (name and surname, registration number, HCP, golf club, tournament result)
  • state authorities and other persons who are entitled to request personal data on the basis of legal regulations.

When selecting persons who carry out personal data processing operations for the Data Controller on the basis of a processing contract (processors), emphasis is placed on their expertise, credibility and ability to ensure proper processing of personal data and protection of the rights of the subjects concerned from an organisational and technical point of view.   

 

Transfers of Personal Data to Third Countries

Your personal data will not be transferred to persons outside the European Union.

 

Period for which the Personal Data are to be Kept

Personal data will only be processed (stored) for as long as necessary for the purposes for which they are processed. In case of a contractual relationship, your personal data will be kept for at least the duration of the contract or for the period necessary for the performance of the contract and the exercise of the rights under the contract, which shall not exceed 10 years. For the purposes of processing the results of the documents of golf tournaments and competitions, personal data will be kept for 60 days following the date of the tournament. For the purpose of fulfilling the legal obligations of the Data Controller arising from generally binding legal regulations, the personal data will be kept for the archiving period specified by the legal regulations, but no longer than 10 years.

 

Profiling

No automated decision-making or profiling is to be carried out by the Data Controller on the basis of the personal data provided.

 

Your Rights in relation to Processing of Personal Data

Your personal data are to be processed in accordance with the principles set out in Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”). These principles give you the rights the smooth exercise of which we are obliged to properly ensure. These are the following rights:

 

  • The right for information and access to personal data

You are entitled to contact the Data Controller at any time to obtain information as to whether or not your personal data are being processed and, if so, to obtain the relevant confirmation from the Data Controller, as well as the access to such personal data and information to the extent set out in Article 15 of the GDPR. You will also be provided with a copy of the personal data processed.

 

  • Right to Rectification of Personal Data

You are entitled to request that the Data Controller rectifies your inaccurate personal data or complete incomplete personal data held about you, without any undue delay.

 

  • Right to Erasure of the Personal Data (“Right to be Forgotten”)

You are entitled to request that the Data Controller erases your personal data without any undue delay if he/she does not have sufficient legal grounds for processing them.

 

  • Right to Restriction of Processing the Personal Data

Until the disputed issues regarding the processing of your data are resolved, in particular if you contest the accuracy of the data processed by the Data Controller, or if the processing is unlawful but you refuse to erase such personal data or if you object to the processing, you are entitled to request the Data Controller to restrict the processing. In such the case, your personal data will only be stored and will not be processed in any other way without your consent.

 

  • Right to Data Portability

If the processing of personal data is based on consent or contract and if the processing is carried out by automated means, you are entitled to the so-called data portability; that is the right to receive the personal data you have provided to the Data Controller, in a structured, commonly used and machine-readable format (e.g. PDF format).

 

  • Right to Object to the Processing of Personal Data

If the processing of personal data is based on the legitimate interest of the Data Controller or it is to be done for the direct marketing purposes, you are entitled to object to the processing of your personal data. If you object to direct marketing, your personal data will no longer be processed for this purpose. In other cases, the Data Controller shall assess whether or not there are serious legitimate grounds for processing that override your interests, rights or freedoms and whether or not he/she may continue processing. The Data Controller will inform you of the result of the assessment without any undue delay.

 

Exercise of Rights

You can exercise your rights with the Data Controller in the form and with the contact details provided in the section called “Information about the Data Controller”.  On the basis of your request, the Data Controller will inform you of the measures taken, without undue delay, but no later than one month after receipt of the request. This period may be extended by further two months if necessary and in view of the complexity and number of requests, of which you will be informed in due time.

The Data Controller shall notify the individual recipients to whom the personal data have been disclosed of any rectification or erasure of personal data or restriction of processing, except where this proves impossible or would involve a disproportionate effort.

If you believe that your rights have been violated in connection with the processing of your personal data by the Data Controller, you may also place a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz.