IV. [Data gathering and protection]

1. The website serves its functions of gathering of data on users and their behaviour in the following manner:

a) by voluntary disclosure of information in e-mails sent to the e-mail address indicated in the contact

b) by collecting cookies

2. The website collects only data given by the User.

3. Information and data given in a form, in accordance with “the privacy policy, on-line contact form”, as processed for the purpose of the form’s function, i.e., the process of handling of information contact.

4. Data disclosed in the contact form are processed only for the purpose of the Controller and shall not be sold or shared with third parties, in accordance with the Personal Data Protection Act, unless it will involve lodging a claim.

5. Each data subject has the right of:

a) access – to receive a confirmation that their personal data are processed. If personal data are processed, the data subject is authorised to have access to the data and to receive the following information: purpose of processing, categories of personal data, recipients and categories of recipients to whom the data have been or will be disclosed, period of storing the data or the manner of its determination, information on the rights of rectification, erasure or restriction of personal data processing vested in the data subject and to object to the processing (article 15 of the GDPR);

b) receiving a copy of data – to receive a copy of data being the subject of processing, where the first copy is free of charge and on each subsequent copy the controller may impose a fee arising from the administrative expenses.

c) rectification – to request to rectify their personal data which are inaccurate or incomplete (article 16 of the GDPR);

d) erasure – to request to erase personal data when data controller has no legal grounds for their processing or when data are no longer necessary for processing purposes (article 17 of the GDPR);

e) restriction – to restrict personal data processing (article 18 of the GDPR), when:

• • data subject questions accuracy of personal data – for the period allowing the controller to check their accuracy;
  • processing is illegal and data subject objects to erasure and requests their restriction;
  • the controller does not need the said data however they are necessary for the data subject to: determine, pursue or defend legal claims
  • data subject have objected to processing – until legal grounds at the controller’ side are determined to be taking precedence over the grounds for objection;

f) data portability – data subject has the right to receive, in a structured, commonly used, machine readable format, their personal data which have been delivered to the controller, and has the right to send those data to other controller without hindrance from the data controller to whom those data have been delivered (article 20 of the GDPR),

g) objection – to object to processing of their personal data including profiling hereupon. Then the controller has to verify existence of legitimate grounds for processing that override interests, rights and freedoms of data subjects or grounds for determination, pursuit or defence of legal claims. If, according to the verification, the data subject’s interests are more important than the same of the controller, then the controller will be obliged to cease to process the data (article 21 of the GDPR)

h) withdrawal of consent – at any time and without reason, then withdrawal of the consent will result in cessation of processing of personal data by the controller. However, processing of personal data conducted before the withdrawal of consent will remain lawful.

6. In order to exercise the above-mentioned rights, data subject should contact the controller using the given contact details and notify them which right they wish to exercise and in which scope.