Personal Data Protection Principle
With these Personal Data Protection Principles (hereinafter referred to as the "Principles") we inform the data subjects,
whose personal data we process, of all processing activities as well as of the privacy protection principles of data subjects.
1. Responsible parties
Personal data controller:
Myia Systems s.r.o., Company registration No. 041 62 404, having its registered office at Drtinova 557/10, Smíchov, 150 00 Prague 5
email: events@myia.systems
(hereinafter referred to as "we", "our" or "us")
Myia Systems s.r.o., Company registration No. 041 62 404, having its registered office at Drtinova 557/10, Smíchov, 150 00 Prague 5
email: events@myia.systems
(hereinafter referred to as "we", "our" or "us")
2. Basic terms
GDPR:
- The Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC effective as of 25 May 2018.
Personal data:
- Within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter also referred to as "GDPR"), personal data means any information relating to an identified or identifiable natural person (i.e. data subject = You).
Special category of personal data:
- Special category of personal data means data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation of natural person.
Data subject = You:
- Data subject means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of personal data:
- Processing of personal data within the meaning of Art. 4 (2) of GDPR means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller = Us:
- Controller within the meaning of Art. 4 (7) of the GDPR means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law, and so the controller may also be the Company.
Processor:
- Processor within the meaning of Art. 4 (8) of the GDPR means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; and so also the given Company’s business partners who, upon request of and as required by the Company, or rather by the responsible employee of the Company, process personal data for the Company as a controller.
Supervisory authority:
- Supervisory authority means, in the Czech Republic, The Office for Personal Data Protection (hereinafter referred to as “OPDP”).
Risky processing:
- Risky processing means processing which is likely to present a risk to the rights and freedoms of the data subject and is not occasional, or includes the processing of special categories of data as referred to in Article 9(1), or the processing of personal data relating to criminal convictions and offences referred to in Article 10 of the GDPR.
Automated individual decision-making, including profiling:
- means any form of decision-making based on automated processing of personal data, i.e. without human intervention, consisting of, inter alia, evaluation of certain personal aspects relating to a data subject, in particular to analyse or predict aspects concerning that data subject's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
3. Categories of data subjects, personal data processed, purpose, legal basis and processing time
We operate the Myia mobile application, which is a tool for conferences and other events
(hereinafter referred to as "Events") that will make your work easier, enable the attendees to be actively involved
in the action and simplify the organisers’ communication with the attendees; we also operate the Myia Events web interface,
which helps organisers to manage events.
We process personal data of the following categories of data subjects:
- a) Attendees
- b) Event organisers
- c) Suppliers of goods and services
We process personal data for unambiguously defined purposes and for as long as necessary according to following table. After this time,
personal data may be kept only for state statistical purposes, scientific or archival purposes.
Categories of data subjects whose personal data we process | The purpose of the processing of personal data | Legal basis and the processing of personal data | Processing time |
---|---|---|---|
Attendees | Use of Myia application services (in particular, allowing active involvement in an event, access to supporting documents of a particular event, asking questions and rating of messages). |
|
Personal data may be processed for this purpose for six months from the end of the event. |
The ability of users to revisit the papersmessages, questions and discussions of an individual event and get back to its attendees. |
|
For this purpose, personal data may be processed for an unlimited period until you manually delete it. | |
The offers of persons suitable for networking at events ("matchmaking"). |
|
For this purpose, personal data may be processed for an unlimited period until you uninstall the application / cancel your Myia account. | |
Offer of relevant events in the application. |
|
For this purpose, personal data may be processed for an unlimited period until you uninstall the application / cancel your Myia account. | |
Organisers of conferences and events | Performance and implementation of the contracts entered into with organisers |
|
For this purpose, personal data may be processed for the time of duration of the contract (which is until you cancel your profile in the application). |
Meeting our accounting and tax obligations |
|
For this purpose, personal data may be processed for up to 5 years from the end of the reporting period in which the transaction was made. | |
Dissemination of commercial messages in the form of email newsletters containing the offer of goods and news |
|
For this purpose, personal data may be processed for an unlimited period until the receiver unsubscribes from enrolment. | |
Suppliers of goods and services | Performance and implementation of contracts entered into with attendees. |
|
For this purpose, personal data may be processed for the time of duration of the contract (which is until you cancel your profile in the application). |
Meeting our accounting and tax obligations |
|
For this purpose, personal data may be processed for up to 5 years from the end of the reporting period in which the transaction was made. | |
Recovery of claims arising from contracts; warranty claims |
|
For this purpose, personal data may be processed for 3 years; or, in the event of a judicial dispute, for its entire duration. | |
Dissemination of commercial messages in the form of email newsletters containing the offer of goods and news. |
|
For this purpose, personal data may be processed for an unlimited period until the receiver unsubscribes from enrolment. |
4. Recipients of personal data and personal data transmission outside of the European Union
We may also transmit your personal data to other bodies (hereinafter referred to as the "recipients") in justified cases.
Personal data may be transmitted to the following recipients:
- The organisers of conferences and events in which you participate (including active involvement in the event, access to supporting documents, evaluation of papers, discussion, etc.);
-
The processors who process your personal data based on our instructions and with whom our relationships are treated in accordance with the requirements of Article 28 of the GDPR, when using the following services:
- Office 365 (cloud storage for our company documentation)
- Mailchimp (mail system for sending newsletters)
- GoPay (payment gateway for the Myia application)
- SmallChat, Facebook Messenger (online support on website)
- MS Azure (cloud for operating the Myia application and website);
- Public authorities and other bodies if required by law;
- Other entities in the event of unexpected events, when providing data is necessary for the protection of life, health, property or other public interest, or if it is necessary for the protection of our rights, property or safety.
Personal data is not normally transferred to the third countries. If the event organiser exceptionally processes data outside of the territory of the EU, said organiser is obliged, under our terms and conditions, to obtain explicit and informed consent for such processing from each attendee.
5. Personal data protection principles
Legitimacy
- We process your personal data in accordance with applicable legislation, particularly with the GDPR.
Consent of data subject
- We process personal data only in the manner, and to the extent, to which you have granted us your consent, if the consent is the basis of the processing.
Minimization and restriction of the processing of personal data
- We process personal data only to the extent that is necessary for reaching the purpose of its processing, and for no longer than it is necessary for reaching the purpose of its processing.
Accuracy of the personal data processed
- We process personal data with an emphasis on its accuracy. Using appropriate means, we process the most up to date personal data.
Transparency
- With these Principles and a contact person, you can get to know how we process your personal data, as well as understand its scope and content.
Restriction of purpose
- We only process personal data to the extent necessary for reaching the given purpose and in accordance with such purpose.
Safety
- Personal data is processed in a manner that ensures its proper safety, including its protection using proper technical or organizational measures against unauthorized or illegal processing and against accidental loss, destruction or damage.
6. Automated individual decision-making and profiling
During the processing of personal data, automated individual decision-making does not take place, even on the basis of profiling.
7. Your rights as a data subject
Right to access personal data
- You have the right to require from us the access to personal data relating to your person. In particular, you have the right to obtain confirmation from us as to whether personal data relating to your person has or has not been processed, and to obtain other information on the data being processed and information on the processing method in the context of relevant provisions of the GDPR (purpose of the processing, personal data category, recipients, planned storage period, existence of your right to require correction, erasure, restriction of the processing or the right to object, the source of personal data, and the right to lodge a complaint). In the event of a request, we will provide you with a copy of your personal data that we process, at no cost. In the event of a repeated request, we may charge a reasonable fee corresponding to the administrative costs of processing for providing the copy. The vast majority of your data that we process can be found directly in the application or user account. To obtain complete access to your personal data, contact us at the email address provided in the heading.
The right to revoke consent to process personal data if the processing is performed based on consent
- You have the right, at any time, to revoke your consent to process personal data that is processed by us based on such consent. You can revoke your consent directly in the application. You can also write to us at the email address provided in the heading.
Right to correction, limitation or erasure
- If you find out that your personal data is inaccurate, you can request that we correct it without undue delay. If it is reasonable with regard to the specific circumstances of the case, you can also request adding data we keep on you. You can perform correction, restriction of processing or erasure yourself directly in the application or user account. Should any issues arise, please contact us at the email address provided in the heading.
Right to the erasure of personal data
-
You have the right to request that we, without undue delay, erase personal data that relates to you and that we process, even in the following cases:
- if you revoke your consent to process personal data and on our end, there is no other legitimate reason to process it that would outbalance your right to erasure;
- if you object to the processing of personal data (see below);
- your personal data is no longer needed for the purposes, for which we collected it or otherwise processed it;
- we processed personal data illegally;
- we collected personal data in connection with an offer of information society services to a person under the age of 18 years;
- personal data must be erased in order to comply with a legal obligation that applies to us and is provided for in European Union legislation or Czech law.
- Erasure of data can be performed by removing your photo, cancelling your Myia account or cancelling the user account of the organiser. Or, you can contact us at the email address provided in the heading.
Right to request the erasure of personal data is not guaranteed in situations where the processing is necessary
-
- for exercising the right of freedom of expression and information;
- for compliance with our legal obligations;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if it is likely that erasure of data would render impossible or seriously impair the achievement of the objectives of that processing;
- for the establishment, exercise or defence of legal claims.
- In order to verify whether there are reasons for the inability to use the right to erasure, contact us at the email address provided in the heading.
Right to the restriction of processing of personal data
- You have right to request that we restrict the processing of your personal data in cases when:
-
- you deny the accuracy of personal data. In this case, the limitation applies to the time necessary for the verification of personal data accuracy;
- processing is illegal and you deny erasure of personal data and request that we restrict its use instead;
- your personal data is no longer needed for the purposes for which we were processing it, but you need it for the establishment, exercise or defence of legal claims;
- you object to the processing (see below). In this case the restriction applies until it is verified whether our legitimate reasons prevail over your legitimate grounds.
- During the time of restriction of the processing of personal data, we can process personal data (with the exception of its storage) only with your consent or for the reason of establishment, exercise or defence of legal claims, for the reason of protection of the rights of another natural or legal person, or for the reason of important public interest of the Union or any Member State. Restriction of processing can be requested by an email sent to the contact details provided in the heading.
Right to object the processing
- You have right to object the processing of your personal data in the following cases:
-
- In the event that your personal data is processed for the reason that the processing is necessary for completing a task performed in the public interest or in the exercise of public interest, which we are instructed to carry out, or for the purposes of our legitimate interests, and you object the processing, we cannot continue processing data unless we prove serious justified reasons for the processing that prevail over your interests, rights and freedoms, or reasons for the establishment, exercise or defence of our legal claims.
- If data is processed for the purposes of direct marketing and you object to the processing, we will not process personal data for such purposes any longer.
- If your personal data is processed for scientific or historical research purposes or statistical purposes, we will not process it any longer unless the processing is necessary for completing the task performed in the name of the public interest.
- You can object the processing by sending an email to the contact details provided in the heading.
Right to data portability
- In the event that we process your personal data based on your consent, or on the grounds that it is necessary to implement the contract entered into between us, you have the right to obtain from us personal data that relates to you and that you have provided us, in a structured, commonly used and machine-readable format if personal data is processed by us in this manner. You have the right to transmit this data to another data controller, or to request that we provide this data to another data controller directly if it is technically feasible.
- To obtain your personal data, contact us at the email address provided in the heading.
Right to obtain information on your personal data breach
- If it is likely that, as a consequence of a breach of our security, the risk to your rights and freedoms is high, we will notify you of such a breach without undue delay. If appropriate technical or organisational measures ensuring the incomprehensibility to the unauthorised person were implemented in processing your personal data, or if we ensure, using additional measures, that the high risk does not manifest, we do not have to notify you of the breach.
Right to lodge a complaint with the supervisory authority
- If you believe that the processing of your personal data causes a breach of obligations set out in the GDPR, you have the right to lodge a complaint with the supervisory authority. The supervisory authority in the Czech Republic is The Office for Personal Data Protection.