Go to

General Data Protection Regulation (GDPR)

In accordance with General Data Protection Regulation of the European Parliament and of the European (EU) 2016/679 on the protection of individuals in connection with the processing of personal data and the free movement of data, and cancelation of the Data Protection Directive 95/46/ES (hereinafter referred to as the Regulation”).

  1. Credentials and contact information of the Data Controller (hereinafter referred to as the Controller”):
    Full name: Výtvarná škola Draw Planet, s.r.o.
    Identification number: 05652952
    Legal address: Heřmanova 597/61, Holešovice, Praha 7, PSČ 17000
    Registered in the Commercial Register at the City Court in Prague, section C, doc. 267767
    Contact details of the controller:
    Phone: +420 771 179 959
    E-mail: [email protected]
    Postal address: Sokolovská 131/86, Praha 8, Karlín, Czech Republic
  2. The Controller has identified an authorized person for the protection of personal data.
  3. The Controller may process personal data necessary for the proper performance of its activities.
  4. Personal data refers the information that can be used to directly or indirectly identify an individual (first and last name, date of birth, personal number, residential address, ID card data, contact address, phone number, e-mail, IP address, bank account number, and other information, including their subsequent updates). The Controller does not intend to process sensitive data (if the situation does not require it).
  5. The purpose of processing comes from a specific case of data processing. The data is processed to create service offering, provide information about services, and prepare a contract. The Controller has the right to use the personal data provided for commercial and marketing purposes.
  6. The legal basis for data processing: 1. Situations listed in Article 6, Paragraph 1, Sections A, B, C of the resolution (if not defined otherwise).
  7. Recipients and processors of personal data may be third-party accounting and legal service providers, as well as providers of servers, network infrastructure, cloud services, and IT services. Last but not least, our employees and partners of the Controller will process the mentioned data.
  8. Personal data will not be provided to third parties from countries outside the EU, nor to international organizations, unless it is necessary in a particular case (in accordance with legal norms or a decision of law enforcing agencies and governmental bodies).
  9. Personal data, in accordance with the current legislation, may be stored during the period of the provision of services by the Controller or the execution of the contract, and/or during the period necessary for the fulfillment of archiving obligations in accordance with the applicable laws. With regard to contractual documentation, the maximum period shall be considered 10 years from their completion. We reserve the right to make an exception for the storage of personal data for commercial and marketing purposes when they can be stored until the consent to the processing of personal data is revoked.
  10. We do not use automatic decision-making, including profile separation on the basis of the processed personal data.
  11. Personal data is accepted exclusively from data subjects.
  12. In connection with the processing of personal data, data subjects have the following rights: The data subject has the right to be informed about the processing of their personal data when collecting personal data (most often, during the first contact with the Controller). In other words, they have the right to receive certain information about the processing of their personal data in such a way that the principle of transparency of data processing is fulfilled. We are talking about information, about the purpose of processing, the identity of the Controller, their legitimate interests, and the recipients of personal data. In this case, we are talking about a passive right, because the Controller must be active in relation to the data subject in order to provide the required information set out in the general regulations to the data subject or provide access to it. Other rights include:
  13. Access to personal data: This means the right of the data subject, on the basis of their active application, to receive information from the Controller whether or not their personal data is being processed. If the data is processed, the data subject has the right to access their personal data and also has the right to receive the following information:
    – the purpose of processing,
    – the category of personal data affected,
    – recipients or categories of recipients to whom access to personal data has been or will be provided,
    – the planned storage period of personal data,
    – the right to request the Controller to change or delete personal data,
    – the right to file a claim,
    – the right to file a complaint to the supervisory authority,
    – all available information about the source of personal data, if the data was not received from the data subject.
  14. Modification and addition of personal data when the Controller, without undue delay, changes, or supplements inaccurate or missing personal data.
  15. Deletion of personal data in accordance with Article 17 of the resolution, primarily when the data is no longer necessary to fulfill the purpose of processing or consent has been revoked.
  16. Restriction on the processing of personal data in accordance with Article 18 of the resolution. The data subject has the right to ask the Controller to restrict the processing of personal data in accordance with Article 18, Paragraph 1, Sections A, B, C, D of the resolution.
  17. Transfer of personal data, in accordance with Article 20 of the resolution: The data subject has the right to receive personal data that concerns them in a structured, commonly used, and machine-readable format and the right to transfer this data to another controller. The current Controller has no right to prevent this process from being executed.
  18. To revoke the consent granted to the processing of personal data if the legal basis for the processing of data was the reason arising from Article 6, Paragraph 1, Section A of the resolution. The cancellation of consent does not affect the legality of data processing based on the consent that was provided before its cancellation.
  19. The exercise of the above rights may be requested from the Controller in writing by registered mail or by e-mail sent to the above address.
  20. In addition to this resolution, one can file a complaint about the processing of personal data to the Department of Personal Data Protection. Detailed information and contact details can be found at https://www.uoou.cz/.
  21. The subject also has the right to make a claim related to the processing of personal data in accordance with Article 21 of the resolution.
  22. The lack of contractual agreements may result in refusal to provide personal data. If the Controller uses personal data for another purpose not specified in this document, they will provide information about another purpose and other information established by legal norms.

If you have any questions about the protection of personal data, please contact us:

Email: [email protected]

Phone: +420 771 179 959

1-2017-Olejomalba-Pokracovani-1-44