Terms of personal data protection


Madhot Agency (hereinafter also "administrator" or "operator")

V souvislosti s činností, kterou provádí (tj. Provozuje web madhotagency.com (dále jen „web“) a poskytuje služby uvedené a uvedené na tomto webu), shromažďuje osobní údaje o fyzických osobách. Těmito fyzickými osobami mohou být jak nezávislí zákazníci provozovatele – uživatelé webových stránek, tak fyzické osoby, prostřednictvím kterých provozovatel nabízí své služby – dodavatelé (dále také „subjekty údajů“).

These personal data protection conditions ensure that the controller processes personal data in accordance with generally binding legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) (hereinafter also “GDPR” or “General Regulation”) ”) and other relevant national legislation of the Czech Republic in order to properly protect the rights of Entities and that Entities are properly informed of their rights.

The use and visits to the website are intended for persons over 18 years of age. The operator never knowingly processes data from website users under the age of 18. If the Operator learns of this fact, it will take all possible measures to prevent these users from using the website and accessing the website.

Information about the administrator, his contact information and the conditions used

Contact details for personal data controllers and persons responsible for their processing:

Tomáš Král

Contact e-mail: tomas.kral@madhotagency.com

Dotazy týkající se zpracování osobních údajů lze zaslat správci na adresu tomas.kral@madhotagency.com

Personal data are defined by the General Regulation as all information about an identified or identifiable natural person ("data subject"). An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or the social identity of such a natural person.

Zvláštní kategorií osobních údajů (citlivé osobní údaje) se rozumí osobní údaje, které odhalují rasový nebo etnický původ, politické názory, náboženství nebo filozofické přesvědčení nebo členství v odborech a zpracování genetických údajů, biometrických údajů za účelem jednoznačné identifikace fyzické osoby a údaje o zdraví nebo sexuálním životě nebo sexuální orientaci fyzické osoby.

Processing means any operation or set of operations with personal data or sets of personal data carried out with or without automatic procedures, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, checking, using, accessing by transmission, distribution or any other publication, sorting or combination, restriction, deletion or destruction.

By a general regulation, the Administrator is defined as a natural or legal person, public authority, agency or other entity that alone or together with others determines the purposes and means of personal data processing. For the purposes of these principles, the administrator is the Operator.

According to the General Regulation, a processor means a natural or legal person, public authority, agency or other entity that processes personal data for the controller.

The data subject's consent means any free, specific, informed and unambiguous expression of intent by which the data subject consents to the processing of personal data by means of a statement or other obvious confirmation.

Explicit consent of the data subject means a stricter form of consent of the data subject for the processing of personal data of a special category in situations where a high level of control over personal data is required, eg in the case of personal data processing concerning the data subject's health, genetic data, etc.

Purpose of processing, sphere of processed personal data, legal name of processing, time of processing
Before starting any processing of personal data, the Operator determines the purpose for which it processes personal data

The data subject learns for what purpose the data subject's personal data are processed from information that will be provided individually by the controller (usually via the controller's website or the data subject's individual e-mail during registration or during user registration on the website). At all times, the processing of personal data will take place exclusively to the extent and in order to achieve a predetermined purpose.

Once the purpose of the processing has been fulfilled, in accordance with the principle of data minimization and storage restrictions, the Operator will delete personal data, unless it is necessary to store them for another purpose.

The area (scope) of personal data of Data Subjects processed by the Administrator differs according to the category of Data Subjects and according to the legal title on which personal data is processed.

In most cases, this is the following personal information: name and surname, first name, photograph, marital status, telephone number and e-mail.

If personal data of a special category are processed, it will usually be information on the health of the data subject (suppliers) or genetic data.

The controller usually processes the personal data of data subjects on the basis of one or more of the following legal titles:

performance of the agreement
fulfillment of legal obligations of the Administrator
legitimate interest of the administrator
the data subject 's consent to the processing of personal data, or
the explicit consent of data subjects to the processing of personal data of a special category;

Personal data are processed to the extent necessary to fulfill the intended purpose in a particular case and for the time necessary to achieve them, for the period of consent or for a period directly stipulated by law. Personal data is then deleted or anonymized.

The Administrator does not transfer any personal data to third countries, ie to countries outside the European Union and the European Economic Area, with the exception of the United States of America, where the Administrator transfers to its customers the personal data of its suppliers listed in these terms.

Method of processing, method of securing personal data
The administrator processes personal data in an automated manner and manually. The administrator keeps records of all activities, both manual and automated, during which personal data is processed.

The controller duly documents activities related to personal data and their protection, ie keeps records of processing activities and other documents on the processing of personal data in order to comply with the principles of liability under the GDPR.

The Operator takes technical and organizational measures for the protection of personal data described in the Operator's internal regulations and always sufficiently protects and protects personal data from access by unauthorized persons to the data.

If you visit the Operator's website, as its user you are informed that the Operator uses technology to collect and store information using cookies on your device. Cookies are small text files that the Operator does not send anywhere, and you delete them or deactivate them completely in your browser. Cookies do not collect any personal data, but without these files the Operator cannot ensure the full functionality of the website.

Users of the Operator's website implicitly consent to the use of cookies by accepting the text "By continuing to browse this website, you agree to the use / storage of cookies in accordance with the cookie statement".

If the user agrees to the storage of cookies on his terminal device during a visit to the website, the Operator processes records of user behavior from cookies placed on the website in order to improve the functioning of this website. The legal basis for this processing is the user's consent.

Information on the rights of data subjects:
Any identifiable natural person as a personal data subject who proves his identity has the following rights:

Right of access to personal data

This includes the right to obtain from the administrator:

Confirmation of whether the Administrator processes personal data,
information on the purposes of the processing, the categories of relevant personal data, the recipients to whom the personal data have been or will be made available, the planned processing time, the existence of a right to request or object to the controller's correction or deletion of personal data concerning the data subject or restrictions on its processing, the right to lodge a complaint with the Authority, against any available information on the source of personal data, if not obtained from the data subject, the fact that there is an automated decision on appropriate safeguards for the transfer of data outside the EU, including profiling,
a copy of the personal data, provided that the rights and freedoms of others are not adversely affected.
The above information and communications required by the Data Subject shall be provided by the Administrator free of charge. In the case of repeated requests, the administrator is entitled to charge a reasonable fee for a copy of personal data. The right to confirm the processing of personal data and information can be exercised by e-mail to the above e-mail address of the Administrator.

Right to correct inaccurate data

The data subject has the right to correct inaccurate personal data processed by the controller about the data subject.

Right of deletion

The data subject has the right to delete personal data concerning him, unless the Administrator proves legitimate reasons for the processing of such personal data. The right to delete personal data may be exercised by the Data Subject by e-mail to the above-mentioned e-mail address of the Administrator or the person responsible for the processing of personal data. The controller shall delete immediately, no later than 30 days from the receipt of the request from the data subject.

Right to restrict processing

Until the initiative is resolved, the Data Subject has the right to restrict processing if the Data Subject denies the accuracy of personal data, the reasons for its processing, or if the Data Subject objects to processing by e-mail to the above e-mail address of the controller or the person responsible for processing. personal data.

The right to be notified of a correction, deletion or restriction of processing

The data subject has the right to be notified by the Administrator in the event of correction, deletion or restriction of the processing of personal data.

The right to the portability of personal data

The data subject shall have the right to the portability of data relating to the data subject which the data subject has provided to the controller in a structured, commonly used and machine-readable format, and the right to request the controller to pass on this information to another controller. Where this right could adversely affect the rights and freedoms of third parties, the data subject's request may not be complied with.

The right to object to the processing

The personal data subject has the right to object at any time to the processing of personal data concerning him / her, which the Administrator processes due to a legitimate interest, for reasons related to his / her specific situation. In such a case, the Controller will no longer process personal data unless he demonstrates serious legitimate interests for the processing which outweigh the interests or rights and freedoms of the Data Subject, or for the determination, exercise or defense of legal claims.

The right to revoke consent to the processing of personal data

If the Operator processes the personal data of the Data Subject on the basis of the consent of the Data Subject, the relevant consent to the processing of personal data may be revoked at any time. The appeal must be made by an express, comprehensible and specific expression of will, either by e-mail to the administrator's e-mail address.

Revoke of consent does not affect the legal actions of the Administrator taken in the period before the withdrawal of consent.

Automated individual decision-making, including profiling

The data subject has the right not to be the subject of any decision based solely on automated processing, including profiling, which would have legal effects for the data subject or would have a similar and significant impact on the data subject. The controller declares that it does not perform automated decision-making without the influence of human judgment with legal effects for data subjects.

The right to contact the Office for Personal Data Protection

The data subject has the right to contact the Office for Personal Data Protection (https://www.uoou.cz/).

Protection of personal data
If any serious breach of the security of personal data is found, the Administrator is obliged to notify the Office for Personal Data Protection of this fact without delay and no later than 72 hours from the discovery of this fact and to ensure that the situation is adequately remedied.

In the performance of his legal obligations, the controller may transmit personal data to administrative authorities and bodies designated by the relevant legal regulations. The Data Subject acknowledges that the Controller may be required to provide personal data by law or to fulfill its legal obligations (eg in judicial or administrative proceedings).

Other processors

In fulfilling its legal obligations and liabilities to data subjects, the controller partially uses the professional and specialized services of other entities. The controller is therefore entitled to designate a third party as a processor of personal data and the controller shall use only those processors who provide reasonable assurance that appropriate technical and organizational measures are in place to ensure that the processing in question protects the rights of data subjects. If these suppliers process personal data provided by the controller, they process personal data only according to the controller's instructions and cannot otherwise use this data. The controller shall conclude a contract with each such entity on the processing of personal data in accordance with Article 28 of the General Regulation.

Other recipients of personal data of entities are the following contracting authorities: accountants, IT network administrators, administrative service providers.


The controller and other recipients of personal data who process the personal data of data subjects are obliged to maintain the confidentiality of personal data and security measures, the disclosure of which could jeopardize the security of personal data. This confidentiality persists even after the termination of the contractual relationship with the data subject. Personal data will not be disclosed to any third party without the consent of the data subjects.

These conditions of personal data protection come into force and effect on the day of their publication and publication on the website.

These conditions of personal data protection can and will be continuously updated by the Operator. Their updated version always takes effect on the day of its publication on the website in the section "Privacy Policy".

Prague 16.12.2020

Madhot Agency