GDPR

GDPR

Privacy Policy

 

I.

Basic Provisions

1. The data controller, pursuant to Article 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR"), is the Defence and Security Industry Association of the Czech Republic (AOBP), ID: 67362176, with its registered office at Washingtonova 1567/25, Prague 1, 110 00 (hereinafter: "the controller").

2. The contact details of the controller are:

Washingtonova 1567/25,

Prague 1, 110 00

info@aobp.cz

224 235 320

 

1. Personal data refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

2. The controller has appointed a Data Protection Officer. The contact details of the officer are:

Anna Fejková

Head of the AOBP Office

info@aobp.cz

224 235 320

 

II.

Sources and Categories of Processed Personal Data

1. The controller processes personal data that you have provided and/or personal data obtained based on your interaction with the controller.

2. The controller processes your identification and contact data, as well as data necessary for the performance of a contract.

 

III.

Legal Grounds and Purposes for Processing

  1. 1. The legal grounds for processing personal data are:
    1. Performance of a contract between you and the controller under Art. 6(1)(b) GDPR.
    2. The legitimate interest of the controller in providing direct marketing (specifically for sending commercial communications and newsletters) under Art. 6(1)(f) GDPR.
    3. Your consent to processing for direct marketing purposes (specifically for sending commercial communications and newsletters) under Art. 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, in cases where no order for goods or services has been placed.
  2. 2. The purpose of processing personal data is:
    1. Handling your request and exercising rights and obligations arising from the contractual relationship between you and the controller.During interactions, personal data necessary for the successful resolution of the matter (name, address, contact) may be required; providing personal data is a necessary requirement for concluding and performing a contract. Without this data, it is not possible to conclude or fulfill the contract.
    2. Sending commercial communications and conducting other marketing activities.
  3. 3. The controller does not engage in automated individual decision-making within the meaning of Art. 22 GDPR. You have provided your explicit consent for such processing.

 

IV.

Data Retention Period

  1. 1. The controller stores personal data:
    1. For the period necessary to exercise the rights and obligations arising from the contractual relationship and to assert claims from these relationships (for a period of 15 years after the termination of the contractual relationship).
    2. Until consent for processing for marketing purposes is withdrawn, for a maximum of 10 years, if the data is processed based on consent.
  2. 2. After the retention period expires, the controller shall delete the personal data.

 

V.

Recipients of Personal Data (Subcontractors)

  1. 1. Recipients of personal data are persons:
    1. Involved in the delivery of goods/services or the execution of payments based on a contract.
    2. Involved in ensuring the operation of services.
    3. Providing marketing services.
  2. 2. The controller does not intend to transfer personal data to a third country (outside the EU) or an international organization. Recipients of personal data in third countries are providers of mailing services/cloud services.

VI.

Your Rights

  1. 1. Under the conditions set out in the GDPR, you have:
    1. The right of access to your personal data under Art. 15 GDPR.
    2. The right to rectification under Art. 16 GDPR, or restriction of processing under Art. 18 GDPR.
    3. The right to erasure under Art. 17 GDPR.
    4. The right to object to processing under Art. 21 GDPR.
    5. The right to data portability under Art. 20 GDPR.
    6. The right to withdraw consent to processing in writing or electronically via the address or email of the controller specified in Article III.
  2. 2. Furthermore, you have the right to lodge a complaint with the Office for Personal Data Protection if you believe your right to data protection has been violated.

 

VII.

Security Conditions for Personal Data

  1. 1. The controller declares that they have adopted all appropriate technical and organizational measures to secure personal data.
  2. 2. The controller has adopted technical measures to secure data storage and physical archives, including secure access passwords, secure servers, and antivirus software on all management-access devices.
  3. 3. The controller declares that only authorized persons have access to personal data.

 

VIII.

Final Provisions

  1. 1. By contacting the controller and maintaining electronic contact in any form, you confirm that you are familiar with the privacy policy conditions and accept them in their entirety.
  2. 2. You agree to these conditions by checking the consent box via the internet form. By checking this, you confirm you are familiar with the conditions and accept them in full.
  3. 3. The controller is entitled to change these conditions. A new version of the privacy policy will be published on their website or sent to the email address you provided.
  4. 4. These conditions take effect on October 14, 2025.