Logo
0

PRIVACY

STATEMENT OF THE OPERATOR ON THE PROCESSING OF PERSONAL DATA

In this section, we provide information on the processing and protection of personal data in

accordance with Regulation of the European Parliament and the Council of the EU No. 2016/679 on

the protection of natural persons in the processing of personal data and on the free movement of

such data, which repeals Directive 95/46/EC (general regulation on data protection) and Act of the

Slovak Republic no. 18/2018 Coll. on Personal Data Protection and Amendments to Certain Acts

(hereinafter referred to as the "Personal Data Protection Act").

Operator Arila s.r.o. with its registered office at Vodárenská 11, ID: 55653154 (hereinafter referred to

as the "operator"), has taken appropriate technical and organizational measures to ensure the

protection of the rights of the affected persons, which declare the legal processing of personal data.

The operator has also implemented a transparent system for recording security incidents and any

questions from the affected person as well as other persons.

If necessary, the affected person can also obtain individual information by phone at: +421950643063

or by e-mail: info@zosportu.sk

1. Operator

Arila s.r.o. Vodárenská 11, 911 01 Trenčín ID number: 55653154 We process your data for our own

purposes as the Operator. This means that we determine the purpose for which we collect your

personal data, determine the means of processing and are responsible for their proper execution.

2. Intermediaries

The Operator may, in certain cases, process the personal data of the affected persons through

intermediaries who are authorized to process personal data in accordance with Article 28 of the

GDPR Regulation. Intermediaries process the personal data of the affected persons on behalf of the

Operator. The processing of personal data through an intermediary does not have a negative impact

on the exercise and application of the rights of the person concerned. The operator uses only

intermediaries providing adequate technical, organizational and other measures so that the

processing meets the requirements of the GDPR and that the rights of the data subject are fully

protected. and tax obligations of the Operator•intermediaries providing services connected with

organizing and promoting events, technical and software support, and administration of marketing

activities of the Operator. Categories of recipients of personal data: persons acting on the authority

of the operator, legal representative, auditor, state administration and public authorities for the

exercise of control and supervision.

3. The purpose of personal data processing

Arila s.r.o. as an operator: As an operator, we exclusively process personal data on the basis of a

legitimate legal basis and for a specific purpose: • When responding to an inquiry, initiative or

question submitted physically, by telephone or in the form of electronic/paper mail: For the purpose

of a feedback aimed at satisfying the person concerned, we apply legal basis of processing according

to Art. 6 par. 1 letter f) GDPR regulations - legitimate interest of the operator. As a data subject, you

have the right to object to such processing at any time.• When expressing interest in our services or products, when establishing cooperation: The legal

basis for data processing is Art. 6 par. 1 letter b) GDPR regulations - data processing is necessary for

the implementation of the necessary measures before the conclusion of the contract, i.e. during the

process of the pre-contractual relationship.

• After the establishment of a contractual relationship between the operator and the data subject,

with the necessary cooperative communication: Data processing is necessary for the fulfillment of

the contractual relationship according to Art. 6 par. 1 letter b) GDPR regulations.

• Taking and publishing a photo with the likeness of the person concerned for the purpose of

promoting the services of the operator: Based on your consent to the processing of personal data in

accordance with Art. 6 par. 1 letter a) GDPR regulations, we can process your likeness and publish it

for the purposes of promoting our services.

Automated face-matching photo search

In order to improve user comfort and photo search efficiency, we have implemented a function that

allows the website visitor to upload a one-time photo of a face (e.g. from the camera of a computer,

laptop or mobile device). This photo is processed exclusively for the technical comparison of image

features with photos stored in the database in order to show the visitor photos in which he is likely

to be found. This process works on the principle of face-matching / face-similarity algorithm, i.e. j.

comparison of image patterns, not biometric identification of a person. The mechanism uses a

computer vision model, which from the uploaded photo:

- creates a vector description (so-called embedding) of the face - i.e. a digital fingerprint of the

distribution of basic features,

- compares this vector with vectors of faces from photographs in the database,

- and calculates the probability of a match, based on which it finds the photographs with the greatest

probability. The photograph taken is not stored or further processed - the system immediately and

automatically deletes it after the search has been performed. The algorithm compares only the basic

visual features of the face, without processing biometric data or identifying a specific physical

person. This process therefore does not constitute biometric processing of personal data according

to Art. 9 of the GDPR Regulation, since its purpose is not to identify a person, but exclusively to

improve user functionality and personalized search for photos of event participants.

- Legal basis for processing: Art. 6 par. 1 letter a) GDPR regulations - processing takes place on the

basis of your consent, which you give for the production of the photograph itself and the use of the

automated photo search function based on facial matching.

- Scope of personal data: a one-time photo of the face uploaded by the user (without processing

biometric data).

-Purpose of processing: technical comparison of image characters with photographs stored in the

database using a face-matching / face-similarity algorithm (computer vision model), for the purpose

of displaying photographs in which the person concerned is likely to be found.-Processing time: during the search itself – after the purpose has been fulfilled, the photograph is

automatically deleted by the system and is not further processed or archived. revoke. Note: In

practice, by the time you request deletion, the photo will no longer exist, as it will be automatically

deleted after the search.

You can withdraw your consent at any time. Arila s.r.o. as an intermediary: The purpose of

processing personal data when we act as an intermediary: In cases where Arila s.r.o. acts as an

intermediary according to Art. 28 par. 3 GDPR regulations, we process personal data according to the

instructions of another operator who is our client. In such cases, the purpose of personal data

processing is determined by the operator, not by us.

Processing of personal data takes place through the web platform www.zosportu.sk, which serves to

mediate participants' access to photos from events according to the operator's instructions. The web

platform fulfills exclusively the technical and administrative function of processing, while all purposes

and instructions are determined by the operator (event organizer). At the same time, the processing

of personal data in the role of an intermediary also includes activities related to the production of

photographic or video recordings of the event using its own equipment (camera). These records are

subsequently processed, sorted and uploaded to the online gallery on the web platform

www.zosportu.sk according to the instructions of the operator.

•Data processing based on instructions from the operator: When Arila s.r.o. acts as an intermediary,

processes personal data exclusively on the basis of the instructions of the operator who entrusted us

with the processing of this data. This may, for example, involve the processing of personal data of

event participants, their registration and other data necessary for the organization and promotion of

the event.

• For the purpose of providing services to the operator: Arila s.r.o. may process personal data for

the purpose of providing various services, such as the administration of event participants, sending

invitations or photos, event recording of photographic or video recordings, while all these activities

are performed according to the operator's instructions.

A closer description of our activities as an intermediary For a more detailed overview, we present the

main activities that we perform as an intermediary of the operator (event organizer):

-Capture and processing of photos from the course of sports events (e.g. running, cycling, triathlon,

winter or urban sports events). address).

-Ensuring access of participants to their own photos through a link delivered by e-mail or after

logging in on the intermediary's website (e-mail and password). (Note: Photos are not publicly

published - only event participants have access to them.)

- Provision of photos to participants - either free of charge or for a fee, depending on the agreement

with the event organizer.

- Delivery of high-quality photos suitable for printing or sharing on social networks.

- Cooperation with event organizers in order to increase the value and attractiveness of the event

through the provided photo service.- Temporary storage of photo galleries in the online environment for a maximum of 30 days from the

event, then their archiving or deletion in accordance with the agreement with the operator.

In the event that Arila s.r.o. acts as an intermediary, the legal basis for the processing of personal

data for the intermediary derives from the contract between the operator and the intermediary,

which must be in accordance with Art. 28 of the GDPR Regulations. This article regulates the

conditions for the processing of personal data by an intermediary based on a written contract

between the operator and the intermediary, in which the operator provides instructions that the

intermediary must follow when processing personal data. The intermediary does not process

personal data on the basis of its legitimate interest, but on the basis of the instructions of the

operator and to the extent necessary to fulfill the tasks set out in the contract between them.

In this case, the operator determines the purpose and method of processing personal data and the

intermediary is obliged to carry out data processing according to these instructions, while ensures

the protection of personal data according to GDPR requirements.

4. Scope of personal data and categories of affected persons

Arila s.r.o. as an operator: As an operator, we process personal data only to the extent necessary to

achieve the purpose of processing. The categories of personal data that we process mainly include:

• Contact data (name, surname, e-mail address, telephone number)

• Data on participation in events (participant number, registration data, confirmation of

participation)

• Photos, video and audio recordings (capturing the likeness of the participant, which can be used to

promote the event)

• Financial data (in the case of payments for services or products we provide )

The categories of data subjects whose data we process include:

•Event participants

•Interests in our services or products

•Employees, team members or persons who communicate with us within the framework of

cooperation or a contractual relationship.

This range of data is processed only for the purposes stated above and in accordance with the

principles of data minimization, which are in accordance with the GDPR.

Arila s.r.o. as an intermediary: As an intermediary, we process personal data on the basis of the

operator's instructions and to the extent specified in the contract between the operator and the

intermediary. The scope of processed personal data may include:

• Contact data (name, surname, e-mail address, telephone number of the event participant)

• Data on participation in the event (participant number, registration data)• Photographs and visual records (containing likenesses of event participants)

• Communication data (emails, telephone records, event-related messages) Categories of data

subjects whose data we process as intermediary, depend on the instructions of the operator and may

include:

• Event participants (whether they are employees, customers or other persons)

• Those interested in the services of the operator (in the event that the operator collects data as

part of its marketing activities)

• Persons participating in activity within the contractual relationship with the operator (if relevant)

As an intermediary, we are obliged to process only personal data provided to us by the operator on

based on the contract and instructions, while we ensure the protection of this data in accordance

with the requirements of the GDPR.

5. The period of processing and storage of your personal data

Arila s.r.o. as an operator:

As an operator of personal data, we process your personal data only for the time necessary to fulfill

the purposes for which we obtained them and in accordance with applicable legal regulations. The

period of storage of personal data depends on the purpose of their processing:

• When responding to an inquiry, suggestion or question: Personal data will be stored only for the

time necessary to respond to your request, usually for a maximum period of 6 months from the

conclusion of the communication, if there is no other legal basis for their storage.

• When showing interest in our services or products: Personal data will be stored during the period

of the pre-contractual relationship, that is, until the contract is concluded or a decision is made about

it will not close. After this period, the data will be deleted or anonymized, unless there is a legal basis

for their further storage.

•After the contractual relationship is established: Personal data is stored for the duration of the

contractual relationship and subsequently for the time necessary to fulfill our legal obligations, such

as archiving documentation according to tax and business regulations (maximum 10 years).

•Publication of a photo with a likeness: Your likeness will processed only during the time necessary

to achieve the purpose of promoting our services. If you have given us your consent to process your

personal data, you can revoke this consent at any time. After withdrawal of consent, the data will not

be further processed, but may remain in historical records.

Arila s.r.o. as an intermediary:

When Arila s.r.o. acts as an intermediary according to Art. 28 par. 3 of the GDPR Regulations, the

period of personal data processing is determined by the operator who provided us with instructions.

As an intermediary, we are obliged to store personal data only for the time necessary to fulfill the

purposes set out in the contract between the operator and the intermediary. After this period, these

data are deleted or returned to the operator, unless we agree otherwise.Photo galleries are available online no later than 30 days after the event; after this period, the

photos are archived or deleted in accordance with the operator's instructions.

Pursuant to Art. 28 par. 3 of the GDPR regulations, as an intermediary, we are obliged to:

• Ensure the protection of personal data during the entire period of their processing and deletion

or return of data after the end of the provision of services, according to the operator's instructions.

• Ensure that third parties to whom we can provide services will comply with the same terms of

personal protection data as set out in our contract with the operator.

• Comply with the instructions of the operator regarding the period of data retention, while we are

obliged to ask for instructions if it is necessary to retain data after the provision of services.

If the operator determines a different period of storage or processing of data, we will fully respect

these instructions, unless this conflicts with our legal obligations.

As an operator, and also the Intermediary we will ensure the deletion of personal data without

undue delay after:

all contractual relationships between you have been terminated and us as the operator; and/or- all

your obligations towards the operator have ceased; and/or- all

your complaints and requests have been processed; and/or- all

other rights and obligations between you and us as the operator have been settled; and/or- all

processing purposes established by legal regulations or processing purposes for which you have

given us your consent have been fulfilled, if the processing took place based on the consent of the

person concerned; and/or- the period for which the consent was granted has expired or the person

concerned has withdrawn his consent; and/or- the request of the affected person for erasure of

personal data was granted and one of the reasons justifying the granting of this request was fulfilled;

and/or- a decisive legal fact for the termination of the purpose of processing has occurred and at the

same time the protective retention period defined with regard to the principle of minimizing the

period of storage of personal data has elapsed; storage of the personal data of the person concerned

(especially for the purposes of archiving, performing tax audits, etc.), or which could not be fulfilled

without their storage. Any accidentally obtained personal data in no case do we systematically

process the data further for any purpose defined by us.

If possible, we inform the affected person to whom the accidentally obtained personal data belong

about their accidental acquisition and, depending on the nature of the case, provide him with the

necessary cooperation leading to the restoration of control over his personal data. Immediately after

these necessary actions aimed at resolving the situation, we will immediately dispose of all

accidentally obtained personal data in a secure manner.

If you are interested in further information about the specific period of storage of your personal

data, please contact us using the contact details provided.

6. Disclosure of dataArila s.r.o. as an operator: Our company does not publish the obtained personal data without the

prior consent of the person concerned.

Arila s.r.o. as an intermediary: As an intermediary, we process personal data exclusively according

to the instructions of the operator, who determines whether and to what extent the data will be

published. We perform all personal data processing activities on the basis of the contract and

instructions of the operator, while we guarantee that these data will not be made available to third

parties outside the framework determined by the instructions.

7. Cross-border transfer and profiling of personal data

Cross-border transfer of personal data is not currently carried out, and in the future we do not intend

to transfer personal data to third countries that do not comply with GDPR requirements, including

adequate data protection guarantees. Profiling of personal data is not carried out.

8. Rights and obligations of the affected person

• The affected person is obliged to provide only complete and true data.

• The affected person undertakes to update his data in the event of a change, at the latest before the

first order following the occurrence of the change.

• The affected person undertakes that if provides personal data of a third person (name, surname,

telephone number), does so only with their consent and the person concerned is familiar with the

procedures, rights and obligations, which are listed on this page.

•As a data subject, you have the right to decide on the handling of your personal data within the

specified scope. You can exercise the above rights in person at the Operator's headquarters or by

phone - in writing (by mail / e-mail).

We will try to answer you as soon as possible, but we will always answer you no later than 30 days

after the delivery of your request.

Applicable legal regulations and the GDPR Regulation, or In particular, the law provides you with:

Right of access - You have the right to request confirmation from us as to whether your personal

data is being processed and, if so, to obtain a copy of this data and additional information resulting

from Art. 15 Regulations, or § 21 of the Act. In the event that we obtain a large amount of data about

you, we may require you to specify your request for the range of specific data that we process about

you.

Right to rectification - In order for us to continuously process personal data about you, we only need

current, to inform us of their change as soon as possible. In the event that we process incorrect data

about you, you have the right to request their correction.

Right to erasure – If the conditions of Article 14 of the Regulation are met, or § 23 of the Act, you can

request deletion of your personal data. You can therefore request deletion, for example, if you have

revoked your consent to the processing of personal data and there is no other legal basis for

processing, or if we process your personal data illegally, or the purpose for which we processed your

personal data has ceased to exist and we do not process it for another compatible purpose.However, we will not delete your data if they are necessary for proving, exercising or defending legal

claims.

The right to limit processing – If the conditions of Article 18 of the Regulation are met, or § 24 of the

Act, you can request us to limit the processing of your personal data. You can therefore request a

restriction, for example, when you dispute the correctness of the processed data or in the event that

the processing is illegal and you do not want us to delete the data, but you need their processing to

be limited while you exercise your rights. We continue to process your data if there are reasons to

demonstrate, exercise or defend legal claims.

Right to portability - If the processing is based on your consent or is carried out for the purpose of

fulfilling a contract concluded with you and at the same time carried out by automated means, you

have the right to receive your personal data from us , which we received from you in a commonly

used machine-readable format. If you are interested in this and it is technically possible, we will

transfer your personal data directly to another operator. This right will not be applicable to

processing carried out for the purpose of performing a task carried out in the public interest or in the

exercise of public authority.

The right to object to processing – If we process your personal data for the purpose of performing a

task carried out in the public interest or in the exercise of public authority entrusted to us, or if

processing is carried out on the basis of our legitimate interests or the legitimate interests of a third

party, you have the right to object to such processing. Based on your objection, we will limit the

processing of personal data and unless we demonstrate serious legitimate reasons for processing

that outweigh your interests, rights and freedoms or reasons for proving, exercising or defending

legal claims, we will not continue to process personal data and we will delete your personal data. You

have the right to object at any time to the processing of personal data for direct marketing purposes,

including profiling to the extent that it is related to such direct marketing. After raising an objection,

we will no longer process your personal data for this purpose.

The right to file a complaint - If you believe that the processing of your personal data is contrary to

the Regulation, or By law, you have the right to file a complaint with one of the relevant supervisory

authorities, especially in the Member State of your habitual residence, place of work or in the place

of the alleged violation. For the territory of the Slovak Republic, the supervisory authority is the

Office for the Protection of Personal Data, with registered office: Hraničná 4826/12, 820 07

Bratislava, Slovak Republic, website: www.dataprotection.gov.sk, phone: 421 /2/ 3231 3220.

Right to revoke consent - If the processing of your personal data is based on consent, you have the

right to revoke this consent at any time. Withdrawal of consent does not affect processing already

carried out. If at any time later you decide that you are interested in receiving commercial and

marketing offers about our products and services from us again, you can re-grant your revoked

consent (or objection filed) at any time, by any of the above-mentioned forms of contact.

9. Contact details of the Office for the Protection of Personal Data

Office for the Protection of Personal Data of the Slovak Republic

Address: Hraničná 12820 07, Bratislava 27

Slovak Republic

IČO: 36 064 220

Registration office: Monday - Thursday: 8:00 - 15:00 Friday: 8:00 - 14:00

Telephone consultations in the field of personal data protection:

Tuesday and Thursday from 8:00 to 12:00 421 2 323 132 20

Secretariat of the President of the Office 421 2 323 132 11

Secretariat of the office 421 2 323 132 14

Fax: 421 2 323 132 34

Spokesman: mobile: 0910 985 794 e-mail: hovorca@pdp.gov.sk

E-mail:

a) in general: statny.dozor@pdp.gov.sk

b) for providing information according to the law no. 211/2000 Coll.: info@pdp.gov.sk

c) website: webmaster@pdp.gov.sk

d) for submitting requests for the provision of information pursuant to Act no. 211/2000 Coll. about

free access to information, use the online form.

e) email address through which the Office will provide you with advice in the field of personal data

protection. It is intended for children, youth, students, teachers, parents who suspect that their

personal data has been misused: ochrana@pdp.gov.sk

You can find a sample proposal for initiating proceedings on personal data protection on the website

of the Office (https:// dataprotection.gov.sk/uoou/sk/content/konanie-o-ochrane-osobnych-udajov).