General Data Protection Regulation
Divadlo Na zábradlí, a public benefit organization residing at Anenské náměstí 5/209, 115 33, Prague 1, IČO: 064 394 (hereinafter referred to as “DNz”) acting in accordance with its duties as controller of personal data pursuant the Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) and pursuant the terms of the Personal Data Protection Act will process personal data of persons who willingly provide them to DNz or its joint controllers (in accordance with Art. 26 GDPR) in electronic ticket sales, discount vouchers partners, e-mail correspondence providers (Ecomail) and analytical tools providers (Google Analytics) in the following manner:
- following a subscription of the DNz Newsletter on the DNz website, DNz will process the e-mail address of the subscriber. This personal data shall be used until the cancellation of the Newsletter subscription by the subscriber.
- following an online registration completed in order to purchase a ticket on the DNz website or the GoOut seller website, providing the information included in the personal profile established i.e.
- following a consent to the processing of personal data to those, who are willingly invited to the Theatre’s opening nights, press conferences or other events organized by DNz. The personal data processed consist of name and surname, or possibly even phone number or e-mail address. The maximum length of data processing is three years since the date of application of the GDPR Directive. Processing of personal data might also be terminated if DNz decides to exempt an individual from the guest lists to opening nights, press conferences etc.
Ticket holders consent to have personal data processed after purchasing a ticket online to ensure a successful processing of their order, receiving a potential message regarding the cancellation of a performance, and overall fulfilment of the contract. Such processing of personal data follows Article 6, b) of GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract: in this case, the contract entailing the purchase of a ticket to a performance or and event organized by DNz.
DNz and GoOut s.r.o. share a GoOut s.r.o. database containing personal data of ticket holders who purchased their ticket online via the GoOut website, in order to coordinate electronic ticket sales and box office sales, as well as to catalogue ticket purchase contracts and to protect the rights and obligations of the contracting parties. Storing and processing of personal data for this purpose is set to 10 years since the contract comes into effect, unless another legal regulation requires the retention of contractual documentation for a longer period. Such processing of personal data follows Article 6 c) and f) of GDPR – processing is necessary for compliance with a legal obligation to which the controller is subject.
All subscribers of the DNz newsletter receive an electronic newsletter to their e-mail containing news and updates from the Theatre, according to § 7 par. 3 of Act No 480/2004 Coll on Information Society Services, unless they cancel their subscription. Such processing of personal data follows Article 6 c) and f) of GDPR – processing is necessary for compliance with a legal obligation to which the controller is subject.
To ensure security of property, DNz also processes personal data by operating a surveillance camera system in some publicly accessible areas of the Theater. CCTV automatically records the monitored public space and records audience members and other personnel entering the monitored area. CCTV recordings are automatically deleted 3 days after their acquisition and may be used only in case of (and only throughout) an investigation of an event that caused damage to the administrator, e.g. in clarifying criminal activity such as burglary, theft, damage to the interior of the Theater, and other criminal activity, and in case of an investigation of insurance claims. Only personnel authorized by the administrator have access to the recordings, which are safely stored at a secured location. The processing of personal data is performed by DNz as the administrator of personal data. Dnz also works with other processors of data, such as:
- Ecomail. An online newsletter webtool, which stores e-mail addresses of DNz newsletter subscribers. Such e-mail addresses are used solely for newsletter distribution purposes, they are not subject to profiling or processing, and are not passed on to a third party. The only information analysed by an appointed analytic or DNz website administrator is the date of registration, number of received newsletters, number of opened newsletters, number of clicking a link from the newsletter, and delivery failures. Ecomail guarantees as a processor of DNz provided personal data to follow the same GDPR guidelines and to process the DNz provided data only for the purposes aligning with the service they were contracted for and only within the bounds of their contract. More information on Ecomail’s protection of personal data policy can be found on Ecomail website.
- Google Analytics. Another processor of data for DNz uses only anonymous personal data and in a limited number solely for the purposes of counting the number of visits on the DNz website without other analytical tools (e. g. user tracking, or profiling etc). It is for this reason that the DNz website does not feature a cookie blocking tool, as Google Analytics does not process any personal data from the DNz website visitors. Should the extent of the Google Analytics service change in the future, DNz will act accordingly to the law.
As a data administrator, DNz employs a Data Protection Officer is Vladimír Kroupa. You can reach him at his e-mail address firstname.lastname@example.org or call +420 606 958 889. Subjects to personal data processing by DNz have the following rights:
- to cancel newsletter subscription at any moment or ask to have their name removed from the list of invitees to opening nights or press conferences and other DNz events
- to object to the legitimacy of data processing by the administrator
- to know which of their personal data is being processed
- to gain access to their personal data, and to have them either updated or restricted
- to have their personal data erased from the administrator’s database; the administrator will erase the data unless it is against the law, or against the administrator’s legitimate rights
- to gain access to a copy of the personal data processed
- to an effective judicial remedy if they consider their rights under the GDPR Regulation have been infringed as a result of the processing of their personal data in non-compliance with the GDPR Regulation
- to file a complaint with the Data Protection Office