I. Protection of Personal Data

1.1 By entering personal data, the user confirms that they understand the terms of personal data protection, that they agree with their wording, and that they accept them in full.

1.2 The provider is the controller of the personal data of users according to Article 4, Point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons concerning the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”). The provider undertakes to process personal data in accordance with legal regulations, especially GDPR.

1.3 Personal data includes all information about an identified or identifiable natural person; an identifiable natural person is a person who can be directly or indirectly identified, especially by reference to a particular identifier, such as a name, identification number, location data, network identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

1.4 When placing an order, personal data necessary for the successful completion of the order (name and address, contact information) are required. The purpose of processing personal data is to complete the user’s order and to exercise the rights and obligations arising from the contractual relationship between the provider and the user. The purpose of processing personal data is also the sending of commercial communications and performing other marketing activities. The legal basis for processing personal data is the performance of the contract under Article 6(1)(b) GDPR, compliance with the legal obligations of the controller under Article 6(1)(c) GDPR, and the legitimate interest of the provider under Article 6(1)(f) GDPR. The legitimate interest of the provider is the processing of personal data for direct marketing purposes.

1.5 To fulfill the license agreement, the provider uses the services of subcontractors, mainly providers of mailing services (personal data are stored in third countries) and web hosting providers. Subcontractors are verified for the secure processing of personal data. The provider and the web hosting subcontractor have entered into a data processing agreement, under which the subcontractor is responsible for properly securing the physical, hardware, and software perimeter, and therefore bears direct responsibility towards the user for any data breach or leak.

1.6 The provider stores the user’s personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the provider and the user and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship). After this period, the data will be deleted.

1.7 The user has the right to request access to their personal data from the provider under Article 15 GDPR, correction of personal data under Article 16 GDPR, or restriction of processing under Article 18 GDPR. The user has the right to delete personal data under Article 17(1)(a), and (c) to (f) GDPR. Furthermore, the user has the right to object to processing under Article 21 GDPR and the right to data portability under Article 20 GDPR.

1.8 The user has the right to file a complaint with the Office for Personal Data Protection if they believe that their right to personal data protection has been violated.

1.9 The user is not obliged to provide personal data. However, providing personal data is a necessary requirement for concluding and fulfilling the contract, and without providing personal data, it is not possible to conclude or fulfill the contract from the provider’s side.

1.10 The provider does not engage in automated individual decision-making within the meaning of Article 22 GDPR.

1.11 By filling out the contact form, the prospective user of the provider’s services:

• Agrees to the use of their personal data for the purpose of electronic sending of commercial communications, advertising materials, direct sales, market research, and direct offers of products by the provider and third parties, but not more than once a week, and at the same time
• Declares that the sending of information according to point 1.11.1 is not considered unsolicited advertising within the meaning of Act No. 40/1995 Coll., as amended, as the user expressly agrees to the sending of information according to point 1.11.1 in connection with § 7 of Act No. 480/2004 Coll.
• The user can withdraw the consent given under this paragraph at any time in writing to info@azeventproduction.com.

1.12 To improve service quality, personalize offers, collect anonymous data, and for analytical purposes, the provider uses cookies in its presentation. By using the website, the user agrees to the use of this technology.

II. Rights and Obligations between the Controller and Processor (Data Processing Agreement)

2.1 The provider, in relation to the personal data of the users’ clients, acts as a processor according to Article 28 GDPR. The user is the controller of these data.

2.2 These conditions govern the mutual rights and obligations concerning the processing of personal data, which the provider has access to within the performance of the license agreement concluded by agreeing to the general terms and conditions on www.azeventproduction.com (hereinafter referred to as the “license agreement”) entered into with the user on the date of creation of the user account.

2.3 The provider undertakes to process personal data for the user to the extent and for the purpose specified in Articles 2.4 – 2.7 of these terms. The processing means will be automated. The provider will collect personal data, store it on information carriers, retain, block, and destroy it as part of processing. The provider is not authorized to process personal data in contradiction to or beyond the scope defined by these conditions.

2.4 The provider undertakes to process personal data for the user in the following scope:

• Common personal data,
• Special categories of data according to Article 9 GDPR, which the user obtained in connection with their own business activities.

2.5 The provider undertakes to process personal data for the user for the purpose of handling inquiries and requests from clients obtained from the contact form.

2.6 Personal data may only be processed at the provider’s or its subcontractors’ workplaces according to Article 2.8 of these terms, and this within the territory of the European Union.

2.7 The provider undertakes to process the personal data of the user’s clients for the user for the period necessary to exercise the rights and obligations arising from the contractual relationship between the provider and the user and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).

2.8 The user grants permission to involve a subcontractor as an additional processor according to Article 28(2) GDPR, which is the application hosting provider. The user further grants the provider general permission to involve another processor of personal data in the processing; however, the provider must inform the user in writing of all intended changes concerning the acceptance of new processors or their replacement and provide the user with the opportunity to object to these changes. The provider must impose the same data protection obligations on its subcontractors as those set out in these conditions.

2.9 The provider undertakes to ensure that personal data processing will be secured, particularly as follows:

• Personal data are processed in accordance with legal regulations and based on the user’s instructions, i.e., for the performance of all activities necessary to provide the web platform.
• The provider undertakes to secure the protection of processed personal data technically and organizationally so that unauthorized or accidental access to data, their alteration, destruction, or loss, unauthorized transfers, unauthorized processing, or other misuse cannot occur, and to ensure that all obligations of the personal data processor arising from legal regulations are continuously fulfilled during the processing of data.
• The adopted technical and organizational measures correspond to the degree of risk. The provider ensures continuous confidentiality, integrity, availability, and resilience of processing systems and services, and timely restoration of the availability of personal data and access to them in the event of physical or technical incidents.
• The provider hereby declares that the protection of personal data is subject to the provider’s internal security regulations.
• Personal data will only be accessible to authorized persons of the provider and subcontractors according to Article 2.8 of these conditions, who will have conditions and the scope of data processing set by the provider, and each such person will access personal data under their unique identifier.
• Authorized persons of the provider processing personal data under these conditions are obliged to maintain confidentiality about personal data and security measures, the disclosure of which would endanger their security. The provider will ensure their demonstrable commitment to this obligation. The provider ensures that this obligation for the provider and authorized persons will continue even after the termination of their employment or other relationship with the provider.
• The provider will assist the user through appropriate technical and organizational measures, as far as possible, to fulfill the user’s obligation to respond to requests for exercising the rights of data subjects set out in GDPR; similarly, in ensuring compliance with the obligations according to Articles 32 to 36 GDPR, considering the nature of the processing and the information available to the provider.
• After the completion of the performance associated with the processing according to Article 2.7 of these conditions, the provider is obliged to delete all personal data or return them to the user unless it has a legal obligation to retain personal data based on special legislation.

The provider will provide the user with all necessary information to demonstrate compliance with the obligations under this agreement and GDPR, allow audits, including inspections, carried out by the user or another auditor authorized by the user.

2.10 The user undertakes to promptly report all known facts that could adversely affect the proper and timely fulfillment of obligations arising from these conditions and to provide the provider with the necessary cooperation to fulfill these conditions.

III. Final Provisions

3.1 These conditions lose their validity upon the expiration of the period stated in Articles 1.6 and 2.7 of these conditions.

3.2 The user agrees to these conditions by checking the consent box via the online form. By checking the consent box, the user acknowledges that they have read these conditions, agree with them, and accept them in full.

3.3 The provider is authorized to change these conditions. The provider is obliged to publish the new version of the conditions on its website without undue delay or send the new version to the user at their email address.

3.4 The provider’s contact details regarding these conditions:
+420 777 005 996, info@azeventproduction.com.

3.5 Relationships expressly not governed by these conditions are subject to GDPR and the legal system of the Czech Republic, especially Act No. 89/2012 Coll., the Civil Code, as amended.

These conditions take effect on January 1, 2023.