top of page


A non-profit organization Pilsen 2015, registered institute, ID: 29109124, with registered office at Presslova 2992/14, 301 00 Pilsen, registered in the register of institutes kept by the Regional Court in Pilsen, in section U, file 78 (hereinafter referred to as the "administrator" or "Pilsen 2015") hereby informs the natural persons whose personal data are to be processed in any way as part of the administrator's activities (hereinafter referred to as the "data subject") in the sense of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (General Regulation on the Protection of Personal Data) (hereinafter referred to as the "Regulation"), on principles and rules, which Plzeň 2015 unconditionally observes when processing personal data (hereinafter referred to as the "Policy").


As part of its activities, Pilsen 2015 needs or has a serious interest in processing the personal data of various natural persons, especially its (and potential) business partners, tenants, members of Coworking or Makerspace open workshops, visitors to the creative center DEPO2015 or events organized by Pilsen 2015, course participants , workshops and other events organized by Pilsen 2015, those interested in information about the program held at DEPO2015, etc.

Pilsen 2015 has undertaken to process all personal data fairly, transparently and fundamentally with respect and regard for the rights of all affected persons.

Plzeň 2015, in accordance with the above commitment, will in each individual case ensure that the processing of personal data takes place in accordance with the following principles:

  1. The principle of legality, transparency and correctness – processing takes place on the basis of proper authorization, openly and with full respect for the rights of data subjects;

  2. The principle of purpose limitation – processing takes place only for specific, explicitly expressed and legitimate purposes;

  3. The principle of data minimization – only personal data necessary to ensure the specified purpose can be processed;

  4. Principle of accuracy – only personal data is processed that is accurate and updated according to processing needs;

  5. Principle of storage limitation– personal data are processed only for the time necessary to ensure the specified purpose;

  6. The principle of integrity and confidentiality - during processing, proper security of personal data is ensured, especially against their unauthorized or illegal processing and against accidental or unauthorized loss, destruction or damage.



In relation to each subject of rights, in each individual case, the administrator shall, through a person authorized to act on behalf of the administrator, communicate to the data subject at least the following information:

  • The purpose of personal data processing – the administrator processes personal data exclusively in a manner that is compatible with the stated purpose of personal data processing and does not conflict with Article 6, paragraph 1 of the Regulation; we process the personal data you provide us strictly for purposes related to ensuring the operation and program content of DEPO2015.

  • Scope of processed personal data – the administrator processes personal data only to the extent necessary in relation to the stated purpose for which the data is processed. In the event that we have obtained your personal data from you or on the basis of our personal contact (business meeting, participation in an event organized by Pilsen 2015, etc.), or our own search activity, we process this data only to the extent that you have provided it to us provided, or in which you published them, exclusively to the extent necessary for us to be able to contact you on the basis of our legitimate interest.

  • The period of personal data processing – the administrator processes personal data, which are processed for the stated purpose of processing, for different periods of time depending on the field of activity.

  • What are the legal bases for the processing of personal data - if the legal basis is the administrator's legitimate interest, then more detailed information about these legitimate interests.

  • Category of recipients of personal data and transfer of personal data- who and how will process personal data and to whom personal data may be further made available by the controller.

In the individual areas of activity (copying the purposes of personal data processing), data is processed by the controller to a maximum of the following extent, for the specified period of time, based on the specified legal reasons:

  • Marketing activities of the controller (distribution of the program newsletter, invitations to events held in DEPO2015, news and information about courses, workshops and other events of interest) - data is processed to the maximum extent: first and last name, email address, telephone number, for an unlimited period of time from the granting of consent to processing personal data (until the possible withdrawal of your consent), or 5 years from the end of the course/workshop/event you participated in and the administrator has a legitimate interest in sending marketing information to the contact details you provided as a result; due to the granting of explicit consent or the legitimate interest of the administrator (informing clients of the administrator).

  • Negotiating the contractual relationship, its conclusion (in the form of a contract, confirmed order or accepted application for a course/workshop/open workshop),changes, additions and termination, incl. ensuring the fulfillment of rights and obligations arising from and in connection with the contractual relationship – data is processed to the maximum extent: name and surname, date of birth, social security number, ID number/TIN, telephone number, email address, bank account number, address of residence (permanent residence, delivery), in the case of a minor participating in events (camps) also information on the state of health and also the contact details of the child's legal representative, for a period of 5 years from the end of the contractual relationship (archiving for the purposes of checks, resolving complaints, claims due to defects, etc.), or 10 years, if your data is contained in accounting documents (we are VAT payers), due to the fulfillment of the contract concluded with the data subjects

  • Bookkeeping, issuance of tax documents, settlement of claims for defects, archiving of accounting documents– data are processed to the maximum extent and for the following period: in accordance with the applicable generally binding legal regulations, in order to fulfill the legal obligations of the administrator

  • Operation of the camera system – the data is processed to the maximum extent: a video recording capturing the appearance of a natural person captured by a camera system located in the DEPO2015 premises, for a period of: 4 days from the capture of the recording by the camera system, in order to protect the administrator's property.

The administrator declares that your personal data will be made available/transferred for processing only to the relevant employees or associates of the administrator (external service providers), who are bound by the obligation to maintain the confidentiality of this data, as well as security measures, the disclosure of which would in any way endanger the security of this personal data. Personal data is made available to the mentioned persons only to the smallest extent necessary for the fulfillment of their duties. Personal data will also be made available to state administration authorities/bodies (in the case of data that these bodies process according to applicable legal regulations) and further  in justified cases, they can also be made available to security forces, law enforcement authorities or courts.

The administrator declares that he does not use the method of automated decision-making or profiling in the sense of Article 22 of the Regulation when processing personal data.

The administrator further declares that he does not and will not transfer your personal data processed as part of his activities to third countries or any international organizations.

The administrator further declares that it stores all of your personal data in electronic form on electronic repositories located exclusively in the Czech Republic or the EU. All electronic repositories are adequately secured against data leakage/misuse. Personal data stored in paper form are also sufficiently secured by the administrator against leakage/misuse (lockable offices, cabinets, organizational measures). The administrator is determined to revise the organizational and technical measures ensuring the protection of personal data of its clients at least every six months and to adopt additional security measures if necessary.


As a data subject, you have the right, according to applicable legal regulations, to ask us to provide you with information or to perform certain operations with personal data. You have the right to:

  • Access to personal data – you have the right to ask us for information as to whether personal data concerning you are or are not being processed, according to Article 15 of the Regulation, i.e. in particular, a copy/extract of the personal information we keep about you and how we use it.

  • Repair– if you believe that the information we have about you is inaccurate, you have the right to ask us to correct the inaccuracies without undue delay, and you can also request the completion of incomplete personal data in accordance with Article 16 of the Regulation.

  • For deletion - in certain circumstances, you have the right to ask us to delete personal data concerning you without undue delay, if one of the reasons listed in Article 17 of the Regulation is given (e.g. if the personal data is no longer necessary for the original purpose or if you withdraw your consent ).

  • To restrict processing - in certain circumstances, you have the right to ask us to stop using your personal data, e.g. if you believe that the personal information we store about you is not accurate or you believe that there is no need for us to use your personal information further (Art. 18 of the Regulation).

  • Revoke the given consent at any time – if the legal basis for the processing of personal data is your consent (in principle, this is exclusively for our marketing activities), you are entitled to revoke the consent given at any time and we are obliged to delete the data; withdrawal of consent does not affect the lawfulness of processing based on consent granted before its withdrawal.

  • Raise an objection – you have the right to object to the processing of personal data that we carry out due to our legitimate interest (Article 6(1)(e) or f) of the Regulation, including profiling based on these provisions pursuant to Article 21 of the Regulation). If we do not have a compelling legitimate reason for processing, we will not further process your personal data for the given purpose.

  • For data portability – if we process your personal data electronically with your consent, you have the right to ask us to provide it to you in a machine-readable format. You also have the right to ask us to provide them to you in a machine-readable format, or to pass the data on to a third party.

  • Not to be subject to any decision based solely on automated processing – you have the right not to be the subject of any decision based solely on automated processing, including profiling, which has legal effects for you or significantly affects you in a similar way according to Article 22 of the Regulation;

  • File a complaint with the supervisory authority – the supervisory authority is the Office for Personal Data Protection, with headquarters in Plk. Sochora 727/27, ZIP Code 170 00, Prague 7.                                             



All your questions, suggestions, requests for deletion, correction, withdrawal of consent or other submissions related to the processing of your personal data can be sent to the email address:

You can also contact us at the address of our registered office or at the telephone numbers listed on our website

Requests regarding the processing of personal data can only be submitted by you or your authorized representative. If we are unsure of the applicant's identity, we may ask you for additional information to verify your identity.

Our obligation to comply with your request in some cases depends on the purpose for which we process your personal data. Some rights can only be exercised for certain processing purposes.

In Pilsen on May 21, 2018


Jiří Suchánek, director

bottom of page