The non-profit organization Plzeň 2015, registered institute, ID No.: 29109124, with its registered office at Presslova 2992/14, 301 00 Plzeň, registered in the Register of Institutes maintained by the Regional Court in Plzeň, Section U, File 78 (hereinafter referred to as the "Controller" or "Plzeň 2015") hereby informs natural persons whose personal data are to be processed in any way within the scope of the Controller's activities (hereinafter referred to as "Data Subjects" ) within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation"), the principles and rules that Plzeň 2015 unconditionally complies with when processing personal data (hereinafter referred to as the "Policy").

​​

PLZEŇ 2015 POLICY ON THE PROCESSING OF PERSONAL DATA:

As part of its activities, Plzeň 2015 needs or has a serious interest in processing the personal data of various individuals, in particular its (potential) business partners, tenants, members of Coworking or the Makerspace open workshop, visitors to the DEPO2015 creative center or events organized by Plzeň 2015, participants in courses, workshops, and other events organized by Plzeň 2015, those interested in information about the program held at DEPO2015, etc. Plzeň 2015 has committed to processing all personal data fairly, transparently, and with respect and consideration for the rights of all persons concerned.

In accordance with the above commitment, Plzeň 2015 will ensure in each individual case that the processing of personal data is carried out in accordance with the following principles:

1. The principle of lawfulness, transparency, and fairness – processing is carried out on the basis of proper authorization, openly and with full respect for the rights of data subjects;

2. The principle of purpose limitation – processing is carried out only for specific, explicitly stated, and legitimate purposes;

3. The principle of data minimization – only personal data necessary to achieve the specified purpose may be processed;

4. Principle of accuracy – only accurate personal data that is updated as necessary for processing is processed;

5. Principle of storage limitation – personal data is processed only for the time necessary to achieve the specified purpose;

6. Principle of integrity and confidentiality – during processing, personal data is properly secured, in particular against unauthorized or unlawful processing and against accidental or unauthorized loss, destruction, or damage.​

INFORMATION FOR DATA SUBJECTS

The controller shall, in relation to each data subject in each individual case, through a person authorized to act on behalf of the controller, provide the data subject with at least the following information:

• Purpose of personal data processing – the controller processes personal data exclusively in a manner that is compatible with the stated purpose of personal data processing and does not conflict with Article 6(1) of the Regulation; we process the personal data you provide to us strictly for purposes related to ensuring the operation and program content of DEPO2015.

• Scope of personal data processing – the controller processes personal data only to the extent necessary in relation to the stated purpose for which the data is processed. If we have obtained your personal data from you or on the basis of our personal contact (business meeting, participation in an event organized by Plzeň 2015, etc.), or our own search activities within publicly available sources, we process this data only to the extent that you have provided it to us or published it, and only to the extent necessary for us to contact you on the basis of our legitimate interest.

• Duration of personal data processing – the controller processes personal data that is processed for the stated purpose of processing for the time necessary to fulfill the specific purpose of processing, with the length of this period varying according to the individual areas of the controller's activities.

• Retention period for personal data - personal data is retained only for the period necessary to fulfill the purpose of its processing. Specific retention periods are determined either directly by the duration of the contractual relationship and the subsequent archiving period, or by the period resulting from legal regulations, or until the data subject's consent is revoked. After this period, personal data is securely deleted or anonymized.

• What are the legal bases for processing personal data - if the legal basis is the legitimate interest of the controller, then more detailed information about these legitimate interests.

The category of recipients of personal data and the transfer of personal data - who will process the personal data and how, and to whom the personal data may be further disclosed by the controller.

In individual areas of activity (copying the purposes of personal data processing), the data is processed by the controller to the maximum extent specified below, for the specified period, on the basis of the specified legal grounds:​

• Marketing communications (newsletters, invitations to events, information about courses, workshops, and other events of interest) – personal data in the form of your first and last name, email address, and, where applicable, telephone number are processed: a) on the basis of your explicit consent pursuant to Article 6(1)(a) of the Regulation, for the period until this consent is revoked; b) on the basis of the legitimate interest of the controller pursuant to Article 6(1)(f) of the Regulation, consisting in informing existing clients about similar activities of the Controller, for a maximum period of 2 years from the last use of the service or participation in the event. You may object to the sending of marketing communications based on legitimate interest at any time; in such a case, your personal data will no longer be used for this purpose.

• Negotiations on the contractual relationship, its conclusion (in the form of a contract, confirmed order, or accepted application for a course/workshop/open workshop), changes, additions, and termination, including ensuring the fulfillment of rights and obligations arising from the contractual relationship and in connection with it—data is processed to the maximum extent: name and surname, date of birth, ID number, ID/VAT number, telephone number, email address, bank account number, residential address (permanent residence, mailing address), for the duration of the contractual relationship; after its termination, they are stored for a period of 5 years for the purpose of fulfilling the legal obligations of the controller (archiving for the purposes of inspections, handling complaints, claims for defects, etc.), or 10 years if your data is contained in accounting documents (we are VAT payers), on the basis of the performance of a contract concluded with data subjects. Processing of personal data of minors and special categories of data: In the case of participation of minors in events organized by the controller, the personal data of the child and his or her legal representative are processed to the extent necessary to ensure the child's participation and safety. Data on the child's health are processed exclusively on the basis of the express consent of the legal guardian pursuant to Article 6(1)(a) and Article 9(2)(a) of the Regulation, and only for the duration of the event and immediately after its end, unless a longer retention period is stipulated by law.

• Accounting, issuing tax documents, handling claims for defects, archiving accounting documents – data is processed to the maximum extent and for the period specified by the relevant generally binding legal regulations, on the basis of the controller's legal obligations

• Operation of the camera system – data is processed to the maximum extent: video recording capturing the image of a natural person taken by a camera system located on the premises of DEPO2015, when the areas monitored by the camera system are properly marked; for a period of: 4 days from the date of recording by the camera system, unless an incident occurs that requires the recording to be kept for a longer period of time, for the purpose of protecting the controller's property and the safety of persons moving around the DEPO2015 premises, based on the controller's legitimate interest pursuant to Article 6(1)(f) of the Regulation.

The administrator declares that your personal data will only be made available/transferred for processing to relevant employees or associates of the administrator (external service providers) who are bound by an obligation of confidentiality regarding this data, as well as security measures, the disclosure of which would in any way compromise the security of this personal data. Personal data is made available to these persons only to the minimum extent necessary for the performance of their duties. Personal data will also be made available to state administration authorities/bodies (in the case of data processed by these bodies in accordance with applicable legal regulations) and, in justified cases, may also be made available to security forces, law enforcement authorities, or courts.

The controller declares that it does not use automated decision-making or profiling within the meaning of Article 22 of the Regulation when processing personal data. However, the controller's website may use cookies for analytical and marketing purposes, which may include automated evaluation of visitor behavior (profiling). Detailed information about the types of cookies, their purpose, and management can be found in a separate document, Cookie Policy.​

The administrator further declares that it does not and will not transfer your personal data processed within the scope of its activities to third countries or any international organizations.

The controller stores personal data in electronic form on electronic storage devices located within the European Union. All electronic storage devices are adequately secured against data leakage/misuse. When using external services, personal data is processed exclusively by entities providing adequate guarantees of personal data protection in accordance with the Regulation. Personal data stored in paper form is also adequately secured by the controller against leakage/misuse (lockable offices, cabinets, organizational measures). The controller is committed to reviewing the organizational and technical measures ensuring the protection of its clients' personal data at least every six months and to taking additional security measures if necessary.​

​

RIGHTS OF THE DATA SUBJECT

As a data subject, you have the right under applicable law to request that we provide you with information or perform certain operations with your personal data. You have the right to:

Access to personal data – you have the right to ask us for information on whether or not personal data concerning you is being processed, in accordance with Article 15 of the Regulation, i.e. in particular for a copy/extract of the personal information we hold about you and how we use it.

Rectification – if you believe that the information we hold about you is inaccurate, you have the right to ask us to correct the inaccuracies without undue delay, and you may also request that incomplete personal data be completed in accordance with Article 16 of the Regulation.

Deletion – under certain circumstances, you have the right to request that we delete personal data concerning you without undue delay if one of the reasons specified in Article 17 of the Regulation applies (e.g., if the personal data is no longer necessary for the original purpose or if you withdraw your consent).

Restriction of processing – under certain circumstances, you have the right to request that we stop using your personal data, e.g. if you believe that the personal information we hold about you is inaccurate or you believe that there is no need for us to continue using your personal information (Article 18 of the Regulation).

Withdraw consent at any time – if the legal basis for processing personal data is your consent (this applies exclusively to our marketing activities), you have the right to withdraw your consent at any time and we are obliged to delete the data; withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal.

Object – you have the right to object to the processing of personal data that we carry out on the basis of our legitimate interest (Article 6(1)(e) or (f) of the Regulation, including profiling based on these provisions pursuant to Article 21 of the Regulation). If we do not have a compelling legitimate reason for processing, we will no longer process your personal data for that purpose.

Data portability – if we process your personal data electronically on the basis of your consent or for the purpose of performing a contract, you have the right to request that we provide it to you in a machine-readable format. You also have the right to request that we provide it to you in a machine-readable format or that we transfer the data to a third party.

Not to be subject to any decision based solely on automated processing – you have the right not to be subject to any decision based solely on automated processing, including profiling, which has legal effects on you or similarly significantly affects you pursuant to Article 22 of the Regulation;

File a complaint with the supervisory authority – the supervisory authority is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 727/27, 170 00 Prague 7.

Deadline for processing requests – the controller processes requests from data subjects without undue delay, no later than 1 month after receiving them. In complex cases, this period may be extended by a further two months, of which the data subject will be informed.

Data Protection Officer (DPO) – the controller does not have a designated Data Protection Officer, as this obligation does not arise under the Regulation. However, the controller is prepared to provide information and ensure adequate protection of personal data in accordance with the Regulation.

​

CONTACT DETAILS OF THE PERSONAL DATA CONTROLLER

All your questions, suggestions, requests for deletion, correction, withdrawal of consent, or other submissions related to the processing of your personal data can be sent to the following email address:

gdpr@depo2015.cz

You can also contact us at our registered office or at the telephone numbers listed on our website

www.depo2015.cz​

Requests regarding the processing of personal data can only be submitted by you or your authorized representative. If we are unsure of the identity of the applicant, we may ask you for additional information to verify your identity.

Our obligation to comply with your request depends in some cases on the purpose for which we process your personal data. Some rights can only be exercised for certain purposes of processing.

​

​In Pilsen on January 16, 2026
Mgr. Soňa Rychlíková, Director

​

Cookie Policy

​

Pursuant to Section 89 of Act No. 127/2005 Coll., on Electronic Communications, and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), we hereby inform you that our website uses cookies – small text files that are stored in your browser when you visit the website. Cookies help us improve the functionality of the website, analyze traffic, customize content and advertising, and ensure the secure operation of the website

​

1. What are cookies?

Cookies are small text files stored on your device that:

• record technical settings of the website (e.g., language or login details),

• enable analytical evaluation of traffic,

• can be used for targeted personalization of content or advertising

 

2. Types of cookies and legal basis

Type of cookies - Purpose - Legal basis - Storage - Note

 

1. Essential cookies - Ensure the proper functioning of the website (navigation, security, login) - Do not require consent - For the duration of the visit (session) - Without these cookies, the website may not function properly

2. Functional cookies - Remember user preferences for a better and more personalized experience - Legitimate interest of the controller (Article 6(1)(f) of the GDPR) - Persistent cookies (days to months) - We do not use them for marketing or profiling

3. Analytical cookies (e.g., Google Analytics) - Track website traffic and usage to improve services - User consent (Article 6(1)(a) of the GDPR) - 2 years - Anonymized data, may include profiling of user behavior for website improvement purposes

4. Marketing cookies (e.g., Facebook Pixel) - Personalization of ads and measurement of their effectiveness - User consent (Article 6(1)(a) of the GDPR) - 3 months to 1 year depending on the platform - These cookies include profiling and tracking of user behavior across websites​​​

​

3. Cookie management and consent

When you first visit the website, a bar/banner will appear asking for your consent to analytical and marketing cookies.

You can revoke your consent at any time via:

1. Cookie settings on the website (bar/banner),

2. Your internet browser settings, where you can refuse or delete cookies:

• Google Chrome – Cookie management

• Mozilla Firefox – Deleting cookies

• Microsoft Edge – Cookie settings

• Safari – Cookie management

Withdrawing your consent means that analytical and marketing cookies will no longer be stored or used. The administrator notes that some parts of the website may not function properly without certain cookies.

​

4. Sharing cookies with third parties

We use third-party analytics and marketing services that may have access to certain cookies:

Google Analytics – the purpose is to analyze website traffic; you can find more information about Google's privacy policy here: https://policies.google.com/privacy

Facebook Pixel – the purpose is to measure and personalize ads; information on how Facebook uses data can be found here: https://www.facebook.com/privacy/explanation

These third parties process personal data only to the extent necessary to provide their services and in accordance with the GDPR.

 

5. How long do we store cookies?

Session cookies – temporary, deleted when you close your browser.

Persistent cookies – stored for a longer period (days to months) or until you delete them yourself.

​​

6. Contact

Any questions regarding cookies, consent, or personal data management can be sent to:

Email: gdpr@depo2015.cz

Administrator address: Plzeň 2015, registered institute, Presslova 2992/14, 301 00 Plzeň

Website: www.depo2015.cz