European Youth Olympic Festival 2022 (EYOF 2022) handles your personal data with care as defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR) and Act No. 18/2018 Coll. on Personal Data Protection and on changes and supplements to some acts (hereinafter referred to as the “Personal Data Protection Act”). EYOF 2022 as the Controller is obliged to make certain information accessible on its website to the data subject (natural person whose personal data are being processed). Apart from its identification, contact data and the Data Protection Officer contact data, the public authority shall be obliged to make the data found in the bookmarks to the left accessible.
Within the meaning of Art. 24 of the GDPR Regulation and Section 31 of the Personal Data Protection Act, the Controller has adopted appropriate technical, organizational, personnel and security measures and safeguards that take into account, in particular:
- the principles of personal data processing, such as lawfulness, fairness and transparency, limitation and compatibility of the purposes of the processing of personal data, minimization of personally identifiable information, its pseudonymization and encryption as well as integrity, confidentiality and accessibility;
- the principles of necessity and proportionality (also applicable to the scope and amount of processed personal data, the retention period and access to the personal data of the data subject) of the processing of personal data in relation to the purpose of the processing operation;
- the nature, scope, context and purpose of the processing operation;
- resilience and recovery of personal data processing systems;
- instructing authorized persons working for the Controller;
- taking measures to identify the personal data protection breach without undue delay and to promptly inform the supervisory authority and the person responsible;
- adopting measures to ensure the correction or erasure of incorrect data or the realization of other rights of the person concerned;
- the risks of varying likelihood and severity for the rights and freedoms of natural persons (in particular the accidental or unlawful destruction of personal data, the loss or alteration of personal data, the misuse of personal data - unauthorized access or unauthorized disclosure, risk assessment with regard to origin, nature, likelihood and seriousness of risk related to processing and identifying best risk mitigation strategies).