Personal Data Protection
The website www.musicschoolprague.com (the "Website") is operated by International School of Music and Fine Arts, s.r.o. – Soukromá základní umělecká škola, s.r.o., whose registered office is at Příběnická 972/16, 130 00 Praha 3 – Žižkov, Reg. No. (IČ): 271 92 571, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Entry No. 103352 (the "ISMFA").
The ISMFA Website also contains information of the cooperating companies, namely:
- MUSIC - DANCE - ART SCHOOL PRAGUE, s.r.o., Reg. No. (IČ): 247 51 782, whose registered office is at V Celnici 1031/4, 110 00 Praha 1,
- European Music School, s.r.o., Reg. No. (IČ): 289 97 409, whose registered office is at Příběnická 972/16, 130 00 Praha 3
- Prague Music School, s. r. o., Reg. No. (IČ): 033 15 592, whose registered office is at Korunní 810/104, Vinohrady, Praha 10
- School of Music and Dance, s.r.o., Reg. No. (IČ): 033 75 978, whose registered office is at Korunní 810/104, Vinohrady, Praha 10
- Music Learning Centre, s. r. o., Reg. No. (IČ): 033 13 956, whose registered office is at Korunní 810/104, Vinohrady, Praha 10
- Music and Dance Academy, s.r.o., Reg. No. (IČ): 033 24 532, whose registered office is at Korunní 810/104, Vinohrady, Praha 10
- Music and Dance Education, s.r.o., Reg. No. (IČ): 033 22 041, whose registered office is at Korunní 810/104, Vinohrady, Praha 10
- Performing Arts Learning Centre, s.r.o., Reg. No. (IČ): 033 61 489, whose registered office is at Korunní 810/104, Praha 10, 101 00
- Dance, Music and Visual Arts, s.r.o., Reg. No. (IČ): 034 77 398, whose registered office is at Na Veselí 1342/22,140 00 Praha 4
- School of Performing Arts, s.r.o., Reg. No. (IČ): 045 25 337, whose registered office is at Na Veselí 1342/22,140 00 Praha 4
- ISMFA Education, s.r.o., Reg. No. (IČ): 045 13 398, whose registered office is at Korunní 810/104, Praha 10, 101 00
- KIDS MUSIC SCHOOL, s.r.o., Reg. No. (IČ): 272 55 425, whose registered office is at Příběnická 16, Praha 3, 130 00
- Unique Art Education, s.r.o., Reg. No. (IČ): 045 22 036, whose registered office is at Na Veselí 1342/22,140 00 Praha 4
The ISMFA does not obtain any of your personal data in connection with your access of the ISMFA Website.
In the event that you contact the ISMFA and the ISMFA obtains your personal and contact details on the basis of such communication, they will be exclusively used for further communication with you.
Links to other websites
On its Website, the ISMFA may provide links to the websites of other entities. We recommend that you become familiarised with the degree of protection of personal data provided by these entities if you visit their websites.
Advice on the rights of data subjects
If you contact the ISMFA and the ISMFA will process your personal data (e.g. name, surname, contact details) on the basis of such contact, the ISMFA becomes a data controller (the "Controller").
Advice on the rights of data subjects under the GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)(the "GDPR") came into effect on 25 May 2018.
Natural persons whose personal data is processed by the Controller have the following rights:
- under Article 13 of the GDPR:
- the right to request from the Controller access to personal data;
- the right to request rectification or erasure of personal data, or restriction of processing, and to object to processing, as well as the right to data portability;
- the right to lodge a complaint with a supervisory authority;
- under Article 15 of the GDPR - the right to access to personal data:
- the right to obtain from the Controller confirmation as to whether or not my personal data is being processed, and, where that is the case, I have the right to access my personal data and the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request from the Controller rectification or erasure of my personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, where the personal data is not collected from me, then any available information as to their source, the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for me;
- the right to obtain a copy of the personal data undergoing processing at the Controller. For any further copies, the Controller may charge a reasonable fee based on administrative costs. Where the request is made by electronic means, and unless otherwise requested, the information will be provided in a commonly used electronic form.
- under Article 16 of the GDPR – the right to rectification of personal data:
- the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning the data subject. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- under Article 17 of the GDPR – the right to erasure of personal data:
- the right to obtain from the Controller the erasure of personal data concerning the data subject without undue delay where one of the following grounds applies: a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; b) the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing; c) the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Article 21(2) of the GDPR; d) the personal data has been unlawfully processed; e) the personal data has to be erased for compliance with a legal obligation in the European Union or Member State law to which the Controller is subject. The provisions set out above will not apply to the extent that processing of the personal data of the data subjects is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing by the European Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; c) for reasons of public interest in the area of public health; d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR; e) for the establishment, exercise or defence of legal claims.
- under Article 18 of the GDPR - the right to restriction of personal data processing:
- the right to obtain from the Controller restriction of processing where one of the following applies: a) if the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; c) the Controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject would object to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Controller or another third person override those of the data subject;
- where processing has been restricted under the point above, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
- under Article 19 of the GDPR - notification obligation regarding rectification or erasure of personal data or restriction of processing:
- The Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The Controller shall inform the data subject about those recipients only if the data subject requests it.
- under Article 21 of the GDPR – the right to object:
- the right to object, on grounds relating to the data subject's particular situation, at any time to processing of personal data which is based on point (f) of Article 6(1) of the GDPR, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
- the right to object may be exercised by automated means.
- under Article 34 of the GDPR – communication of a personal data breach
- when the personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, the Controller shall communicate the personal data breach to the data subjects without undue delay;
- the communication referred to above shall not be required if any of the following conditions are met: a) the Controller has implemented appropriate technical and organisational protection measures, and those measures were applied, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption; b) the Controller has taken subsequent measures which ensure that the high risk to the rights and freedoms referred to above is no longer likely to materialise; c) it would involve disproportionate effort.
Facebook and Twitter
The ISMFA also operates its accounts on the social media platforms (Facebook and Twitter)(https://cs-cz.facebook.com/MusicSchoolPrague; https://twitter.com/musicschoolprg)
The data is transferred only in case if you are logged in your user account of the respective social media service.
The following entities are exclusively liable and responsible for the interconnected social media services:
- for Facebook and its Internet presentation: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
- for Twitter and its Internet presentation: Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
Additional information regarding the purpose and scope of the personal data acquisition, processing and use of your data by the respective social media service is available in the data privacy provisions of the respective services available at their websites (Facebook: https://www.facebook.com/about/privacy/ ; Twitter: https://twitter.com/privacy)