GDPR Policy for JS-hlasování s.r.o. 

Introduction 
JS-hlasování s.r.o. (IČO: 07654332), located at Moskevská 1523/63, Vršovice, 101 00 Praha, is committed to ensuring compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This GDPR Policy outlines the Company’s responsibilities and data protection practices concerning the processing of personal data. 

1. Role as Data Controller 
JS-hlasování s.r.o. acts as the data controller, determining the purposes and means of processing personal data. The Company ensures that personal data is processed lawfully, fairly, and transparently, in line with GDPR principles. 

2. Lawful Basis for Data Processing 
The Company processes personal data under the following lawful bases: 

  • Contractual Necessity: Data processing is essential to fulfill contractual obligations (e.g., for service delivery). 

  • Legal Obligation: Processing required by law, such as tax compliance or record-keeping. 

  • Legitimate Interests: Data processing necessary for the legitimate interests of the Company (provided these interests do not override the rights of individuals). 

  • Consent: Personal data processed based on explicit consent for purposes such as marketing. 

3. Rights of Data Subjects 
Under GDPR, individuals have the following rights with respect to their personal data: 

  • Right to Access: Request information on what personal data is being processed and why. 

  • Right to Rectification: Request corrections to personal data if inaccurate or incomplete. 

  • Right to Erasure (Right to be Forgotten): Request deletion of personal data under certain conditions (e.g., when no longer necessary for processing). 

  • Right to Restrict Processing: Request the restriction of processing in specific situations (e.g., where the accuracy of data is contested). 

  • Right to Data Portability: Receive personal data in a structured, commonly used format and transmit it to another data controller. 

  • Right to Object: Object to the processing of personal data in certain cases, such as direct marketing. 

  • Right to Withdraw Consent: Withdraw consent for processing at any time if consent was the basis for processing. 

4. Data Breach Notifications 
In the event of a personal data breach, the Company will notify the Czech Data Protection Office (Úřad pro ochranu osobních údajů) within 72 hours of becoming aware of the breach, if the breach is likely to result in a risk to the rights and freedoms of individuals. Affected individuals will also be notified if required. 

5. Data Processing by Third Parties 
When personal data is shared with external service providers (data processors), the Company ensures that these processors adhere to GDPR requirements by entering into Data Processing Agreements (DPAs) with them. 

6. International Data Transfers 
Where personal data is transferred outside the European Economic Area (EEA), the Company will ensure that adequate safeguards are in place, such as Standard Contractual Clauses (SCCs), to guarantee the protection of personal data. 

7. Retention and Deletion of Data 
The Company retains personal data only for as long as necessary for the purposes for which it was collected or as required by law. After the data is no longer needed, it is securely deleted or anonymized. 

8. Data Protection Officer (DPO) 
If required by law, the Company will appoint a Data Protection Officer (DPO) responsible for overseeing GDPR compliance and serving as a point of contact for data subjects and regulatory authorities. 

9. Privacy by Design and by Default 
The Company integrates data protection into the design of its systems and processes, ensuring that personal data is processed only when necessary and that privacy controls are implemented by default. 

10. Employee Training and Awareness 
The Company ensures that its employees are trained on data protection principles and GDPR compliance, reinforcing the importance of safeguarding personal data. 

Supervisory Authority 
Individuals may file complaints with the Czech Data Protection Office (Úřad pro ochranu osobních údajů) if they believe that their data protection rights have been infringed. 

Contact Information 
For GDPR-related inquiries, please contact: 

JS-hlasování s.r.o. 
Address: Moskevská 1523/63, Vršovice, 101 00 Praha 
Email: [insert email] 
Phone: [insert phone number]