PIDfest 2024 Privacy Policy

in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), Act No. 110/2019 Coll., on the processing of personal data, and related legislation.
General principles of personal data processing adopted by the National Library of Technology are described in the general Privacy policy.

1. Personal data controller and processor

The controller of your personal data is the National Library of Technology (in Czech “Národní technická knihovna”), ID No. 61387142, with its registered office at Technická 2710/6, 160 80 Prague 6 - Dejvice, Czech Republic (hereinafter referred to as “controller“ or “we”). For the purpose of organizing the conference PIDfest 2024 (hereinafter referred to as „conference“), the controller uses the services of a processor, the company MGM agency, s.r.o., ID No.: 03736016, with its registered office at Kaprova 42/14, Staré Město, 110 00 Prague 1, (hereinafter referred to as "MGM"). Certain rights and obligations of the controller shall apply to the processor in accordance with the law.

2. Type and origin of data processed

 We process your personal data mainly for the purpose of their use by us within the framework of our activities, in particular for creating and operation of the registration form, the registration of participants of the conference and for the providing of photo documentation and streaming. Processing means that we collect, store, delete and in some cases pass on personal data.

We receive the personal data we process directly from you in the course of your order or during your registration on our website. We may also partially process personal data that we have obtained in accordance with current data protection laws in other ways from publicly available sources, such as the commercial register or other registers.


We may process mainly following personal data:


We do not collect credit card information from you. If you choose to pay with a credit card or online bank etc., the payment is done through an external site from different legal entity such as the bank, etc.

3. Purposes of processing and legal titles of processing

We always process personal data for permitted purposes only and in accordance with the currently applicable legal regulations.


Processing of your personal data is based on the following grounds of the GDPR (one or more purposes may apply simultaneously):


a) Processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract;

b) Processing is necessary for compliance with legal obligations to which the controller is subject;

c) Processing is necessary for the purposes of the legitimate interests pursued by the controller.

d) You have given consent to the processing of your personal data.


The legitimate interests of the controller or a third party referred to in point c) above may include, amongst others, the following matters:


·   the right to promote other events of the controller (similar to the conference);

·   controller’s organization development;

·   investigation of any possible damage to protect controller’s or third party’s property or investigation of possible malpractice.


Should we ever process your personal data for a purpose other than that for which we originally have collected it, we will inform you of this new purpose in accordance with the applicable law. 

4. Recipients of your data

In some cases, personal data may be disclosed to third parties as processors - to MGM or suppliers of external services (e.g. programming or other services, server services, etc.), to operators of technologies, or to the extent necessary to legal or tax advisors.


In some cases as provided for by the applicable law, we are entitled or obliged to transfer certain personal data on the basis of valid and effective legal regulations, for example to law enforcement authorities or other public authorities.


In any other cases, we will only pass on your personal data to third parties if you have given us the appropriate permission to do so.


5. Transfer to third countries or international organizations

We do not transfer your data to recipients in countries without an adequate level of data protection (third countries).


6. How long do we process your personal data?

The controller will process your personal data until the end of the calendar year in which the conference was held plus 3 years.


7. Required personal data

You provide personal data to us on a voluntary basis, however the provision of certain data is required for the use of our services, which means that if you do not provide it to us, you will not be able to use some of the services of our sales network. If there is a legal obligation to provide personal data, this data will be indicated as obligatory.


8. Automatic decision making and profiling

We do not use automated decision-making or profiling procedures within the meaning of Article 22 GDPR when making decisions that may have legal consequences for you or otherwise significantly affect you.


9. Your rights in relation to the processing of personal data

In connection with the processing of your personal data, you as the data subjects have the following rights under the GDPR, or within the limits set by applicable law:

(i) the right to information about the processing carried out;

(ii) the right to access the personal data processed;

(iii) the right to rectification or erasure of personal data

(iv) the right to restriction of processing of personal data;

(v) the right to portability of personal data;

(vi) the right to object to processing, and

(vii) the right to lodge a complaint with the supervisory authority, which is:


The Office for Personal Data Protection

address: Pplk. Sochora 27, 170 00 Praha 7

Tel.: +420 234 665 111



If we receive a request within the meaning of this Article, we will inform the applicant of the measures taken without undue delay and in any event within one month of receipt of the request. This time limit may be extended by up to two additional months if necessary and in view of the complexity and number of requests.


The controller is not obliged to comply with a request, for example, where the request is manifestly unfounded or unreasonable, in particular because it is repetitive. In such cases, the controller may charge a reasonable fee taking into account the administrative costs involved in providing the requested information or, where appropriate, refuse to comply with the request. In the event of reasonable doubt as to the identity of the applicant, we are entitled to ask the applicant to provide additional information necessary to confirm the identity of such applicant.


In addition, you have the right to withdraw your consent (where applicable) to the processing of your personal data at any time. Such revocation does not affect the processing already carried out and therefore does not affect the effectiveness and lawfulness of the processing of personal data carried out up to the time of such revocation.


10. Contact details

Data subjects may contact the controller with any questions regarding the processing of personal data or to exercise their rights set out in this declaration:


National Library of Technology

Technická 2710/6

160 80 Prague 6 - Dejvice

Czech Republic



Data protection officer

Mgr. Jan Kolátor

‌Tel.: +420 232 002 437



Data subjects may also contact the processor:

MGM agency s.r.o.

Kaprova 42/14

110 00 Prague 1 – Staré Město


Prague, Czech Republic, 10 April 2024