I. THE PERSONAL DATA MANAGER AND THE PERSONAL DATA SUBJECT
The Personal Information Manager is the Environmental Partnership Foundation, registered office at Údolní 33, Brno-město, 602 00 Brno (hereinafter EPA)
Personal data means within the meaning of Section 4 a) of Act No. 101/2000 Coll., on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter referred to as the "GDPR") any information concerning the designated or determinable data subject. The data subject is deemed to be identifiable if the data subject is directly or indirectly identifiable, in particular, on the basis of a number, code or one or more elements specific to his / her physical, physiological, psychological, economic, cultural or social identity.
The data subject means within the meaning of Section 4 (d) of GDPR, the person to whom the personal data relates. That is, a citizen interested in information or a person who, in any way, contributes or contributes to the activity of the data controller.
II. PERSONAL DATA PROCESSED BY ENVIRONMENTAL PARTNERSHIP FOUNDATION ARE:
- name and surname
- phone number
- mailing address
III. LEGAL REASONS FOR THE PROCESSING OF PERSONAL DATA
The legitimate reasons for processing your personal information are:
IV. PRINCIPLES OF PERSONAL DATA PROCESSING
- Process personal data for the purpose of verifying the authenticity of the data entered in the case of a gift.
- Process personal data for the purpose of sending news, messages and offers related to the gift.
- Personal information is:
- in relation to the data subject, processed in a correct and lawful and transparent manner ("legality, fairness and transparency");
- collected for certain expressly expressed and legitimate purposes and are not further processed in a way that is incompatible with those purposes; further processing for the purpose of archiving in the public interest, for the purpose of scientific or historical research or for statistical purposes, is not considered incompatible with the original purpose ("purpose limitation") under Article 89 (1);
- proportionate, relevant and limited to the extent necessary in relation to the purpose for which they are processed ("data minimization");
- accurate and, where necessary, updated; all reasonable measures shall be taken to ensure that personal data that are inaccurate, taking into account the purposes for which they are processed, are promptly erased or corrected ("accuracy");
- stored in a form allowing the identification of data subjects for no longer than is necessary for the purposes for which they are processed; personal data may be stored for a prolonged period if they are processed exclusively for the purpose of archiving in the public interest, for scientific or historical research purposes or for statistical purposes under Article 89 (1), provided that the relevant technical and organizational measures required by this Regulation in order to guarantee the rights and freedoms of the data subject ("limitation of the deposit");
- processed in a manner that ensures the proper security of personal data, including their protection by appropriate technical or organizational measures against unauthorized or unlawful processing, and against accidental loss, destruction or damage ("integrity and confidentiality");
2. The manager is responsible for complying with paragraph 1 and must be able to demonstrate compliance ("responsibility").
V. METHOD OF PROCESSING AND PERSONAL DATA PROTECTION
Processing of personal data is done by the administrator. The processing is carried out at the headquarters of the administrator by individual authorized employees of the administrator, processor. The processing takes place via computer technology, and manually to personal data in paper form, with all the security policies for managing and processing your personal information. For this purpose, the administrator has adopted technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, alteration, destruction or loss, unauthorized transmission, unauthorized processing, and other misuse of personal data.
VI. TIME OF PROCESSING PERSONAL DATA
We process your personal data for a period of time strictly necessary for the purpose of processing, typically during the performance of the contractual relationship or over the time required by the applicable law.
VII. RIGHTS OF THE DATA SUBJECT
The data subject has the following rights:
1. RIGHT TO REFER TO THE AGREEMENT (ARTICLE 7)
The data subject has the right to revoke his / her consent to the processing of personal data at any time. Revocation of consent is without prejudice to the lawfulness of processing based on consent given prior to his / her removal. Revocation of consent can be made via the email address firstname.lastname@example.org
2. RIGHT TO REQUEST ACCESS TO ITS PERSONAL DATA (ARTICLE 15)
The data subject has the right to obtain from the administrator a confirmation that the personal data concerning him / her are processed or not and, if so, has the right to access this personal data and the following information:
- the category of personal data concerned;
- the recipients or categories of recipients whose personal data has been or will be made available, in particular to recipients in third countries or to international organizations;
- the planned time for which personal data will be stored or, if it is not possible, the criteria used to determine that time;
- the existence of the right to require the controller to correct or erase personal data relating to the data subject or to restrict the processing thereof or to object to such processing;
- the right to lodge a complaint with the Supervisory Authority;
- all available information about the source of personal data, unless it is obtained from the data subject;
- the fact that automated decision making is taking place, including profiling, and at least in these cases, meaningful information regarding the procedure used, as well as the significance and the expected consequences of such processing for the data subject.
Where personal data are transferred to a third country or an international organization, the data subject has the right to be informed of the appropriate safeguards that apply to the transfer. The administrator will provide a copy of the processed personal data. For additional copies at the request of the data subject, the administrator may charge a reasonable fee based on administrative costs. Where the data subject submits the application in electronic form, the information in the electronic form normally used shall be provided unless the data subject requests otherwise. The right to obtain a copy must not adversely affect the rights and freedoms of others.
3. RIGHT TO CORRECT (ARTICLE 16)
The data subject has the right to correct the inaccurate personal data relating to him without undue delay. Taking into account the purposes of the processing, the data subject has the right to supplement incomplete personal data, including by providing an additional statement.
4. RIGHT OF EXEMPTION (RIGHT TO BE LIGHTED) (ARTICLE 17)
The data subject has the right to delete the personal data relating to the data subject without undue delay and the controller has the obligation to delete the personal data without undue delay if one of the following reasons is given:
- personal data are no longer needed for the purposes for which they were collected or otherwise processed;
- the data subject revokes the consent on the basis of which the personal data were processed and there is no further legal reason for processing;
- the data subject objects to processing in the public interest, the exercise of public authority or the legitimate interests of the trustee or third party, and there are no overriding legitimate reasons for processing, or the data subject opposes processing for direct marketing purposes under the legal interest of a legitimate interest;
- personal data was processed unlawfully;
- personal data must be deleted in order to comply with a legal obligation laid down in Union or Member State law applicable to the trustee;
- personal data were gathered in connection with the provision of information society services to a child younger than 16 (16 years)
Where the controller has disclosed and is required to delete personal data, he shall take reasonable steps, including technical measures, with regard to available technology and execution costs, to inform the controller who processes such personal data that the data subject is requested to delete all references to their personal data, copies thereof, or replication. The right of cancellation can not be invoked if processing is necessary:
- for the exercise of the right to freedom of expression and information;
- for the fulfillment of a legal obligation which requires processing under Union or Member State law applicable to the trustee or for the performance of a task carried out in the public interest or in the exercise of public authority by which the trustee is entrusted;
- on grounds of public interest in the field of public health
- for purposes of archiving in the public interest, for scientific or historical research purposes or for statistical purposes, where it is likely that the right of cancellation would be rendered impossible or seriously jeopardized in order to achieve the objectives of that processing;
- for the determination, exercise or defense of legal claims.
5. LAW ON LIMITATION OF PROCESSING (ARTICLE 18) (LAW ON BLOCKING ACCORDING TO GDPR)
The data subject has the right to limit the processing to the controller, in any of the following cases:
- the data subject disclaims the accuracy of the personal data for the time necessary for the controller to verify the accuracy of the personal data;
- processing is unlawful and the data subject refuses to erase personal data and instead requests restrictions on their use;
- the controller no longer needs personal data for processing but the data subject is required to identify, exercise or defend legal claims;
- the object of the data has raised objections to processing in the public interest, the exercise of public authority or the legitimate interests of the trustee or third party in the public interest, the exercise of public authority or the legitimate interests of the trustee or third party until it has been verified that the legitimate reasons of the trustee outweigh the legitimate reasons of the data subject.
Where processing has been restricted, such personal data may be processed only with the consent of the data subject or for the purpose of determining, enforcing or defending legal rights, for the protection of the rights of another natural or legal person or for reasons of major public interest to the European The Union or a Member State. The data subject who has reached the processing limitation is notified in advance by the administrator that the processing restriction will be revoked.
6. LAW ON TRANSMISSION OF DATA (ARTICLE 20)
The data subject has the right to obtain the personal data concerning him / her which he has provided to the controller in a structured, commonly used and machine-readable format, and the right to pass this data to another manager without the administrator who provided the personal data in case that:
- processing is based on consent to the processing of personal data or is necessary for the performance of the contract to which the data subject is party or for the implementation of measures taken prior to the conclusion of the contract at the request of the data subject
- processing is done automatically.
In exercising its right to data portability, the data subject has the right to have personal data transmitted directly by one administrator to the other's administrator if this is technically feasible. The exercise of the law referred to in this Article shall be without prejudice to the right of cancellation. This right shall not apply to the processing necessary to carry out the task carried out in the public interest or in the exercise of the public authority entrusted to it by the trustee. The right to portability must not adversely affect the rights and freedoms of others.
7. LAW TO APPEAL AGAINST ADMINISTERS COMPLAINTS WITH THE SUPERVISORY AUTHORITY (ARTICLE 77)
Without prejudice to any other means of administrative or judicial protection, each data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his habitual residence, place of employment or the place where the alleged violation occurred, if the processing of his or her personal data violates this Regulation. The supervisor to which the complaint was lodged shall inform the complainant of the progress made in resolving the complaint and of its outcome, as well as of the possibility of judicial protection. The Office of the Czech Republic is the Office for Personal Data Protection.