PRINCIPLES OF PERSONAL DATA PROCESSING
(hereafter referred to as the “Principles”)
1.PURPOSE OF THE PRINCIPLES
1.1 The purpose of these Principles is to satisfy the obligation to inform customers and potential customers of English in Levels services (hereafter as the “Subject”) arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter as “GDPR”).
2.1. English in Levels s.r.o., Gorkeho 2069, 530 02 Pardubice, Czech Republic, ID 01770161, represents the controller* (hereafter the “Controller”)
2.2. The Controller may be contacted by means of email at firstname.lastname@example.org
3.THE PERSON APPOINTED WITH PROTECTION OF PERSONAL DATA
3.1. The Controller appointed a person with the protection of personal data / Data Protection Officer, i.e. Zdenek Vanicek who can be contacted by means of email at email@example.com.
4.INFORMATION ON PROCESSING
4.1. The Controller is obligated to inform Subject on various facts about the processing, especially the purpose of processing, legal ground for processing and the data storage period. This obligation is to be satisfied by the Controller by means of GDPR Information board https://gdprset.com/p/qmlw3v
4.2. Software for personal data processing. The information board includes the information on what personal data is processed by the external software, the purpose of processing and what persons have access to the data.
4.3. Processors. The Controller uses the services of external companies, i.e. accounting. These external companies process personal data provided to the Controller within its activity. Information board includes the information on what personal data is processed by external companies, the purpose of processing and what persons have access to the data.
4.4. All persons involved by the company in processing of personal data satisfy requirements arising from GDPR.
4.5. All Controller’s employees are obligated to maintain confidentiality concerning all personal data processed within their work activity for the Controller.
5.PERSONAL DATA SECURITY – TECHNICAL AND ORGANIZATIONAL MEASURES
5.1. Technical and organizational measures are included in the Information board.
6.1. A subject is entitled to claim the following rights towards the Controller under the conditions and in the extent specified in Chapter III of GDPR.
6.1.1. The right of the data subject to access to personal data: You have the right to get confirmation from the Controller of whether the data concerning your person are being processed. If your personal data are being processed, you have the right to
access such data. Such access includes for example information on the purpose of processing, the category of personal data and information on the source of personal data. You also have the right to request a copy of the processed personal data.
6.1.2. The right to rectification: You have the right to require the Controller to rectify without unnecessary delay any inaccurate personal data with regard to your person that are being processed by the Controller.
6.1.3. The right to erasure: If a ground arises determined by GDPR (e.g. the personal data are not needed for the purposes of processing, or you revoke your consent), you have the right require the Controller to erase without unnecessary delay the personal data with regard to your person. The application of this right is not limitless though. The data is not going to be erased, for example, if such data are processed by virtue of a statutory obligation.
6.1.4. The right to restriction of processing: You have the right to require the Controller to restrict processing of your personal data in cases determined by GDPR. For example, such cases include a situation when you object with regard to the accuracy of the personal data. The restriction of processing lasts for as long as the Controller is verifying the accuracy of the personal data.
6.1.5. The right to data portability: In certain cases determined by GDPR (e.g. if the processing is based on your consent), you have the right to require the Controller to provide you with your personal data in a structured, commonly used and machine-readable format. Moreover, you have the right to transfer the data to another controller. You have the right as well to require the Controller to transfer the data to another controller directly if it is technically feasible.
6.1.1. The right to object: You have the right to object to processing of personal data concerning your person at any time on grounds related to your particular situation if the personal data are processed in the course of a task performed in public
interest or within the exercise of official authority or legitimate interests of the Controller or a third party, including profiling, arising from these provisions.
6.1.2. Automated individual decision-making, including profiling: You have the right not to be subject to any decisions arising solely from automated processing, including profiling, that bear a legal effect or have a similar significant impact on you.
7.TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES AND INTERNATIONAL ORGANIZATIONS
7.1. Some personal data are going to be transferred to international organizations based outside EU. Details can be found in GDPR Information board.
8.THE RIGHT TO REVOKE CONSENT AT ANY TIME
8.1. If processing of your personal data arises from your consent, you can revoke the consent at any time. Charts comprising Appendix no. 1 show what data are processed by virtue of your consent.
8.2. Giving or revoking your consent is your free choice. The Controller is in no position to force you to such conduct or penalize you anyhow with regard to it. Revoking one’s consent bears no impact to the legality of processing prior to revoking the consent (i.e.revoking the consent has no retrograde effect).
9.1. You have the right to file a complaint at any time concerning processing of your personal data with our Data Protection Officer or the person appointed with protection of personal data, using the contact details as stated in Art. 2.2 or 3.1.
9.2. Moreover, you have the right to file a complaint concerning processing of your personal data to the Controller’s supervisory authority, i.e. the Office for Personal Data Protection, Pplk. Sochora 27, 170 00, Prague 7.
10.SENDING EMAILS, BUSINESS MATERIALS, SMS, MMS
10.1. The Subject gives the Controller his or her consent to sending (i) email messages to the email address given by the Subject; (ii) text or multimedia messages (SMS/MMS) to the telephone number(s) given by the Subject; (iii) written messages and marketing materials to the address given by the Subject; with regard to any action, events or facts concerning the activities of the Controller.
10.2. The Subject gives the Controller explicit consent to using the contact information specified in Art. 9.1 also for sending business materials not directly related to the contractual relationship with the Controller but related to another Controller’s product or service or the Controller as such. The Subject has the right to revoke the consent at any time, e.g. by following a procedure specified in an already received business material.
11.TRANSMITTING PERSONAL DATA ON YOUR PART
11.1. Charts according to Art. 4.1 determine the processing in which providing personal data is obligatory.
11.2. If law requires you to provide your personal data, you are obligated to disclose the data. The same situation applies if your obligation to provide personal data arises from a contract concluded between you and the Controller. If disclosing personal data is
obligatory and no disclosure takes place on your part, consequences determined by the given legislation or contract may apply.
12.1. These Principles come into effect on the day of their publishing.
On behalf of the Controller