Personal Data Protection Policy
We treat personal data in compliance with the legislation in force. In particular, we assure the protection of personal data in accordance with Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR). GDPR is uniformly applicable in the whole EU since 25 May 2018.
The principles stated below provide a summary of the basic rules that we follow when gathering personal data and ensuring that it is kept confidential and secure.
Since we work on a number of programmes and projects that have separate webpages (within which specific cases of personal data processing may occur), this text provides a basic framework. You will always find specific information on processing (in particular a list of data processed, specific purposes and durations of processing) on the site where we are requesting some personal data from you.
Basic principles
In general, we always process your personal data only to the extent necessary for the given purpose. From the point of view of the lawfulness of processing, personal data may be divided into two groups – personal data we are allowed to process without your consent, and personal data that we may not process without your consent.
We process personal data without your consent in cases when:
-
the data is necessary for us to fulfil a legal obligation (e.g. the Accounting Act, Act on Social Services),
-
processing is necessary for the fulfillment of the contract we conclude with you. This applies in particular to contracts to which natural persons are parties. Furthermore, this may also apply to contracts concluded with legal entities, if they contain personal data of representing natural persons or persons authorized to perform the contract.
-
we have a legitimate interest in the data processing (typically record-keeping of donations, informing about our activities, approaching people to ask for a contribution/donation, selection of new employees, realization of a project etc.)
-
processing is necessary to protect the vital interests of you or another person (which can only occur in exceptional cases – e.g. in the case of immediate assistance in humanitarian crises)
In other cases, we process data based on your consent.
We process personal data in such a way that it is appropriately secured against unauthorized access, accidental loss, destruction, or damage.
We process personal data primarily in our information systems, which must ensure proper protection of personal data - especially Microsoft Dynamics NAV, Microsoft 365, ELO Digital Office, etc. With regard to the nature, scope and purposes of processing in specific cases, we take such technical and organizational measures to protect your personal data from destruction, loss or alteration, as well as from unauthorized access or provision. Specific persons working with personal data are bound by a duty of confidentiality.
We store personal data only for the necessary period of time and we archive the data according to the legal time limits provided for in the legislation. Once the reason for processing no longer exists or once the period of the necessary processing expires, we delete or anonymize the respective personal data.
What kind of personal data we process most frequently
1) Cookies – Cookies are a tool enabling web functionality for a specific user. You can find information on cookies, which ones we collect and for what purposes, including instructions how to prevent them to be stored, here.2) Data on donors – If you decide to make a donation (one-off or recurring) or similar contribution through one of our websites, we process the data you provide to us in this context. Also, if you express an interest in our activities and provide us with your data in this context, we will process it for the purpose of communicating with you. If you provide us with further data in the context of a follow-up communication, it will be processed under the same conditions. The processing period is limited to 3 years from the last contact with you (unless otherwise stated in a specific case). Further information on the processing of data during telephone calls can be found here.
3) Data on persons who sign up for a programme, activity etc. – If you decide to sign up for a programme, activity etc. through one of the webpages we operate, we process your data you provide to us as part of the sign-up. The processing in these cases is always carried out for the duration of the implementation and for a period determined individually according to the nature of the specific programme, activity, etc.
4) Newsletters – If you decide to subscribe to a newsletter or another information material through one of the webpages we operate, we require your consent to the processing of the contact details provided (usually e-mail). In these cases, the processing time is limited to the period of publication of the information material in question.
5) Data on aid recipients - In cases where we provide humanitarian aid to certain persons in the Czech Republic or abroad (in order to save lives, alleviate hardship and help victims of disasters or crises get back on their feet) or development aid (to help people in their efforts to break out of poverty and further develop) it is usually necessary in the interest of aid effectiveness, but also its reporting to donors to collect the personal data of aid recipients. The processing time is usually limited by the project implementation time and further by the time set by the donor or based on the nature of the specific project.
6) Data on persons to whom we provide social or other services - In these cases, the processing of personal data is necessary for the provision of services (fulfillment of the contract), usually on the basis of law and our legitimate interest in the need to prove services to donors. The processing time is usually limited by the project implementation time and further by the time set by the donor or based on the nature of the specific project
The recipients and processors of personal data
We do not sell your data, nor do we hand it over to other parties in another way, except for our contractual partners who enable us to communicate with you, and except for situations when we have a legal obligation to hand your data over to another person (e.g. provider of funds, auditor or other control body). In cases where personal data are processed for the purposes of a particular project, which we implement together with other entities (implementation partners), it is necessary to share the data with those partners.
Information on processors in the other cases mentioned above are given in the information provided most often at the beginning of the processing of your personal data.
Information on your fundamental rights
As a data subject, you have the following fundamental rights:
-
right to request information on which personal data of yours we are processing,
-
right to request explanation from us regarding the processing of personal data,
-
right to request access to such data from us, right to have the data updated, corrected or restricted, as the case may be, and right to object to processing,
-
the right to obtain personal data in a structured, commonly used and machine-readable format if the processing is based on consent or a contract,
-
in the case of automated processing of personal data, you have a right to data portability,
-
right to withdraw the consent anytime (where the processing is based on consent), for example by sending an e-mail or letter to the contact details below,
-
right to request the deletion of personal data from us (we are obliged to comply, unless we are required to process the data in order to fulfil a legal obligation),
-
right to address us or to complain to the Office for Personal Data Protection in case of doubt regarding the compliance with the obligations related to the processing of personal data.
Details about the Personal Data Controller
Člověk v tísni, o.p.s. (People in Need), whose seat is at Šafaříkova 24, 120 00 Prague 2, ID No. 25755277, registered in the Foundations Register managed by the Municipal Court in Prague, Section O, File 119
Contact details: personal.data@clovekvtisni.cz, contact details of the Data Protection Officer: dpo@clovekvtisni.cz