GENERAL DATA PROTECTION REGULATIONS
Let us inform you of the rules, regulations, and measures taken in processing personal data as performed by SHINE Consulting s.r.o. All data processing is in accordance with Act No. 101/2000 Coll. (on personal data protection), as amended, and in accordance with European Parliament and Council Regulation (EC) 2016/679, DATED April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (further as Regulation).
I. BASIC INFORMATION
Data controller: SHINE Consulting s.r.o., COMPANY REGISTRATION NUMBER 25318292, registered office at Oulehla 443, POSTCODE 66407, email: firstname.lastname@example.org, (further as „SHINE Consulting“)
Data subjects: Natural persons whose personal data are processed by SHINE
Data Protection Officer: SHINE Consulting did not appoint a Data Protection Officer
Transfer of personal data to a third country or to an international organisation: SHINE Consulting does not transfer personal data to a third country or to any international organisations.
Duration of storage of personal data: Personal data are processed and stored by SHINE Consulting for the duration of the legally binding contract and subsequently for a period of 5 years after the termination or expiry of that contract. Personal data processed in order to meet the requirement of compliance with special legislation are processed for the duration stipulated by such special legislation. In the event that the processed data may be used to protect the legitimate interest of the data controller, SHINE Consulting shall carry out processing of such data for a period necessary to protect such legitimate interest.
Automated individual decision-making: SHINE Consulting does not carry out automated individual decision-making or profiling.
Supervisory authority: The supervisory authority is Úřad pro ochranu osobních údajů (the Office for Personal Data Protection), registered office at Pplk. Sochora 27, 170 00 Praha 7, email: email@example.com, tel.: 234 665 125.
II. PERSONAL DATA SOURCES
SHINE Consulting obtains personal data directly from data subjects.
In the case of courses which natural persons attend on account of their employment (e.g. employees, statutory bodies etc.), SHINE Consulting obtains their personal data in part directly from the company/organization of which the natural person/persons are a part. In such cases the company/organization is obligated to a) meet all requisite rules and regulations in relation to the data subjects attending the event (course or training programme) in accordance with the Regulation, b) obtain their explicit consent to processing of personal data, and, where applicable, (c) act in accordance with the duties of Data Controllers as laid out in the Regulation.
III. LEGAL BASIS FOR PROCESSING, PURPOSE AND DURATION OF PROCESSING
Personal data of data subjects are processed on the following legal bases:
- performance of contract;
- necessary compliance with a legal obligation of SHINE Consulting;
- legitimate interest of SHINE Consulting;
- consent to personal data processing.
In order to perform the contract and/or to comply with a legal obligation of SHINE Consulting, the following data are processed: name, surname, or (alternatively) entity name, date of birth, identification number, address, place of business, telephone number, email address, job position and company name (of data subject’s employer), preference as regards relevant topics/areas.
In the event that SHINE Consulting intends to process personal data not defined in Art. III (i.e. not mentioned in the foregoing text), or for purposes other than those mentioned herein (e.g. email for the receipt of commercial communication such as newsletters), SHINE Consulting can only do so on the basis of a valid consent to personal data processing. Consent to personal data processing is a concrete and unambiguous expression of free will and the data subject may withdraw the previously declared consent at any time.
IV. RECIPIENTS OF PERSONAL DATA
SHINE Consulting does not transmit personal data to any other data controllers.
Personal data processors are:
- SHINE Consulting consultants running courses or performing consultancy-related work, interventions, or assistance offered by SHINE Consulting;
- IT solution providers commissioned to perform IT administration of software used by SHINE Consulting;
- Accounting personnel commissioned to perform accounting operations on behalf of SHINE Consulting.
Personal data processing as required by SHINE Consulting can only be performed by processors who are bound by a personal data processing contract and who guarantee sufficient organizational and technical security of personal data, where the purpose of processing is clearly stated and the personal data are used only for the stated purpose.
V. DATA SUBJECT RIGHTS
The data subject has:
- Right of access: The data subject has the right to receive information whether any personal data of the data subject are being processed, and if so, the data subject has the right of access to their personal data and the following information: a) processing purposes; b) the categories of personal data processed; c) the recipients or categories of recipients that were or will be provided access; d) the planned duration of storage; e) information about the existence of rights of the data subject such as rectification, erasure or restriction of processing, the right to object; f) the right to lodge a complaint with the relevant authorities; g) any available information about the origin of the data, as long as these were not collected from the data subject themselves; h) any existence of an automated decision-taking process, including profiling. The data subject further has the right to obtain a copy of the processed personal data.
- Right to rectification: Data subjects have the right to require SHINE Consulting to have their personal data rectified, or completed if incomplete, and SHINE Consulting must do so without undue delay.
- Right to erasure: Data subjects have the right to ask SHINE Consulting to erase their personal data without undue delay if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing to continue; c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in the European Union or the Czech Republic; f) the personal data have been collected in relation to the offer of information society services. The right to erasure shall not apply to the extent that processing is necessary for compliance with a legal obligation which requires processing by Union or Member State law, and for the establishment, exercise, or defence of legal claims, and in other cases as stipulated in the Regulation.
- Right to restriction of processing: The data subject shall have the right to obtain from SHINE Consulting restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling SHINE Consulting to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) SHINE Consulting no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing pending the verification whether the legitimate grounds of SHINE Consulting override those of the data subject.
- Right to object to processing: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, which SHINE Consulting processes for the purposes of protecting its legitimate interest. SHINE Consulting shall no longer process the personal data unless SHINE Consulting demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to SHINE Consulting, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the SHINE Consulting where: a) the processing is based on consent b) the processing is carried out by automated means. In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
- Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her as carried out by SHINE Consulting infringes this Regulation. The supervisory authority is Úřad pro ochranu osobních údajů (the Office for Personal Data Protection), registered office at Pplk. Sochora 27, 170 00 Praha 7, email: firstname.lastname@example.org, tel.: 234 665 125.
- Right to be notified regarding rectification or erasure of personal data, or restriction of processing: SHINE Consulting is obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. SHINE Consulting shall inform the data subject about those recipients if the data subject requests it.
- Right to be informed in the event of a personal data breach to the data subject: When the personal data breach is likely to result in a high risk to the rights and freedoms of the data subject, SHINE Consulting shall communicate the personal data breach to the data subject without undue delay.
- Right to withdraw consent with processing of personal data: If any personal data relating to the data subject are being processed by SHINE Consulting on the basis of explicit consent expressed by the data subject, the data subject shall have the right to withdraw his or her consent at any time.