GDPR

    Personal Data Protection

    We handle personal data in accordance with applicable legal regulations. We ensure the protection of personal data primarily in accordance with Regulation (EU) 2016/679 - the General Data Protection Regulation (GDPR). GDPR has been uniformly applicable throughout the EU since May 25, 2018.

    The following principles outline the basic guidelines we follow when collecting personal data, ensuring their confidentiality and security.

    BASIC PRINCIPLES

    Generally, we process your personal data only to the extent necessary for the given purpose. From the perspective of lawful processing, personal data can be divided into two groups – personal data that we can process without your consent, and personal data that we cannot process without your consent. We process personal data without your consent in cases where:

    • processing is necessary to fulfill our legal obligation (e.g., accounting law, social services law, etc.),
    • processing is necessary for the performance of a contract we enter into with you. This primarily concerns contracts where natural persons are the contracting party. It may also apply to contracts concluded with legal entities if they contain personal data of representing natural persons or persons authorized to implement the contract.
    • we have a legitimate interest in their processing (typically recording donations, informing about our activities, approaching for contributions/donations, selecting new employees, implementing a specific project, etc.)
    • processing is necessary to protect your vital interests or those of another person (which may occur only in exceptional cases – e.g., in case of immediate assistance after floods or similar humanitarian crises)

    In other cases, we process data based on your consent.

    We process personal data in such a way that they are adequately protected against unauthorized access, accidental loss, destruction, or damage.

    We process personal data primarily in our information systems, which must ensure adequate protection of personal data – these include Microsoft Dynamics NAV, Microsoft 365, ELO Digital Office, etc. Considering the nature, scope, and purposes of processing in specific cases, we adopt technical and organizational measures to protect your personal data against destruction, loss, or alteration and against unauthorized access or disclosure. Specific persons working with personal data are bound by confidentiality obligations.

    We retain personal data only for the necessary period and archive them for the periods required by legal regulations. After the reason for processing ceases to exist or the necessary processing period expires, we delete or anonymize the relevant personal data.

    WHAT PERSONAL DATA WE MOST FREQUENTLY PROCESS

    1) Cookies

    Cookies are a tool to ensure website functionality for a specific user. Information about cookies, what we collect and for what purposes, including instructions on how to prevent their storage, can be found here.

    2) Data of persons registering for a program, activity, etc.

    If you decide to register through one of our websites for a program, activity, etc., we process the data you provide as part of your registration. Processing in these cases always takes place for the duration of the implementation and for a period determined individually according to the nature of the specific program, activity, etc.

    RECIPIENTS AND PROCESSORS OF PERSONAL DATA

    We do not sell or otherwise transfer your data to other parties except for contractual partners who enable us to communicate with you, and except for situations where we have a legal obligation to transfer your data to another person (e.g., financial provider, auditor, or other supervisory body). In cases where personal data is processed for the purposes of a specific project that we implement together with other entities (implementation partners), it is necessary to share data with those partners as well.

    We publish a current list of processors or other recipients, and information about the processing of your data for a specific purpose always contains a link to the specific list.

    Information about processors in other cases mentioned above is provided in the information most often given at the start of processing your personal data.

    INFORMATION ABOUT YOUR BASIC RIGHTS

    As a data subject, you have the following basic rights:

    • the right to request information about what personal data we process,
    • the right to request an explanation regarding personal data processing,
    • the right to request access to this data and have it updated or corrected, or restricted, and the right to object to processing,
    • the right to obtain personal data in a structured, commonly used, and machine-readable format if processing is based on consent or a contract,
    • in the case of automated personal data processing, you have the right to data portability,
    • the right to withdraw consent (in cases where processing is based on consent) at any time, for example by sending an email or letter to the contact details below,
    • the right to request the deletion of personal data (we are obliged to comply if we do not need to process the data to fulfill a legal obligation),
    • the right to contact us in case of doubts about compliance with obligations related to personal data processing or to file a complaint with the Office for Personal Data Protection.

    When exercising your rights, we may require verification of your identity.

    CONTACT

    If you have any questions about personal data processing, please contact us at info@chpp.cz or by phone at +420 606 06 08 07.