This Policy is effective from 25 May 2018 and issued in accordance with Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data ("the Regulation" or "the GDPR").
1 PERSONAL DATA CONTROLLER
Company: IQRF Alliance z.s.
Address: Průmyslová 1275, 506 01 Jičín
Company ID: 06656188
VAT: CZ06656188
WWW: www.iqrfalliance.org
E-mail: info@iqrfalliance.org
2 PRIVACY STATEMENT
IQRF Alliance z.s. is committed to respecting and protecting your privacy.
Furthermore, it undertakes to protect your personal data and to act in accordance with the Act No. 101/2000 Coll. On the Protection of Personal Data and from 25 May 2018 in accordance with the General Data Protection Regulation (GDPR) - Regulation of the European Parliament and of the Council EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation on the protection of personal data).
3 SECURITY OF PERSONAL DATA
Personal data are stored on secured computers (owned or leased by a controller) to which only authorized administrative personnel has access. Data are protected against unauthorized access, use, or disclosure. They are used only for the purpose for which they were provided.
4 WHAT DATA ARE PROCESSED AND HOW LONG
For the purpose of accessing the Member Zone, personal data collected on the website of the controller are: name, surname, e-mail, phone number (optional), company/institution. Personal data are stored during the business relationship between IQRF Alliance z.s. and the data subject.
The invoices issued by the controller complying with Section 35 of Act No. 235/2004 Coll. must be stored in the unchanged form for 10 years from the end of the tax period after the date of their issuing. Providing billing information (company name – optional, contact person – name and surname, delivery address, e-mail, telephone) is a prerequisite for issuing the invoice and providing the service.
For the purpose of sending simple marketing messages through Newsletters, only emails are used. This is used since giving the consent to be included in the list of addresses of data subjects until the consent is canceled.
Personal data collected through Google Analytics cookies are settings, security, processes, advertising, session status, analytics.
5 WHY DO WE PROCESS DATA AND HOW DID WE GET IT
Information related to a Member Zone is used for an access to the secured part of the website of the controller - the Member Zone, it is also visible to other logged-in members. This information is used to develop mutual business relationships among members of the IQRF Alliance. The Controller obtains your voluntary consent to include the provided data into his database and to further process them when your company is registered as a member of the IQRF Alliance z.s. and your person was entered as the contact person of your company. If you are not a contact person of the member of the IQRF Alliance z.s. and you have been added to the Member Zone by your contact person, you must agree to be included here, otherwise other members of the IQRF Alliance will not see your data when they log in to the Member Zone. The data will only be available to the contact person of your company who entered your information into the system, and to the system administrator. If the data subject asks to be deleted from our records, the data will be removed (data stored in the electronic database and any physical printouts) unless there are legitimate reasons for next processing them.
It is necessary to provide the basic information required for order creation and invoicing, otherwise, it would not be possible to provide this service.
In the case of Newsletters, personal information is used to send irregular informative newsletters. This is a simple marketing message usually sent once a month. For the purpose of sending newsletters, IQRF Alliance gains z.s. your optional and revocable consent through the web form www.iqrfalliance.org/newsletter-subscribe/, which is used to register the user to receive the Newsletter, or by expressing your interest in receiving the Newsletter handed over to the IQRF Alliance z.s. on conferences, seminars, webinars, trade fairs, etc. This consent is used for registration of the e-mail address and it is archived. If a data subject requests to be unsubscribed from the list of addresses to whom the Newsletter is sent by a link in a Newsletter or by e-mail, the data subject will be removed and he will no longer receive Newsletters.
Personal data collected through Google Analytics cookies are used to store secure search settings, select relevant ads, track the number of visitors on the page, facilitate the registration of new services, protect user data, or save ad settings. Personal data is not processed unless the data subject allows it to be used on the website.
6 ACCESS TO PERSONAL DATA
You may review and update your personal data used to access the Member Zone at any time in your Member Zone profile, or you can ask the help of a system administrator by sending a request to a controller's e-mail. The personal data you provide here is also accessible to other members of the IQRF Alliance z.s. who have access to the Member Zone.
The personal data entered on the invoices can be accessed only by the authorized administrative staff or by the state control authorities under the laws of the Czech Republic.
The email addresses of people who subscribe to IQRF Alliance z.s. Newsletters are stored in the MailChimp environment. Only authorized employees of the controller who prepare and send Newsletters can access this data. The terms of processing of personal data in MailChimp are available at https://mailchimp.com/legal/privacy/.
Data from Google Analytics files are anonymized for statistics purposes, and the user cannot be identified from the collected data by the controller. A detailed description of the processing of your personal data with the Google Analytics cookie is available on the website: https://policies.google.com/technologies/types?hl=cs.
7 INFORMATION ABOUT THE RIGHTS OF DATA SUBJECTS
According to the Regulation, the Data subject will have the following rights from 25 May 2018 if it is an identifiable person for IQRF Alliance and prove its identity to IQRF Alliance.
7.1 RIGHT TO ACCESS TO PERSONAL DATA
Under Article 15 of the Regulation, the Data subject will have the right of access to personal data, which includes the
right to obtain from the controller:
- confirmation of processing personal data,
- information about the processing purposes, the categories of personal data, the recipients whose personal data were or will be made available, the scheduled processing time, the existence of the right to require the controller to correct or erase personal data relating to the data subject or to restrict their processing or to object to such processing, the right to send a complaint to the Surveillance Authority, any available information about the source of personal data, if it is not obtained from the data subject, the information if automated decision is made, including profiling, appropriate warranties for data transfers outside the EU,
- if it does not adversely affect the rights and freedoms of other persons.
The right to a confirmation of the processing of personal data and information is possible to apply in writing to the controller's address or electronically to the controller's e-mail.
7.2 RIGHT TO CORRECT INACCURATE DATA
According to Article 16 of the Regulation, the data subject will have the right to correct inaccurate personal data that will be processed by the controller. The Customer of the controller is also required to report changes to his or her personal data and to inform that such a change has occurred. It is required to cooperate with us to correct the personal data which are not accurate. We will do the correction without unnecessary delay, always with respect to the technical possibilities. Request for correction of personal data can be delivered in writing to the controller's address or electronically to the controller's e-mail, subject to the proving of the eligibility of the application.
7.3 RIGHT TO BE DELETED
According to Article 17 of the Regulation, the data subject will have the right to get personal data concerning him/her deleted if the controller does not prove legitimate reasons for processing such personal data. The controller has mechanisms in place to ensure automatic anonymization or deletion of personal data if it is no longer needed for the purpose for which it was processed. If the data subject thinks that his or her personal data has not been erased, he or she may contact us in writing at the controller's address or electronically to the controller's e-mail.
7.4 RIGHT TO LIMIT THE PROCESSING
According to Article 18 of the Regulation, the data subject will have the right to limit the processing if he or she denies the accuracy of the personal data, the reasons for its processing or, if he or she opposes the processing, by writing to the controller's address or electronically to the controller's e-mail.
7.5 RIGHT TO BE NOTIFIED ABOUT CORRECTION, DELETION, OR LIMITATION OF PROCESSING
According to Article 19 of the Regulation, the data subject will have the right to be notified by the controller in the event of a correction, deletion or limitation of the processing of personal data. If personal data are corrected or deleted, we will notify individual recipients, unless this proves impossible or requires unreasonable effort. The application may be sent in writing to the controller's address or electronically to the controller's e-mail.
7.6 RIGHT TO THE PORTABILITY OF PERSONAL DATA
According to Article 20 of the Regulation, the data subject will have the right to the portability of the data relating to him provided to the controller in a structured, commonly used and machine-readable format, and the right to request the controller to give the data to another controller. If technically feasible, data may also be passed on to the controller you specify, if a person acting under the appropriate controller is properly identified and can be authorized.
In case if this right could adversely affect the rights and freedoms of third parties, your request can not be accepted.
The request may be delivered in writing to the controller's address or electronically to the controller's e-mail.
7.7 RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA
According to Article 21 of the Regulation, the data subject will have the right to object to the processing of his personal data, if they are processed only according to the legitimate interest of the controller.
If the controller does not prove that there is a serious legitimate reason for processing that prevails over the interests or rights and freedoms of the data subject, the controller will terminate the processing without undue delay. The complaint may be sent in writing to the controller's address or electronically to the controller's e-mail.
7.8 RIGHT TO CANCEL THE AGREEMENT WITH THE PROCESSING OF PERSONAL DATA
The agreement with the processing of personal data for marketing and business purposes effective from May 25, 2018, may be canceled at any time after that date. An appeal must be made by express and comprehensible manifestation of will, either in writing to controller's address or electronically to the controller's e-mail.
Processing of cookie data can be avoided by setting up a web browser.
7.9 AUTOMATED DECISION MAKING INCLUDING PROFILING
The data subject has the right not to be the subject of any decision based solely on automated processing, including profiling, which would have legal effects for him or he would be significantly affected by it. Controller states that he does not perform automated decision-making without the human judgment with legal effects on data subjects.
7.10 RIGHT TO CONTACT THE OFFICE FOR PERSONAL DATA PROTECTION
The data subject has the right to contact the Office for Personal Data Protection (www.uoou.cz).
Effective: from May 25, 2018
