PERSONAL DATA PROTECTION POLICY
ACCU Service,s.r.o, with its registered office at Archeologická 2256/1, Prague, 155 00 , corporate ID, tax ID recorded in the Commercial Register held by the Municipal Court in Prague, file no. has prepared this Personal Data Protection Policy (further on as „PDP Policy“) to describe the manner ACCU collects, processes, stores, uses and protects personal data.
ACCU follows its PDP Policy in all cases when processing any information on a specific, identifiable natural person wholly or partly by automated means other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.
Processing involves any operation with personal data, starting from their collection, recording and organisation, through their structuring, storage, alteration, use and transmission to their restriction, erasure or destruction.
In all such cases ACCU performs as the personal data controller, determining the purpose and means of personal data processing. As the controller, ACCU is responsible for compliance with all obligations and principles relating to personal data protection, including their sufficient protection.
ACCU sees personal data protection as a highly important task, and handles all processed personal data with due care and attention.
ACCU handles all personal data in compliance with data protection regulations, primarily with Regulation (EU) 2016/679 of the European Parliament and of the Council, on the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (General Data Protection Regulation – “GDPR”), and with the relevant national legislation.
- MAIN PRINCIPLES
In processing your personal data, ACCU follows these principles:
- Principle of lawfulness. ACCU processes personal data that is always compliant with data protection regulations.
- Principle of fairness and transparency. ACCU processes personal data in an open and transparent manner providing data subjects with all relevant information on the processing.
- Principle of purpose limitation. ACCU processes personal data only with a clearly defined purpose (reason of the processing).
- Principle of data minimisation. ACCU processes only the personal data which is necessary, relevant and adequate in relation to the defined specific purpose.
- Principle of accuracy. ACCU takes all reasonable measures to allow regular updates or rectify processed personal data.
- Principle of storage limitation. ACCU stores processed personal data only for the period that is necessary for the defined specific purpose and ensures it is erased anonymously after this period.
- Principle of integrity and confidentiality, incontestability and availability. ACCU secures processed personal data and protects it against unauthorised or illegal processing, loss or destruction, implementing adequate technical and organisational protective measures.
- Principle of responsibility (accountability). ACCU is obliged to be able to document compliance with all the principles listed above.
- LEGAL BASIS FOR PROCESSING PERSONAL DATA
In all cases, ACCU processes personal data on one of the relevant bases stipulated by the legislation:
- Performance of the contract. ACCU needs personal data for the conclusion of the contract and subsequent performance of the contract, or before the conclusion of the contract to take steps at the request of the data subject prior to entering into a contract.
- Compliance with the legal obligation. ACCU needs to process personal data to comply with legislative obligation(s) to which ACCU is
- Legitimate interest. ACCU needs to process personal data as necessary for the purposes of legitimate interests of ACCU or a third party. Such interests are not overridden by the interests fundamental rights and freedoms of the data subject which require protection.
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- PURPOSE OF PERSONAL DATA PROCESSING
In all cases, ACCU defines the specific purpose of personal data processing in advance, it is a reason for which ACCU as the controller uses personal data.
Typical reasons within the ACCU activities are:
- Management of ACCU personnel agenda;
- Management of ACCU contractual relationships with services providers;
- Management of ACCU contractual relationship with customers;
- Management of ACCU internal agenda as a legal entity;
- Management of educational or promotional events organized by ACCU;
- Marketing purposes;
- Monitoring user satisfaction, the website optimization and quality improvement using cookies.
- DATA SUBJECTS
ACCU processes personal data of the following categories of data subjects:
- employees, family members of employees and job seekers;
- natural persons cooperating with ACCU in other than labor-law contractual régime (services providers, clients);
- natural persons representing contracting legal entities (services providers, clients);
- members of ACCU company bodies;
- visitors to the ACCU website;
- participants in training or promotion events organized by ACCU.
- CATEGORIES OF PERSONAL DATA PROCESSED
ACCU processes personal data of the following categories:
- Identification data (e.g. name, surname, gender, language, domicile, permanent residence, date and place of birth, citizenship/nationality, number of identity card, signature).
- Contact information (e.g. correspondence address, telephone number, fax number, email address, contact information in social media).
- Information on family members (e.g. identification information about spouse and children).
- Information relating to recruitment process (e.g. CVs, cover letter, records and results from recruitment processes).
- Information relating to employment (e.g. job position, employee number, working hours, vacation, sick leave, presence, home office, information on business trips and other changes in employment, daily programme/timesheets, entrusted devices and other valuables, ICT assets, number of worked hours, completed trainings, access rights,salary/remuneration, salary compensation, average earning, bonuses/use of benefits, bank account number).
- Information relating to contractual relationships (e.g. documentation of their start, implementation and conclusion, transactions and contracts including relating information, offers/demands of business opportunities, subject matter, date, place of the transaction, reminders, information on trading, bank account numbers, authorisations/powers of attorney, transaction dates, transaction amounts).
- Network identifiers (e.g. IP address, Device Fingerprint, cookies or similar browser information technology).
- PERSONAL DATA PROTECTION
ACCU implements the necessary technical and organisational measures to ensure the security of the processed personal data.
ACCU strictly uses the access control as a measures that prevents unauthorised reading, copying, modification, removal or any other unauthorised dealing with processed personal data. It inlcudes:
- Organizational structure. ACCU ensures that access to processed personal data is granted only to selected employees.
- Physical access control. ACCU stores all data in places secured by technical means such as keys, electronically lockable, access cards, window bars.
- IT controlled access. ACCU secures personal data storing systems with passwords or two-factor verification, data is thus accessible only to authorised persons.
- Pseudonymisation. Where possible, ACCU modifies the data into a form not attributable to a individual person (e.g. using the identification numbers relating to projects implemented by ACCU).
- Transfer control. When transferring processed personal data, ACCU in all cases the secure method.
- Security breach management. ACCU implements functional process for cases if the security of processed personal data is breached, following its obligation to evaluate the situation and to communicate this fact to the relevant authority and to data subject(s), depending on the evaluation´s results.
- THE PROCESSOR AND SHARING PERSONAL DATA WITH THIRD PARTIES
The processor is an entity to which ACCU transfers personal data which further handles them in line with instructions provided by ACCU.
To ensure that all necessary conditions are met, ACCU in all cases concludes a written contract for personal data processing with the processor.
The processed personal data may be shared:
- within the European Union and European Economic Area; for a specific purpose, in only a clearly defined and necessary scope of data, based on a duly concluded contract for personal data processing, which is and shared in a secure manner;
- with third countries outside the European Union and European Economic Area; shared solely based on standard contractual clauses, i.e. template contracts issued by the European Commission and exclusively including entities based in countries that ensure adequate personal data protection according to the resolution of the European Commission.
- DATA SUBJECTS RIGHTS
ACCU respects and ensures the following rights of personal data subjects:
- Right for the provision of information on personal data processing. Starting the data processing, ACCU provides the data subject with information relating to its identification as the controller, together with contact data, the legal basis for processing, and its purpose and information on the period of personal data storage.
- Right to access personal data. ACCU provides the data subject with information on whether ACCU processes his/her personal data upon his/her request, in what scope, for what purpose, if there are recipients of processed personal data, and with other related information. ACCU provides the data subject with a copy of the processed personal data upon his/her request.
- Right to rectification. ACCU changes processed personal data upon the data subject´s notification or request.
- Right to erasure. ACCU, as the personal data controller, is obliged to liquidate processed personal data if the purpose of processing no longer exists, the data subject withdraws his/her consent with personal data processing and there is no other reason for its processing, the data subject objects to personal data processing (providing there are no legal grounds for processing your personal data) and if ACCU is required to erase processed data in accordance with the applicable legislation.
- Right to object. ACCU is obliged to erase processed personal data when they are processed pursuant to a legitimate interest and the data subject raises his/her justified objection to it.
- Right for data portability. ACCU shall transfer processed personal data to another controller, in a structured, commonly used and machine-readable format, upon the data subject´s request, when the processing is based on the consent or contract and it is concurrently automated, i.e. processing solely using technical means based on a pre-determined algorithm and without any human intervention.
- Right not to be subject to a decision based solely on automated processing in automated decision-making. ACCU declares that it does not use such decision processes.
- COMMUNICATION WITH ACCU AS THE DATA CONTROLLER
In case of any questions, comments, notifications or requests regarding the personal data procession or their protection, do not hesitate to contact ACCU: firstname.lastname@example.org
In case you do not agree with the manner ACCU processes your personal data, you can contact:
Czech Republic: Office for Personal Data Protection , Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, +420 234 665 111, www.uoou.cz