• +420 774 44 22 99
  •       

Protection of personal data

Want create site? Find Free WordPress Themes and plugins.

Internal regulation on the protection of personal data

I.

Purpose of the internal regulation

 

The purpose of this Internal Regulation is to adopt and implement appropriate technical and organizational measures to ensure the protection of personal data in accordance with Article 24 et seq. EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation on the protection of personal data).

 

II.

Interpretation of terms

 

For the purposes of this Internal Regulation:

 

  1. GDPR – EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing the General Data Protection Directive 95/46 / EC (the General Data Protection Regulation) Regulation).
  2. personal data – any information about an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, the social identity of this individual.
  3. sensitive data – information about racial or ethnic origin, political opinions, religion or philosophical beliefs or trade union membership, genetic data, biometric data and health or sexual life or sexual orientation of a natural person.
  4. Employer – (Employer’s description)
  5. .Administrator – employer if:
  • determines the purpose of the processing of personal data and the means of processing personal data
  • as an administrator, it is a special law
  1. Processor – Employer when authorized by contract, empowerment, mandate or legal regulation to process personal data for another manager

 

  1. Employee – an employee who is in an employment or similar relationship with the employer

 

  1. Responsible employee – an employee responsible for the performance of work, including the handling of personal data

 

  1. Scope of processing of personal data – means the determination of the manner of processing of personal data, the retention period, the means of processing, the identification of the categories of recipients, the reasons for the processing and other data describing the processing of personal data in Klíč. Part of the determination of the extent of processing of personal data is also to determine, on the basis of what legal basis processing is processed, personal data and, in the case of personal data obtained from the data subject, whether the collection of personal data is a legal or contractual requirement or a requirement personal data were part of the contract, as well as instructions from the data subject about the consequences of failure to provide personal data.

 

The document is used from the Privacy Policy at www.oou.cz


  1. Key – The Privacy Key is a tool for defining the purpose of processing and the scope of personal data collection available at oou.cloud

 

  1. Office – Office for Personal Data Protection

 

  1. Computer – personal computer, tablet, telephone, or other electronic device in whose memory personal data can be stored

 

III.

Scope of internal regulation

 

  1. This Internal Regulation shall apply to all employees of the employer who, in any case, deal with personal data the employer or the processor of which is the employer.

 

  1. This Internal Regulation shall always apply unless GDPR otherwise provides.

 

IV.

Transparency of processing of personal data

 

  1. The controller processes the personal data in a transparent way, so that everyone has the opportunity to get acquainted with the processing of their personal data.

 

  1. In the context of transparency, the trustee publishes on the Internet either on its website or on the www.oou.cloud website in the Database of Information on Processing of Personal Data, all information on the processing of personal data classified according to the individual processing purposes.

 

  1. This Internal Regulation shall always apply unless GDPR otherwise provides.

 

V.

Determining the purpose and scope of the processing of personal data

 

  1. The administrator shall determine the purpose and extent of processing of personal data through the Keys.

 

VI.

Meeting the responsibilities of the controller and the processor

 

  1. The responsibilities of the controller and processor shall be fulfilled by the responsible personnel, unless otherwise specified.

 

  1. In the negotiations with the Employer’s Office, the Employer’s statutory body is represented.

 

  1. The basis for all negotiations with the Office shall be prepared by the Employer’s statutory body.

 

VII.

  1. Liability of Employees The responsibilities of the trustee and the processor are fulfilled by the responsible employees, unless stated otherwise.

 

  1. In the negotiations with the Employer’s Office, the Employer’s statutory body is represented.

 

  1. The documentation for all negotiations with the Office shall be prepared by the statutory body of the employer responsible for the processing of personal data

 

  1. The employer divides the responsibility for the processing of personal data by individual employees so that the employee is entitled to acquaint himself / herself with personal data only to the extent that is necessary for the performance of the work of the employee and is responsible for the processing of such personal data.

 

 

 

  1. The employee shall be aware of the intended purpose and scope of processing of the personal data he / she will come into contact with during work.

 

  1. The Employee shall be aware of the purpose and scope of processing of personal data through relevant documents generated through the Key.

 

  1. Employees’ responsibility for the processing of personal data may not, in the processing of personal data, exceed the scope of personal data processed by the controller through the Keys.

 

 

 

VIII.

Storing personal information

 

  1. Personal data shall be retained only for such period as is necessary for the purpose of its processing. This time is determined by the Key.

 

  1. Documents and other material data carriers that contain personal data may be retained only

in lockable rooms.

  1. Documents and other material data media containing sensitive data may be retained only

in lockable cabinets located in lockable rooms.

  1. Keep personal information on a computer only:

 

  • If access to files containing personal information is password protected,

 

  • if the access to the use of a computer in which the personal data files are stored is protected by a password.

 

 

 

IX.

Employee responsibilities for the processing and security of personal data

 

  1. Employees are obliged to process personal data only by means of processing and to the extent determined by the controller.

 

  1. The Employee fulfills the responsibilities of the Administrator and the Provider through the Keys, provided that it is possible to perform the relevant obligation through the Key.

 

 

The document is used from the Privacy Policy at www.oou.cz

  1. The staff member shall not allow unauthorized persons to become acquainted with personal data. For this purpose, the employee is obliged, especially when leaving the workplace, to observe the so-called clean table rule, ie not leaving personal documents on the desk and turning off the personal computer

 

  1. The staff member shall be required to maintain confidentiality of personal data and of security measures the disclosure of which would jeopardize the security of personal data.

 

 

X.

Final Provisions

 

  1. The protection of personal data which has hitherto been carried out by the employer shall be brought into conformity with this Directive within one month of the date of entry into force of this Directive.

 

  1. This Directive shall enter into force on 1.10.2018

 

 

 

 

 

The document is used from the Privacy Policy at www.oou.cz

 

Did you find apk for android? You can find new Free Android Games and apps.