Information to process personal data
The Ostrava International School, s.r.o., Gregorova 3/2582, 702 00, Ostrava , IČO 02815303, as a personal data manager
Regulation (EU) 2016/679 of the European Parliament and of the EU Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation on the protection of personal data; "GDPR") which is effective from 25 May 2018 and which is directly effective even within the legal order of the Czech Republic, lays down rules on the protection of natural persons with regard to the processing of personal data and the rules on the free movement of personal data. This Regulation protects the fundamental rights and freedoms of natural persons, and in particular their right to the protection of personal data.
Personal information - A personal data means any information relating to a designated or identifiable data subject; the data subject is deemed to be determined or determinable if the data subject can be identified directly or indirectly;
Sensitive personal information ( personal information, special category) -personal identifiable information of a special nature, such as health information or biometric identifiers;
Data subject - Data subject is a natural living person to whom personal data relate
Administrator - Administrator is any entity (natural or legal person, public authority, agency, or other entity) that determines the purpose and means of the processing of personal data, processes and is responsible for it;
Processor - processor is any entity (natural or legal person, public authority, agency or other entity) who, under a special law or mandate by the administrator, processes personal data under this Act;
Data recipient - the recipient of the data is any entity (natural or legal person, public authority, agency or other body) to whom personal data is made available or provided with;Processing of personal data - Processing of personal data is any operation or set of operations that the administrator or processor manages systematically with personal data by automated or other means; processing of personal data means, in particular, the collection, storage on information media, making it available, modifying or altering, searching, using, transmitting, spreading, publishing, storing, exchanging, sorting or combining, blocking and liquidating;
Data Protection Officer - Personal Data Protection Officer monitors the compliance of personal data processing with the obligations arising from regulations within the organization, performs internal audits, staff training, and overall internal data protection agenda management. Delegates may also turn the data subjects into all matters relating to the processing of their personal data and the exercise of their rights.
The Data Subject has the rights listed below. Right of access to personal data - A data subject is entitled to request information about the processing of his or her personal data, the purpose of processing personal data, the categories of personal data concerned, recipients or categories of recipients of personal data, about the planned time for which personal data will be stored, available information about the source of personal data unless it is obtained directly from the data subject. Similarly, each data subject has a right to a copy of the processed personal data, in such case the administrator may charge a reasonable fee to the data subject. The data subject also has the right to be informed whether his personal data are used for automated decision making, including profiling, and in this context the data subject has the right to information on the procedure used, the significance and the foreseeable consequences for the data subject in such a process.
Right to rectification - The data subject has the right to request the administrator to correct inaccurate or erroneous personal data relating to him / her without undue delay. Similarly, the data subject may require the addition of incomplete personal data.
Right of Deletion ("the right to be forgotten") - A data subject has the right to require the administrator to delete his or her personal data without undue delay if one of the following cases occurs: (i) personal data are no longer needed for the purposes for which they were collected or processed, (ii) the data subject withdraws consent to the processing of personal data, and at the same time there is no longer any other legal reason for the administrator to continue processing the data, (iii) personal data was processed unlawfully (iv) the data subject objects to the processing of personal data based on the legitimate interests of the administrator or the performance of a task in the public interest or in the exercise of public authority and, at the same time, there are no legitimate reasons for the administrator to process them; (v) personal data must be erased in order to comply with a legal obligation laid down in European Union or Member State law,(vi) personal data was gathered in connection with the provision of information society services directly to the child upon his / her consent. In the case of the right of deletion, the data subject is entitled to request the deletion of all occurrences and references to his personal data in all copies thereof.The right to limit processing - The data subject has the right for the administrator to restrict the processing of personal data in the following cases:(i) the data subject disclaims the accuracy of the personal data; (ii) the processing of the personal data is illegal, (iii) the administrator no longer needs personal data for processing, but the data subject is required to identify, enforce or defend the legal claims; (iv) the data subject has raised an objection to the processing of personal data and needs the time necessary to verify that the legitimate reasons for the administrator outweigh the legitimate reasons of the data subject.
Right to data portability - A data subject has the right to obtain his or her personal data provided to the administrator in a structured, commonly used and machine-readable format. At the same time, he/ she may require that such data to be transmitted directly to another administrator if this is technically feasible. The right to data portability is applicable only in the following cases: (i) the processing of personal data is based on the consent of the data subject or the contract, (ii) the processing is done automatically.
Right of objection - A data subject may, relating to his or her particular situation, object to the processing of personal data based on the legitimate interests of the administrator or on performance of a public interest or public authority task, including profiling based on these legal grounds for processing. The administrator does not process personal data unless he / she establishes serious legitimate reasons for processing that would outweigh the interests or rights and freedoms of the data subject or for the determination, exercise or defense of legal claims.
Right to lodge a complaint with the supervisory authority - the data subject has the right to file a complaint with a supervisory authority, in particular in the Member State of his habitual residence, the place of employment or the place where the alleged violation was committed, if he / she is of the opinion that the processing of his or her personal data has been violated under the GDPR Regulation.
V. The data subject may exercise his / her rights referred to in Article IV of this document:● verbally - personally at the headquarters of the data administrator,● by phone on +420 723 332 653● in a written form - by personal delivery to the headquarters of the data administrator or by post to the address of the headquarters of the data administrator - The Ostrava International School, s.r.o., Gregorova 3/2582, 702 00, Ostrava● in the form of an electronic communication via e-mail - info@tois.world,● through electronic communication by means of a data box - 3qedj5b
VI. Applications will be processed within one month after receiving them from the data subject. In exceptional circumstances, the time limit may be extended by two months, in particular because of the complexity and difficulty of the case, which the data subject must be informed of by the trustee, including the reasons for the extension.The procedure for processing a data subject's application submitted under the rights referred to in Article IV of this document: 1. Acceptance of the application 2. Identification of the applicant 3. Evaluation of the application 4. Decision on the application 5. Execution of the decision 6. Informing the applicant.
VII. Contact details of the Data Protection Officer: Ing. Jiří Knopp tel.: +420 776 089 339 email: gdpr@jkgrant.cz