INFORMATION REGARDING THE ERSONAL DATA PROTECTION POLICY PROCESSED IN Association for Stroke and Aphasia, in connection with Art. 13 and Art. 14 of EU Regulation 2016/679
1. Personal data administrator
Association for Stroke and Aphasia "Personal Administrator ") processes personal data of individuals (" data subjects ") in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) (GDPR) and the Personal Data Protection Act.
According to the General Regulation, personal data is any information that relates to a natural person through which he or she can be directly or indirectly identified. Processing of personal data is any operation or set of operations that can be performed on personal data by automatic or other means.
2. Physical person persons whose personal data are processed by the company
In connection with our services, we processes personal data regarding the following data subjects:
- Individuals, contractors or potential contractors of the company - customers and suppliers of goods and services, respectively their employees.
3. Purposes of processing
The company processes personal data of its customers, including their employees, for the following purposes:
(a) Provision of technical and digital services under contract;
(b) Protection of the legitimate interests of the company, including:
- Ensuring the normal functioning, maintenance and security of the website and IT systems of the company;
- Communication with customers, including electronically;
- Realization and protection of the rights and legal interests of the company, including through court.
(c) Fulfillment of the legal obligations of the company and execution of orders of competent state or judicial bodies.
4. Legal grounds for processing
The company processes personal data only in the presence of any of the alternative legal bases under the General Regulation and in particular:
(a) Performance of a contract, including pre-contractual relations prior to its conclusion;
(b) Legal obligations applicable to the company;
(c) The legitimate interests of the company, insofar as they take precedence over the interests or fundamental rights and freedoms of data subjects;
(d) Freely expressed, specific, informed and unambiguous consent of the data subject. The consent already given may be withdrawn by the person at any time in the same manner in which it was given.
5. Possible consequences if personal data are not provided
In case the client does not provide the required information, including the necessary personal data, the company will not be able to conclude a contract with him, respectively will not be able to provide the requested service.
6. To whom the personal data are transferred or disclosed
The personal data of the company's clients are provided to:
- Commercial companies providing accounting services and information support of the company's IT systems, in the capacity of personal data processors;
- Other competent public authorities in fulfillment of an obligation provided by law.
7. Term of storage of personal data
The personal data of the contractors of the company are stored for a period of 5 years from the conclusion of the respective contract in accordance with the general limitation period under the Obligations and Contracts Act.
The personal data contained in accounting documents shall be stored within the terms under Art. 12 of the Accounting Act.
8. Security of personal data
The Company implements all appropriate technical and organizational measures to ensure the security of personal data, including an explicit commitment by employees to confidentiality.
9. Rights as data subjects
Any physical person whose data is processed by the company has the following rights:
- the right to access his personal data, including to receive a copy of them;
- the right to correct or supplement inaccurate or incomplete personal data;
- the right to delete personal data that are processed without legal grounds;
- right to limit the processing - in the presence of a legal dispute between the company and the person until its resolution or for the establishment, exercise or protection of legal claims;
- the right to object - at any time and on grounds related to the specific situation of the person, provided that there are no compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject or litigation.
In accordance with the Personal Data Protection Act, the above rights can be exercised by submitting a written application on the spot in the office of RONA SOFT Ltd. An application may also be submitted electronically in accordance with the Electronic Document and Electronic Signature Act. The application is made personally by the data subject or by an explicit authorization