We handle personal data in accordance with applicable legislation. We ensure the protection of personal data mainly in accordance with Regulation (EU) 2016/679 - the General Data Protection Regulation (GDPR). GDPR has been valid uniformly throughout the EU since 25 May 2018.
The following principles summarize the basic principles that we follow when collecting personal data, ensuring their confidentiality and security.
Basic principles
In general, we always process your personal data only to the extent that is necessary for the given purpose.
Personal datas can be legally divided into two groups - personal data that we can process without your consent and personal data that we cannot process without your consent.
We process personal data without your consent in cases where:
- processing is necessary to fulfill our legal obligation (e.g. the Accounting Act),
- processing is necessary to fulfill the contract we enter into with you. This applies in particular to contracts in which contracting parties are individuals. Furthermore, this may also apply to contracts concluded with legal entities when they contain personal data of representing individuals or persons authorized to perform the contract,
- we have a legitimate interest in their processing (typically registration of gifts, informing about our activities, addressing the purpose of providing a contribution / gift, implementation of a certain project, etc.).
In other cases, we process data on the basis of your consent.
We process personal data in such a way that they are properly secured against unauthorized access to data, accidental loss, destruction or damage.
Specific individuals working with personal data are bound by a duty of confidentiality.
We only store personal data for as long as it is necessary and we archive it for the time required by law. After the loss of the reason for processing or the expiration of the necessary processing time, we delete or anonymize the relevant personal data.
What personal data do we process most often?
1) Cookies – Cookies are a tool to ensure the functionality of the website for a specific user. You can find here information about cookies, what we collect and for what purposes, including instructions on how you can prevent their storage.
2) Data of persons registering for a program, activity, etc. – In case you decide to register for any of our programs, activities, etc., we process your data, which you provide to us as part of the application, registration or when purchasing a ticket. Processing in these cases always takes place during the implementation period and further for a period determined individually according to the nature of the specific program, activity, etc.
3) Donor data – If you decide to make a donation (one-time or recurring) or similar contribution through our website, we process your data, which you provide to us as part of this. Also, if you show interest in our activities and provide us with your data in this connection, we will process them for the purpose of communication with you. In these cases, the data processing time is limited to 3 years from the last contact with you (unless stated otherwise in a specific case).
4) Information about the persons subscribing to the information materials – When you decide to subscribe to the newsletter or other information material, we require your consent to the processing of the provided contact information (usually e-mail). In these cases, the processing time is limited to the time of publishing the given information material.
Recipients and processors of personal data
We do not sell or otherwise pass on your data to other parties, except for contractual partners who allow us to communicate with you, and except in situations where we have a legal obligation to pass on your data to another person (e.g. auditor or other control body). In cases where personal data are processed for the purposes of a certain project, which we implement together with other entities (implementation partners), it is necessary to share the data with those partners.
The following processors may also have access to your personal data:
- Facebook - FB pixel
- Google - Google Analytics, AdWords
- Mailchimp, which we use for sending news by e-mail (name, surname and e-mail address)
- PayPal payment gateway
- web programmer
- accountant
Your fundamental rights
As a data subject, you have the following basic rights:
- the right to request information on what personal data we process,
- the right to request clarification from us regarding the processing of personal data,
- the right to request access to this data from us and to have it updated or corrected, or to reduce it,
- the right to object to the processing,
- the right to obtain personal data in a structured, commonly used and machine-readable format if the processing is based on consent or a contract,
- in the case of automated processing of personal data, you have the right to data portability,
- the right to withdraw consent (in cases where processing is based on consent) at any time, for example by sending an email or letter to the contact details below,
- the right to request the deletion of personal data from us (we are obliged to comply with you if we do not have to process the data to fulfill the legal obligation),
- the right to contact us in case of doubts about compliance with the obligations related to the processing of personal data or to complain at the Office for Personal Data Protection.
If you exercise your rights, we may require you to verify your identity.
Personal Data Administrator
Siddhártha Centrum z. s., with its registered office at Potoční 95, 471 52 Sloup v Čechách, IČ: 09074562.
Contact details: tel.:+420 777178129, e-mail: info@siddhartha.cz