- TAMEH Czech s.r.o. acts as an administrator and processor of personal and sensitive data.
- According to the GDPR, the data subject is the natural person to whom the personal data relates. Typically, these are EU residents whose rights are protected by the Regulation. The data subject is not a legal person. Personal data can only be in relation to a living natural person, as the GDPR excludes its application to data about deceased persons.
- Personal data is any information about an identified or identifiable data subject. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier (name, number, network identifier) or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. General personal data include name, gender, age and date of birth, personal status, but also IP address and photographic record. As the GDPR also applies to natural persons who are engaged in business, we also include so-called organisational data, such as an email address, a telephone number or various identification data issued by the state, as personal data.
- Personal data also includes special categories of personal data - This is so-called sensitive data.
- Sensitive personal data is a special category under the GDPR that includes data about a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation and criminal offences or convictions. These data may themselves harm the data subject in society, employment, school or cause discrimination. The GDPR now includes genetic and biometric data in the category of sensitive data. The processing of sensitive personal data is subject to a much stricter regime than for general data.
- Processing of personal data means any operation or set of operations which the controller or processor systematically performs on personal data, whether by automated means or by other means. Processing means, in particular, collection, recording, organisation, structuring, storage on a storage medium, disclosure, adaptation or alteration, retrieval, consultation, use, transmission, dissemination, disclosure, storage, exchange, classification or combination, blocking and destruction.
- A data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. A processor differs from a controller in that, in the course of its activities for the controller, the processor may only carry out processing operations which are delegated to it by the controller or result from the activities for which the processor has been delegated by the controller.
- Consent to the processing of personal data under the GDPR means that, where processing is based on consent, the controller must be able to demonstrate that the natural person has freely given his or her consent to the processing of his or her data and that the consent was specific, informed, unambiguous and unconditional. It is an active and voluntary expression of the data subject's will, which must not be coerced.
- According to the GDPR, a personal data controller is any entity, regardless of its legal form, which determines the purpose and means of processing personal data and carries out the collection, processing and storage of personal data for the purpose set by it. The controller is primarily responsible for the processing of personal data. The basic prerequisite is the existence of a proper legal ground for the processing of personal data, which the controller must have in order to process personal data at all. At the same time, personal data must be adequately secured. A natural person may also be a controller if he or she processes personal data in such a way that this way no longer excludes the application of the personal or domestic activity exception, or if it is not a handling of personal data that does not yet meet the definition of processing.
- The administrator is responsible
- for compliance with the processing policy,
- compliance with the obligations laid down in the Regulation,
- for data security.
- Important duties of the administrator
- Apply deliberate and standard data protection,
- appoint a data protection officer (not applicable to all controllers),
- conduct a data protection impact assessment and prior consultation
- report personal data breaches to the Data Protection Authority and notify personal data breaches to the data subject (the individuals concerned),
- keep records.
PROCESSING OF PERSONAL DATA IN TAMEH Czech s.r.o.
Personal data must be secured at all times during processing. Employees are actively involved in the security of personal data against unauthorised disclosure or misuse contrary to the stated purpose, in particular by ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services
GDPR Security Policy at TAMEH Czech s.r.o.
TAMEH CZECH is obliged to inform the Office for Personal Data Protection of security incidents within 72 hours of becoming aware of the incident, unless conditions are met for which this obligation does not apply.
The employee is obliged to report any case of a security incident, or even a suspected one, to the Authorised Person. In such a case, the employee shall in particular report a description of the nature of the security incident in question, including, where possible, the categories and approximate number of data subjects involved and the categories and approximate number of personal data records involved.
Documentation of security incidents shall be kept by the GDPR Compliance Officer.