Information clause for the processing of personal data
Information clause for the processing of personal data
In connection with the implementation of the requirements of Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and the free movement of such data, and repealing Directive 95/46 / EC – the general regulation on data protection (hereinafter: "GDPR"), we would like to inform you about the principles of personal data processing and your rights in connection with the processing of personal data by the ANOTHER PERSPECTIVE. The following rules apply from May 25, 2018.
1. The Controller of your data is UCL Studnet Union (UCL Lebanese Society) and the ANOTHER PERSPECTIVE FOUNDATION ul. JEMIOŁOWA 44, WIERZCHOWISKO 42-233, MYKANÓW, registered in the national court register under no KRS: 0000996535 (Controller).
2. The Controller has appointed a Data Protection Officer, who can be contacted at the following e-mail address: a.perspective.foundation@gmail.com
3. The Controller processes your data based on applicable law, the legitimate interest of the Controller, and based on your consent.
4. Your data is processed for the purpose/purposes:
a. the data subject has consented to the processing of his data for one or more specific purposes, based on the provisions of art. 6 sec. 1 lit. a GDPR,
b. processing is necessary for the performance of a contract to which the data subject is party, or to take action at the request of the data subject before entering into a contract, based on the provisions of art. 6 sec. 1 lit. b GDPR
c. processing is necessary to fulfill the legal obligation incumbent on the Controller, based on the provisions of art. 6 sec. 1 lit. c GDPR,
d. necessary to protect the vital interests of the data subject or another natural person, under the provisions of art. 6 sec. 1 lit. d GDPR
e. implementation of a legitimate interest consisting in the possible determination or pursuit of claims or defense against claims (the legal basis for processing is Article 6 (1) (f) of the GDPR)
5. In connection with the processing of data for the purpose/purposes referred to in point 4 recipients of your data may be:
a. public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for the purposes that result from the provisions of generally applicable law;
b. other authorised bodies and entities,
6. Your data will be kept for the period necessary to achieve the goals set out in point. 4, and after that time to the extent and for the period necessary or required by the provisions of generally applicable law or resulting from the legitimate interests of the Controller.
7. In connection with the processing of personal data by the Controller, you have the following rights:
a. right to access personal data, including the right to obtain a copy of this data;
b. the right to request rectification (correction) of personal data - if the data is incorrect or incomplete;
c. the right to request the deletion of personal data (the so-called right to be forgotten), if:
• the data are no longer necessary for the purposes for which they were processed,
• the data subject has objected to the processing of personal data,
• the data subject has withdrawn consent to the processing of personal data, which is the basis for data processing and there is no other legal basis for data processing,
• personal data is processed unlawfully,
• personal data must be removed to fulfill the obligation arising from the provisions of the law.
d. right to request the restriction of personal data processing - if:
• the data subject questions the accuracy of the personal data,
• data processing is unlawful, and the data subject opposes the deletion of data, requesting their restriction instead,
• The controller no longer needs the data for his purposes, but the data subject needs them to establish, defend or pursue claims,
• the data subject has objected to the processing of the data until it has been established whether the legitimate grounds of the controller override the grounds of objection.
e. right to transfer data - if the following conditions are jointly met:
• data processing takes place based on an agreement concluded with the data subject or based on the consent expressed by that person,
• the processing is carried out by automated means.
f. right to object to the processing of data - if the following conditions are jointly met:
• there will be reasons related to your particular situation, in the case of data processing based on a task carried out in the public interest or as part of the exercise of public authority by the Controller,
• processing is necessary for the legitimate interests pursued by the Controller or by a third party, except where these interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data, in particular when the data subject is a child.
8. If you become aware of the unlawful processing of your data by the Controller, you have the right to complain to the President of the Personal Data Protection Office (PUODO).
9. Providing data is obligatory when the premise for the processing of personal data is a legal provision or an agreement concluded between the parties.
10. Your data may be processed in a traditional and automated manner, but will not be profiled.
11. The Personal Data Controller uses Microsoft 365, Google Workspace and Google Drive, which may result in the transfer of your data to a third country (referred to in Article 46, Article 47, or Article 49 (1), second subparagraph, of the GDPR).
The terms of use of Online Services in the field of Microsoft 365; Google Workspace and Google Drive and obligations about the processing and protection of user data and personal data by online services are set out in Google's documentation, including in particular the privacy statement - Privacy Policy - Privacy and terms – Google and Privacy Policy - Privacy and terms – Microsoft 365. (Google: https://policies.google.com/privacy?hl=pl Microsoft: https://learn.microsoft.com/pl-PL/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide&ms.officeurl=datamaps)
As part of Google services, the data entered into Google Workspace and Google Drive will be processed and stored in a specific geographic location. According to the functionality of Google services in the available administration panel in the "Company Profile", it was indicated that the data is processed within the European Union.
Google, despite having its headquarters outside the EU, is obliged to comply with the GDPR due to the provision regarding companies from outside the European Union, directing their services to entities in the European Union.
Within the European Union, Google processes information about the applications used, browser data, locations, and devices to provide a better and smarter service to Google.
An important element is profiling which Google uses to clarify the user's needs based on her/his data.
Cataloguing the information described above requires Google to adapt its services to the implementation of the GDPR and other data processing security rules in the EU.
Microsoft 365 data storage refers to the geographic location where unused data is stored. Many clients, particularly in the public sector and regulated industries, have distinct requirements for protecting personal or confidential information. Additionally, in some countries, customers must comply with laws that explicitly specify where data is stored.
In many regions, Microsoft 365 offers a range of options for storing data at rest, including on-premises data centre regions (via Product Terms and Advanced Data Residency) or extended across multiple geographies (Multi-Geo capabilities).
12. Detailed information on the processing of personal data will be published on the website available at: https://www.a-perspective.com
13. The Controller can be contacted by sending correspondence to the address indicated in point 1.