Principles of personal data processing
Here are the main points that should be included in the principles of personal data processing
The principles of personal data processing usually contain information on how the organisation collects, stores, uses and protects the personal data of individuals in order to ensure their security and privacy in accordance with the relevant laws, such as the GDPR in the European Union. Here are the main points that should be included in the principles of personal data processing:
Purposes of processing your personal data and the legal basis for processing
In some cases we process your personal data in order to ensure the protection of rights and legitimate interests.
-
Introduction and identification of the data controller
- Information about the company or organisation that processes the data (data controller).
- Contact details of the controller, and, where applicable, of the data protection officer.
-
Purpose and legal basis of processing
- Clear definition of the purpose of personal data processing (for example, conclusion and performance of a contract, marketing purposes, accounting purposes).
- The legal basis for processing according to the GDPR (for example, consent of the data subject, performance of a contract, legal obligation).
-
Types of personal data processed
- Description of the types of personal data that are collected (for example, name, address, telephone number, e-mail address).
- Categories of sensitive data (where relevant).
-
Recipients of personal data
- Information on who may have access to the data (for example, employees, external service providers, subcontractors).
- Transfer of data to third parties, for example for marketing purposes or payment processing.
-
Retention period for personal data
- How long the data will be retained (for example, for the period necessary to achieve the purpose of processing).
- Criteria for determining this period where it is not precisely set.
-
Rights of data subjects
- The right of access to data, rectification, erasure and restriction of processing.
- The right to data portability and to object to processing.
- The right to withdraw consent where it is the legal basis.
-
Measures to secure data
- Description of the security measures (for example, technical and organisational measures) that protect personal data against unauthorised access or misuse.
-
Transfer of data outside the EU/EEA
- Information on any transfer of personal data outside the European Union or the European Economic Area and on ensuring protection of such data in accordance with the GDPR.
-
Changes to the principles of personal data protection
- Information on how data subjects will be informed of changes to the principles of personal data processing.
-
Contacts for questions and complaints
- The possibility to contact the organisation with questions or requests regarding personal data processing.
- Information on the possibility to lodge a complaint with the supervisory authority for personal data protection (for example, the Office for Personal Data Protection in the Czech Republic).
When drafting the principles of personal data processing, it is important to ensure that the wording is clear and understandable so that it is easy for users to comprehend.
Are you interested in cooperation or do you need advice?
Leave us your contact details and we will get back to you as soon as possible.