Personal Data Protection – GDPR
1. Subject of the Directive
The General Data Protection Regulation (GDPR) is still the most comprehensive set of data protection rules in the world. The GDPR will affect anyone who collects or processes Europeans' personal data, including companies and institutions outside the EU that operate in the European market. The regulation is aimed at companies, institutions and individuals who handle personal data - employees, customers, clients or suppliers, across segments and industries. The aim of the GDPR is to protect the digital rights of EU citizens.
2. Definition of personal data
Personal data are defined in both the current 1995 Directive and the GDPR as all information relating to an identified or identifiable natural person.
General personal data includes name, gender, age and date of birth, personal status, but also IP address and photographic record. Given that the GDPR also applies to natural persons engaged in business, we include personal data as well as so-called organizational data, such as e-mail address, telephone number or various identification data issued by the state. These data are handled within the work of ENVItech Bohemia sro.
The General Regulation pays special attention to the processing of specific categories of personal data, such as data on racial or ethnic origin, political opinions, religion or philosophy, trade union membership, health, sexual orientation and criminal offenses or final convictions. The regulation now includes genetic, biometric and children's personal data in the category of sensitive data. The processing of sensitive personal data is subject to a much stricter regime than that of general data. Sensitive data is not handled within ENVItech Bohemia s.r.o. and this data must not be collected and stored in any way.
On the contrary, anonymized data, data of deceased persons and data obtained in the course of activities of a purely personal nature which are not of a commercial or institutional nature are excluded from the scope of the GDPR. This therefore applies to data that we process for personal use and will not be shared with anyone.
3. Scope of the Directive
With effect from 25.5.2018, all employees of the company are obliged to proceed with the handling of personal data according to GDPR rules.
4. Control activity
GDPR compliance check will be carried out under ISO 9001. ZVI will carry out regular training of all staff and carry out audits to check the handling of personal data.
5. Training and functionality check
Company employees will be regularly trained and informed about the GDPR system. Prior to the validity of this Decision, comprehensive training of all employees was carried out. Further training will always take place at a maximum interval of 1 year. The system functionality check will be carried out as part of internal audits of ISO 9001.
6. Subject of GDPR adjustment
All employees must ensure that information is not leaked. Employees must take care that no one can get into the electronic system. They may not provide its access data to a third party and must be unsubscribed from the system in the event of termination of work. If access data is disclosed to an unauthorized person, the access passwords must be changed immediately. It is also recommended that all employees make regular password changes to make the system more secure.
In the case of documentary documents, the document may not be stored freely without the supervision of a competent staff member. The entire premises of ENVItech Bohemia s.r.o. are locked so that there can be no free movement of strangers. In case of a visit to the company, it is necessary that the person is always accompanied by a competent employee, so that personal data cannot be leaked. All employees must ensure that information will not be leaked by third person.
Relations with external service suppliers (payroll, travel books, personnel services, ...) are adjusted to comply with GDPR.
When handling personal data for marketing purposes (news, email information campaigns, ...) customer interest is required in accordance with the GDPR and made possible by easy unsubscribing from the newsletter.
7. Validity of directive
Decision takes effect on 25th of May 2018.