My Callsheet s.r.o. GDPR

My Callsheet s.r.o.

K Ovčínu 297/18, Litice, 321 Plzeň

veronika.nagyova@mycallsheet.com

System users, agents and administrators

Sign up and use of the system.

Processed personal info

E-mail, Telephone number, Photo, Role / profession, Based in, Employer, Social sites, About me section (various details), Full name, Transportation, Accommodation, Receipts, More

Recipients or categories or recipients of personal data, including recipients in third countries or international organizations

1) Other users or company profiles, when being mutually accepted in a contact list2) Other users, when sharing the same callsheet (even if private), but only for the period of the work dates set on a callsheet3) Every user, if displayed user has not set his profile to "private mode" in the profile settings and his or her profie was displayed through a common callsheet, a notification centre, employer's or coworker's profile, "+add contacts" search function or callsheet.

4) Web hosting provider

Details

Persons who have access to data subjects' personal data.

Envisaged time limits for erasure of the different categories of data

1) Guest account and the user's details are deleted from the system forty-eight hours after the work dates set on a callsheet. There will be no details left in the system about the user nor about his past work. 2) Regular user can delete his or her account at anytime. The account will be deleted within twenty-four hours from the deletion request made in the profile settings as well as his or her name from every active callsheet and contact list.3) A callsheet will be saved in our system for a period of 18 months beginning with the first day of the callsheet's duration period, if not deleted by a callsheet administrator earlier. It will be deleted on the last day of that 18 months period.4) Personal data is stored until the User deletes any of it, by deleting his or hers data it is automatically deleted from the whole system 

Details

Presumed deadlines for erasure of data subjects' personal data.

Confidentiality measures (admission management; access management; data classification system) and integrity measures (transfer and handling management)

Admission management: reinforced concrete walls, armoured doors, chip system protected by PIN numbers, perimeter protection, camera system in HD, independently lockable racksAccess rights: combination of the correct username and passwordSeparate processing: Processing of personal data takes place in only our company, we do not share your personal data with third parties.Pseudonymization:
If the processing of personal data enables it, the data on a data
subject’s identity shall be removed from the given data application and
stored separately; We do store your personal data, but the data we
collect doesn't constitute special categories of personal data. Therefore, we do not do pseudonymization.
On the other hand, the user is free to delete his or her profile. The profile is deleted after
twenty-four hours from the time the request was made. User's
name and details connected to his or her profile are removed from every callsheet and contact list.. Guest accounts are automatically
deleted from our system forty-eight hours after the callsheet period assigned to that user has ended and
the callsheet has served its purpose.Data classification system: publicAccess management: We have implemented Role Based Access Control Only callsheet administrator can change joint details in the callsheet's joint part and details of every team member (every team member's callsheet's personal section).Only an agent assigned to a user can manage the assigned user's callsheet's personal section. User can manage only his or her private info and receipts in his or her callsheet's personal section.Our callsheet is made of five parts. Two joint sections and three personal sections.The joint section (seen by administrators, agents and every team member on a callsheet) contains:Basic informationcallsheet nameproject nameproject datelocation (added via Google maps)call timedurationadditional info (text or a file)Team Here you can find all the team members, who have been added to the same callsheets with the same dates as you were.Do not forget, even if your profile is set to “private”, other team members can see it as “public” during the time you work together according to the dates set on your callsheet. One day before the job and one day after the job your profile will be private. During the job, it will be viewed as “public” to every team member. The personal section (visible only to the actual person, assigned agent or assigned administrator):Trip detailsTransportation (flight, train, bus, ship, car, other)Hotel (added via Google maps)Private infoEvery user, assigned agent or callsheet administrator can add text or a file for the user. ReceiptsAdd your receipts and share them with your agents or clients. Assigned agents and administrators can see them without you sharing them.

Details

A specific way or ways to secure a subject's personal data.

Availability and resilience of the processing systems and services (availability management, swift recovery after an incident)

Availability management: Data is backed up on the server online and off-site, uninterruptible power supply by UPS and diesel unit, anti-virus, firewall, incident report procedure, security checks at the level of infrastructure, server is hosted by a company fulfilling the ISO 9001 and ISO 27001 requirements (automatic identification of potential risks and eliminating them before they can materialize, plans for a case of extraordinary events caused by a person or force majeure and constant improvement of the ability of our systems to overcome any consequences, very high protection against cyber-attacks and constant improvement of that protection, procedures according to the structured and globally renowned methodology of information security, in compliance with the valid legislation and trends, determined precautions to prevent failures and outages of the provided services)Swift recovery after an incident: we do have Service-level agreement for a smooth application development and maintenance

Details

The data specify how the service or system processing a subject's personal data is resilient to an outage and how quickly after such incident the service or system renews its operation.

Procedures for regular review and assessment of measures (management of personal data protection, incident management, standard protection of personal data, processing management)

Management of personal data protection, including regular employee training: Only the very necessary amount of people has access to the personal data, all of them are highly professional and do respect the importance of personal data protectionIncident management: We have plans for a case of extraordinary events caused by a person or force majeure and we constantly improve the ability of our systems to overcome any consequencesStandard protection of personal data: Active protection against cyber-attacks and constant improvement of that protection, automatic identification of potential risks and eliminating them before they can materializeProcessing management: according to the standards ISO 9001 and ISO 27001

Details

Reviewing the course of processing of a subject's personal data, updating of information about the processing and of the personal data as such.

Joint controller(s) (if they exist)

There are no joint controllers.

Details

Persons who determine the means and purposes of processing personal data.

Legal grounds for processing

Consent of the data subject.Performance of a contract.

Details

Legal facts giving ground to to processing of the personal data.

From whom does my organization receive personal data?

From the users, who may be data subjects themselves or from controllers of personal data (i.e. other users).

Details

Information whether the processed personal data comes from the data subjects, the organization's own activities or other sources.

Is provision of personal data obligatory and what does this requirement arise from?

It is obligatory, when a person wants to use the system, i.e. the requirement to provide personal data arises from a contract - provision of the data is then necessary to the extent, that is required by such a contract.Personal data input is required to some extent, so that other users are able to identify desired user and put him or her in a contact list or on a callsheet.Obligatory:Full nameE-mail  Optional:Phone number (helps others to get in touch with you when needed)Photo (helps others to recognize you)Social sites (Facebook, Instagram, Twitter, Snapchat)About me (anything you decide to share with others – allergies, life motto, shoe size…)Roles (photographer, assistant, model, producer, … - helps to identify you and tells the other what you do for living)Employer (when added to a company you are portrayed as the company’s employee along with other added coworkers)Based in (City, county – helps others to identify you better)TransportationAccommodationReceipts Other

Details

If personal data are provided by the data subjects, this states the reason why the organization needs the data and whether their provision is obligatory.

Are automated decisions or profiling used?

Automated decisions or profiling ARE NOT USED IN OUR SYSTEM.

Details

This entry states whether automated decisions (without human interventions), including profiling (forecasting future behaviour), take place in the organization based on a subject's personal data.

The means of informing the subject (document, validity of the document, means)

Documents: Privacy PolicyProcessing of personal data agreementTerms of useCookies Policyare present in the footer on mycallsheet.com and in every user's "profile settings".Before
marking his or her consent to processing, the subject confirmed reading
the documents mentioned above as of 8th of October 2018 by ticking the
relevant checkboxes in the web application (or radio buttons in the mobile
application). 

Details

Information about the way and time when the organization informed the data subjects about processing of their personal data.

Non-electronic data storage - Means of storing personal data

We do not store our data outside of our system.

Details

The location and means of storing the data subject's perosnal data if stored in their physical form.