This GDPR Information Board has not been checked by a lawyer at Legal Partners.
English in Levels s.r.o.
Gorkeho 2069, 530 02 Pardubice, Czech Republic
http://www.englishinlevels.com
Zdeněk Vaníček
Users of English in Levels sites
Business activities of the company
Processed personal info
Name, Email
Recipients or categories or recipients of personal data, including recipients in third countries or international organizations
IT vendorsAccounting companyDetails on recipients of personal data are described in section Details of the processor(s)
Details
Persons who have access to data subjects' personal data.
Envisaged time limits for erasure of the different categories of data
Due to current accounting legislation, clients who paid for English in Levels services can be erased in 10 years after the latest invoice.
Details
Presumed deadlines for erasure of data subjects' personal data.
Access rights (job or employee's name)
Customer service employeesAccountants
Details
Information about who is authorized to process data subjects' personal data.
Confidentiality measures (admission management; access management; data classification system) and integrity measures (transfer and handling management)
All IT systems are secured by username and password and by two-factor authentication (when possible)Printed documents are securely stored at accounting company
Details
A specific way or ways to secure a subject's personal data.
Availability and resilience of the processing systems and services (availability management, swift recovery after an incident)
Data are regularly backed-up to secure locationsPrinted records of invoices are also stored as a backup
Details
The data specify how the service or system processing a subject's personal data is resilient to an outage and how quickly after such incident the service or system renews its operation.
Procedures for regular review and assessment of measures (management of personal data protection, incident management, standard protection of personal data, processing management)
Process of processing personal data is reviewed on yearly basis.
Details
Reviewing the course of processing of a subject's personal data, updating of information about the processing and of the personal data as such.
Legal grounds for processing
Legitimate interests of the controller (providing requested services)
Details
Legal facts giving ground to to processing of the personal data.
From whom does my organization receive personal data?
From the customers themselves
Details
Information whether the processed personal data comes from the data subjects, the organization's own activities or other sources.
Is provision of personal data obligatory and what does this requirement arise from?
Prerequisite for providing the offered services (eg. online courses).
Details
If personal data are provided by the data subjects, this states the reason why the organization needs the data and whether their provision is obligatory.
Are automated decisions or profiling used?
No
Details
This entry states whether automated decisions (without human interventions), including profiling (forecasting future behaviour), take place in the organization based on a subject's personal data.
Details of the processor(s)
Google Analytics / Google Inc., IrelandGoogle Tag Manager / Google Inc., IrelandFacebook / Facebook Inc., IrelandActive 24 hosting / Active24 s.r.o., Czech Republic
Details
This field states information about the processor(s) of personal data whom the company engaged in the processing of the data subject's personal data.
Marketing and advertising
Processed personal info
Name, Email
Recipients or categories or recipients of personal data, including recipients in third countries or international organizations
IT vendors
Details
Persons who have access to data subjects' personal data.
Envisaged time limits for erasure of the different categories of data
All personal data stored for marketing purposes can be erased in 90 days after receiving the request.
Details
Presumed deadlines for erasure of data subjects' personal data.
Access rights (job or employee's name)
Marketing employeesSoftware engineers
Details
Information about who is authorized to process data subjects' personal data.
Confidentiality measures (admission management; access management; data classification system) and integrity measures (transfer and handling management)
All IT system are secured by username and password
Details
A specific way or ways to secure a subject's personal data.
Availability and resilience of the processing systems and services (availability management, swift recovery after an incident)
Data are regularly backed-up to secure locations
Details
The data specify how the service or system processing a subject's personal data is resilient to an outage and how quickly after such incident the service or system renews its operation.
Procedures for regular review and assessment of measures (management of personal data protection, incident management, standard protection of personal data, processing management)
Process of processing personal data is reviewed on yearly basis.
Details
Reviewing the course of processing of a subject's personal data, updating of information about the processing and of the personal data as such.
Legal grounds for processing
Consent of the data subject
Details
Legal facts giving ground to to processing of the personal data.
From whom does my organization receive personal data?
From customers themselves.
Details
Information whether the processed personal data comes from the data subjects, the organization's own activities or other sources.
Is provision of personal data obligatory and what does this requirement arise from?
It is not. Users can unsubscribe from marketing messages any time without any consequences.
Details
If personal data are provided by the data subjects, this states the reason why the organization needs the data and whether their provision is obligatory.
Are automated decisions or profiling used?
No
Details
This entry states whether automated decisions (without human interventions), including profiling (forecasting future behaviour), take place in the organization based on a subject's personal data.
Where does the organization store the consents to processing of personal data?
In an electronic database
Details
The place where the organization stores the subject's consent to processing of personal data.
The attached summary shows you individual rights that data subjects may claim according to GDPR.
Copyright GDPRset.com in cooperation with Legal-Partners.org