DATA PROTECTION POLICY
The company Wellcrafted s.r.o. collects and uses personal information (referred to in the General Data Protection Regulation (GDPR) as personal data) about its clients (fundraisers, supporters, donors, volunteers and employees). This information is gathered in order to enable us to carry out our normal operations. In addition, WELLCRAFTED S.R.O. may be required by law to collect, use and share certain information. WELLCRAFTED S.R.O. is the Data Controller of the personal data that it collects and receives for these purposes.
WELLCRAFTED S.R.O. will on request issue Privacy Notices (also known as a Fair Processing Notices) to any clients. These summarise the personal information held about clients, the purpose for which it is held and with whom it may be shared. It also provides information about an individual’s rights in respect of their personal data
This policy sets out how WELLCRAFTED S.R.O. deals with personal information correctly and securely and in accordance with the GDPR, and other related legislation. This policy applies to all personal information however it is collected, used, recorded and stored by the WELLCRAFTED S.R.O. and whether it is held on paper or electronically.
What is Personal Information/ data?
Personal information or data means any information relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly by reference to details such as a WELLCRAFTED S.R.O. identification number, IP address, location data, an online identifier or by their physical, physiological, genetic, mental, economic, cultural or social identity. Personal data includes (but is not limited to) an individual’s name, address, date of birth, photograph, bank details and other information that identifies them.
Data Protection Principles
The GDPR establishes six principles as well as a number of additional duties that must be adhered to at all times:
- Personal data shall be processed lawfully, fairly and in a transparent manner
- Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (subject to exceptions for specific archiving purposes)
- Personal data shall be adequate, relevant and limited to what is necessary to the purposes for which they are processed and not excessive;
- Personal data shall be accurate and where necessary, kept up to date;
- Personal data shall be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- Personal data shall be processed in a manner that ensures appropriate security of the personal
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection. Data Controllers have a General Duty of accountability for personal data.
WELLCRAFTED S.R.O. is committed to maintaining the principles and duties in the GDPR at all times. Therefore WELLCRAFTED S.R.O. will:
- Inform individuals of the contact details of the Data Controller
- Inform individuals of the purposes that personal information is being collected and the basis for this
- Inform individuals when their information is shared, and why and with whom unless the GDPR provides a reason not to do this.
- If WELLCRAFTED S.R.O. plans to transfer personal data outside the EEA the business will inform individuals and provide them with details of where they can obtain details of the safeguards for that information
- Inform individuals of their data subject rights
- Inform individuals that the individual may withdraw consent (where relevant) and that if consent is withdrawn that WELLCRAFTED S.R.O. will cease processing their data although that will not affect the legality of data processed up until that point.
- Provide details of the length of time an individual’s data will be kept
- Should WELLCRAFTED S.R.O. decide to use an individual’s personal data for a different reason to that for which it was originally collected the individual will be informed and where necessary consent requested
- Check the accuracy of the information it holds and review it at regular intervals.
- Ensure that only authorised personnel have access to the personal information whatever medium (paper or electronic) it is stored in.
- Ensure that clear and robust safeguards are in place to ensure personal information is kept securely and to protect personal information from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded.
- Ensure that personal information is not retained longer than it is needed.
- Ensure that when information is destroyed that it is done so appropriately and securely.
- Share personal information with others only when it is legally appropriate to do so.
- Comply with the duty to respond to requests for access to personal information (known as Subject Access Requests)
- Ensure that personal information is not transferred outside the EEA without the appropriate safeguards
- Ensure that all staff are aware of and understand these policies and procedures.
Complaints will be dealt with in accordance with WELLCRAFTED S.R.O.’s data complaints policy.
This policy will be reviewed as it is deemed appropriate, but no less frequently than every three years. The policy review will be undertaken by Wellcrafted s.r.o. Chief Operating Officer and/or a data protection consultant appointed by the charity.
If you have any enquires in relation to this policy, please contact us by email firstname.lastname@example.org or by post Wellcrafted s.r.o.; Golovinova 1709, 43201 Kadaň, Czech Republic
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer, if you agree to this. Cookies contain information that is transferred to your computer's hard drive.
Cookies are widely used in order to make websites work, and to work more efficiently, as well as to provide information to the owners of the website (and any third parties they work with) and to manage elements of their business. Without certain cookies, some areas and functionalities of a website will not work (e.g. user logins).
We use the following types of cookies
- Strictly necessary cookies. These are cookies that are required for the operation of our site to enable you to move around our site and use its features. They include, for example, cookies that identify your language and customize the look of our web pages correspondingly.
- Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily. We only use these cookies to improve how our website works.
- Functionality cookies. These are used to recognise you when you return to our site and enable us to remember the choices you make when using our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
While persistent cookies stay on your computer for a long time, session cookies are automatically deleted when the browser window is closed. Below is a description of the cookies we use and use on the website for the purposes of this use.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. You can also delete cookies by selecting the appropriate option in your browser settings If you use different computers/mobile devices in different locations you will need to ensure that each browser is adjusted to suit your cookie preferences. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
For more information on Google Analytics cookies, please refer to https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Social Media Buttons
If you take the opportunity to share content from our site through our social buttons (e.g. Facebook, Twitter etc), you should be aware that these sites are likely to collect information about your online activities. We have no control over this. We suggest that you check the privacy policies (if any) of such third party websites for more information about their use of your information and/or how to opt out or delete such information.