As the Slovak Partnership Team that reports to the United Nations Development Programme (UNDP) Regional Office in Istanbul, we are part of an international organisation with its registered seat in: Key Plaza, 10th floor, Abide-i Hürriyet Cd. İstiklal Sk. No/11, Şişli, 34381, Istanbul, Turkey (the “UNDP Slovak Partnership” or the “SK Partnership Team”). Personal data of natural persons are necessarily processed to ensure a proper running of the UNDP Slovak Partnership and to deliver and perform services. This Privacy Policy regarding the processing of personal data (the “Personal Data”) explains how the UNDP Slovak Partnership, as controller of filing systems, processes the personal data of natural persons it collects.
Mailing address: UNDP Europe and Central Asia, The Slovak Partnership Team, Palisády 31, 811 06 Bratislava, Slovak Republic
This Privacy Policy primarily serves to fulfil the information obligations under Articles 13 and 14 GDPR owed to data subjects whose personal data we process in connection with our activities. Our processing of personal data is governed primarily by Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”) that also regulates your rights as data subject,[1] applicable to us: At the same time, we also provide separate information about the giving of consent to the processing of personal data.
Giving of consent to the processing of personal data
As set out below, the legal basis for the processing of personal data is the consent given by the data subject.
Giving of consent to the processing of personal data of those interested in receiving news (newsletter) from UNDP Slovak Partnership
The website contains a tick box to receive information about activities and news of the UNDP Slovak Partnership, which requires a user to enter their e-mail address (the “e-mail address”) to which the UNDP Slovak Partnership should send such information. The purpose of the processing of personal data is to regularly inform the data subject about the news and activities of the UNDP Slovak Partnership.
The user can only provide the e-mail address for receipt of information about the activities of the UNDP Slovak Partnership by simultaneously giving their consent to these Privacy Policy by ticking the appropriate box. By consenting to this Privacy Policy, the person consents to the processing of this personal information in accordance with Article 6(1)(a) GDPR (consent as one of the legal bases for the processing of personal data).
When we process your personal data?
We may process your personal data in the following cases:
- You have subscribed to our newsletter,
- You interact with our content on our website, or on the project profile set up on a social network.
In these cases, we may have collected your personal data directly from you, i.e., through our website or on another occasion.
For what purposes and on what legal basis we process personal data?
Purpose of processing of personal data | Legal basis | Further explanation of the purpose of processing |
Purposes of external communications and PR | Article 6(1)(a) and (f) of Regulation (EU) No 2016/679 of the European Parliament and of the Council (GDPR) – data subject’s consent or legitimate interest, as applicable. | We use standard marketing and PR tools to promote the activities of the UNDP Slovak Partnership, including: 1. polls and surveys; 2. managing social media profiles, including communication and discussion with users; 3. delivery of electronic and written messages with information about the UNDP Slovak Partnership (newsletter); 4. website management; 5. use of third-party plugins (e.g. logging in using Facebook, Google). |
Statistical purposes | Legal basis as per provisions of Article 89 GDPR. | Processing of statistical data that cannot be attributed to any data subject. |
Conduct of project activities and internal administrative purposes | Article 6(1)(a) of Regulation (EU) No 2016/679 of the European Parliament and of the Council (GDPR) – data subject’s consent or legitimate interest, as applicable. | Offers of co-operation and participation extended to business entities in the Region, internal documentation with suppliers of services to the Slovak Partnership Team. |
Performance of obligations under a contract | Article 6(1)(f) of Regulation (EU) No 2016/679 of the European Parliament and of the Council (GDPR) – legitimate interest | Contracts with service providers and co-operating business entities participating in UNDP SK Partnership projects – i.e. processing of information about contact persons, executive bodies, etc. |
Personal data security and IT development | Article 6(1)(f) of Regulation (EU) No 2016/679 of the European Parliament and of the Council (GDPR) – legitimate interest | Processing of Personal Data as a result of security measures applied (e.g. access control, logging, backup). Also the necessary processing of Personal Data in development, improvement and testing of software solutions. |
Organising various initiatives, surveys and calls related to project activities of UNDP’s SK Partnership Team | Article 6(1)(a) of Regulation (EU) No 2016/679 of the European Parliament and of the Council (GDPR) – data subject’s consent | Often, an objective can be achieved only through a simple survey or call, where the controller needs lesser amount or different scope of personal data than if there is a petition. |
Defending, pursuing and proving legal claims | Article 6(1)(f) of Regulation (EU) No 2016/679 of the European Parliament and of the Council (GDPR) – legitimate interest | This includes communication or interaction with public authorities, exercising rights in administrative and other proceedings, drafting, reviewing and storing contracts, providing information to lawyers, storing various documents and data in evidence. |
Keeping and management of records | Article 6(1)(c) of Regulation (EU) No 2016/679 of the European Parliament and of the Council (GDPR) – legal obligation. | This obligation is held under Act No. 395/2002 Coll. on Archives and Registers of Records – any (electronic or paper) processing of personal data for the purposes of archival care, and possibly also as required by plan of records. |
What personal data we process about you?
The scope of the personal data processed varies, depending on the specific purpose. In principle, however, these are general identification and contact details.
We only process standard categories of personal data in the scope of first name, surname, contact details, etc. We do not process any data falling under a special category of personal data (so-called “sensitive personal data”), national identification (birth) numbers, nor information about conviction for criminal offences for these purposes.
How we collect personal data about you?
We most often obtain your personal data directly from you, e.g., by registering for various projects, sending your questions, queries or initiatives on our website or Facebook account.
Who we provide your personal data to?
Your personal data can be accessed by authorised employees of the UNDP’s Slovak Partnership Team who are bound by a confidentiality undertaking, and can access this data always only on a strict need-to-know basis. This access is typically limited by the position, function and job description of the particular member of staff. We provide personal data to other recipients only as absolutely necessary, and categories of recipients may include:
- our processors;
- our advisers;
- operators of social networks (Facebook and Google), strictly as regards the use of their functionalities (e.g., login using Facebook or Google, Facebook Like plugin, etc.);
- hosting or cloud storage providers, for data collected through a website (e.g., Microsoft/Websupport);
- IT support providers for the operation of our websites (TAKTO.sk);
- mail carriers and courier services, as regards mail delivery;
- employees of recipients listed above;
- where special regulations so prescribe, also to government or self-government authorities.
Which countries we transfer your personal data to?
As a standard practice, we restrict any cross-border transfers of personal data to third countries outside the European Economic Area (EU, Iceland, Norway and Liechtenstein) unless it is necessary. However, some of our subcontractors and personal data recipients listed above (in particular, Facebook and Google) may be based or have servers in the United States of America, which is a third country that does not have a protection of personal data that is adequate to level existing in the EU. If we make any transfers of personal data to third countries at all, we will require other data protection safeguards (e.g., using standard contractual clauses).
How long we store your personal data?
We store personal data for no longer than is necessary for the purposes for which such data is processed. For the purposes of external communication and PR, this storage period is no longer than 5 years. Such maximum storage period may, in fact, be shorter, especially if: (i) we no longer consider the processing of personal data necessary for any reason; (ii) we process your personal data on the basis of your consent, and such consent has been withdrawn, which concerns data processed on the basis of such consent; (iii) where a special regulation so provides; or (iv) after an objection is raised to the processing of personal data for PR purposes.
What rights do you have as a data subject?
- If we process personal information about you based on your consent to the processing of your personal data (e.g., when you subscribe to our newsletter), you have the right to withdraw your consent at any time.However, such withdrawal will not affect the lawfulness of personal data processing until and up to its withdrawal.
- You have the right to effectively object, at any time, to the processing of personal data for external communication and PR purposes.
- You also have the right to object to the processing of your personal data on the basis of legitimate interests pursued by us, as explained above.
GDPR sets out the general conditions for the exercise of your individual rights. However, that such rights exist does not automatically imply that we will grant them upon your exercise, given that exceptions may apply in a particular case, or given that some rights are linked to specific conditions that may not be met in every case. We will always handle your request regarding a specific right and examine it in the light of applicable legislation.
As a data subject, you further have, in particular, the right:
- to request access to the personal data we process about you under Article 15 GDPR. This right includes the right to confirm whether we are processing personal data about you, the right to obtain access to that data, and the right to obtain a copy of personal data we are processing about you, where technically feasible;
- to rectify and complete your personal data in accordance with Article 16 GDPR if we process incorrect or incomplete personal data about you;
- to erase your personal data in accordance with Article 17 GDPR;
- to restrict the processing of personal data in accordance with Article 18 GDPR;
- to communicate the erasure or rectification of your personal data to other recipients in accordance with Article 19 GDPR;
- to data portability in accordance with Article 20 GDPR;
- to object to legitimate, public interest and to direct marketing, including profiling, in accordance with Article 21 GDPR;
- not to be subject to a decision based solely on automated processing in accordance with Article 22 GDPR.
You also have the right to lodge a complaint at any time with the Office for Personal Data Protection of the Slovak Republic, or to file a lawsuit with the competent court. In any event, we recommend that you resolve any disputes, questions or objections by first communicating with us and asking us to explain our process.
Are decisions made based solely on automated processing?
No, we do not carry out such processing operations that would lead to a decision with legal effect or other substantial impact on you based solely on fully automated processing of your personal data within the meaning of Article 22 GDPR.
Cookies
We may use cookies and similar technologies to improve our online services. If you visit the website slovakchallengefund.org, you must explicitly tick the consent box before any cookies can be activated (or else they will not be activated) by pressing the web button “ACCEPT” or otherwise “REJECT” all cookies.
What are cookies?
A cookie is a small amount of data or small text files that can be sent to your browser when you visit a website and stored on your device (computer or another Internet-enabled device, such as a smartphone or a tablet). Cookies are usually stored as files in your internet browser, usually containing the name of the website from which they originate and the date they were created. The next time you visit the site, the web browser will reload the cookies and send this information back to the website that originally created the cookies. Cookies do not harm your computer or other devices used to browse the Internet. Cookies improve the use of a website, for example, by enabling recognition of previous visitors when logging into the user environment, by remembering a visitor’s choice when opening a new window, by measuring website traffic or how the website is used to improve its user experience.
What cookies we use?
At the moment, there are no cookies used at the website slovakchallengefund.org.
Social media
We encourage you to read the privacy policies of providers of those social media platforms through which we communicate. Our privacy policy explains only the basic issues related to the management of our profiles. We only have typical administrator permissions when processing your personal data through our or client profiles. We assume that, by using social networks, you understand that your personal data is also processed by providers of these platforms (such as Facebook, Google, Youtube) and that we have no control over and are not responsible for this processing, any other disclosure of your personal data to third parties, nor for cross-border transfers to third countries carried out by these providers of social networking platforms. We are only responsible for our own activities on these platforms that are explained in this Privacy Policy.
[1] See Articles 12 to 22 GDPR: http://eur-lex.europa.eu/legal-content/SK/TXT/HTML/?uri=CELEX:32016R0679&from=EN