IS OMNIA – information system for complex parish management

Data Controller
1. These policies govern the processing of personal data of individuals acting on behalf of the Customer – i.e., where the Provider acts as the data controller of personal data of individuals acting on behalf of the Customer (see section 7.1 of the General Terms and Conditions). These policies also regulate the conditions for the use of cookies data by all users.
2. The Provider – IT servitium Ecclesiae s.r.o., with company ID 21250430, registered at Platnéřská 191/4, Staré Mesto, 11000 Prague 1, Czech Republic, registered in the Commercial Register of the City Court in Prague under file no. C 398943/MSPH (hereinafter referred to as the “controller”) collects, stores, and uses personal data of individuals in accordance with Act No. 110/2019 Coll. on the Processing of Personal Data (hereinafter the Personal Data Processing Act) and Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR Regulation). The specific purposes for which the controller processes personal data are outlined below.
3. The controller declares that all personal data processed by them is strictly confidential. The controller handles such data in accordance with national legislation and European Union regulations on personal data protection.
4. The controller also collects these personal data through their websites at the addresses of individual parishes (hereinafter referred to as the websites).
5. These policies are issued by the controller to ensure that data subjects are sufficiently informed about what personal data is being processed, for what purpose, for how long, who will have access to it, and what rights the data subject has. These policies apply to all personal data collected by the controller, whether collected for the purpose of fulfilling a contractual relationship, legal obligation, legitimate interest, or consent granted.

Processed Data

The controller is authorized to process the following personal data according to the purpose, legal basis for processing, categories of personal data, categories of data subjects, categories of recipients, and retention periods as follows.

Number	Processing Purpose	Legal Basis According to Article 6(1) GDPR	Categories of Personal Data	Categories of Data Subjects	Categories of Recipients	Retention Period
1	Contractual agenda, contract performance	b), f), Article 9(2)(e), (f) GDPR	identification, contact details	statutory representatives, representatives, and employees of the Customers	tax authorities, possibly other public authorities	11 years
2	Pre-contractual negotiation	b), f), Article 9(2)(e), (f) GDPR	identification, contact details	prospective customers	_________________	4 years
3	Protection of the controller’s rights and freedoms	f)	all data related to the specific case	any relevant party	____________________	4 years after the dispute or proceedings end
4

For the processing purposes under numbers 2 and 3, a personal data falling into the special category of personal data according to Article 9 of the GDPR is indirectly processed, specifically the data about religious beliefs. This processing is carried out based on the exception stated in Article 9(2)(e) and (f) of the GDPR.
The individual purposes of processing are as follows:
1. Contractual relationship performance means: the relationship between the data subject and the controller, which arose based on an order, registration, concluded contract, application, and participation in an event, competition, etc.
2. Statistical purposes means: anonymized monitoring of website traffic, monitoring the number of page views, time spent on websites, type of device from which the data subject accesses the website. The controller collects data to improve the services provided and offer relevant content to customers.
3. Legitimate interest primarily means the controller's interest in protecting its rights and freedoms or other legitimate interest of the controller that outweighs the data subject’s interest in protecting their personal data in a particular case. The period of processing personal data must be proportional to the nature of the legitimate interest. A legitimate interest may be, for example, effective defense in case of a dispute; the data retention period in such a case is 4 years from the effectiveness of the legal action and extends for the duration of the dispute. The controller also has an interest in continually improving the quality of its service and preventing the disruption of such activity, so activities contributing to the fulfillment of this goal are considered legitimate interest. Legitimate interests also include processing for the purposes of pre-contractual communication, fraud prevention (e.g., assessing the risk of concluding a contract), direct marketing (e.g., offering relevant services to existing customers), reporting crimes and transferring personal data to the appropriate authority, network and information security. This list is non-exhaustive.
4. Compliance with other legal obligations means: providing information to law enforcement authorities, providing information to other public authorities in compliance with obligations arising from legislation governing labor relations, health insurance, social security, tax and fee management, etc.
Personal data of data subjects is processed for the period necessary to fulfill all rights and obligations arising from mutual legal actions, at least for the duration of the service provision, order fulfillment, etc., and also for the period the controller is obligated to store personal data according to applicable legal regulations or for the period for which consent was granted to the controller. Otherwise, the processing period depends on the purpose for which the personal data is processed. The specific processing period for each processing purpose is indicated in the table in Article 2.1.
Personal data is processed by the controller manually as well as automatically. The controller is authorized to process certain information automatically, for example, to generate statistical data about the traffic on its websites.

Personal Data Processed Based on Consent
1. If we have obtained your consent for the processing of personal data, it has been for one of the following purposes:
  1. Registration or request filled out on the parish website.
  2. Consent to the scope and purpose of using data stored in the end devices of participants or users (cookies). This does not apply to technical storage or access exclusively for the purpose of transmitting a communication over an electronic communications network or when it is necessary for providing an information society service explicitly requested by the participant or user.
Transfer to Third Countries
1. No personal data will be transferred abroad, and therefore not outside the EU.
Rights of the Data Subject
1. The data subject has the following rights, which arise from legal regulations and which they may exercise at any time:
  1. Right of access to personal data, according to which the data subject has the right to obtain from the controller information on whether the controller processes their personal data. The controller must provide this information without undue delay. The content of the information is governed by Article 15 of the GDPR. The controller may request a reasonable fee for providing the information, which does not exceed the costs necessary for providing the information.
  2. Right to rectification or erasure of personal data, or restriction of processing, according to which the data subject has the right to have personal data corrected if they are inaccurate or incorrect. If personal data is no longer necessary for the purposes for which they were collected, or is processed unlawfully, the data subject has the right to request its erasure. If the data subject does not wish to request the erasure of personal data but only to temporarily restrict its processing, they may request the restriction of processing.
  3. Right to request clarification if the data subject suspects that the processing of their personal data by the controller is in violation of legal regulations.
  4. Right to contact the Office for Personal Data Protection if there are doubts about the compliance with obligations related to the processing of personal data.
  5. Right to data portability, i.e., the right to obtain personal data concerning the data subject, provided by the controller, in a structured, commonly used, and machine-readable format, see Article 20 of the GDPR for more details.
  6. Right to object to the processing of personal data, which is processed for the purpose of fulfilling a task carried out in the public interest or in the exercise of official authority or for the purposes of protecting the legitimate interests of the controller. Based on the objection, the controller will cease processing without undue delay unless they can demonstrate that there is a legitimate interest/reason for processing that outweighs the interests, rights, or freedoms of the data subject.
  7. If the data subject raises an objection to the processing of their personal data for direct marketing purposes, their personal data will no longer be processed for these purposes.
  8. Right to withdraw consent for the processing of personal data at any time, if the data subject has given consent to the controller for the processing of personal data.
Cookies
1. Cookie data are short text files that a website sends to the user's browser. They allow the website to record information about the visit, such as the chosen language, making the next visit easier and more pleasant for the user. Cookies are important because without them, browsing the internet would be much more complicated. Cookie data help improve the website and tailor its content to the user's needs; they are used by almost every website in the world. Cookies are useful because they enhance the user-friendliness of a repeatedly visited website.
2. On the administrator's website, the following types of cookies may be used:
  1. Session (i.e., temporary) cookies allow the administrator to link the actions of the same user during their browsing session. These cookies are activated when the browser window is opened and deactivated when the browser window is closed. Session cookies are temporary and are deleted once the browser is closed.
  2. Permanent cookies help the administrator identify the user's computer when they revisit the administrator's website. Another advantage of permanent cookies is that they allow the website to be customized to the individual needs of the users.
3. In accordance with the provisions of § 89 para. 3 of Act No. 127/2005 Coll., on electronic communications, as amended, the operator of the web application informs that the administrator's website does not use cookies for its activities, meaning that user cookie data, including permanent cookies, is not processed. However, their use requires the user's demonstrable consent regarding the scope and purpose of their use. This does not apply to technical storage or access exclusively for the purpose of transmitting a message via an electronic communications network or if necessary for providing an information society service explicitly requested by the participant or user.
4. Consent to the use of non-technical cookies can be given by ticking the relevant box on the provider's website. If the user does not provide such consent, non-technical cookies cannot be used further. If the user does not consent to the use of non-technical cookies, some functions and pages may not work properly.
5. Even after granting consent, it will still be possible to manually modify the permission to share cookie data in the user's browser.
Information and Questions
1. Additional information about rights and obligations regarding personal data protection can be obtained by the data subject on the website isomnia.sk or via email at [email protected]

IS OMNIAPrivacy Policy

IS OMNIA
Privacy Policy