From regulations to action framework.
This regulation gives an overview of the rules that apply to an educational organisation. However, a regulation does not adequately reflect how these rules should be interpreted and applied in daily practice. It is not a business protocol for professionals in individual cases. How to handle, for example, the exchange of data is also in discussion, which is reinforced by the ever-increasing and necessary cooperation in chains and networks: educational institutions, ISDs, municipalities, expat centres, etc. And, of course, with individuals. With the shift from the national direction to municipalities, there is a growing need for deforestation of information exchange between partners involved in education and security issues at regional level. A growing number of organisations and employees are entrenched in this collaboration in a large amount of privacy protocols and interpretations of legislation. This means that many professionals are wrong to feel limited in their capabilities. While others unjustly share everything with each other. Choices made are hardly testable. This is an undesirable situation and this requires solutions.
For the purposes of this Regulation:
The Law: The Data Protection Act 2010
Personal Data: each given about an identified or identifiable natural person;
Processing of Personal Data: any act or whole of personal data processing. This includes, at least, the gathering, recording, arranging, storing, updating, modifying, retrieving, consulting, using, providing by means of transmission, distribution or any other form of posting, bringing together, linking together, and shielding , Exchange or destruction of data;
File: Any coherent set of personal data, regardless of whether this aggregate of data is collected or separated from each other, which is accessible according to certain criteria and relates to different persons;
Responsible: The person who alone or in conjunction with others determines the purpose and resources for the processing of personal data. Responsible may be a natural person, a legal entity or a governing body.
Processor: The person who processes the responsible personal data without being subject to his direct authority.
The person concerned: the person to whom a personal data relates;
Third Party: anyone other than the person concerned, the responsible person, the editor or any person authorised under the authority of the person responsible or the processor to process personal data;
Recipient: the person to whom the personal information is provided;
Consent of the person concerned: any free, specific and information-based welfare that the person accepts to process personal data about him;
Providing personal data: disclosing or making available personal data;
Collection of personal data: Obtaining personal information.
This Regulation applies to the fully or partially automated processing of personal data. It also applies to the non-automated processing of personal data contained in a file or intended to be included therein.
1. The purpose of collecting and processing personal data is to provide the information necessary for the realisation of legal purposes and the purposes as defined in the articles of association, the annual plans and other plans of Think Smart English and the conduct of policy and management in the context of these purposes.
Representation of the person concerned
1. If the person concerned is a minor and has not yet reached the age of sixteen, or if the person concerned is a minor and has been placed under curtailment or mentoring has been instituted for the benefit of the person concerned, instead of the consent of the person concerned requires the consent of his legal representative. The permission is recorded in writing. If the person concerned has issued a written authorisation in respect of his / her representation to the processor, the written consent of the person concerned is required.
Responsibility for management and liability
1. The responsible person is responsible for the proper functioning of the processing and management of the data; Under the responsibility of the responsible person, a manager is usually charged with the actual management of personal data.
Straight forward processing
1. Personal data are processed in accordance with the law and regulations in a proper and careful manner.
• the data processing is necessary for the execution of an agreement in which the party concerned is (for example, the contract of employment with the person concerned) or for actions, at the request of the person concerned, necessary for the conclusion of an agreement;
• Data processing is necessary to comply with a legal obligation of the responsible person.
• Data processing is necessary in view of the interests of the person responsible or of a third party, unless that interest is contrary to the interest of the person to whom the data is processed and which matters.
6. Anyone acting under the authority of the controller or the processor – and the processor himself – processes personal data only on behalf of the person in charge, except in case of deviating legal obligations.
7. The data will only be processed by persons who are required by virtue of their duties, occupations, statutory requirements or on the basis of a confidentiality agreement.
Special personal data
1. The processing of personal data about one’s religion or belief, race, political affiliation, health, sexual life, membership of a trade union or criminal data is prohibited except in cases where the law explicitly determines by whom for what purpose and Under which conditions such data may be processed (Articles 17 to 22 of the Personal Data Protection Act 2010).
Data obtained from the person concerned:
• his identity;
• The purpose of processing for which the data is intended, unless the person already knows that purpose.
• his identity;
• The nature of the data and the purpose of the processing for which the data are intended.
The moment that must be done is:
• The moment when the controller determines the data or
• If the controller collects the data only to provide it to a third party: at the time of first submission to the third party.
Top of Form
Within Think Smart English, the following persons have access to the data: the controller, the processor, the recipient and the person concerned.
1. The person concerned has the right to know the processed data relating to his / her person.
• the detection and prosecution of criminal offences;
• the protection of the person concerned or the rights and freedoms of others.
Provision of personal data
1. Provision of personal data to a third party shall, in principle, be done only by consent of the person concerned or his representative, subject to a statutory provision or emergency order.
Right to correction, addition, removal
1. At the written request of a person concerned, the person responsible shall improve, supplement, remove and / or shield the personal data processed on the applicant if and to the extent that this data is actually incorrect, for the purpose of processing incomplete, is not relevant Serve or include more than is necessary for the purposes of registration, or otherwise contravened by a statutory provision. The request of the person concerned contains the changes to be made.
1. Personal data are no longer stored in a form that allows the person to identify, then is necessary for the realisation of the purposes for which they are collected or subsequently processed.
• storing is of great importance to someone other than the person concerned;
• The storage is required by a legal requirement or
• if there is any correspondence between the person concerned and the responsible agreement.
Notification of data processing
1. A fully or partially automated processing of personal data destined for the realisation of a purpose or coherent purpose shall be reported to the College of Personal Data Protection before processing commences. 2.The non-automated processing of personal data intended for the realisation of a purpose or coherent purpose shall be notified if it has been subject to prior investigation.
If the person concerned considers that the provisions of this Regulation are not complied with, he may focus on:
1. Changes to these rules shall be made by the responsible person.
In cases where this Regulation does not provide, the responsible person shall decide with due observance of the provisions of the Act and the purpose and scope of this Regulation. Information about the Data Protection Act: