In this document you will learn how the companies LOCALIZE.PL Agenor Hofmann-Delbor Jacek Mikrut Spółka Jawna and TexteM Maria Szpor Anna Konieczna-Purchała sp.j., hereinafter referred to as “TLC Conferences”, meet the requirements of the GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC , and how we protect and process your personal data. We have done everything in our power to comply fully with all the requirements of the Regulation, however if you believe that any information is missing or that anything concerning our compliance with the requirements of the GDPR raises your concerns, please write to us and we will promptly correct it. We have divided the document into clear thematic sections, so that you can quickly familiarize yourself with a specific issue. We have described everything as clearly and unambiguously as possible.
We process personal data fairly and lawfully. We also make sure that it is clear to individuals that their personal data is collected, used, viewed or otherwise processed, and to what extent such personal data are or will be processed. All communications and information relating to the processing of data shall be in plain language and without the use of legal jargon. Already at the time of data collection, we also expressly inform you of the identity of the controller (aka data administrator) and the explicit, legitimate and specified purposes of the processing. We only process data that is adequate, relevant and limited to the extent necessary for clearly defined purposes.
We also make sure that the persons whose data we process always have the right to obtain confirmation and information about the processed personal data concerning them and other rights related to the processing of personal data - we also inform about the ways to exercise these rights. We constantly provide you with transparency in accessing and full control over your data, including the possibility of correcting and deleting personal data (including data that is incorrect).
We also describe the principles and risks associated with the processing of personal data of individuals. We process your data in such a way that it is secure and confidential, following the internal security policy and taking care to protect your access to and use of your data (or the equipment on which it is stored).
We also collect personal data only to the extent necessary to ensure the performance and security of our services or to personalize the performance of our products. Data shall at all times be duly protected and kept only for as long as it is necessary for the performance of the service. We do not process personal data as soon as we are able to provide the service in a way that does not require their use. All data collected shall have a clearly defined deadline for their deletion.
All the assumptions of our compliance with the requirements of the GDPR described here are described in detail below.
1. What is the purpose of processing personal information at our company?
Every company that processes personal data is obliged to meet a number of requirements in terms of protection, scope and security of personal data processed. At TLC Conferences, we have been paying a lot of attention to these issues for many years, thanks to which we obtained compliance with the Regulation (GDPR) many months before the statutory deadline. We have nothing to hide, so in this article we want to explain in a simple and transparent way when, for what purpose and to what extent we use personal data. Our goal is to identify all information necessary to ensure fair and transparent processing and to take into account the specific circumstances and specific context of the processing. More on the context of the processing in Chapter 2.
Purposes of personal data processing at TLC Conferences:
We want to facilitate the registration and ticket buying process by allowing you to return to the previously prepared shopping basket. This is made possible by the typical web technology - cookies. They can, of course, be switched off at any time. The principles of their operation and our scope of their use are described in a separate chapter.
We want to combine information from our other information and social channels, such as YouTube, Facebook and Google, placing it on the website in a single, coherent communication path from different sources. In this way, you can immediately click on an embedded Facebook article on our website and link your reaction to your social networking account. Such interactions take place directly in the Facebook module and apart from the fact that a cookie is generated by a Facebook widget embedded on the website, we do not participate in any way in the transfer of any data, do not gain access to the profile, and so on.
We want to verify the effectiveness of information and advertising campaigns, i.e. to observe which content is welcomed by our customers and which is not. This is also done through Google AdWords, Google Analytics and DoubleClick cookies (including Google). This means that if you sign in to a Google Account and use it on your browser and then click our ad or sponsored link, the cookie will remember this selection (until you clear the list of cookies or it expires - each cookie has a period of time after which it automatically expires).
We want to learn how to better tailor our services and products to our customers, which is helped by the general statistics of website traffic. With the help of the statistics of visits to the server and the website we monitor the general traffic on a given day, data transmission and reactions to the announcements concerning events, conferences, promotions, trainings, films and articles. This information is aggregated and does not allow us to link the activity to you in any way.
We want to increase security of use of the website and prevent abuse, attacks and difficulties in using the website. For security reasons, our server logs on to the connections on the basis of the addresses, which is the basis of administration of any device connected to the Internet. In this way, we can detect attempted unauthorised access attempts, such as DDOS attacks.
We want to be able to contact you, in which case you will need your data to reach the right recipient or to be able to contact us by phone. Most often, we contact you regarding the execution of orders and the provision of technical assistance.
We want to send you information about interesting events, promotions and news in our newsletter. Of course, this applies only to people who have consciously subscribed themselves to our newsletter. All subscribers can unsubscribe at any time, although we do our utmost to make it always worthwhile to read our newsletters.
Occasionally, you may need to send a system message regarding your account, technical work or changes to the service. We then want to be able to send you a message or message using the data you have provided us with your consent.
We want to be able to obtain user feedback and review our activities or services, which allows us to improve the quality of our services.
We also process your data in accordance with current legislation, such as how long we need to keep invoices and other fiscal records. In such a case, the disclosure of the user's personal data may take place only on the basis of a decision of a specific body authorised by law.
In order to achieve the above objectives, we make sure that at the moment of registration in the service, the user provides their personal data voluntarily, on their own responsibility, giving consent to their processing, in accordance with the applicable requirements of the GDPR. Only those data that are necessary for the proper operation of the service are processed.
2. Which personal data do we process and in which situations?
It is important for us to minimize the processing of your personal data at all times. In most cases, we also simply don't need anything for them because of the specific nature of our business. Below we summarize which personal data we process and in which situations:
When processing orders from translation-conference.com, the order form contains invoice data as well as an e-mail address. If user account creation is part of the registration process, when creating such an account, we process the data entered by the user. You can also order without creating an account. We also process your order data (the shop assigns your order to your account). This data makes it easier to process your order.
For enrollment in training and other events. Participants send us their name and e-mail address. We also process data related to all registrations into events, trainings and conferences, provided that the registration is carried out by means of a form on the website or by e-mail. We keep a list of subscriptions, send participants invoices and participation certificates. Lists of participants are kept for 12 months for the purpose of consulting the trainer after the training and obtaining a certificate of participation. Regardless of this, we store participant invoices as required by law.
When you subscribe to our newsletter. On our website you can voluntarily subscribe to the newsletter with your nickname, name or first name and e-mail address. Personal data is not processed here, unless the e-mail address itself constitutes such data in accordance with the law (which may happen if the address is name.surname@host).
On the server side, IP addresses, device ID, browser used, operating system and location are stored. This data is automatically collected by the server and is recorded for the purpose of monitoring Internet threats (DDOS attacks, attempted broken passwords and unauthorized access to the account) and the status of services. They also make it possible to generate statistics on website visits.
Some third-party services, such as Google Analytics and YouTube, use their own separate cookies. They are used for analytical purposes or for purposes related to matching search results with previous queries sent from a given position (e.g. favorite videos on YouTube channel). The profiling process is therefore limited.
We do not post third-party ads on our sites, but we use Google AdWords, which may store information about clicking directly from the search results page. This information may also be sent to a Google AdWords cookie.
We may also process your data in other situations where the transfer is occasional and necessary in connection with your contract or claim.
We occasionally process data in the form of photographs. This is the case when we obtain a recommendation and a photo from a person who agrees to publish their data in this form on our news channels or on the website.
We may occasionally process or transmit personal data if the data subject has given his or her express consent and this is necessary in connection with a contract or a claim, regardless of the nature of the proceedings: judicial or administrative, or any other extra-judicial proceedings within the Union and the Member States.
We do not process sensitive data whose context may pose a serious risk to fundamental rights and freedoms. Such personal data include personal data revealing racial or ethnic origin. We do not process photographs that meet the definition of biometric data, i.e. which, when processed using special technical methods, allow a natural person to be unambiguously identified or confirmed.
It is our policy that we do not store personal information that we do not need to process your order or provide services.
3. What are the cookie files and how are they processed on translation-conference.com?
Cookies make it easier for you to customise your website to meet your needs, evaluate the effectiveness of your advertising activities and ensure continuity when you use social media content, which can thus record your visit to our website. You can change the settings of your browser at any time and decide whether or not to save cookies. However, changing the settings may limit the operation of the service.
When using the website, individuals may be assigned Internet identifiers - such as IP addresses, cookies - generated by their devices, applications, tools and protocols, or other identifiers, such as RFID tags. Due to the Internet technology used, this results in leaving a trace, which, especially combined with unique identifiers and other information obtained by the servers, can be used to create profiles and to identify these people.
Cookies that appear on our pages together or separately, grouped by the service responsible for generating the file:
· doubleclick.net (Controller/Administrator - Google)
· youtube.com (Controller/Administrator – Google)
· (Controller/Administrator – Google)
· (Controller/Administrator – Wix)
4. What is the legal basis for the processing of personal data?
We process data in accordance with the law (4.5.2016 L 119/40 Official Journal of the European Union PL) in order to provide services, including matching preferences, analyzing and improving them and ensuring data security, and also because it is necessary to provide services for their provision (identified here with the Terms and Conditions of the translation-conference.com website), statistical measurements and own marketing of the Controller (Administrator). Any processing of personal data for marketing purposes in case of third parties takes place only on the basis of voluntary consent (which can be withdrawn at any time).
We always make sure that the data subject has consented to the processing of his or her personal data for one or more specified purposes. Our process involves processing only where this is necessary for the performance of a contract to which the data subject is party or to take action at the request of the data subject prior to the conclusion of a contract. The legal basis for data processing is also a legal obligation resulting from the regulations of conducting business or other legal conditions that oblige us to process personal data.
Another legal basis for the processing is the legitimate interest of the controller, including the controller to whom personal data may be disclosed, since the data subject is a customer of the controller or acts on their behalf. The processing of personal data is also a legitimate interest of the controller and absolutely necessary to prevent fraud (which could be the case in the absence of verification of personal data when processing orders). The processing of personal data for the purposes of direct marketing is also, in our case, a legitimate interest of the controller, provided of course that the person whose data are processed has given their consent to the nature of the processing of their data.
5. Who is the Data Controller (Administrator)?
Data Controller (also known as Data Administrator) with regard to your personal data is the Operator, TLC Conferences Agenor Hofmann-Delbor Maria Szpor Spółka Jawna, with its registered office in Warsaw, under the address: ul. Czerniakowska 30/60, 00-714 Warsaw, employees of the company and companies that are trusted partners of TLC Conferences, with whom we maintain constant cooperation necessary for the implementation of our services. This cooperation is usually aimed at providing a specific service, and in other cases at better adapting the advertisements to the needs and interests of the visitor to the site.
Personal data can only be accessed the Administrator of Personal Data and employees of TLC Conferences who have been authorized by the Administrator in this respect and have signed the appropriate statement in the scope of working with personal data.
TLC Conferences, acting as a personal data controller, taking into account the nature, scope, context and purposes of the processing and the risk of infringement of rights or freedoms of natural persons with different probability and significance of risk, implements appropriate technical and organizational measures to ensure that the processing takes place in accordance with the GDPR. These measures shall be reviewed periodically by us and, if necessary, updated. We also apply an appropriate security and data protection policy.
6. To whom can we transfer your personal information and under what circumstances?
It is our policy that all personal data provided to us will be stored solely by us. In some cases, we may need to transfer your data to a third party that generates licenses for the software we sell to fulfill your order. For example, the printing house which prints out badges or organizers of workshops are such companies. These are only data necessary for enabling participation in the conferences or use of other services which we provide. We never share any other information with third parties or sell data.
Our assumption is that we store data only for as long as it is necessary and we do not make it available to anyone - only TLC Conferencse employees have access to it. However, there are situations where the transfer of data to a third party is necessary:
When it is a condition of fulfilling an order or activating a service by a manufacturer
When it is a condition of enrolling for an event, training or conference held by another company
When required to do so by law (e.g. by a court or law enforcement authority requesting access to data)
The entities to which we transfer data are market leaders in their fields, which guarantees an adequate level of knowledge, reliability and technical resources to meet the requirements of the GDPR, in particular the security of processing. They have their own clearly defined privacy policies, which at the same time constitute a code of conduct ensuring due care for the processing of data. This processing is carried out on the basis of entrustment agreements or other agreements enabling us to indicate the assumptions of the processing of personal data by the third party to whom we transfer the data in the process of processing the order. The information contained therein shall specify the subject matter and duration of the processing, the nature and purposes of the processing, the type of personal data and the categories of data subjects, the specific tasks and obligations of the processor in the context of the intended processing and the risks of infringement of the rights or freedoms of the data subject.
Processing by a third party takes place on the basis of a contract of entrustment or another legal instrument. It determines the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects, the obligations and rights of the controller. In particular, this contract or another legal instrument provides that the processor shall provide adequate technical and organisational means to comply with the obligation to respond to the data subject's requests for the exercise of their rights (for more information, see a separate chapter). We use this agreement, for example, for a service that enables us to send out our newsletters and maintain a list of respondents.
In cases which concern TLC Conferences, the transfer of data may be considered as unique and concern only a limited number of data subjects (due to the performed order or the provided service). Such processing shall also constitute important legitimate interests of the controller and all the circumstances surrounding the transfer shall be known, precise and safeguarded.
7. What is the storage period and duration of the processing of personal data at TLC Conferences?
In the case of products which are offered in combination with additional services, e.g. access to specific materials, training, etc., this period is calculated from the moment when the last of the services is completed.
In some cases, laws and fiscal regulations require us to retain data for a strict period of time. In such cases, we strictly comply with these requirements, and the data are deleted only after the expiration of the period required by law, even if the user has submitted an instruction to delete the data earlier, because the provisions of the GDPR are no higher than the tax and tax regulations.
To ensure that data is reviewed and deleted regularly and no later than the data retention period, we use automatic reminders at the level of the Exchange server and secured automatic calendars. Wherever possible, data shall be stored in such a way that they can be automatically terminated.
Personal data provided to us and used in the process of providing technical assistance or training shall be stored only during the period of service provision. Upon termination of the service, the data shall be deleted immediately and a copy of the data shall not be stored by us.
Our recruitment processes are most often connected with receiving CVs of candidates. These documents contain personal data and are processed by us only during the recruitment process. In accordance with our assumptions, after the recruitment process we remove all documents of the candidates and do not keep copies for future recruitment purposes.
8. How do we ensure data security and what is our security policy?
In accordance with the principles of the GDPR, we have developed and implemented an internal security policy which defines the application of appropriate technical and organisational measures to protect the rights and freedoms of data subjects. The policy is to limit the storage of data and to process it in a way that ensures an appropriate and adequate level of security, including the protection against unauthorised access, unlawful processing, ensuring data integrity and confidentiality, and in particular the accidental loss, destruction or corruption of data, by appropriate technical or organisational means.
To ensure that our security policy is appropriate, we conduct periodic security audits at TLC Conferences.
We design all our systems with data protection and connection security in mind to ensure that we have the right means of protection. When processing data, our services use only encrypted connections (secured with SSL protocol), which ensure security of transmission. This approach reduces the risk of information being intercepted and used for improper purposes by third parties.
The data security procedures we apply minimize the scope of processed data that is stored in separate databases and CRM systems.
The accounting documents shall be kept outside the office or on a secure data medium accessible only to authorised persons or entities with whom a contract of entrustment has been concluded where this is necessary for the performance of the service.
In order to protect your personal data effectively, we use pseudonymization and data minimization where technically possible in order to reduce the risks. For example, if a list applies to orders and invoice numbers, we do not include additional names or other half-names on the list, which may include personal information. The very content of invoices and orders is contained in separate security systems covered by the Security Policy.
We minimize the risk of accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed - and which may in particular lead to physical or property damage. In this respect, our security policy is to prohibit the processing of personal data on unencrypted media and to restrict access to backup media, as well as the use of encrypted connections to all systems of invoicing, customer database management or newsletters.
We protect the confidentiality of data in technical (equipment, security) and human (procedures, training, audits) terms.
All our systems are equipped with mechanisms that ensure data availability with guaranteed response time and the possibility of restoring the backup in case of a physical or technical incident.
In order to make sure that the security of processing is ensured, we use regular audits consisting in testing, measuring and evaluating the effectiveness of the technical and organizational measures aimed at ensuring security in this respect.
As part of our security policy, we also have regular audits of the use of personal information and a notification system that allows us to meet our stated use or retention times.
The internal security policy, which we apply and which we have included in the non-public internal document confirming compliance in this respect with the requirements of the GDPR, is also directly related to the risk analysis carried out, which was also formalised in a separate document. The review of risk factors is one of the standard cyclical elements of the internal audit at TLC Conferences.
Our technical security measures shall be appropriate to our business activities in relation to the processing risks we have considered, and in particular to the risks arising from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
The internal security policy shall be our approved code of conduct as referred to in Articles 40 and 42 of the Regulation, as defined in the GDPR.
One of the elements of the security policy applied by us is the obligation to verify the identity of a person in a situation where the personal data processed by the controller do not allow him to identify a given natural person, and obtaining the data will facilitate the exercise of their rights. Verification is usually performed by means of an authentication mechanism and logging in to the services offered by us. Identification data is linked to a unique e-mail address of a natural person.
9. Which consents are linked to the processing of personal data?
IT systems visible to natural persons on the Internet are based mainly on typical websites linked with shop modules. These websites use several mechanisms which require the user's active consent. This is always the case when personal data are collected.
Consents on translation-conference.com are in the form of check boxes, they are formulated in an unambiguous and specific way. If you do not check the check box, you will not be able to give consent. Consents are given each time separate activities are performed within the service, which require a permit for the processing of personal data. In all areas of the website where you agree to something, we make sure that it is a one-off, informed and specific consent. For this reason, in all forms, including the order form, the check boxes must always be ticked and the selection accepted manually.
Consents which may be given in the context of our processing of personal data can be divided into several areas:
Consent to receive invoices in electronic form. Please select this option to receive invoices by e-mail. If you do not agree, we will send you a traditional printed invoice by post, as required by fiscal and legal regulations.
Consent to receive our e-mail newsletter with information about events, offers and promotions. Entering your username and e-mail address in the order field of the newsletter and subsequent confirmation of your subscription on the basis of the e-mail activation link is consent. You can subscribe by using the form on the homepage or when placing an order.
Consent to direct marketing by us by means of terminal equipment. This consent enables us to contact you directly and send you individual offers for training, workshops, conferences and updates. Some of the information is not published on our websites or in our newsletters, so if you do not agree to this form of marketing you may be restricted from accessing our closed sales offers. This consent, like any other consent, is voluntary and can be withdrawn at any time.
The service user has the right to withdraw the opinions expressed by them directly from the service user's account (if used) or by e-mail (firstname.lastname@example.org). The channels for expressing consent function in parallel, so if it is not currently technically possible to use the chosen channel to revoke or give consent, an alternative channel can be used. Using them is just as easy.
10. What rights do you have with regard to personal data?
Right of access to personal data
In accordance with Article 15 of the GDPR, the data subject is entitled to obtain confirmation from the controller of the fact of processing their data and to obtain access to them. In addition to access, this right obliges the controller to provide additional information about the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular the recipients in third countries or international organisations; and the intended period of storage of the personal data, information about the right to request the controller to rectify, erase or restrict the processing of personal data concerning the data subject, and to object to such processing; information on the right to lodge a complaint with the supervisory authority; where personal data have not been collected from the data subject, any available information on their source; information on automated decision-making, including profiling, and on the relevance and foreseeable consequences of such processing for the data subject.
The controller shall provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee for administrative costs. Unless the data subject requests a copy by electronic means, and unless otherwise indicated, the information shall be provided by electronic means common to all.
Our IT systems offer access to the entered data directly from the user panel of the service in which they were entered. If, for technical reasons, editing or displaying is not possible, the system is updated, modernized or temporarily unavailable during service work, it is possible to gain access to data by sending a request by e-mail TLC Conferences. If your application has been received electronically, it will be made available electronically and within the time limit required by the GDPR. You can also select the form of data sharing according to your preferences at the time of sending your request to us.
Right of rectification
If you believe that the data we process is incorrect, you have the right at any time to correct, amend (based on an additional statement) or rectify or delete it.
To rectify or erase your personal data or to limit the processing we carry out as a controller pursuant to Article 16, Article 17 (paragraph 1), and Article 18. We inform each recipient to whom personal data have been disclosed, unless it proves impossible or will require a disproportionate effort. We also inform the data subject of these recipients upon request.
Right to erasure or restriction of processing
You have the right to restrict processing in the following cases:
If you believe that your personal data are incorrect, for a period of time that allows you to check the correctness of the data;
Where the processing is unlawful and the data subject objects to the deletion of the personal data, the data subject shall instead request a restriction on their use;
When we no longer need personal information for processing purposes, but you may need it to establish, pursue, or defend a claim;
When you raise an objection under Article 21 (paragraph 1), you must state the reasons for your objection. in respect of processing, until it has been established that legally justifiable grounds on our part prevail over grounds for objection
Where processing is restricted, we shall further process personal data only with the data subject's consent or for the purpose of establishing, pursuing or defending a claim, or to protect the rights of another natural or legal person, or on important grounds of public interest of the Union or of a Member State.
Whenever processing restrictions are lifted, we will inform the data subject.
Right to transfer data
If we process your data (which we have previously received from you), you have the right to receive it from us in a structured, commonly used, machine-readable format. You also have the right to send this personal data to another controller (administrator) without any obstacles on our part, if it is done in accordance with the requirements of the GDPR, and in particular Article 6 (paragraph 1 a) or Article 9 (paragraph 2) or on the basis of an agreement as referred to in Article 6 (paragraph 1).
The right to data transfer also applies in all situations where processing on our part is carried out by automated means.
You also have the right to request us to send your data directly to another controller (administrator), as far as this is technically possible.
Right to withdraw consent to the processing of personal data
Each person whose data we process has the possibility to view, edit and delete their personal data by making changes after logging into their account or contacting the administrator of personal data. For technical reasons, some changes may be made only directly by the Controller (Administrator) of personal data.
You have the right to withdraw your consent to the processing of personal data at any time, regardless of whether our processing meets the requirements of the GDPR and whether the consent was given earlier.
Right to lodge a complaint with a supervisory authority
If you believe that your rights with regard to personal data are not respected or in any other way do not meet the requirements of the GDPR, you have the right to lodge a complaint directly with the supervisory authority, which is the President of the Office for Personal Data Protection (POPDP). At the same time, we encourage you to try to resolve any doubts directly with our office beforehand.
Right to a source of personal data
We will provide you with the source of your personal data on request. The further processing of your data is entirely up to you - you have the right to request the deletion of your data from our resources at any time. Part of the data may come from publicly available sources and we will inform you about this in response to your request to indicate the source of the data.
Right of information and objection on automated decision-making
The information provided by us on profiling at TLC Conferences confirms that we do not use profiling as understood by GDPR, but if any of the services and services we refer to indirectly on our websites (e.g. YouTube, Facebook, Google) use profiling to which you do not give your consent, you have the right at any time to object to the profiling of your data. Please note that this type of profiling is only possible when the cookie mechanism is enabled, which can be disabled at any time in your browser's settings.
You also have the right to object to the processing of your personal data for marketing purposes, including profiling, to the extent that the processing is related to such direct marketing. Once an objection has been lodged, the data will no longer be processed. We inform about this right each time during the first communication. This information shall be separate from any other information.
Right to send or receive your data
If we process your personal data (which we have previously received from you), you have the right to receive your personal data, in a structured, commonly used, machine-readable and interoperable format, and to send it to another administrator. This applies if we have received your data on the basis of your consent or if the processing is necessary for the performance of a contract.
The right to be forgotten
You have the right to be forgotten if the retention of your data violates the rules of the GDPR, EU law or the law of a Member State to which the controller is subject. This right means in particular that, upon request, your data will be deleted and cease to be processed if they are no longer necessary for the purposes for which they were collected or otherwise processed. The right to be forgotten also applies if you withdraw your consent or if you object to the processing of your personal data, or if the processing of personal data is not otherwise in accordance with the GDPR, or if the data were processed illegally.
Data will also be deleted if this is to comply with a legal obligation under Union law or in Poland.
Right to object at any time to the processing of data for the purposes of direct marketing
You have the option of revoking your prior consent to the processing of personal data for the purposes of direct marketing at any time. There is no charge for this. You also have the right to object at any time, free of charge, to this processing, whether primary or further, including profiling, as long as it is related to direct marketing. This right should be clearly communicated to the data subject and should be presented clearly and separately from any other information.
In all situations requiring the use of a specific right or after receiving an instruction from the data subject to the notification, we declare a maximum of 30 days to fulfill the request related to personal data resulting from the above mentioned rights.
11. What are the risks of processing?
In order to implement an effective security policy, we have conducted a thorough risk analysis of the processing to ensure legal compliance and due diligence in our internal procedures.
We have estimated the risks involved on the basis of an objective and factual analysis of whether there is a risk or an increased risk with the data processing operations. Having identified all the processes taking place in the organisation, internal and external conditions concerning the environment, we have established a risk management process.
All people in the company are involved in the risk management process. Reports and irregularities are immediately reported to the management and the data controller.
Risk analysis is subject to cyclical audits and reviews to ensure that information and risk factors taken into account as well as risk prevention mechanisms are kept up to date.
12. Automatic profiling and processing
In order to avoid any assessment of personal factors of natural persons and their impact on the provision of services, delivery of products, etc., we do not use any automatic profiling mechanisms in our ordering process, taking into account the assumptions of GDPR. Data that would allow to assess such factors, and in particular to analyse or forecast aspects related to work effects, economic situation, health, personal preferences or interests, reliability or behaviour, location or movement of the data subject, are not collected at any stage of the processing of personal data at TLC Conferences.
13. Information for persons whose data have been obtained from another source
It may occasionally be the case that personal data have been collected other than directly from the data subject. This may be the case, for example, when we provide technical assistance through another person or entity, when we receive a list of people to register for training, a list of invoices, orders for verification, etc., and when we receive a list of people to register for training.
14. Final information
We have done everything in our power to comply fully with all the requirements of the GDPR, however if you believe that any information is missing or that anything concerning our compliance with the requirements of the GDPR raises your concerns, please write to us and we will promptly correct it.
The superior body to which we are answerable in the context of compliance with the GDPR is the President of the Office for the Protection of Personal Data, to whom we may also address any complaints in this respect.