Conditions for the Protection of Personal Data
Nikki’s models (hereinafter also the “Administrator” or the “Operator”)
In relation to the activity that she carries out (i.e. operating the nikkismodels.com website (“website”) and providing the services specified and stated on this website), she gathers personal data on natural persons. These natural persons may be both independent customers of the operator – website users, and individual persons, via which the Operator offers her services – suppliers (hereinafter also the “Data Subjects”).
These conditions for the protection of personal data ensure that the processing of personal data is carried out by the Operator in accordance with generally binding legal regulations, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter also the “GDPR” or the “General Regulation”) and other relevant national legal regulations of the Czech Republic so that the rights of Data Subjects are duly protected, and that Data Subjects are duly informed of their rights.
Use of and visits to the website are intended for persons older than 18. The Operator never knowingly processes data from website users younger than 18. If the Operator learns of this fact, she shall take all possible measures to prevent such users from using the website and black access to the website.
- Information about the Administrator, its contact information and used terms
Contact information for the Administrator:
Contact email: firstname.lastname@example.org
Mobile phone: +420 777 019 288
Contact information for the person responsible for the processing of personal data
Mobile phone number: +420 724 705 501
Representative of the person responsible for the processing of personal data
tel. 732 584 284
Questions regarding the processing of personal data can be addressed to the Administrator at email@example.com or to the person responsible for the processing of personal data. firstname.lastname@example.org.
Personal data is defined by the General Regulation as all information about an identified or identifiable natural person (“Data Subject”). An identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a particular identifier, such as a name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or social identity elements of such a natural person.
Special category of personal data (sensitive personal data) means personal data which disclose racial or ethnic origin, political opinions, religion or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person and the health or sex life or sexual orientation data of a natural person.
Processing means any operation or set of operations with personal data or personal data files that is carried out with or without the use of automated procedures such as collecting, recording, organizing, structuring, storing, customizing or modifying, searching, inspecting, using, accessing by transmission, distribution or any other disclosure, sorting or combining, restriction, deletion or destruction.
An Administrator is defined by the General Regulation as a natural person or legal entity, a public authority, an agency or other entity that determines itself or together with others the purposes and means of processing personal data. For the purposes of these principles, the administrator is the Operator.
Pursuant to the General Regulation, a Processor means a natural person or legal entity, a public authority, an agency or other entity that processes personal data for the Administrator.
The consent of a Data Subject means any free, specific, informed and unambiguous expression of will by which the Data Subject gives his or her permission to process personal data via a declaration or other apparent confirmation.
Express consent of the Data Subject means a stricter form of consent of the Data Subject for the purpose of processing special category personal data in situations where a high level of control over personal data is required, e.g. in the event of processing of personal data relating to the health of the Data Subject, his or her genetic data, etc.
- Purpose of processing, sphere of processed personal data, legal title of processing, duration of processing
Before the beginning of any processing of personal data, the Operator determines the purpose for which she is processing personal data.
The Data Subject will learn for what purpose the personal data of the Data Subject is processed from information that will be individually provided by the Operator (usually via the Operator’s website or the individual email of the Data Subject during registration or during registration of the user on the website). For the entire duration, processing of personal data will be carried out exclusively in the scope and in order to achieve the predetermined purpose.
As soon as the purpose of processing if fulfilled, in accordance with the principle in minimization of data and restriction of storing, the Operator shall delete the personal data, unless it is necessary to store it for a different purpose.
The sphere (scope) of personal data of the Data Subjects that the Administrator processes differs according to the category of the Data Subjects and from what legal title the processing of personal data occurs.
In most cases this concerns the following personal data: name and surname, production name, photo, marital status, phone number and email.
If special category personal data is processed, this will usually be information about the health status of the Data Subject (suppliers), or genetic data.
The Administrator usually processes the personal data of Data Subjects on the basis of one or more of the following legal titles:
- fulfilment of an agreement
- fulfilment of the legal obligations of the Administrator
- the legitimate interest of the Administrator
- consent of the Data Subject to the processing of personal data, or
- express consent of the Data Subjects to the processing of special category personal data;
Personal data is processed to the extent necessary for the fulfilment of the intended purpose in a specific case, and for the time required to achieve them, for the duration of the granted consent or for the period directly prescribed by legal regulations. The personal data is then deleted or anonymized.
The Administrator does not transfer any personal data to third countries, i.e. to countries outside the European Union and to the European Economic Area, excluding the United States of America, where the Administrator transfers to her customers the personal data of her suppliers specified in heading of these conditions.
- Method of processing, method of securing personal data
The Administrator processes personal data both in an automated manner and manually. The Administrator keeps records of all activities, both manual and automated, during which processing of personal data occurs.
The Administrator properly documents activities associated with personal data and the protection thereof, i.e. keeps records of processing activities and other documents on the processing of personal data for the fulfilment of the principles of responsibility pursuant to the GDPR.
The Operator adopts technical and organizational measures for the protection of personal data described in the internal regulations of the Operator, and always sufficiently secures and protects personal data against access by unauthorized persons to the data.
If you visit the Operator’s website, as the user thereof, you are informed of the fact that the Operator uses technology to collect and store information using cookies on your device. Cookies are small text files that the Operator does not send anywhere, and you remove them or disable them completely in your browser. Cookies do not collect any personal data, but without these files, the Operator cannot ensure the full functionality of the website.
If the user grants consent to store cookies on his or her end device whilst visiting the website, the Operator processes records of the user’s behaviour from the cookies files located on the website for the purpose of better operation of this website. The legal basis for this processing is the user’s consent.
- Information about the rights of Data Subjects:
Every identifiable natural person as a personal data subject who proves his or her identity has the following rights:
Right to access personal data
This includes the right to obtain from the Administrator:
- Confirmation of whether the Administrator is processing personal data,
- information about the purposes of the processing, the categories of the relevant personal data, the recipients to whom personal data was or will be made available, the planned processing time, the existence of the right to request the Administrator to correct or delete personal data relating to the Data Subject or to restriction of its processing, or to object to this processing, the right to file a complaint with the Surveillance Authority, about any available information about the personal data source if it is not obtained from the Data Subject, the fact that automated decision making is being carried out, including profiling, about the appropriate guarantees when transferring data outside the EU,
- a copy of the personal data if the rights and freedoms of others are not adversely affected.
The above information and communications requested by the Data Subject shall be provided by the Administrator free of charge. In the event of repeated requests, the Administrator shall be entitled to charge a reasonable fee for a copy of the personal data. The right to confirmation of the processing of personal data and information may be exercised via email to the aforementioned email address of the Administrator.
Right to correct inaccurate data
The Data Subject has the right to correct inaccurate personal data that the Administrator process about the Data Subject.
Right to deletion
The Data Subject has the right to the deletion of personal data that relate to the Data Subject, if the Administrator does not prove legitimate reasons for the processing of such personal data. The right to deletion of personal data may be exercised by the Data Subject via e-mail to the aforementioned email address of the Administrator, or that of the person responsible for the processing of personal data. The deletion will be carried out by the Administrator immediately, at the latest within 30 day of receiving the request from the Data Subject.
Right to restriction of processing
Until the initiative is resolved, the Data Subject has the right to restriction of processing if the Data Subject denies the accuracy of the personal data, the reasons for its processing, or if the Data Subject objects to the processing via email to the aforementioned email address of the Administrator, or that of the person responsible for the processing of personal data.
Right to be notified of a correction, deletion or restriction of processing
The Data Subject has the right to be notified by the Administrator in the event of a correction, deletion or restriction of processing of personal data.
Right to portability of personal data
The Data Subject has the right to portability of data that relate to the Data Subject, and which the Data Subject provided to the Administrator in a structured, commonly used and machine-readable format, and the right to request the Administrator to transfer this information to another administrator. In the event that this right could be adversely affect the rights and freedoms of third parties, the Data Subject’s request cannot be met.
Right to object to processing
The personal data subject, for reasons relating to his or her specific situation, has the right to object at any time to the processing of personal data that relate to the personal data subject, and which the Administrator processes for reasons of legitimate interest. In such a case the Administrator will no longer process the personal data, unless the Administrator proves serious legitimate interests for the processing that prevail over the interests or rights and freedoms of the Data Subject, or for the determination, exercise or defence of legal claims.
Right to revoke consent to processing of personal data
If the Operator process the personal data of the Data Subject on the basis of the Data Subject’s consent, the relevant consent to the processing of personal data can be revoked at any time. Revocation must be carried out via an express, understandable and specific expression of will, either by email to the Administrator’s email address at email@example.com, or to the person responsible for processing of personal data at firstname.lastname@example.org.
Revocation of consent does not affect the legal actions of the Administrator carried out at the time before consent was revoked.
Automated individual decision-making, including profiling
The Data Subject has the right to not be the subject of any decision based exclusively on automated processing, including profiling, that would have legal effects for the Data Subject or affects the Data Subject in a similar, significant manner. The Administrator states that she does not carry out automated decision-making without the influence of human judgment with legal effects for Data Subjects.
Right to contact the Office for Personal Data Protection
The Data Subject has the right to contact the Office for Personal Data Protection (https://www.uoou.cz/).
- Protection of personal data
The Administrator gathers and stores the personal data entered by the Data Subject, as well as personal data of a technical nature obtained from Data Subjects through electronic information carriers in a secured database, or document form in secure rooms and locked cabinets. The Administrator protects personal data to the fullest extent possible using modern technologies that correspond to the level of technical development. The Administrator declares that she has taken all possible currently known measures to secure this data against unauthorized third party interventions.
If any serious breach of personal data security is detected, the Administrator shall be obliged to report such a fact to the Office for Personal Data Protection without undue delay and, if possible, within 72 hours of becoming aware of such a fact, and to ensure that the situation is reasonably remedied.
As part of the fulfilment of her legal obligations, the Administrator may transfer personal data to administrative authorities and bodies set out by applicable legal regulations. The Data Subject acknowledges that the Administrator may be required to provide personal data by law or to fulfil her statutory obligations (e.g. in court or administrative proceedings).
As part of the fulfilment of her legal obligations and liabilities toward data subjects, the Administrator partly uses professional and specialized services of other entities. The Administrator is therefore authorized to assign a third party as personal data processor, and the Administrator will only use those processors who provide reasonable assurance that appropriate technical and organizational measures will be in place to ensure that the relevant processing protects the rights of Data Subjects. If these suppliers process personal data submitted by the Administrator, they process the personal data only as directed by the Administrator and may not otherwise use the data. With each such subject, the Administrator shall conclude a contract for the processing of personal data pursuant to Article 28 of the General Regulation.
Other recipients of the personal data of subjects are the following outsourcers: accountant, IT network administrator, administrative service providers.
The Administrator and other recipients of the personal data who shall process the personal data of the Data Subjects are obliged to maintain confidentiality about personal data and about security measures whose publication could endanger the security of the personal data. This confidentiality shall persist after the end contractual relationships with the Data Subject. Personal data shall not be issued to any third party without the consent of Data Subjects.
These conditions for the protection of personal data shall become valid and effective on the date they are issued and published on the website.
In Prague on 1.8.2018