The Human Potential Academy z.s. collects and uses personal information about visitors of our website and events, clients, staff, students, members and other individuals who come into contact with our organisation. The information is gathered in order to enable THPA to provide information about the events, training, professional development, education, membership, services and other associated functions. In addition, there is a legal requirement to collect and use information to ensure that the organisation complies with its statutory obligations.
This policy applies to our websites, our use of emails and text messages for information, and any other methods that we use for collecting information including the events that we hold. It covers what we collect and why, what we do with the information and what we won’t do with the information, and what rights you have.
Who are we?
We are The Human Potential Academy z.s. (further only THPA). Our seat is Belgická 633/17, Praha 2. Our ID is 07003838. Our contact person is Chairwoman Kateřina Černá: firstname.lastname@example.org. We are the owner of www.understandinghumanmind.cz, www.understandinghumanmind.com and www.porozumenimysli.cz .
Anyone who works for, or acts on behalf of, THPA (including staff, volunteers, supervisory board members and service providers) should also be aware of and comply with THPA’s data protection policy for staff, which also provides further information about how personal data about those individuals will be used.
THPA’s Commitment to Privacy
THPA is committed to keeping the personal information that you share with us (on paper, over the telephone or via the internet) accurate, up to date and confidential.
Responsibility for Data Protection
The chairwoman of THPA will is responsible for the oversight of data protection compliance. The chairwoman will deal with all your requests and enquiries concerning THPA’s uses of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this policy and the GDPR.
What Information Do We Collect?
We will only ever collect the information that we need, including data that will be useful to help us to improve our services. We collect two kinds of information:
Personal information as detailed below. This information will be used for administration and for other normal purposes of a non-governmental organisation.
Personal Data Processed by THPA
Personal data processed by THPA includes contact details, and professional development, training and assessment results. THPA may also process sensitive personal data such as ethnic group or nationality.
How We Collect Personal Data
We will collect information about you at the time you apply for or purchase a membership, course, programme, event, service or product. From time to time we may request that you confirm and where necessary update the information that we hold. On occasion, we may request additional information if it is deemed necessary for administration or service provision.
Your personal data will usually be collected directly from you.
Purposes For Which Your Data May Be Processed
Your personal data (including sensitive personal data, where appropriate) is processed by THPA strictly in accordance with the GDPR in order to:
provide information for the events we hold including the webinars and conference and seminars
support its students learning;
monitor and report on their progress;
support membership services;
assess how well the THPA as a whole is doing;
communicate with clients, staff, members and students/trainees;
for the purposes of management planning and forecasting, research and statistical analysis, including that imposed or provided for by law (such as tax, diversity or gender pay gap analysis);
to enable relevant authorities to monitor THPA's performance and to intervene or assist with incidents as appropriate;
to give and receive information and references about past, current and prospective staff;
to give and receive information about past, current and prospective students/trainees;
to give and receive information and references about past, current and prospective trainers;
to monitor (as appropriate) use of THPA’s IT and communications systems in accordance with the THPA’s acceptable use policy;
to make use of photographic images in publications, on the website and (where appropriate) on social media channels in accordance with the THPA’s policy on taking, storing and using images; and other reasonable purposes relating to the operation of THPA.
Unless you have requested otherwise, THPA may also use your contact details to send you promotional and marketing information by post, email and SMS about THPA and its activities. When you submit information via our website you will have the option to opt out of receiving marketing information. Should you subsequently decide that you would rather not receive such information then there is an “unsubscribe” option on all of our emails or you can contact email@example.com.
Third Parties with Whom We May Need to Share Your Personal Data
From time to time THPA may be required to pass your personal data (including sensitive personal data where appropriate) to third parties, including local and public authorities, and professional advisers, who will process the data:
to comply with the law, for example to comply with a court order, or if requested by a government or local authority department which has the lawful authority to obtain the information;
in response to a request from either the police or a local authority department;
to enable the relevant authorities to monitor THPA's performance;
to compile statistical information (normally used on an anonymous basis);
to secure funding for THPA (and where relevant, on behalf of individuals);
to enable trainers and students/trainees to take part in assessments and to monitor progress and educational needs;
to obtain appropriate professional advice and insurance for THPA;
where a reference or other information is requested by another educational establishment or employer to whom they have applied;
where otherwise required by law; and
otherwise where reasonably necessary for the operation of the THPA.
Finally, in accordance with the GDPR, some of THPA’s processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers, such as Smartselling, Facebook, Google, Fapi, Pragoecon- services we are not able to secure ourselves. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with THPA’s specific directions.
Storing Your Information
Information is stored by us on servers located in Prague, Czech Republic. We may transfer the information to other reputable third-party organisations as explained above and they may store their information inside or outside the European Economic Area. We may also store information in paper files.
Unfortunately the transmission of information via the internet is not completely secure; any transmission is at your own risk. Once we have received your information we have in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Whilst we cannot guarantee that loss, misuse or alteration of data will not occur whilst it is under our control, we make every effort to try to prevent this.
Where a password is required to enable you to access parts of our website, it is your responsibility to keep this password confidential. Please do not share your password with anyone.
Retention of Data
THPA will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason.
If you have any specific queries about how our retention policy is applied or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the Chairwoman at THPA. However, please bear in mind that THPA will often have lawful and necessary reasons to hold on to some personal data even following such request.
A limited and reasonable amount of information will be kept for archiving purposes, for example; and even where you have requested we no longer keep in touch with you, we will need to keep a record of the fact in order to fulfil your wishes (called a "suppression record").
When we no longer require information, we will always dispose of it securely, using specialist companies if necessary.
What THPA Won’t Do With Your Information
We will never sell or share your information with other organisations to use for their own purposes.
Individuals have various rights under the GDPR to access and understand personal data about them held by THPA, and in some cases ask for it to be erased or amended or have it transferred to others, or for THPA to stop processing it but subject to certain exemptions and limitations.
Any individual wishing to access or amend their personal data or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the Chairwoman.
THPA will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits (which is one month in the case of requests for access to information).
THPA will be better able to respond quickly to smaller, targeted requests for information. If the request for information is manifestly excessive or similar to previous requests, THPA may ask you to reconsider, or require a proportionate fee (but only where the GDPR allows it).
For more information about your rights, please see the EU GDPR portal.
You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals, or information which is subject to legal privilege (for example legal advice given to or sought by THPA, or documents prepared in connection with a legal action).
THPA is also not required to disclose any student scripts, provide or other test marks ahead of any ordinary publication, nor share any confidential reference given by THPA itself for the purposes of the education, training or employment of any individual.
You may have heard of the "right to be forgotten". However, we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your personal data: for example, a legal requirement, or where it falls within a legitimate interest identified in this Privacy. All such requests will be considered on their own merits.
Where THPA is relying on consent as a means to process personal data, any person may withdraw this consent at any time. Examples where we do rely on consent are certain types of uses of images and certain types of marketing activity. Please be aware however that THPA may not be relying on consent but have another lawful reason to process the personal data in question even without your consent.
Data Accuracy and Security
THPA will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify the Chairwoman of any significant changes to important information, such as contact details, held about them.
An individual has the right to request that any out-of-date, irrelevant or inaccurate or information about them is erased or corrected (subject to certain exemptions and limitations under the GDPR): please see above for details of why THPA may need to process your data, of who you may contact if you disagree.
THPA will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to systems. All staff, volunteers and board members will be made aware of this policy and their duties under the GDPR and receive relevant training.
If you have any queries about this Policy or how personal data is processed by THPA, please contact the Chairwoman. Please put GDPR in the subject heading.
If an individual believes that THPA has not complied with this policy or acted otherwise than in accordance with the GDPR, they should utilise the complaints procedure and should also notify the Chairwoman.