Client/customer
Customer

Customers are typically legal entities, rarely self-employed or physical persons. For the customer, the billing information necessary to fulfil the contract is processed.
For the processing of personal data of Self-employed customers and Natural person, see the Client section.

Client

The client is a natural person who mediating a communication between the customer and the Controller when placing an order (entering into a contract) and implementing the service.

Client’s personal data

  • First name, last name
  • Title
  • Email (usually company contact)
  • Phone (usually company contact)
  • Address (usually company contact)

Purpose of processing

  • Communication within a business relationship
  • Order confirmation
  • Sending of accounting documents (unless otherwise defined)
  • If the person's personal data is not known or the Article 20 is applied
    • Sending course invitations
    • Sending information about changes (illness of the lecturer, etc.)
Description of operations and processing purposes

The operations and processing purposes of customer’s personal data are based on the business relationship. The Customer is usually a registered eShop user. After registering at the eShop, the relevant information is communicated to him in accordance with Articles 12, 13 and 14, and he is also informed about a possibility of managing his personal data in the eShop user profile according to Articles 15 to 22.
The client’s rights according to Articles 15 to 22 may be exercised by the client in person or electronically via Customer Service.
Personal details of the Client are, in accordance with applicable law on the archiving of tax documents, retained without further processing for 10 years after the last order. After the time elapses, the client’s personal details are forgotten.

  Course subscriber

The course subscriber is a natural person who is provided with an ordered service (course). Courses are usually held at the premises of Controller’s Computer Schools.

Subscriber’s personal data

  • First name, last name
  • Title
  • Email (usually company contact)
  • Phone (usually company contact)
  • Address (usually company contact)

Purpose of processingí

  • Sending course invitations
  • Sending information about changes (illness of the lecturer, etc.)
  • Providing materials and accesses (if the course requires it)
  • Issuing a certificate of completion of the course
  • Course evaluation
Description of operations and processing purposes

Personal details of a subscriber, such as name and email, are a legitimate interest of the administrator for organising and executing an ordered service (course) in the highest possible quality.

The personal data of the course subscriber is provided by the client within the ordering process. Based on the subscriber’s personal details that he provided in the above described way, his order is confirmed (conclusion of the contract) and a course invitation is sent to him electronically. Along with the invitation, the subscriber receives information according to Article 14 and is informed about a possibility of managing his / her personal data during the course according to articles 15 to 22. If the customer / client has a right according to Article 23, fictitious or empty personal data of the course subscriber will be used.

If, for a purpose of ordering a course material or providing access to cloud services of a third party, the course requires personal data of a subscriber, he is informed about this fact separately.

On the day of commencement and for the duration of the course, the personal data of a subscriber is displayed in the navigation system in order to facilitate easier orientation in the premises of the Computer School. Displaying of the personal data in the navigation system can be stopped by the subscriber at any time throughout the course.
After running a PC in the classroom and signing into the OS, the subscriber can automatically access ePresence, which allows him / her to manage his / her personal information under Articles 15 to 22. ePresence is available to the subscriber throughout the course.

At the end of the course, the course subscriber is issued a certificate of completion of the course with a unique number and his / her personal information is locked against changes. The right to repair under Article 16 may be claimed via customer service.

The personal details of the course subscriber are retained without an intention of further processing, according to terms and conditions (Knowledge Guarantee), for 12 months. After that, the subscriber's personal details are forgotten.

If a subscriber grants consent pursuant to Article 7, his or her personal data may be forgotten only after the end of the period of a granted consent or a purpose of the consent.

The subscriber may exercise his rights under Articles 15 to 22 also after completing the course and he can do so either personally or electronically via Customer service.

Part of the course is an assessment of the course, in which a subscriber can express his / her satisfaction with the quality of the service provided. Evaluation of the course is processed by the client service at the end of the course with special regard to negative, both point and verbal evaluation. These findings are delivered anonymously to an appropriate department. Rating, according to terms and conditions, may be provided on request to the client / employer or used as a basis for complaint.

  Certification exam participant

An authorized test centre is operated by the Administrator based on a contract and under conditions set by a given Certification Exam provider. One of the basic conditions is a certified Administrator who has authorization to manage a test centre, including an organisation and process of the certification exam from the participant’s point of view.

Candidates for passing a certification exam must normally be registered with the certification exam provider to obtain an ID needed to order the certification exam and being identified by the certification centre administrator.

By ordering the selected certification exam from the certification exam provider, the resources in the Administrator test centre are reserved.

The test centre administrator acts in a role of a recipient as all personal details of the participant are administered by the certification examiner. The Certification centre administrator will, in accordance with the Provider's contractual instructions, verify participant's identity and familiarise him / her with the terms and course of the certification exam. The participant confirms and approves the certification exam by his signature.

Upon completion of the certification exam, an evaluation will be carried out on the provider side. The result in paper form is transmitted by the certified administrator to the participant.

Since in this case the Administrator acts in the role of the recipient, the personal data of the certification he does not store participant’s personal data.

  Learning portal student

Learning Portal student is a natural person who is given access to an online studying of the purchased service (eLearning course).

Personal data of the Learning portal student

  • Name
  • Title
  • Email

Purpose of processing

  • Creating a profile on Learning portal
  • Activation of a selected product
  • Sending access information
  • Issuing a certificate

Description of operations and processing purposes

An individual, by purchasing an online eLearning course, receives a license, the activation of which grants an access to the Learning Portal for a role of "Student", where the study of the course takes place.

When activating the purchased license for individual, personal information, such as name and email, is required to create a Student profile on the Learning Portal. Once a profile has been created, a welcome email, containing basic instructions for accessing the Learning Portal, is sent to the Student. The components of the email include information according to Articles 12, 13 and 14 and Articles 15 to 22 on the possibility of managing personal data within the Student profile at the Learning portal.

The student may exercise his rights under Articles 15 to 22 either personally or electronically via Learning Portal Manager.

Final exam is a part of the online course. The student is issued a certificate of successful completion of the course if he passes the final exam. The certificate is available for download on the Student profile at the Learning Portal.

Learning portal student’s personal data, such as name and email, is a legitimate interest of the Controller in order to organize and provide the purchased service in the highest possible quality.

Learning portal student’s personal data is retained by the Controller without the intention of further processing for one year after deactivation of the profile by the Student. Personal data is forgotten after this period lapses.

  IT Club member

IT Club is an eShop, primarily focused on individuals (clients), allowing them to purchase goods from a catalogue. By registering and agreeing to the terms of membership of the IT Club, it is possible to get additional benefits when shopping at both, the eShop of the IT club and the IT Club partners.

Personal data of IT Club member

  • Name and surname
  • Email
  • Phone
  • Billing details and address
  • Delivery address
  • IT Club member ID

Purpose of processing

  • Order processing
  • Shipping the goods
  • Crediting IT points
  • Issuing a membership card
Description of operations and processing purposes

Registered users, who are also participants in the course, are, based on granted consent, allowed to purchase goods with other than just a monetary currency but also with IT Points. At the same time, they are issued an IT Club membership card, allowing them to benefit from the IT Club partners.

IT Points are credited only to registered members of the IT Club, based on passing a selected group of courses with a defined number of IT Points.

Crediting IT Points to the Account of an IT Club member is based on an electronic form and an authorization email.
In the application, the Member of the IT Club enters an email address, with which he / she was registered as a course participant and a course code, for which he / she claims the IT points.
An authorization email is sent to the email address mentioned above.
By confirming it, the Controller verifies the claim and the IT Club Member's account is credited with a defined amount of IT Points for completing the given course.

The operations and purposes of processing the personal data of the client / IT Club member are based on the business relationship. After the eShop registration, the client / IT Club member receives relevant information in accordance with Articles 12, 13 and 14 and is informed about the possibility of managing his personal data in the eShop user profile according to Articles 15 to 22.

The client / IT Club member may exercise his rights under Articles 15 to 22 either personally or electronically via IT Club eShop manager.

The client’s / IT Club member's personal data is retained after deactivation by the client /IT Club member without the intention of further processing for 2 years from the last order for the purpose of a possible claim of goods. Personal data is forgotten after the lapse of this period.

In case of payment by money, personal data is retained for 10 years in accordance with the valid legislation on archiving of tax documents.

  Joint Controllers
GOPAS, a.s. and GOPAS SR, a.s. are joint controllers

Company GOPAS, a.s., residing at Kodaňská 1441/46, 101 00 Praha 10, company ID 63911035, registered in the Commercial register kept by the Municipal Court in Prague, section B, insertion 7753 and its subsidiary company GOPAS SR, a.s., residing at Dr. Vladimíra Clementisa 10, 821 02 Bratislava, company ID 35881674, registered in the Commercial register of the Bratislava I District court, section Sa, insertion 3308/B (hereinafter referred to as the “Controller”), in connection with European Parliament and Council regulation no. 2016/679 from 27 April 2016, the General regulation on Personal data protection (hereinafter referred to as “the  Regulation”), by the Article 26 and their mutual undertaking established their equal share of the responsibility for fulfilling the duties of joint controllers of personal data.

Both companies have established unified processes for the processing of personal data and share common technological and program resources for the exercise of the rights of data subjects, which may differ only in the language of the information provided. Compliance and regulation of information provided to data subjects, in accordance with Articles 7, 13 and 14, also include information on joint controllers and their equality over the exercising the data subject's rights.

The data subject may exercise its rights without limitation with any of the joint controllers.

  Security

Taking into account the state of art, the costs of execution, the nature, the scope, the context and the purpose of the processing, as well as the variously likely and differently serious risks to the rights and liberties of individuals involved in processing, the Controller introduced both, at the time of appointing the processing resources, and during the data processing itself, an appropriate technical and organizational processing measures to effectively implement the data protection principles and incorporate the necessary safeguards into the processing in order to fulfil the requirements of the Regulation on securing the processing of personal data and executing the rights of Data subjects.

Such technical and organisational measures include in particular:

  • Processing only the necessary Personal Data in a transparent manner for a clear and comprehensible given purpose, by given means, in the given manner, and only for the time necessary for the purposes of processing;
  • Informing Data subjects about the purposes of processing the Personal Data and their rights related to processing;
  • Ensuring that any natural person acting under the authority of the Controller, who has access to Personal Data, is granted the access to Personal Data only to the extent that he needs to know to be a subject to contractual or statutory confidentiality obligations and to process Personal Data only in compliance with the intended purpose of the processing;
  • In cases where the Controller subcontracts the processing of Personal Data, he will do so on the basis of a Subcontractor agreement that provides at least the same level of security for processing the Personal Data and the exercise of data subjects' rights, such as those accepted by the Controller;
  • Implementation of technical and organizational measures for the processing of Personal Data in order to ensure a level of security that corresponds with the nature, scope, context and purposes of the processing, as well as with variously likely and differently serious risks to the rights and liberties of individuals;
  • Ensuring a continued confidentiality, integrity, availability and robustness of the processing system and services, including the ability to restore and timely access of personal data in the event of physical or technical incidents;
  • The process of regular testing, assessment and evaluation of the effectiveness of the established technical and organizational measures to ensure the security of the processing of Personal Data and the exercise of rights of data subjects.
  PRIVATE Learning portal

PRIVATE Learning Portal platform is provided to corporate customers on the basis of a contract. Part of the agreement, among other things, is a PRIVATE Learning Portal parameters, including the "Portal Manager" data and the Data Liability Arrangements between Manager (client) and processor (GOPAS).

Once the PRIVATE Learning Portal is created, the products and user licenses are purchased and “stacked”. At the same time, the Portal Manager profile is created. The Client, through its Portal Manager, manages his students and assigns licenses to the purchased online courses.

The Processor (GOPAS) provides the Manager (client) with the technical resources and support of the PRIVATE Learning portal platform.

PRIVATE Learning Portal Manager

Personal data of the Learning Portal manager such as name and email are a legitimate interest of the Controller in order to establish admin access for the client to the PRIVATE Learning portal. The Portal Manager is also a contact person for problem solving.

After creating a profile, the Portal Manager receives a welcome email containing basic instructions for accessing the PRIVATE Learning Portal. The components of the email are also information under Articles 12, 13 and 14 and Articles 15 to 22 on the possibility of managing his personal data in the profile of the PRIVATE Learning Portal Manager.

In accordance with Articles 15 to 22, the PRIVATE Learning Portal Manager may exercise his rights either personally or electronically with the GLOBAL Administrator of Learning Portals.

Student of PRIVATE Learning portal

Students of PRIVATE Learning portal are managed by the Controller (client) through their authorised Portal manager.

PRIVATE Learning Portal for students offers same mechanisms as Learning portal, only within the restricted area of the Controller (the client). See the Learning portal Student section.

  Registred eShop user

Operators of GOPAS, a.s. eShop, residing at Kodaňská 1441/46, 101 00 Praha 10, company ID 63911035, registered in the Commercial register kept by the Municipal Court in Prague, section B, insertion 7753 and GOPAS SR, a.s. residing at Dr. Vladimíra Clementisa 10, 821 02 Bratislava, company ID 35881674, registered in the Commercial register of the Bratislava I District court, section Sa, insertion 3308/B as Joint controllers (hereinafter referred to as the “Controller”) hereby, in accordance with the provisions of Article 13 of the European Parliament and Council Regulation no. 2016/679 from April 27, 2016, the general regulation on the Personal Data Protection (“the Regulation”), informs its customers (hereinafter referred to as the “Data Subject”) that:

  • Personal data of the Data Subject that will be handed over to the Controller at the order placement, will be processed for the purpose of concluding the Purchase Contract and its subsequent performance, including the settlement of any claims by the Data Subject for defective performance. The legal basis for processing the personal data of the Data Subject is therefore the fulfilment of the purchase contract based on the order placed by the Data Subject and at the same time the fulfilment of the legal obligations of the Controller under the legal regulations governing the rights and obligations in the context of consumer protection and bookkeeping.
  • The reason for the provision of personal data of Data Subject to Controller is an identification of the parties necessary for a conclusion and fulfilment of the purchase contract, which would not be possible without providing such data.
  • Personal data of the Data Subject will be processed for as long as the Controller is obliged to keep this data according to generally binding legal regulations, at least for 5 years according to the Act on Accounting or for 10 years according to the VAT Act.
  • Automated decision making and profiling will not occur when processing the Data Subject's personal data.
  • The Controller did not appoint a Data Protection Officer, nor did he designate a representative to carry out the duties under the Regulation.
  • Personal Data of the Data Subject may be provided to the Processors (suppliers) selected by the Data Subject for a proper execution of the order and to persons who provide legal and accounting services to the Controller in order to ensure the proper fulfilment of the obligations stipulated by generally binding legal regulations.
  • The Controller does not intend to forward the personal data of the Data Subject to a third country, an international organization or other than the above listed third parties.
  • The Data Subject has a right to request an access to his or her personal data from the Controller, to correct or delete it, or to restrict the processing, and to raise an objection to the processing, has a right to transfer the data to another Controller, as well as the right to file a complaint with the Personal Data Protection Office, if he considers that the Controller is in breach of the Regulation in the processing of personal data.

Important concepts

Data subject

Participants/Students are data subjects because we can identify them (in)directly using their personal details.

Personal detail

Information related to the data subject. It can be name, email, phone, history of the visited courses.

Data processing

Fully or partially automated actions that the controller the processor performs with personal data (collecting, uploading, organizing, storing and deleting).