Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – GDPR, regulates all important aspects of the data processing activities of the Data Controllers and Data Processors in EU, as well as for data processing activities of the Data Controllers and Data Processors in non-EU countries when the data processing operations are related to:
- the offering of goods or services to the data subjects in EU, irrespective of whether a payment of the data subject is required (e.g. e-commerce services, turistic services etc.);
- the monitoring of behaviour of data subjects in EU as far as their behaviour takes place within the Union.
New Opinion Workshop, with the registered seat at Quantum Tower, Charles Malek Avenue, Achrafieh, Lebanon, collect, process and use the particular data from the data subjects, as Data Controller within the meaning of the Article 4 Paragraph 1 Point 7 of the GDPR, in order to send them the media content produced by NOW and its affiliates and transfer organizations.
Although the Lebanese entity that falls under the scope of Lebanese data protection regulatory framework, the NOW is fully dedicated to ensure the highest level of protection of the personal data, and therefore it shall be complaint with the GDPR requirements.
1. Type of Personal Data That Are Processing
NOW collect, use and in other manner process the following personal data of the data subjects: e-mail of the data subject;
2. Legal Basis of Data Processing and Purpose of Processing
Legal basis for the processing of the above-mentioned data is the performance of a contract to which the data subject is party, pursuant to the Article 6 Paragraph 1 Point b) of GDPR.
NOW collects, uses and process the personal data of the data subject exclusively for the purpose of sending of the Newsletter, and other media content produced by NOW or its affiliates and partners.
3. Data Processing Activities
NOW performs the following data processing activities:
- adaptation or alteration;
- disclosure by transmission, dissemination or otherwise making available to the authorized persons;
- alignment or combination;
- erasure or destruction;
- other processing activities which are necessary for the purpose defined in Point 2 of this Privacy Notice.
4. Categories of Subjects That Has Access To The Personal Data
Beside NOW, the following categories of subjects has access to personal data:
- Companies that install and maintain the ICT system of NOW;
- Companies that perform the security services to NOW;
- Other companies that fall under category of the Data Processor within the meaning of the Article 4 Paragraph 1 Point 8 of the GDPR that performs the tasks for NOW (such as the incorporation of data base, technical support for realization of the purpose from Point 3 of this Privacy Notice etc.) or Recipient within the meaning of the Article 4 Paragraph 1 Point 9.
The above-mentioned subjects have access and in other manner process the data only within the purpose described in Point 3 of this Privacy Notice, and are not authorized to process data in the manner that exceeds such purpose.
The above-mentioned subjects will be obliged to implement the data protection standards and requirements of GDPR. NOW will conclude the data processing agreements (DPA) in order to ensure the compliance with such requirements.
The above-mentioned subjects will be obliged to implement the encryption or pseudonymisation measures whenever it is technically feasible.
For the sake of clarity, even in the case of transfer of the personal data to the above-mentioned subjects, the NOW as Data Controller should be responsible for the enabling of the adequate level of protection of the personal data.
5. Data Subjects Rights
The data subject pursuant to GDPR has to following rights:
- Right of the data subject to access to the personal data processed by NOW, right of the data subject to request the information from the NOW whether or not his/her personal data are being processed, and in what purpose. In the case of such request, NOW is obliged to deliver the copy of the personal data which is processed in electronic form and free of charge (Article 15 of GDPR);
- Right to rectification, right of the data subject to obtain the rectification of his/her inaccurate personal data without undue delay (Article 16 of GDPR);
- Right to be forgotten, right of data subject to request the erasure of the personal data if certain conditions from the Article 17 of GDPR are met, i.e.;
- Right to restriction of processing, right of the data subject to request the restriction of processing from, if specific conditions are met (Article 18 of GDPR);
- Right on data portability, right of the data subject to receive his/her personal data, which he or she has provided to NOW, in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another controller (Article 19 of GDPR);
- Right to object, right of the data subject to object at any time to the processing of his/her personal data. In case of objection, Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims (Article 21 of GDPR);
- Rights in relation to the automated individual decision-making, including profiling, pursuant to the Article 22 of GDPR;
- Right to be informed in case of data breach pursuant to the conditions set in Article 34 of GDPR;
- Right to address to the data protection authority.
6. Protection Measures
NOW within its organization implements all the necessary organizational, technical and personal measures in order to ensure the highest possible protection of the personal data, including but not limited to:
- Technical measures of protection;
- Control of the physical access to the system where the personal data are stored;
- Control of the data transfer;
- Control of the personal data entry;
- Personal data access control;
- Applicable information security measures;
- All other measures necessary to ensure the adequate level of data protection.
For the sake of clarity, the subjects from the Point 4 of this Privacy Notice are also obliged to implement the above-mentioned measures.
NOW hereby warrants to the data subjects the implementation of such measures by the subjects from the Point 4 of this Privacy Notice.
7. Storage Time
NOW storage the personal data, as long as they are needed in order to fulfill the purpose from the Point 3 of this Privacy Notice, i.e. sending the Newsletter and other media content materials.
8. DPO Contacts
For all additional questions, comments and information in relation to the exercising of the data subjects rights you may address to the NOW data protection officer, via following e-mail address: firstname.lastname@example.org.DPO will answer on any question of the data subject as soon as possible, and not later than 10 working days.
This Privacy Notice shall enter into force on May 1, 2021.