BT EXCHANGE (LT) UAB & BT EXCHANGE CZ a.s
Data Protection Policy
Version: 1.0
Updated: 22 January 2025
1. Definitions ................................................................................................................................................................................................................................... 3
2. Data Processing Principles ......................................................................................................................................................................................................... 4
2.1. Lawfulness, Fairness and Transparency ........................................................................................................................................................................ 5
2.2. Purpose Limitation ........................................................................................................................................................................................................... 6
2.3. Data Minimisation ............................................................................................................................................................................................................ 6
2.4. Data Accuracy ................................................................................................................................................................................................................. 7
2.5. Storage Limitation ............................................................................................................................................................................................................ 7
2.6. Integrity and Confidentiality ............................................................................................................................................................................................. 7
3. Data Processors.......................................................................................................................................................................................................................... 8
4. Rights of Data Subjects .............................................................................................................................................................................................................. 8
4.1. Right to Access ................................................................................................................................................................................................................ 9
4.2. Right to Rectification of Personal Data ........................................................................................................................................................................... 9
4.3. Right to Erasure of Personal Data (“Right to be Forgotten”) ........................................................................................................................................ 10
4.4. Right to Restriction of Processing ................................................................................................................................................................................. 10
4.5. Right to Data Portability ................................................................................................................................................................................................. 11
4.6. Right to Object ............................................................................................................................................................................................................... 11
4.7. Exercising the Rights of Data Subjects ......................................................................................................................................................................... 11
5. Data Transfers .......................................................................................................................................................................................................................... 12
6. Technical and Organizational Data Protection Measures ........................................................................................................................................................ 13
6.1. General Staff Guidelines ............................................................................................................................................................................................... 13
6.2. Guidelines on Data Storage .......................................................................................................................................................................................... 13
6.3. Guidelines on Data Use ................................................................................................................................................................................................ 14
6.4. Guidelines on Data Accuracy ........................................................................................................................................................................................ 14
7. Personal Data Breaches ........................................................................................................................................................................................................... 15
7.1. Identification of Personal Data Beaches ....................................................................................................................................................................... 15
7.2. Risk Assessment ........................................................................................................................................................................................................... 16
7.3. Notification ..................................................................................................................................................................................................................... 18
7.4. Registry of Personal Data Breaches ............................................................................................................................................................................. 18
8. Privacy by Design and Data Protection Impact Assessment (DPIA) ....................................................................................................................................... 19
8.1. Privacy by Design .......................................................................................................................................................................................................... 19
8.2. DPIA .............................................................................................................................................................................................................................. 19
9. Training and Audit ..................................................................................................................................................................................................................... 21
10. Responsibilities ......................................................................................................................................................................................................................... 21
11. Changes to this Data Protection Policy .................................................................................................................................................................................... 22