Opening Statement of the University of Pardubice to the Protection of Personal Data

Překlad:
  1. The University of Pardubice is a public university-type school established by law which performs activities entrusted thereto by the Act on Universities at regional, national, and international levels, namely education, science, research and development, art and other creative activities.  
     
  2. In addition, the University of Pardubice carries out other activities of public interest which contribute to the development of society.
     
  3. Performing all the above activities, the University of Pardubice observes all the democratic values, including the protection of the privacy of the individual.
     
  4. As of 25 May 2018, Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), became effective wherefore the University of Pardubice considers it natural to communicate clearly and intelligibly to its students, employees and other persons how it will approach the fulfilment of its duties in the field of personal data protection.
     
  5. In case of any questions, suggestions or comments relating to the protection of personal data, please contact the Data Protection Officer at dpo@upce.cz.

Basic Principles of the Processing of Personal Data

  1. The University of Pardubice processes personal data correctly and transparently in accordance with legislation (both European and national) and only to fulfil the duties entrusted to it by law and other activities resulting from its status as a public university.
     
  2. Only in cases where necessary does the University of Pardubice require the grant of consent which shall be granted freely and unambiguously for a specific purpose and upon a notification about the purpose thereof. No one shall be forced to grant consent which shall be provided on a voluntary basis.
     
  3. Wherever the processing of personal data is based on the grant of consent, such consent may be withdrawn at any time. The withdrawal of consent always takes place in the same way as stated in the instruction for granting consent.

Identification Data of the Controller and the Data Protection Officer

  1. The University of Pardubice, Studentská 95, 532 10 Pardubice, Czech Republic, https://www.upce.cz/, is the Controller of personal data.
     
  2. Proper performance of personal data activities within the University of Pardubice is overseen by the Data Protection Officer available at dpo@upce.cz.

The Purpose of the Processing of Personal Data and Legal Basis of the Processing

  1. The University of Pardubice processes personal data in order to:
  1. implement accredited study programmes,
  2. implement lifelong education programmes,
  3. implement the habilitation and professorship procedures,
  4. implement the procedures for the recognition of foreign education and qualifications,
  5. realize admission procedure,
  6. ensure equal access to study,
  7. implement research, development and innovation, art and other creative activities,
  8. implement other complementary activities,
  9. work with graduates,
  10. promote the University of Pardubice,
  11. ensure the safety of persons and property,
  12. provide support (administrative) activities to the reasons under points (a) to (k).
  1. The legal basis for the processing of personal data is the fulfilment of statutory obligations, the performance of the contract, the legitimate interests of the Controller, the protection of the vital interests of the data subject, the performance of public authority tasks and a granted consent.

Categories of Processed Personal Data

  1. Regarding the above purposes, the University of Pardubice processes the following categories of personal data:
  1. basic identification data – name, surname, maiden name, date and place of birth, birth identification number, identity card numbers, identifiers used within information systems,
  2. contact details – phone numbers, email addresses, postal addresses,
  3. descriptive data – age, gender, nationality, personal status, photographs, health insurance,
  4. data relating to the study – identification of faculty and study programme, study results, identification of previous studies,
  5. data relating to the employment relationship – employment, other current employers, membership of trade unions, information on wage deductions, personal data of family members,
  6. economic data – bank account numbers, information on the receipt of pensions, parental allowances,
  7. health-related information – occupational medical reports, health status records for a person with specific learning needs,
  8. operational and location data – sensor information for smart cards, IP addresses, cookies,
  9. information on the subject's activities – publishing activity, professional profile, 
  10. or other data.

Sources of Personal Data

  1. The University of Pardubice obtains personal data directly from the data subject.

Recipients of Personal Data

  1. The University of Pardubice provides access to your personal data to other persons only if they are partners of the University of Pardubice in education, research and development, artistic or other creative activities and complementary activities or provide the University of Pardubice with services ensuring the proper operation of the university (maintenance and management of information systems). The data are made available to such other persons only if the university concludes a contract for the processing of personal data, so they are bound by the same obligations in relation to personal data as the University itself.

Time of the Processing of Personal Data

  1. The University of Pardubice processes personal data only for the duration of the legal relationship therewith and over a necessary period after its completion for registration, control, statistics, archiving as well as for scientific and historical research purposes.  After the elapse of the specified time, personal data shall be erased. The above does not apply to the processing of personal data for the purposes for which consent is not required.

Rights in the Processing of Personal Data

  1. In relation to processed personal data, you can assert the following rights at the University of Pardubice:
  1. the right to access personal data – you have the right to request from the University of Pardubice the confirmation of whether they process your data and, if so, what is the purpose of the processing, the category of personal data concerned, who is the recipient of the personal data or what is the category of recipients, as well as the information on the forwarding of the data to third countries, the privacy retention period, the right to file a complaint with the Office for Personal Data Protection, information on the source of personal data, information on automated processing or profiling,
  2. the right to rectification– the right to have inaccurate or incomplete personal data corrected,
  3. the right to erasure (the right to be forgotten) – concerns the Controllers's obligation to expunge the personal data processed; however, this right does not always apply, as there are cases where the University of Pardubice has to process the personal data (fulfilment of a legal obligation) for the proper performance of its tasks,
  4. the right to restriction of processing – applicable in case you do not want the University of Pardubice to process personal data for other than inevitable legal reasons,
  5. the right to data portability – you may require that University of Pardubice pass, unless there is a legal impediment thereto, your data to the designated Controller,
  6. the right of objection and automated individual decision-making – you can raise an objection if you think that the University of Pardubice processes your data unlawfully; the objection can also be raised directly against automated decision-making and profiling,
  7. the right to file a complaint with the Office for Personal Data Protection – whatever be your request, initiative or complaint, you may contact the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, https://www.uoou.cz.
  1. If you apply any right in relation to the processed personal data, we shall notify you of the resolution of your request within 30 days from the date of receipt of the request. Due to the complexity and the number of requests processed, we reserve the right to extend this deadline by another 60 days.
     
  2. You shall assert your rights through the Data Protection Officer by emailing to dpo@upce.cz or through the data box of the University of Pardubice (Data Box ID: f5vj9hu). Furthermore, you may contact us in writing at the postal address of the University of Pardubice.
     
  3. The assertion of rights is free of charge.  The University of Pardubice may require a fee for any handling an application only if the application is manifestly unfounded or unreasonable because the same application is repeated.
     
  4. For more detailed rules on the exercise of rights, see the Procedure for Handling Applications.

Valid from: 26 June 2018

false