Declaration of the University of Chemistry and Technology, Prague on Personal Data Protection
The University of Chemistry and Technology, Prague is a public institute of higher education of university type, established by law, providing independent and liberal education, and performing educational, scientific, research, development, innovative and other creative and related activities. These activities are performed in accordance with Act No. 111/1998 Coll., on Higher Education Institutions, on a regional, national and international level.
The University of Chemistry and Technology, Prague performs all of the above mentioned activities in compliance with all democratic values, including protection of the privacy of every individual.
In compliance with the Regulation of the European Parliament and of the Council (EU) No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter the “GDPR“ – the University of Chemistry and Technology, Prague informs data subjects about the conditions of their personal data processing.
Personal data controller
The personal data controller is:
University of Chemistry and Technology, Prague
Registered seat: Technická 1905/5, 166 28 Prague 6
Business ID: 60461373
VAT ID: CZ60461373
Databox address: sp4j9ch
(hereinafter “UCT Prague“)
Personal data protection officer at UCT Prague
For the purpose of surveillance over due performance of all activities in the area of personal data protection, the appointed personal data protection officer at UCT Prague is:
Mgr. Petra Kinzlová, M. A.
Phone: +420 220 445 045,
The Personal data protection officer can be addressed with questions concerning personal data processing and protection.
Personal data processing principles applied by UCT Prague
Personal data is protected at UCT Prague to the maximum possible extent and in compliance with the applicable valid legislation. The rules and principles of personal data processing are laid down by an internal bylaw of UCT Prague entitled “Protection and Processing of Personal Data at UCT Prague”. When processing personal data, UCT Prague applies principles following from GDPR. These principles include (but are not limited to) the following:
- Lawful basis for processing principle requiring that all personal data is always processed in compliance with applicable legislation and on the basis of at least one legal title.
- Correctness and transparency principle requiring that data subjects' personal data is processed openly and transparently and that data subjects are provided with information about the way their personal data is processed, etc.
- Limitation by purpose principle only permitting personal data collection for a clearly specified purpose.
- Data minimisation principle requiring processing of only necessary relevant data in the scope appropriate for the purpose of its processing.
- Accuracy principle requiring adoption of all purposeful measures allowing for regular updates or corrections of personal data.
- Limited storage principle requiring that the personal data is only stored for the period required for the purpose of its processing.
- Integrity, confidentiality, incontestability and accessibility principle requiring securing and protection of personal data against unauthorised or illegal processing, loss or destruction. For these reasons numerous technical and organisational measures are implemented.
- Responsibility and accountability principle imposing the liability to be able to document compliance with all of the above mentioned conditions.
Personal data processing purposes at UCT Prague
To fulfil its mission, UCT Prague processes personal data for the following purposes:
- Provision of accredited courses,
- Provision of lifelong education,
- Implementation of Docent and Professor inauguration proceedings,
- Implementation of proceedings for recognition of foreign credentials,
- Entrance examination procedure,
- Provision of equal access to education,
- Implementation of research, development and innovations, art and other creative activities,
- Performance of complementary activities,
- Work with alumni,
- Information and promotional activities,
- Protection of personal and property security,
- Commercial activities,
- Healthcare activities,
- Administrative and operational activities at UCT Prague
Lawful basis for personal data processing at UCT Prague
Lawful basis for personal data processing at UCT Prague includes:
- Compliance with liabilities following from the law or other legal regulations,
- Contract performance,
- Legitimate interest of the controller,
- Protection of vital interests of data subjects,
- Public authority task implementation,
- Data subject consent.
Categories of processed personal data
UCT Prague processes personal data provided directly by the data subjects on the basis of the data subject's consent or on the basis of other legal reasons, and further personal data created in the context of the processing activity and activities needed for data security reasons. UCT Prague processes the following personal data categories, including but not necessarily limited to:
- Address and identification data (first and last name / name and surname, date and place of birth, etc.)
- Descriptive data (education, foreign language knowledge, professional qualifications, etc.)
- Study-related data (transcripts of subjects studied, records of study-related activities, evaluations, awards)
- Economic data (bank details, wages, bonuses, etc.)
- Job-related data (work and activity sheets, employer, work site, job description, position, evaluation, wages and awards, etc.)
- Operation and location data (typically data from electronic systems related to particular data subjects)
- Data on data subject's activities (publication activity, professional activities, attendance of conferences, etc.)
- Third party data (address and identification data of family members, etc.)
- Special categories of personal data (sensitive personal data on health condition, trade union membership, etc.)
Personal data recipients
For the purpose of compliance with legislation-imposed obligations, certain personal data may be disclosed to specified recipients (such as public authorities). This also applies to cases when the authority to forward personal data outside UCT Prague is defined by individual data subjects' consent.
Period of personal data processing
Personal data is only kept for the minimum period required by the particular data processing activity and, after its elapse, this personal data is erased or archived in compliance with the applicable archiving and shredding plan. Personal data processed by UCT Prague on the basis of the data subject consent is only kept for the period of existence of the purpose for which the consent with personal data processing was granted.
Personal data processing related rights of data subjects
Data subjects may apply the following data subject rights against UCT Prague:
- Right of access to personal data
- The right to require confirmation as to whether UCT Prague processes the subject's personal data or not and, if so, then for what purpose, what categories of personal data, for which recipient(s) or recipient categories, whether and to which third countries the personal data is sent, for what period the personal data will be kept, the right to lodge a complaint with the Personal Data Protection Office, information about the personal data sources, information whether automated data processing methods are applied and whether profiling is performed
- Right to rectification
– The right for correction of inaccurate or incomplete personal data
- Right to erasure (to be forgotten)
– This concerns the liability of the controller to erase the processed personal data; this right, however, does not always apply for there are cases when UCT Prague must process personal data to duly fulfil its liabilities (legal liability fulfilment)
- Right to restriction of processing
– This right can be applied if the data subject does not want their personal data to be processed for other than the necessary legal purposes
- Right to portability of personal data
– This concerns the possibility to require the transfer of personal data processing onto a controller specified by the data subject, unless prevented by a legislative obstacle
- Right to raise an objection and automated individual decision-making
– This right can be applied in the case of assumed unauthorised personal data processing; an objection can be raised directly against automated decision-making and profiling.
Method of application of data subject rights
A data subject may apply their rights in compliance with the GDPR from 26 May 2018. These rights must be applied against the controller (UCT Prague) in writing or in person through the central registry:
University of Chemistry and Technology, Prague
Mgr. Michal Janovský
166 28 Praha 6
Phone: +420 220 444 159
More detailed rules for data subject rights application are defined in the document entitled “Procedure for Data Subject Application Settlement”.
The data subject will be informed about the settlement of their requirement within one month from the documented date of application delivery. This deadline may be extended by the data controller by up to two months if the applications to be settled are numerous and/or complex.
The application of data subject rights is free of charge. UCT Prague may charge a fee for settlement of a clearly unjustified or non-proportional application.
The data subject may file objections against the procedure of the application settlement with the personal data protection officer.
Right of data subjects to lodge a complaint with the Supervisory Authority
The data subject rights include the right to lodge a complaint concerning personal data processing with the supervisory authority, which is the Personal Data Protection Office.
Office for Personal Data Protection
Address: Pplk. Sochora 27
170 00 Prague 7
Phone: +420 234 665 111