Privacy Policy

Home / Privacy Policy

Information on the Processing and Protection of Personal Data at Charles University

1. Preamble

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, or GDPR), Charles University hereby informs data subjects about the conditions under which personal data are processed within the University, including the Geopolitical Studies program.

2. Personal Data Controller

The personal data controller is Charles University.
Address: Ovocný trh 560/5, 116 36 Prague 1
ID no.: 00216208
Tax ID no.: CZ00216208
Databox ID: piyj9b4
Charles University is a public institution of higher education, in accordance with Act no. 111/1998 Sb. As a part of its mission, Charles University freely and independently carries out educational, research, development, innovative, and associated activities.

3. Data Protection Officer (DPO)

The Data Protection Officer (DPO) at Charles University is Mgr. Petra Kubáčová.
Email: gdpr@cuni.cz. Phone: +420 771 232 578

Should you have any questions or requests concerning the processing and protection of your personal data, you may contact the DPO.

4. Principles for Processing Personal Data

Charles University is committed to the protection of personal data. We process your personal data only in the scope necessary for executing the university’s activities or in relation to the services you use (e.g., applying to the GPS program). The principles and rules for processing personal data at Charles University are governed by Rector’s Directive No. 16/2018, which applies the principles arising from the GDPR:

  • Lawfulness: We always process your personal data in accordance with the law and based on at least one legal title.
  • Fairness and Transparency: We process data openly and provide information about the manner of processing. This includes the obligation to inform you of any serious security breaches.
  • Purpose Limitation: We collect your personal data only for clearly defined purposes.
  • Data Minimisation: We process only the personal data that is necessary and relevant to the purpose of the processing.
  • Accuracy: We take all reasonable measures to ensure your personal data is regularly updated or corrected.
  • Storage Limitation: We store your personal data only for the period necessary for the specific purpose. Once the period expires, the data is deleted or anonymized.
  • Integrity and Confidentiality: We secure and protect your personal data against unauthorized or unlawful processing, loss, or destruction through technical and organizational measures. Access is restricted to authorized staff.
  • Accountability: We are able to demonstrate compliance with all the conditions stipulated above.

5. For What Purposes Do We Process Personal Data?

Charles University processes personal data for the following purposes:

a. Educational Activities

  • Admissions proceedings and exams (including applications to the GPS program)
  • Studies and Instruction
  • Exchange visits and International Cooperation
  • Library services

b. Research, Development, and Creative Activities

  • Research projects
  • Organizing academic conferences and summer schools
  • Publication and editorial activities

c. Administrative and Operational Organization

  • Human resources and wages
  • Finance and accounting
  • E-infrastructure (IT systems, networks, email)

d. Protection of Property and Security

  • Camera systems and access to secure areas
  • Security monitoring of the computer network

e. Information and Promotional Activities

  • Websites (including this GPS website)
  • Marketing and advertising
  • Alumni relations

6. Categories of Persons for Which We Process Personal Data

Charles University processes personal data for the following categories (data subjects):

  • University applicants (Prospective Students)
  • University students (Current Students)
  • Former university students (Alumni)
  • University staff and Job applicants
  • Students on short-term study visits
  • External co-workers (e.g., guest lecturers, supervisors)
  • Visitors or participants in events (Conferences, Workshops)
  • Business partners, Researchers, and Contributors

7. Categories of Processed Personal Data

Charles University processes data provided directly by individuals and data created as part of university activities. This may include:

  • Address and Identification Data: Name, date of birth, citizenship, address, email, telephone numbers, digital identifiers, signatures.
  • Descriptive Data: Education history, language knowledge, professional qualifications, portrait photos, video/audio recordings, former employment.
  • Study Data: Records of studies, activities, results, and awards.
  • Financial Data: Bank account number, wages, remuneration, fees, obligations, taxes.
  • Work-related Data: Records of work, positions, assessments.
  • Operational and Location Data: Data on the use of information systems, electronic communication, access records, camera system records.
  • Activity Data: Publication activity, participation in conferences/projects, study visits.
  • Special Categories of Personal Data: Sensitive data indicating health status (e.g., for disability accommodations) or membership in trade unions, processed under strict conditions.

8. Legal Basis for Processing Personal Data

Personal data are processed based on the following legal grounds:

  • Fulfilling Legal Obligations: Processing required to fulfill legislative obligations, particularly Act no. 111/1998 Sb., on institutions of higher education, and others relating to research funding (Act no. 130/2002 Sb.), labor (the Labour Code), accounting (Act no. 563/1991 Sb.), and cybersecurity (Act no. 181/2014).
  • Executing Agreements: Data required to enter into and execute contractual relations (e.g., study agreements).
  • Consent of the Data Subject: Consent provided by you to process your personal data for specific purposes (e.g., marketing newsletters).
  • Authorized Interest of the Controller: Including the protection of property, preventing fraud, internal administrative purposes, and ensuring the security of the computer network and information.

9. Transferring Personal Data

For the purpose of fulfilling legal obligations, Charles University may transfer select data to specific entities (e.g., public authorities). This applies similarly to cases where authorization for transferring personal data has been provided by the individual consent of data subjects.

10. Period for Storing Personal Data

Data are stored only for the period necessary in relation to the specific activity and in accordance with the valid Archiving Procedures. The data are then destroyed or archived. We store the personal data that we process with your consent only for the duration of the purpose for which the consent was provided.

11. Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

  • Right to Information: To know if and how your data is processed.
  • Right to Access: To obtain a copy of the data being processed (upon identity verification).
  • Right to Corrections: To request the correction of erroneous or outdated data.
  • Right to Deletion (“Right to be Forgotten”): To request the deletion of data if the consent is withdrawn, the purpose has expired, and no other legal grounds exist.
  • Right to Restricted Processing: To restrict processing (e.g., to storage only) while the accuracy of the data is contested or an objection is pending.
  • Right to Data Portability: To receive your data in a structured, electronic format.
  • Right to Object: To object to processing carried out in the public interest or based on the legitimate interest of the controller.
  • Right to Review Automated Decisions: To request human intervention for decisions based solely on automated processing.

12. Exercising Your Rights

Data subjects may exercise their rights against the controller of personal data. Requests can be sent via:

Charles University’s Databox: piyj9b4
Email to the DPO: gdpr@cuni.cz
Personal or electronic submission: Via the Registrar’s Office of Charles University.
For more information on the manner of submission, visit: https://www.cuni.cz/UKEN-605.html.
Prior to processing the request, Charles University is entitled and obliged to verify the identity of the requesting party.

13. The Right to Lodge a Complaint

Data subjects are entitled to lodge a complaint against the processing of personal data with the supervisory authority, which is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů).

Contact

The Office for Personal Data Protection
Address: Pplk. Sochora 27, 170 00 Prague 7
Phone: +420 234 665 111
Web: www.uoou.cz