Personal Data Protecting - GDPR
Nuclear Physics Institute of the Czech Academy of Sciences, a public research institution (hereinafter referred to as the NPI), depends on the privacy and protection of the personal data of its employees and partners. As a personal data administrator, we hereby inform you about the manner and scope of processing of personal data, including the rights of subjects of data processing with relationship to NPI.
NPI handles personal data in accordance with European Union law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data – General Data Protection Regulation (GDPR), and in accordance with relevant national legislation.
The purpose of personal data processing
We process personal data to the extent necessary for the purpose - for example, to provide the service. This includes cases where we negotiate a new contract or when a contract is already in place. Typically, it's about identifying your person.
The obligation to process data is governed by a number of legal regulations (eg. tax and accounting regulations, the Atomic Act). We need to process data also for archiving purposes. We process some data because it is necessary to protect the intellectual rights and the rights of the interests of the NPI and/or third parties. Processing for this reason is limited, we carefully consider the legitimate interest.
In other cases, we process your data only with your consent.
The basic purposes of the personal data processing in the NPI are in particular the following:
- performance of the contract and the provision of services
- keeping the records of our suppliers and recipients of our services
- accounting and tax purposes
- debt recovery - if we are forced to recover our receivables by legal way, or if we are involved in court proceedings and proceedings concerning your person, we will use your personal data to the extent necessary, or other data necessary to protect our rights
- fulfillment of other legal obligations
- security/safety - for these purposes, we protect physical assets, such as by placing cameras in our buildings, as well as data,
- organizing conferences and related activities (sending mass emails, etc.).
What personal data do we process?
We process only such data that is essential in order to properly perform our contractual obligations, provide professional services, comply with our legal obligations and protect our legitimate interests. We collect data mainly about our suppliers, recipients of our services (including members of statutory bodies and employees), as well as about visitors to our research facilities.
We mainly process the following categories of data:
- identification data: title, first name, surname, date of birth, identity card number;
- address data: address of permanent residence, delivery address or other contact address, phone number, e-mail address;
- other personal details: bank account number, other personal data resulting from a particular contract or law, image recording
How long do we keep personal data?
We keep personal data only for as long as required by law for specific cases. We keep the data we process with your consent for as long as the consent is validly granted to us.
Transmission of personal data
NPI acquires personal data primarily from direct contact with the data subject. Passing of personal data is voluntary, consent to processing the transmitted data can be revoked at any time. However, the transmission of certain data is necessary for the fulfillment of the contract, the fulfillment of our legal obligations or the protection of our legitimate interests. If we do not receive such data from a third party, we cannot fulfill the relevant purpose for which the data is required (delivery of services, entrance to the premises, ...).
Processors and recipients of personal data
- suppliers or service providers, such as print and postal service providers, IT service providers, webmasters,
- other persons in connection with the conclusion of contracts and related documents,
- other third parties providing or receiving services in connection with the performance of contractual or statutory obligations.
We process personal data manually and automatically in the NPI. Personal data protection is technically and organizationally secured in accordance with GDPR, and we also contractually require the same security from our personal data processors. The main personal data processors for NPI include Nuvia Dosimetry s.r.o. and the Ordinace Jach-ta s.r.o.
Rights of data subjects
Personal data subjects have the right to request information on the processing of their personal data, the purpose of processing of personal data, the scope or, where appropriate, the categories of personal data processed, the sources of personal data, the nature of the automated processing, the processors, the recipients, or the categories of recipients of personal data.
In the event the data subject discovers or considers that we or our contractual processor is processing personal data that is contrary to the law, the data subject is entitled to:
- ask for an explanation and clarification;
- require the NPI or its contractual processor removes the resulting situation; in particular, he/she is entitled to require blocking, correction, completion or deletion of personal data.
In order to exercise their rights to the protection of personal data, the data subject can contact the NPI at firstname.lastname@example.org. Data subjects also have the right to contact the Office for Personal Data Protection at any time.