Information on processing and protection of personal data at UniCRE

Information on processing and protection of personal data at UniCRE

1. Preambule

In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – (hereinafter referred to as “GDPR”) Unipetrol Centre for Research and Education informs the Data Subjects on the conditions under which personal data are processed.

2. Personal Data Controller

The Personal Data Controller is Unipetrol Centre for Research and Education (Unipetrol výzkumně vzdělávací centrum, a.s.), having its registered office at Revoluční 1521/84, 400 01 Ústí nad Labem, company registration number: 62243136, VAT No.: CZ62243136 (hereinafter referred to as “UniCRE”).

3. Principles of personal data processing in UniCRE

UniCRE considers the personal data protection to be important and pays close attention to it. We process your personal data only to extent necessary for the Company's operation. We protect personal data in maximum extent and in compliance with applicable law. Principles and rules for personal data processing in UniCRE are governed by the Internal Directive SR-VÚ-01-18 Privacy Policy of Unipetrol Centre for Research and Education. The Directive applies principles arising from the GDPR:

  1)  The principle of legality that obligates us to process your personal data in compliance with legal regulations and under at least one legal title.
  2)  The principle of correctness and transparency that obligates us to process your personal data openly and transparently, and to provide you with information on how they are processed and also information to whom they will be forwarded. This also includes our obligation to inform you in the case of a serious security breach or personal data leakage.
  3)  The principle of purpose limitation that allows us to collect your personal data only for clearly defined purposes.
  4)  The principle of data minimization that obligates us to process only such personal data which are necessary, relevant and proportionate to the purpose of processing.
  5)  The principle of accuracy that obligates us to take all reasonable measures that enable us to ensure regular updating or correction of your personal data.
  6)  The principle of storage limitation that obligates us to store your personal information only for a time necessary for specific purpose of processing. Once the processing time or purpose has passed, your personal data will be deleted or anonymized, i.e. we will modify them so that they cannot be connected or related to your person.
  7)  The principle of integrity and confidentiality, undeniability and availability that obligates us to secure and protect your personal data from unauthorized or unlawful processing, loss or destruction. For these reasons, we take numerous technical and organizational measures to protect your personal data. At the same time, we take care to that only authorized employees have access to your personal data.
  8)  The principle of responsibility that obligates us to be able to prove compliance with all the conditions listed above.

4. Purpose of personal data processing

When accomplishing its mission, UniCRE processes personal data for the following purposes:

  1)  Educational activities
  2)  Research activities (research projects, organization of seminars / conferences, publishing activities)
  3)  Administration and operation of the company (HR processes and wages, business administration and accounting, property management, operational agendas, information systems)
  4)  Property protection and security (access to secured premises, security monitoring of computer network operation)
  5)  Information and promotional activities (web, marketing and promotion)

5. Categories of Data Subjects

UniCRE processes personal data of the following categories of persons (Data Subjects):

  1)  employee of the company,
  2)  job/study seeker,
  3)  student or trainee,
  4)  business partner (supplier, customer),
  5)  external co-operator (e.g. supervisor, co-researcher, publication co-author),
  6)  visitor or participant of events organized by UniCRE,
  7)  other person.

6. Categories of processed personal data

UniCRE processes both personal data provided directly by individual natural persons (on the basis of consent or other legal grounds) and other personal data generated by processing activities and necessary for their arrangement. This may include the following categories of personal data:

  1)  Address and identification data (name, surname, date and place of birth, marital status, personal identification number, title, nationality, address (including electronic), telephone number, ID number, digital identifier, signature, etc.)
  2)  Descriptive data (education, knowledge of foreign languages, professional qualifications, knowledge and skills, number of children, portrait photographs, video / audio record on the person, military service, previous employment, health insurance, membership in hobbies organizations, clean criminal record)
  3)  Study data (records on study and study activities)
  4)  Economic data (bank contacts, wages, bonuses, fees, liabilities and receivables, orders, purchases, taxes, etc.)
  5)  Job data (job and work records, employer, workplace, job and position, job evaluation, job awards etc.)
  6)  Operational and location data (these are typical data from electronic systems relating to a specific Data Subject – e.g. data on information systems use, traffic and electronic communications data, telephone use data, access to various premises, etc.)
  7)  Data on the Data Subject activities (publication activity, data on professional activities, participation in conferences, participation in projects, data on business or study trips, etc.)
  8)  Information about another person (address and identification data on a family members, husband/wife, children, partner, etc.)
  9)  Special categories of personal data (sensitive personal data on health information, membership in trade unions, etc.)

7. Legal reasons for personal data processing

The personal data processing within the above mentioned activities is based on appropriate legal grounds, such as:

  1)  Compliance with legal obligations applied to the Controller:
We need to process your personal data in order to meet our statutory duty of the Controller. This is in particular Act No. 130/2002 Coll., on support of research and development from public funds; Act No. 262/2006 Coll., Labour Code; Act No. 563/1991 Coll., on accounting; Act No. 127/2005 Coll., on electronic communications; Act No. 134/2016 Coll., on Public Contract Procurement; Act No. 480/2004 Coll. on certain information society services; Act No. 181/2014 Coll. on cyber security; and more.
  2)  Performance of a contract:
We need your personal data for purpose of a contract formation and its fulfilment or in order to take steps prior to entering into a contract.
  3)  Data Subject Consent:
The consent you have given us to process your personal data for one or more specific purposes.
  4)  The Controller’s legitimate interest, consisting in particular of:
  • property protection and fraud prevention,
  • transfer of personal data within the company for internal administrative and operational purposes,
  • ensuring security of the computer network and information,
  • marketing purposes (such as a web presentation and a newsletter).

8. Transmission of personal data

In order to comply with legal obligations UniCRE can provide authorized entities (such as public authorities or administrative bodies performing audit) with particular personal data. This stands equally for cases where provision of personal data outside UniCRE is based on individual consent of the Data Subjects.

9. Storage period of personal data

The data shall be stored only for time necessary for the personal data processing and shall be erased or archived in accordance with Archiving Code. The personal data processed by your consent are retained only for the duration of purpose for which the consent was granted.

10. Rights of the Data Subjects

The right to information on personal data processing

The Data Subject has the right to know whether the Controller processes his/ her personal data and how.

Right of access to personal data

If the Controller processes personal data of the Data Subject, the Data Subject has the right to obtain a copy if he/she proves his/her identity sufficiently.

Right to rectification

If the Controller processes incorrect or outdated personal data it is obligated to correct them on request of the Data Subject.

Right to erasure (“Right to be forgotten”)

If the consent for processing has been granted and there is no other legal reason or if the Data Subject considers that the Controller no longer needs his/her personal data (because the purpose for processing has passed), the Data Subject has the right to request termination of the processing and deletion of his/her personal data.

Right to restriction of personal data processing

This is restriction of processing to mere storing of the personal data if the Data Subject denies accuracy of the personal data and the Controller needs more time to verify it or the Data Subject has objections to processing which is based on the legitimate interest of the Controller.

Right to data portability

The Controller provides the personal data in a structured commonly used electronic format directly to the Data Subject. The Controller may only provide another Controller with the Data Subject's personal data if it is an automated processing based on consent or a contract and it is technically feasible.

Right to object

The Data Subject may object to the processing of personal data related to him/her only in case of processing that is carried out in public interest or in legitimate interest of the Controller.

Right to review automated decisions

If the Data Subject is a subject to decision based solely on automated processing, he or she has right to review this decision and to eventual human intervention by the Controller.

Right to Complaint or Protection

The Data Subject has the right to file a complaint for processing of his or her personal data to the supervisory body (in the Czech Republic it is the Office for Personal Data Protection) or to apply for judicial protection against the supervisory body, the Controller or the processor.

11. Assertion of the Data Subject's claims

The Data Subject has the right to assert his/her claims arising from the GDPR from 25 May 2018. The Data Subject has to assert his/her claims towards the Controller by sending his/her application via e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. or personally or with written request addressed to the company’s registered office. Before processing the application UniCRE has the right and duty to identify the applicant.

12. Use of cookies

What are cookies?

For these Principles purposes, cookies are files and other similar technologies (such as pixels, web signals or device identifiers) which can automatically collect data when visiting a website.

Cookies are small content files in your browser or mobile app that store and receive identifiers and other information about computers, phones and other devices you use to access our websites. They help us to provide, protect and improve our services.

What is their purpose?

Cookies enable recording information about your visit of our websites and mobile apps, so that your next visit will be easier and faster.

In particular, cookies:

  • help effectively navigate on websites or apps, personalize, store preferences and generally improve user experience from websites;
  • enable to distinguish whether a particular user has already visited the website in past or he/she is a new visitor.

Do I have to give my consent to cookies?

This website stores only the cookies required for operation of the website and provides functions necessary for use of the website. No user consent is required to use these essential cookies.

UniCRE does not use third-party cookies.

How long will cookies stay in my computer?

We use relational cookies (session cookies) on our website. These cookies are temporary. They save to your browser's cookie only until you quit your browser. These cookies are necessary for proper functioning of websites or associated applications.

Can I reject cookies?

You can disable cookies in your browser settings or you can set using only some selected ones. However, if you do not allow the UniCRE to use cookies, some features of the website may not work properly.

You can find privacy settings in your browser's menu. There you can reject or disable cookies.