Data Protection Information

Palacký University in Olomouc is obliged to handle the personal data it manages properly; personal data refers to any information relating to identifiable living physical persons (individuals). Examples of such personal data processed by the university include information about students’ schedules or their academic performance, data related to the employment matters of university staff, data concerning research participants, as well as, for example, data on visitors to certain events (data of individuals registered, for instance, as part of accreditation for the AFO festival, etc.).

The field of personal data protection is regulated by the General Data Protection Regulation (GDPR) and Act No. 110/2019 Coll., on the Processing of Personal Data. 

In general, the entire personal data processing system is based on several fundamental principles. As a data controller, the University processes personal data only if it has a legitimate basis for doing so or the consent of the data subject, for specific, defined purposes, and to the extent necessary to achieve those purposes. The University ensures conditions for the proper security of personal data and also ensures that personal data is not retained longer than is strictly necessary. The University must also strive to make basic information about the nature of the University’s processing of personal data available to data subjects.

Every university employee is required to comply with the established rules for the processing of personal data. If an employee is unsure, they may direct any questions regarding the rules for the protection and processing of personal data to the Data Protection Officer at the e-mail address dpo@upol.cz.

Similarly, individuals whose personal data is processed by the university may also contact the Data Protection Officer to clarify any questions or to exercise any of the rights set forth in the aforementioned legal regulations.

The area of personal data protection is regulated by several so-called internal standards of UP. These include, in particular, the following internal standards (in Czech):

• Personal Data Protection at Palacký University Olomouc
• Operation of the CCTV System at Palacký University Olomouc
• Information Security and Its Management System at Palacký University Olomouc

The Data Protection Officer has also issued this opinion (in Czech) regarding personal data in connection with the organization of public events.

Sample documents related to personal data protection are available in the UPShare system at this link.

If you discover or have reasonable grounds to suspect that a personal data breach has occurred (i.e., that there has been a loss of data integrity, for example), please report this to the Data Protection Officer, Mgr. Františka Sandroni, and, if applicable, also to the Data Protection Guarantor, if one has been appointed at the relevant UP unit.

Notifications should be made by filling out this form and sending it to dpo@upol.cz. The Data Protection Officer can also be contacted by phone at 585 631 187.

The Data Protection Officer offers, among other things:

• consulting on personal data processing and personal data protection in various areas
• preparation of forms, contractual agreements, templates, consent forms for processing, or information memoranda regarding the processing of personal data,
• cooperation in the preparation of so-called inter-controller agreements on the processing of personal data, data processing agreements with processors, and other contractual documents related to the processing of personal data
• consulting on personal data processing in science and research with the aim of ensuring that the processing of research participants’ personal data complies with legislation and providing research participants with the necessary information regarding personal data processing
• raising awareness and providing professional training for employees involved in personal data processing operations, specifically employee training and methodological assistance