GDPR - Employees

Palacký University Olomouc, Křížkovského 511/8, 779 00 Olomouc, Czech Republic (hereinafter referred to as "Palacký University", "UP" or "we"), acting as the controller of personal data, hereby informs data subjects ("data subjects" or "you") about the processing of your personal data by UP and your rights in connection with such processing.

The protection of personal data is important to UP. We process your personal data in accordance with applicable legal regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR").

If you have any questions or requests regarding the processing and protection of your personal data, please contact our Data Protection Officer. The Data Protection Officer (DPO) ensures that the processing of your personal data is carried out in accordance with applicable legal regulations and the internal UP standard Protection of Personal Data at Palacký University Olomouc.

Why and on what legal basis does UP process my personal data?

Palacký University Olomouc processes your personal data for the following purposes:

  • Conclusion of an employment contract and performance of the obligations arising from it
    • Performance of a contract (Article 6(1)(b) GDPR)
    • Compliance with UP's legal obligations (Article 6(1)(c) GDPR)
  • Fulfilment of obligations under employment law, social security law and tax law
    • Compliance with UP's legal obligations (Article 6(1)(c) GDPR)
  • Protection of UP's legitimate interests, and the security and administration of IT systems (e.g. operation of camera systems — see Operation of the Camera System at Palacký University Olomouc)
    • Legitimate interests of UP (Article 6(1)(f) GDPR)

As an employee, you are not obliged to provide us with your personal data; however, without it we cannot establish or properly manage an employment relationship.

What personal data does UP process about me?

UP processes only the personal data that is necessary for the employment relationship, to the extent specified in the employee personal questionnaire and to the extent of personal data obtained or generated in the course of, or in connection with, the performance of work activities. This includes:

  1. Identification data (e.g. name, surname, title, date of birth)
  2. Contact details (e.g. address, telephone number, email address)
  3. Employment data (e.g. job classification, salary data, employment contract)
  4. Professional qualifications data (e.g. education, professional experience, certificates)
  5. Data generated during the performance of work (e.g. attendance records, work reports)
  6. Health data (e.g. medical reports and records of work-related injuries — processed for the purposes of record-keeping under employment law, sickness, pension and accident insurance, provision of health services, protection of public health, and the enforcement of legal claims)
  7. Integrity data (only for positions where a criminal background check is required and there is a factual justification based on the nature of the work, processed exclusively in accordance with UP's rights as an employer under Section 316(4)(h) of Act No. 262/2006 Coll., the Labour Code, as amended)
  8. Trade union membership data (only where the employee has given consent for the purpose of processing membership fees)
  9. Operational and location data (data from electronic systems relating to a specific data subject — e.g. data on the use of information systems, data traffic and electronic communications, telephone use, access to premises, CCTV recordings)

How long does UP retain my personal data?

We retain your personal data only for as long as is necessary for the specific purpose for which it is processed. Once the retention period has expired or the purpose has been fulfilled, we will delete or anonymise your personal data — that is, modify it in such a way that it can no longer be linked to you. This does not apply to personal data that must be archived for a specified period in accordance with applicable legal regulations.

To whom is my personal data disclosed?

UP discloses personal data only where necessary, to the following categories of recipients:

  • Public authorities (e.g. Czech Social Security Administration, tax office, health insurance companies)
  • Contractual partners (e.g. training providers, employee meal voucher providers)
  • IT administrators and software providers (for the purpose of operating information systems)

Data is always disclosed only to the extent necessary and with due regard for the protection of your privacy. An up-to-date list of data processors is available upon request. Please note that the list of UP's processors may change and be updated over time.

Is my personal data transferred outside the EEA?

As a general rule, UP does not transfer personal data outside the European Economic Area (EEA). Exceptions may arise where an employee is working on an international project or collaborating with a foreign institution. In such cases, UP will ensure that appropriate safeguards are in place (e.g. by concluding standard contractual clauses with the recipient of the personal data).

Keeping your personal data up to date

We will make reasonable efforts to ensure the accuracy of your personal data. You can help us by providing accurate, truthful and current information. If you believe that any information processed by UP is inaccurate, incorrect or out of date, please let us know so that we can take corrective action.

What are my rights and how can I exercise them?

In accordance with the GDPR, employees have the following rights:

1. Right of access to personal data (Article 15 GDPR) You have the right to obtain confirmation as to whether UP processes your personal data and, if so, to access that data and the information specified in Article 15(1)(a) to (h) GDPR. UP provides confirmation of processing and the first copy of your personal data free of charge.

2. Right to rectification (Article 16 GDPR) You have the right to request the correction of inaccurate personal data or the completion of incomplete or out-of-date data.

3. Right to erasure — "right to be forgotten" (Article 17 GDPR) You have the right to request that UP erase your personal data without undue delay where the conditions of Article 17 GDPR are met (e.g. where the data is no longer necessary for the purpose for which it was collected).

4. Right to restriction of processing (Article 18 GDPR) Where the conditions of Article 18 GDPR are met, you may request that the processing of your personal data be restricted.

5. Right to information about recipients of personal data (Article 19 GDPR) You may request that UP inform you of the recipients to whom your personal data has been disclosed, and to whom any rectification, completion, erasure or restriction of processing has subsequently been communicated.

6. Right to data portability (Article 20 GDPR) Where UP processes your data on the basis of consent or a contract and the processing is carried out by automated means, you may request that your data be provided in a structured format or transferred to another controller.

7. Right to object (Article 21 GDPR) Where UP processes your personal data for the performance of a task carried out in the public interest, in the exercise of official authority, or on the basis of its legitimate interests, you have the right to object to such processing. In that case, UP must demonstrate compelling legitimate grounds for continuing the processing.

8. Right to be notified of a personal data breach (Article 34 GDPR) Where a personal data breach is likely to result in a high risk to your rights and freedoms, UP is obliged to notify you without undue delay.

How to exercise your rights: Requests may be sent to the UP Data Protection Officer at: dpo@upol.cz. You may also contact the DPO by telephone: 585 631 187.

Privacy settings

We use cookies and any other network identifiers on our website that may contain personal data (e.g. about how you browse our website). We and some of the service providers we use have access to or store this data on your device. This data helps us to operate and improve our services. For some purposes, your consent is required to process data collected in this way. You can change or revoke your consent at any time (see the link at the bottom the page).

(Essential cookies enable basic functions and are necessary for the website to function properly.)
(Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website.)
(They are designed for promotional purposes, measuring the success of promotional campaigns, etc.)