Data Protection

Preface

CERGE-EI is a joint workplace of CERGE – a university institute of Charles University – and the Economics Institute (EI) of the Czech Academy of Sciences – a public research institution. For CERGE, data protection falls fully under Charles University which has its Data Protection manifest available at https://www.cuni.cz/UK-9056.html (in Czech) and at https://cuni.cz/UKEN-903.html (in English). The Data Protection manifest of the Economics Institute is available at http://www.ei.cas.cz/o-nas/ochrana-osobnich-udaju (in Czech language). Under the CERGE-EI umbrella, CERGE and EI share the key principles of data protection described below.

GDPR instructions & documents & knowledgebase for CERGE-EI employees and students

Data Controllers

In accordance with the General Data Protection Regulation (the "GDPR") and Czech laws related to data protection (the "Data Protection Laws" in general), we are Data Controllers as we determine the purposes for which, and the manner in which, any personal data is, or is likely to be, processed.

Specifically, the administrators of personal data are Univerzita Karlova, registered at Ovocný trh 560/5, 116 36 Praha 1, IČO: 00216208 (for CERGE); and Národohospodářský ústav AV ČR, v. v. i., registered at Politických vězňů 936/7, 111 21 Praha 1, IČO: 67985998 (for EI).

Data processing principles

In order to comply with our contractual, statutory, and management obligations and responsibilities, we need to process personal data relating to our employees and students, including ‘sensitive’ or ‘special’ categories of personal data, as defined in the GDPR. All personal data will be processed in accordance with the GDPR. 

The term ‘processing’ refers to all actions related to the handling of personal data and therefore includes collection, the holding and use of such data, as well as access and disclosure, through to final destruction. Staff should be aware that in certain circumstances, the GDPR permit us to process an employee’s personal data, and, in certain circumstances, sensitive personal data, without their explicit consent.

We will handle your personal data in accordance with the principles set out below:

Lawfulness, fairness and transparency (data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject); purpose limitation (data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes); data minimisation (data processing shall be limited to what is necessary in relation to the purposes for which they are processed); accuracy (data shall be kept accurate and, where necessary, kept up to date); integrity and confidentiality (data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures).

The Data Protection Laws require us to take reasonable steps to ensure that any personal data we process is accurate and up-to-date. Employees are responsible for informing us of any changes to the personal data that they have supplied during the course of their employment.

We do not use automated processing and decision making without manual intervention.

Purpose of processing

In fulfilling our mission, we process personal data for the following purposes:

  • To enable us to provide education and support services to our students and staff.
  • Undertaking research and fundraising.
  • Advertising and promoting CERGE and EI and the services we offer.
  • Publication of newsletters and alumni relations.
  • To provide access to relevant systems to undertake staff, supervisory, executive and other roles.
  • To fulfil our obligations for the contract of employment.
  • Processing recruitment applications.
  • Talent, performance and succession planning.
  • Paying and reviewing salary and other remuneration and benefits.
  • Internal audit and data collection.
  • Ensuring IT infrastructure compliance, reliability and systems protection. 
  • Use of CCTV systems to monitor and collect visual images for the purposes of security and the prevention and detection of crime
  • Ensuring legalities of employment contracts and relationships.
  • Maintaining sickness and other absence records.
  • Providing references and information to future employers and, if necessary, governmental bodies.
  • Processing information regarding equality of opportunity and treatment of data subjects in line with the monitoring of equal opportunities and access.
 

The information we process may be held on our institutional systems some of which may be owned and operated by third parties.  Where we engage with such third parties, we insist upon strict contractual requirements to be adhered to by them to protect the personal data.

Legal basis

 

Data Protection Laws require that we meet certain conditions before we are allowed to use your data in the manner described in this notice, including having a 'legal basis' for the processing. The legal bases on which your personal data are collected or processed:

  • is necessary to comply with a legal obligation of the data controller;
  • is necessary for carrying out or entering into a contract with the data subject;
  • is necessary to protect someone’s vital interests;
  • has been consented to by the data subject;
  • is necessary for the public interest or in the exercise of official authority; or
  • is necessary for pursuing the controller’s legitimate interests (except where overridden by the interests or rights of the data subject).

Statutory responsibilities

We may process your personal data in order to meet responsibilities imposed on us by legislation. The personal data processed to meet statutory responsibilities includes, but is not limited to, data relating to tax; health insurance; statutory sick pay; statutory maternity pay; family leave; work permits; and equal opportunities monitoring.

Retention of your data

CERGE and EI will retain your data according to its data retention schedule which follows laws and legal purposes.

Your rights

You have the following rights in relation to your personal data:

  • to access personal data held by us about you;
  • to require us to rectify any inaccurate personal data held by us about you;
  • to require us to erase personal data held by us about you.  This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data;
  • to restrict our processing of personal data held by us about you.  This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims;
  • to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organization;
  • to object to our processing of personal data held by us about you;
  • to withdraw your consent, where we are relying on it to use your personal data;
  • to ask us not to use information about you in a way that allows computers to make decisions about you and ask us to stop.

Requesting information

As noted above, you have the right to access information held about you. Your right of access can be exercised at any time by contacting us.

If you have any questions or wish to exercise your rights in the area of data protection, you can contact us at our premises, at This email address is being protected from spambots. You need JavaScript enabled to view it.,or you can contact the Data Protection Officer of Charles University at This email address is being protected from spambots. You need JavaScript enabled to view it..