Information relating data processing and data protection

Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as „GDPR“) University of Ostrava provides data subjects (natural persons) with this information relating data processing and data protection in respect of the Central European Number Theory Conference.

1. Purpose of this Information

University of Ostrava provides data subjects (natural persons) with information relating data processing and data protection in order to comply with the legal obligations stipulated by the GDPR.

2. General Information

University of Ostrava provides data subjects (natural persons) with general information relating data processing and data protection through its public website, which could be accessed by URL address https://www.osu.cz/gdpr.

University of Ostrava provides data subjects (natural persons) with more specific and detailed information relating data processing and data protection via its particular bodies (departments, faculties, institutes, and facilities) and/or via their constitutive bodies (departments, centres, sections, and units).

3. Controller

University of Ostrava is the controller of all personal data which have been obtained (received, transferred) by her.

University of Ostrava is a legal person, a public university established by the Act no. 314/1991 Coll., ID no. 61988987, address of headquarters (rectorate) Dvořákova 7, 701 03, Ostrava, Czech Republic.

4. Contact Details of Controller

Contact details of the University of Ostrava as the controller are as follows:

  1. Address of headquarters (rectorate): Dvořákova 7, 701 03, Ostrava, Czech Republic
  2. Data mailbox information system ID: 37gj9fm
  3. Phone numbers: +420 597 091 111, +420 553 461 111
  4. E-mail addresses: info@osu.cz, studium@osu.cz, podatelna@osu.cz

5. Data Protection Officer

University of Ostrava has designated Jan Humpolík as its own data protection officer (DPO).

Anybody, whose personal data are being processed by the University of Ostrava, has the right to contact data protection officer with regard to all issues related to processing of personal data and to exercise of rights under the GDPR.

6. Contact Details of the DPO

Contact details of the DPO are as follows:

  1. Workplace: University of Ostrava, Headquarters, Legal Department
  2. Address of workplace: Dvořákova 7, 701 03, Ostrava, Czech Republic
  3. Data mailbox information system ID: 37gj9fm
  4. Phone number: +420 553 461 042
  5. E-mail address: gdpr@helpdesk.osu.cz

7. Categories of Personal Data

Regarding to the Central European Number Theory Conference, University of Ostrava through its Department of Mathematics obtains these categories of personal data:

Identification Data
Name, second name, surname, maiden name, former name, sex.

Contact Data

E-mail address (personal or affiliated with or provided by parent university or institution), and the name of the parent university or institution together with the city and the country (state).

Communication Data

IP address, date and time of communication via internet.

Visual Data

Photos and videos including face and body of the participants.

8. Extent of Data Processing

University of Ostrava processes only such amount of personal data necessary for attaining the specific purpose or legitimate interest. University of Ostrava does not process any personal data which are clearly unnecessary for attaining the specific purpose or legitimate interest. University of Ostrava ceases to process any personal data which have become demonstrably unnecessary for attaining the specific purpose or legitimate interest.

9. Purpose of Data Processing

University of Ostrava processes all personal data listed in section 7 of this document in order to attain the specific purpose of holding Central European Number Theory Conference and all necessary activities attached to this purpose, especially:

  1. Planning and organizing of the conference
  2. Executing of the application procedure
  3. Executing of marketing and documentation

10. Personal Data Processing

Application Procedure

University of Ostrava maintains its own web based (online) program intended for facilitating of application procedure. Every applicant willing to participate in the conference is registered by himself or herself or by his or her parent university (institution) through the web based (online) program. University of Ostrava obtains all personal data listed in the section 7 of this document, except personal data identified as “Visual Data”, during the said online application procedure. All personal data are stored exclusively on disk space (servers) belonging to the University of Ostrava. No personal data are transferred to other persons (recipients or third parties) unless exceptions listed in the section 12 of this document.

Marketing and Documentation

University of Ostrava processes personal data listed in the section 7 of this document, which are identified as “Visual Data”, by taking photos and videos of participants during conference. University of Ostrava may publish these personal data through several channels, including its own website and profiles on social sites (Facebook, Twitter, Instagram, LinkedIn, YouTube). University of Ostrava may publish these personal data through its printed materials as leaflets, posters, banners, brochures, and books. Additionally, University of Ostrava may share some of these personal data with the Union of Czech Mathematicians and Physicists or other partner universities and institutions.

University of Ostrava may process personal data listed in the section 7 of this document, which are identified as “Contact Data”, by sending emails advertising products or services provided by sponsors of the conference. University of Ostrava however shall refrain from any transfer or sharing these personal data with the said sponsors. University of Ostrava shall perform this kind of marketing in a very limited and reasonable manner.

University of Ostrava may process personal data listed in the section 7 of this document, which are identified as “Identification Data”, together with the name of parent university or institution by publishing them on its own website dedicated to the conference in the section comprising of former participants.

11. Data Storing

University of Ostrava stores personal data
listed in section 7 of this document for the periods of time as defined bellow:

  1. 30 days starting with the moment of initiation of communication between the University of Ostrava and any person by electronic means, especially by e-mail or telephone. University of Ostrava obtains only such personal data listed in section 7 of this document, which are identified as “Communication Data”, in the aforementioned manner. Obtaining of personal data cannot be prevented by any technical means because it is an essential feature of the electronic communication and thus its inevitable consequence. University of Ostrava stores these personal data for the period of time usually not exceeding one week, in exceptional cases not exceeding 30 days.
  2. 10 years starting with creation of documents relating to accounting or taxes. University of Ostrava is subject to the laws and regulations pertaining accounting practices, and duties, levies, and taxes. Pursuant to these binding legal documents (norms) University of Ostrava is required to store certain personal data for up to 10 years, when monetary payments
    are involved.
  3. The period of public availability starting with the moment of publishing the personal data defined in the section 10 of this document in the manner specified also there. The personal data will be stored for as long as the websites and profiles of the University of Ostrava shall exist and be maintained, therefore for indefinite period of time.

12. Recipients and Third Parties

University of Ostrava sends all personal data listed in section 7 of this document, solely to the recipients (third parties) listed below:

  1. Public authorities. This term encompasses all public order and criminal investigation bodies and agencies (police, public prosecutors, courts of law), financial administration (tax offices and directorates), customs administration (customs offices and directorates), other public authorities (ministries, government departments and agencies, offices, and inspections). University of Ostrava sends personal data to the aforementioned public authorities only if this processing is necessary for compliance with the legal obligation to which the University of Ostrava is subject and only in the extent and manner defined by the laws and regulations.
  2. Partner organisation or institution. University of Ostrava holds the said conference in close cooperation with other universities, therefore it is vital for her to transfer and share almost all personal data obtained with her partners. However, all the partner universities are bound by the same legal framework, especially the GDPR, and process all received personal data accordingly.

13. Lawfulness

University of Ostrava processes all obtained (received, transferred) personal data on the legal basis consisting of these legal purposes:

  1. Necessity for the performance of the contract. University of Ostrava processes all obtained personal data in order to enter into a relationship (e. g. contract) with individual participants of the conference. Under the terms of this relationship all subsequent activities listed in the section 9 of this document are performed. As the processing of personal data is inevitable condition for establishing and maintaining such relationship, lawfulness of this processing is upheld.
  2. Necessity for purposes of legitimate interests. University of Ostrava processes all obtained personal data in order to hold academic conference with all activities attached to it. As the processing of the personal data is inevitable condition for every academic endeavour and University of Ostrava is undoubtedly an academic institution, the personal data processing constitutes its legitimate interest, and therefore its lawfulness is upheld.

14. Legal Basis

University of Ostrava processes all obtained (received, transferred) personal data on the legal basis consisting of these binding legal documents (norms):

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  2. Act no. 101/2000 Coll., Personal Data Protection Act, as amended.

15. Rights under the GDPR

Anybody, whose personal data are being processed by the University of Ostrava, has these rights relating his or her personal data conferred on him or her by the GDPR:

  1. Right to access
  2. Right to rectification
  3. Right to erasure
  4. Right to restriction of processing
  5. Right to data portability
  6. Right to object
  7. Right to lodge a complaint with a supervisory authority

The aforementioned rights could be exercised via Data Protection Officer of the University of Ostrava, whose contacts are listed in the section 6 of this document.