Information on the processing of personal data within the Occupational Safety Research Institute
INTRODUCTION
Any personal data handling within the Research Institute of Occupational Safety is governed by applicable legislation, in particular by Regulation of the European Parliament and of the Council No. 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and on repealing Directive 95/46/EC when this general regulation was replaced on 25 May 2018 by Act No. 101/2000 Coll. On the Protection of Personal Data, which stipulated obligations and rights in the processing of personal data.
The Occupational Safety Research Institute (hereinafter also referred to as VÚBP), as the controller of personal data (hereinafter also referred to as the “Controller”), hereby informs the users of its website and parties interested in its services (hereinafter referred to as the “Data Subject”) about the principles of personal data protection in the manner and to the extent stipulated by the valid legal regulations of the Czech Republic and the European Union.
PURPOSE OF PERSONAL DATA PROCESSING
VÚBP processes the personal data of the Data Subject for the purpose of carrying out its activities on the basis of Act No. 341/2005 Coll., On Public Research Institutions, as amended. Specifically, the following activities are involved:
- main (research) activities;
- other (non-research) activities for founders;
- other activities authorized by the founder, e.g. training, courses, proficiency tests to perform tasks in risk prevention pursuant to Act No. 309/2006 Coll., as amended, proficiency tests of natural persons for the activities of an occupational safety and health coordinator on site according to Act No. 309/2006 Coll., as amended, elaboration of opinions on safety documentation drafts and opinions to assess major accident risks pursuant to Act No. 224/2015 Coll., consultancy, etc.;
Personal data is also processed for the purposes of the selection procedure for a job at VÚBP. This concerns personal data listed in the submitted CV (hereinafter the CV); sending the CV for the purpose of the selection procedure is considered as a consent to the processing of personal data in the CV. If the applicant is not selected in the selection procedure, his or her CV will be disposed of.
SCOPE OF PERSONAL DATA PROCESSED
VÚBP processes personal data it obtains from the Data Subject on the basis of fulfilling contractual relationships in the framework of the main, additional and other activities of a public research institution pursuant to Act No. 341/2005 Coll., On Public Research Institutions, as amended.
This particularly includes identification data (e.g. name, surname, date of birth, permanent address), contact information (e.g. address, telephone number, e-mail) and other data necessary for proper performance of all activities and fulfilment of contractual obligations in the provision of services.
Personal data is processed to the extent to which it is provided to the Controller.
PERIOD OF PERSONAL DATA PROCESSING
Personal data will be processed for as long as the Controller is obliged/authorized under special regulations to keep such data, or for the time necessary to ensure mutual rights and obligations arising from the contractual obligations.
METHODS OF PERSONAL DATA PROCESSING AND SECURING
VÚBP only processes personal data provided by the Data Subject voluntarily, such as web forms (requests), via e-mail (order, request), etc., and only for the purposes for which they were provided to the Controller, e.g. when processing a query response.
Personal data is processed both using computer technology and manually by the Controller’s employees, while adhering to all security principles for the management and processing of personal data. The personal data collected is not made available by VÚBP to third parties. However, in exceptional cases it may be made available to the competent public authorities and to entities who have a legal right to request such information from the Controller.
All personal data provided by the Data Subject to the Controller is secured by standard procedures and technologies. VÚBP uses security measures that can be reasonably required from the Controller in view of the state of the art of technologies in order to minimize the risk of unauthorized access to the personal data provided.
INSTRUCTIONS ON THE RIGHTS OF DATA SUBJECTS
The Data Subject shall have the right to ask the Controller to provide information on the processing of his or her personal data.
The Data Subject shall have the right to have the Controller rectify inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the Data Subject shall also have the right to have incomplete personal data completed, even by providing an additional declaration.
The Data Subject shall have the right to have the Controller delete personal data concerning the Data Subject without undue delay and the Controller shall be obliged to delete personal data without undue delay if this is for one of the reasons laid down in the General Data Protection Regulation.
The Data Subject shall have the right to request that the Controller restrict the processing of personal data in the cases provided for by the General Data Protection Regulation.
The Data Subject shall have the right to object to the processing of personal data concerning him or her when the Controller is processing personal data for the following reasons:
- processing is necessary for the fulfilment of a task carried out in the public interest or in the exercise of official authority entrusted to the Controller;
- processing is necessary for the legitimate interests of the Controller or a third party;
- for direct marketing purposes;
- for scientific or historical research purposes or for statistical purposes.
The Data Subject shall have the right to obtain personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller without the Controller preventing it in the cases provided for by the General Protection Regulation.
If the processing of personal data is based on the consent to the processing of personal data provided by the Data Subject, that Data Subject shall have the right to revoke that consent at any time.
If the Data Subject considers that there has been a breach of legislation in relation to the protection of his or her personal data, he or she shall have the right to file a complaint with a supervisory authority. The Supervisory Authority in the Czech Republic is the Office for Personal Data Protection.
Contact to VÚBP Data Protection Officer
e-mail: gdpr@vubp.cz