Appendix No. 3 Rector’s Directive No. 19/2022 ****************************************************************************************** * Information on the Processing and Protection of Personal Data ****************************************************************************************** The administrator of users’ personal data is Charles University in a system which comprise Library of Charles University (“CU”) and libraries, institutes of scientific information, scientific information centres of faculties and other units (“sectional libraries”) collec CU Library. *========================================================================================= * Article 1 – Extent of Personal Data Processed *========================================================================================= 1.The CU Library processes the personal data of users to the extent as follows: a.Identification data: first name and surname, academic degrees, date of birth, photo, a address. b.Contact data: delivery address, address of place of work, email address, phone number. c.Service data: personal number, identity card number (barcode), record of transactions the circulation desk, loans (including history), requests, overdue notices, payment tr (including their purpose, date, time, and other elements), connection sessions, histor and logs. *========================================================================================= * Article 2 – Changes in Personal Data *========================================================================================= 1.Users inform the personal data administrator (study registry or HR office of the relevan changes to their identification and contact personal data without undue delay. Users who the External User Card inform the staff of a sectional library of changes to their ident contact personal data. *========================================================================================= * Article 3 – Purpose of Personal Data Processing *========================================================================================= 1.The CU Library processes personal data for the purpose of providing library and informat users, informing users about services and the CU library events, and protecting property collection. Contact data are used by the CU Library for communication with users and for enforcement of claims. Service data are used by the CU Library for statistical purposes evaluation of users’ satisfaction. *========================================================================================= * Article 4 – Rights of Users as Personal Data Subjects *========================================================================================= 1.Users have a right to apply for information as to which of their personal data are proce to request the revision or removal of personal data if they are invalid or outdated. Use right to request that their personal data not be processed before the decision on validi mentioned requirements is made. During such suspension of the processing of their person not possible to provide to users the services of the CU Library under the Charles Univer Circulation Rules. Users have the right to file a complaint with the supervisory authori 2.Upon request, the CU Library provides the user with a copy of the processed data or enab inspection of the contract for the provision of services (user’s application) and other stores. 3.When dealing with an application, a designated member of the CU Library staff communicat with the user regarding the personal data mentioned in the previous Article (Purpose of Processing). A designated staff member may provide the user with information as to which data are processed, assess a request for the revision or removal of personal data of the are invalid or outdated. Upon written request, a designated staff member may provide the data to another personal data administrator. The designated staff member must record suc if the user’s personal data are provided to another administrator, record such fact. 4.All users’ complaints or other requests regarding the protection of personal data at CU with the Rector’s Directive Principles and Rules of Personal Data Protection, as amended of by the data protection officer. Users’ requests are referred to the data protection o of any uncertainty. The designated member of the CU Library is obliged to co-operate ful protection officer when dealing with any enquiry, request, or complaint from the user. *========================================================================================= * Article 5 – How Long Personal Data is Kept *========================================================================================= 1.The CU Library keeps personal data of users for the period of registration and one year after its termination. Where the user does not have any obligations to the CU Library (d returned, unpaid fines, does not use the Discovery system services, etc.) his personal d deleted. Users may require the removal of their data earlier if they no longer wish to u of the CU Library. Personal data in electronic form are removed by erasure (rendered ano the exception of such personal data which the CU Library needs for the enforcement of cl user. Paper documents with personal data are shredded under the Records Management Rules *========================================================================================= * Article 6 – Security of Personal Data *========================================================================================= 1.Access to personal data is restricted to employees whose work duty is to work with them. does not transfer personal data to any third party. The prior written consent of the use for the transfer of personal data to a third party. 2.The CU Library keeps personal data in an electronic form in the system and on the comput of the CU Library. Access to these data is protected by a system of access accounts, pas rights which are determined to the extent required for the fulfilment of individual empl 3.The CU Library keeps personal data in the form of paper documents by normal means so tha unauthorised persons cannot access them. *========================================================================================= * Article 7 – Additional Information *========================================================================================= 1.The CU Library processes personal data on the basis of a contract for the provision of s application) made with the user in written or electronic form according to: a.Regulation (EU) 2016/679 of the European Parliament and of the Council on the protecti persons with regard to the processing of personal data and on the free movement of suc repealing Directive 95/46/EC known as GDPR (General Regulation); b.Act No. 110/2019 Sb., on the Processing of Personal Data; c.Rector’s Directive No. 16/2018 Principles and Rules of Personal Data Protection. 2.More information on the processing and protection of personal data at CU may be found on accessible part of the Charles University website. Users having complaints may contact t protection officer of Charles University via email at gdpr@cuni.cz [ URL "http://gdpr@cuni.cz"] . The supervisory authority in charge of perso protection is the Office for Personal Data Protection. .pdf to download [ URL "UKEN-1608-version1-final_priloha_3_novy_kr_20220826.pdf"] .doc to download [ URL "UKEN-1608-version1-final_priloha_3_novy_kr_20220826.docx"] https://www.cuni.cz/UK-9014.html https://www.gdpr.cz/gdpr/heslo/anonymizovane-osobni-udaje https://cuni.cz/UK-9778.html https://www.uoou.cz/gdpr-obecne-narizeni/ds-3938/p1=3938 https://www.uoou.cz/assets/File.ashx?id_org=200144&id_dokumenty=33840 https://www.cuni.cz/UK-9014.html https://www.cuni.cz/UK-9056.html https://www.uoou.cz