The administrator of users’ personal data is Charles University in a system which comprises the Central Library of Charles University (“CU”) and libraries, institutes of scientific information, and the scientific information centres of faculties and other units (“sectional libraries”) collectively called the CU Library.
The CU Library processes the personal data of users to the extent as follows:
a. |
Identification data: first name and surname, academic degrees, date of birth, photo, and permanent address. |
b. |
Contact data: delivery address, address of place of work, email address, phone number. |
c. |
Service data: personal number, identity card number (barcode), record of transactions performed at the circulation desk, loans (including history), requests, overdue notices, payment transactions (including their purpose, date, time, and other elements), connection sessions, history of sign in, and logs. |
Users inform the personal data administrator (study registry or HR office of the relevant faculty) of changes to their identification and contact personal data without undue delay. Users who make use of the External User Card inform the staff of a sectional library of changes to their identification and contact personal data.
The CU Library processes personal data for the purpose of providing library and information services to users, informing users about services and the CU library events, and protecting property and the library collection. Contact data are used by the CU Library for communication with users and for possible enforcement of claims. Service data are used by the CU Library for statistical purposes and for the evaluation of users’ satisfaction.
Users have a right to apply for information as to which of their personal data are processed, and to request the revision or removal of personal data if they are invalid or outdated. Users have the right to request that their personal data not be processed before the decision on validity of the mentioned requirements is made. During such suspension of the processing of their personal data, it is not possible to provide to users the services of the CU Library under the Charles University Library and Circulation Rules. Users have the right to file a complaint with the supervisory authority.
Upon request, the CU Library provides the user with a copy of the processed data or enables the inspection of the contract for the provision of services (user’s application) and other documents it stores.
When dealing with an application, a designated member of the CU Library staff communicates directly with the user regarding the personal data mentioned in the previous Article (Purpose of Personal Data Processing). A designated staff member may provide the user with information as to which of his personal data are processed, assess a request for the revision or removal of personal data of the user if they are invalid or outdated. Upon written request, a designated staff member may provide the user’s personal data to another personal data administrator. The designated staff member must record such request and, if the user’s personal data are provided to another administrator, record such fact.
All users’ complaints or other requests regarding the protection of personal data at CU in accordance with the Rector’s Directive Principles and Rules of Personal Data Protection,1 as amended, are disposed of by the data protection officer. Users’ requests are referred to the data protection officer in case of any uncertainty. The designated member of the CU Library is obliged to co-operate fully with the data protection officer when dealing with any enquiry, request, or complaint from the user.
The CU Library keeps personal data of users for the period of registration and one year and a half after its termination. Where the user does not have any obligations to the CU Library (documents not returned, unpaid fines, does not use the Discovery system services, etc.) his personal data are then deleted. Users may require the removal of their data earlier if they no longer wish to use the services of the CU Library. Personal data in electronic form are removed by erasure (rendered anonymous),2 with the exception of such personal data which the CU Library needs for the enforcement of claims against the user. Paper documents with personal data are shredded under the Records Management Rules,3 as amended.
Access to personal data is restricted to employees whose work duty is to work with them. The CU Library does not transfer personal data to any third party. The prior written consent of the user is required for the transfer of personal data to a third party.
The CU Library keeps personal data in an electronic form in the system and on the computers of employees of the CU Library. Access to these data is protected by a system of access accounts, passwords, and rights which are determined to the extent required for the fulfilment of individual employees’ tasks.
The CU Library keeps personal data in the form of paper documents by normal means so that the unauthorised persons cannot access them.
The CU Library processes personal data on the basis of a contract for the provision of services (user’s application) made with the user in written or electronic form according to:
a. |
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC known as GDPR (General Regulation);4 |
b. |
Act No. 110/2019 Sb., on the Processing of Personal Data;5 |
c. |
Rector’s Directive No. 16/2018 Principles and Rules of Personal Data Protection.6 |
More information on the processing and protection of personal data at CU may be found on the publicly accessible part of the Charles University website.7 Users having complaints may contact the data protection officer of Charles University via email at
gdpr@cuni.cz. The supervisory authority in charge of personal data protection is the Office for Personal Data Protection.8
1 |
https://www.cuni.cz/UK-9014.html |
2 |
https://www.gdpr.cz/gdpr/heslo/anonymizovane-osobni-udaje |
3 |
https://cuni.cz/UK-9778.html |
4 |
https://www.uoou.cz/gdpr-obecne-narizeni/ds-3938/p1=3938 |
5 |
https://www.uoou.cz/assets/File.ashx?id_org=200144&id_dokumenty=33840 |
6 |
https://www.cuni.cz/UK-9014.html |
7 |
https://www.cuni.cz/UK-9056.html |
8 |
https://www.uoou.cz |