Regulations and Documents
The activities of the University are based primarily on the Higher Education Act (Act No. 111/1998 Sb., on higher education institutions and on amendments to other acts), which stipulates the basic principles of the functioning of higher education institutions and defines their purpose.
Other national acts and regulations that govern the University’s activities include:
Act No. 106/1999 Sb., on free access to information;
Act No. 101/2000 Sb., on protection of personal data and on amendments to related acts;
Act No. 218/2000 Sb., on budgetary rules and on amendments of related acts;
Act No. 130/2002 Sb., on the support of research and development from public funds and on amendments to related acts;
Act No. 500/2004 Sb., the Code of Administrative Procedure;
Act No. 137/2006 Sb., on public contracts.
Government Regulation No. 397/2009 Sb., on an information system for research, experimental development and innovation;
Government Regulation No. 274/2016 Sb., on standards for accreditation in higher education.
Ministry of Education, Youth and Sports Decree 42/1999 Sb., on the content of the application for accreditation of a degree programme.
The system of internal Charles University regulations includes:
-
Rector's directives, and
-
directives issued by the Bursar.
At the level of faculties and other parts of the University, the system of internal regulations is complemented by:
-
the internal regulations of the faculties or other parts, and
-
directives issued by the Dean or by the directors of the other parts.
The internal regulations of the University regulate the organization and activities of Charles University and delineate the status of members of the academic community. A university’s regulation of its own affairs with the help of its internal regulations is an expression of the right of public higher education institutions to practise self-administration; the internal regulations are adopted by the Academic Senate of the University. Once adopted, the internal regulations are also recorded by the Ministry of Education, Youth and Sports. The internal regulations of a university must be in compliance with the Higher Education Act and other legislation. The basic internal regulations are prescribed by the Higher Education Act. All other internal regulations of Charles University are determined by the University’s Constitution.
Unless regulated by legislation or by an internal University regulation, the internal regulations of a faculty regulate matters falling within the self-governing powers of the faculty and its relations with the University. The draft faculty internal regulations are submitted by the Dean to the Academic Senate of the faculty. Once approved by the faculty Senate, the faculty internal regulations must be approved by the Academic Senate of the University. The faculty internal regulations must be in compliance with the provisions of the Higher Education Act and the internal regulations of the University.
Besides University internal regulations, directives issued by the Rector, Bursar, Deans or the directors of other parts apply at the individual faculties or other parts. All these directives specify and implement the content of the internal regulations of the University, of the faculties and the other parts, and must be in compliance with them.
The Strategic Plan for 2026-2030 period follows up on the efforts of Charles University to be on par with international standards and to strengthen its position as a renowned research institution which can be benchmarked against the best. The plan reflects the rapidly changing situation in education and research, as well as the university’s role in society. It builds on the results of internal discussion within the university, as well as recommendations from our international peers.
Charles University Strategic Plan 2026-2030
"In order for Charles University to fulfil one of the purposes for which it was founded, namely to educate and uplift individuals, institutions, and society, it must manage and develop its own potential as best as possible. As a research university, all of its activities must be based on a profound understanding of the world, which grows out of a solid foundation of creative research and scientific knowledge. Science and research are key pillars of university life, as they shape the quality of teaching and education. As an integral part of the public sphere, it must continue to contribute to the quality of life in society, for example, in areas such as providing top-quality healthcare in university hospitals and other healthcare facilities, caring for future generations, whether in the form of training and continued education for primary and secondary school teachers or activities for children and young people, or supporting various groups in society through social services or volunteer activities.
Charles University fulfils its mission, as defined in its Constitution, thanks in part to its academic self-governance, which guarantees freedom of inquiry and expression and critical thinking. The university’s strategic plan, as envisaged by the Higher Education Act, is an opportunity for deeper reflection on everyday university life, as it expresses where Charles University should be heading in the upcoming period based on the challenges we currently face, past events, and its experiences.
The strategic plan of Charles University for 2026–2030 focuses on twelve key priorities in three areas. These vary in scope and in the demands required to achieve the set goals, but together they work towards creating the future of Charles University. Their selection is based on an awareness of where Charles University currently stands and is supported by the will to transcend today’s boundaries so that it can continue to actively shape the future of education, science, and research and contribute to the improvement of public life. Charles University is thus moving forward in the upcoming years as a confident, open, and socially responsible institution that is aware of its tradition and that is also firmly oriented towards the future. As the largest Czech university and as an established European university, it has an obligation to be a centre of excellence in education and research and, thanks to this, a trusted partner of society in addressing the fundamental challenges of the 21st century.
The extent to which we succeed in fulfilling what is set out in our strategic plan depends primarily on us, who have connected or will connect the academic or professional part of our lives with it, on the culture of the university as an institution that concentrates the knowledge and experience of generations, on the application of a critical spirit centred on truth, and on values anchored in what can, should, or ought to be, and last but not least, on the world in which we live."
— Introduction to the Strategic Plan for 2026-2030
The Annual Report provides a comprehensive overview of the University's activities, while the Annual Financial Report is an instrument for controlling its financial performance and the efficiency and expediency with which its resources are managed. The drafts of both Annual Report and Annual Financial Report are submitted by the Rector to the Academic Senate for approval.
Annual Reports
The following annual reports are available in Czech only:
Annual Financial Reports
The following annual reports are available in Czech only:
Charles University has 17 faculties (fourteen in Prague, two in Hradec Králové and one in Plzeň), four university institutes, five other departments for educational, scientific, research and development or other creative activities or for the provision of information services, three university-wide special-purpose facilities and the Rectorate as the executive management unit of the University.
In accordance with its historical dislocation, Charles University strives for its further development mainly in the form of the construction of so-called mini-campuses. The key intention is to concentrate capacities, provide modern instrumentation of university departments and better exploit synergies of disciplines cultivated at the university.
Over the last ten years, Charles University has invested a total of CZK 4 billion, of which more than CZK 600 million from its own resources (FRM). The reconstruction, modernisation and renovation of existing buildings was in many cases also a contribution to the protection of the historical cultural heritage of the Czech Republic.
The basis for investment and development activities is the documentation of the University-wide programme Development and renewal of the material and technical base of Charles University, which is prepared and continuously updated by the Department of Construction of the Rectorate.
The University’s strategic development goals mean that it must be well prepared not only to respond to developments in Czech tertiary education, but also to play a proactive role in influencing these developments. Moreover, the ongoing development of the University itself makes it essential to achieve a carefully judged balance between two parallel requirements: on the one hand the growing number of courses and the widening range of activities pursued at the University’s various faculties and centres, and on the other hand the need to strengthen the cohesion of the University as a unified entity.
Achieving these goals requires detailed analysis of current trends and impacts, including the use of benchmarking methods. One of the foundation stones of the University’s development strategy is its focus on development projects – including projects financed from EU Structural Funds.
(GDPR)
Information on the Processing and Protection of Personal Data at Charles University
1. Preamble
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – the GDPR – Charles University informs data subjects about the conditions under which personal data are processed.
2. Personal Data Controller
The personal data controller is Charles University, Ovocný trh 560/5, 116 36 Prague 1, ID no. 00216208, Tax ID no. CZ00216208, Databox ID: piyj9b4 (“Charles University”).
Charles University is a public institution of higher education, in accordance with Act no. 111/1998 Sb., on institutions of higher education, as amended. As a part of its mission, Charles University freely and independently carries out educational activities, and in relation thereto, research, development, innovative, artistic, or other creative activities, and activities associated therewith.
3. Data Protection Officer
The data protection officer at Charles University is Ing. Michal Merta, LL.M., MSc., MBA., , phone: +420 266 266 821.
Should you have any questions or requests concerning the processing and protection of your personal data, you may contact the data protection officer.
4. The principles for processing personal data at Charles University
Charles University considers the protection of personal data to be important and pays careful attention to it. We process your personal data only in the scope necessary for executing the university’s activities or in relation to the services you use at Charles University. We protect personal data to the maximum extent possible and in accordance with law. The principles and rules for processing personal data at Charles University are governed by Rector's Directive No. 16/2018 - Charles University (cuni.cz). The regulation applies the principles and rules arising from the GDPR:
| a. |
The principle of lawfulness, which requires that we always process your personal data in accordance with law and based on at least one legal title. |
| b. |
The principle of fairness and transparency, which requires that we process your personal data fairly and in a transparent manner and that we provide you information about the manner of their processing together with information about who has access to your data. This includes our obligation to inform you of any case of a serious breach of security or compromise relating to your personal data. |
| c. |
The principle of purpose limitation, which allows us to collect your personal data only for a clearly defined purpose. |
| d. |
The principle of data minimisation, which requires that we process personal data that is necessary, relevant, and adequate in relation to the purpose of the processing. |
| e. |
The principle of accuracy, which requires that we take all reasonable measures allowing us to ensure your personal data is regularly updated or corrected. |
| f. |
The principle of storage limitation, which requires that we store your personal data only for the period necessary for the specific purpose in relation to processing. As soon as the period or purpose for processing expires, we will delete your personal data or anonymized the data (altering the data so that they are no longer personally connected to you). |
| g. |
The principle of integrity and confidentiality, non-repudiation, and availability, which requires that we secure and protect your personal data against unauthorized or unlawful processing, loss, or destruction. For these reasons, we take technical and organizational measures for protecting your personal data. In addition, we ensure that only authorized staff has access to your personal data. |
| h. |
The principle of accountability, which requires that we are able to demonstrate compliance with all of the conditions stipulated above. |
5. For what purposes do we process personal data?
For fulfilling its mission, Charles University processes personal data for the following purposes:
a. Educational activities
-
Studies
-
Instruction
-
Entrance proceedings and exams
-
Exchange visits
-
Lifelong learning
-
Library services
b. Research, development, and creative activities
-
Research projects
-
Organizing academic conferences
-
iPublication and editorial activities
-
Procedures for attaining associate professorships and professorships
c. Administrative and operational organization
-
Human resources and wages
-
Finance and accounting
-
Property management
-
Operating agendas
-
E-infrastructure (computing and storage systems, computer networks, electronic mail, voice networks)
-
Providing information pursuant to Act no. 106/1999 Sb., on free access to information
-
Health and safety at the workplace, fire protection, crisis management, and the protection of citizens
-
Public procurement
d. Protection of property and security
-
Camera systems
-
Access to secure areas
-
Security monitoring for operation of the computer network
-
Handling security incidents
-
Building security
e. Commercial activities
-
Karolinum bookshop and UK Point
-
Charles University e-shop
-
Food and accommodation services
-
Commercial contracts
f. Information and promotional activities
-
Websites
-
Marketing and advertising
-
Alumni
-
Junior university
-
Healthcare activities
-
Operation of healthcare facilities
-
Operation of joint workplaces with university hospitals
6. Category of persons for which we process personal data
Charles University processes personal data for the following categories (data subjects):
| a. |
University staff (or a person in a legal relationship with the university), |
| b. |
Job applicants, |
| c. |
University applicants, |
| d. |
University students, |
| e. |
Former university students (including alumni), |
| f. |
Participants in the lifelong learning programme, |
| g. |
Students of other universities or students on short-term study visits at the university, |
| h. |
Business partners (suppliers, customers), |
| i. |
Researchers and contributors, |
| j. |
External co-workers (e.g. supervisors, co-researchers, co-authors), |
| k. |
Visitors or participants in events organized by the university, |
| l. |
Parties to administrative or court proceedings with the university, |
| m. |
A person requesting information, pursuant to Act no. 106/1999 Sb., on free access to information, |
| n. |
Other persons. |
7. Categories of processed personal data
Charles University processes personal data provided directly by private individuals (whether based on consent or other legal grounds) and other personal data created as a part of the activity of processing data and essential for securing the data. This could include the following categories of personal data:
| a. |
Address and identification data (first name, surname, date and place of birth, marital status, title, citizenship, address (including electronic addresses), telephone numbers, personal ID numbers, digital identifiers, signatures, etc.) |
| b. |
Descriptive data (education, foreign language knowledge, professional qualifications, knowledge and skills, number of children, portrait photos, video/audio recordings of persons, military service, former employment, health insurance company, membership in interest groups, criminal record, etc.) |
| c. |
Study data (records of studies and study activities, study results, awards) |
| d. |
Financial data (bank account number, wages, remuneration, fees, obligations and debts, orders, purchases, taxes, etc.) |
| e. |
Work-related data (records of work and work-related activities, employers, workplaces, assignments and positions, work assessments, awards, etc.) |
| f. |
Operational and location data (typically data from electronic systems relating to a specific data subject – e.g. data on the use of information systems, data operation and electronic communication, use of telephones, access to various areas, records from camera systems, etc.) |
| g. |
Data about the activities of a data subject (publication activity, professional activity, participation in conferences and projects, business travel or study visits, etc.) |
| h. |
Data about other persons (address and identification data for a family member, spouse, child, partner, etc.) |
| i. |
Special categories of personal data (sensitive personal data indicating one’s health status, membership in trade unions, etc.) |
8. Legal basis for processing personal data
Personal data as a part of the above activities are processed based on adequate legal grounds:
| a. |
Fulfilling legal obligations relating to the controller: We require your personal data in this case for the purpose of processing in order to fulfil our legislative obligation as the controller. It relates in particular to Act no. 111/1998 Sb., on institutions of higher education; Act no. 130/2002 Sb., on the support of research and development from public-sector funds; Act no. 262/2006 Sb., the Labour Code; Act no. 563/1991 Sb., on accounting; Act no. 127/2005 Sb., on electronic communication; Act no. 480/2004 Sb. on certain information-society services; Act no. 181/2014, on cybersecurity; and others. |
| b. |
Executing agreements: We require your personal data to enter into contractual relations and for executing the agreements, or also prior to entering into agreements. |
| c. |
Consent of the data subject: Consent that you have provided to process your personal data for one or more specific purposes. |
| d. |
The following authorized interest of the controller in particular: • The protection of property and preventing fraud, • The transfer of personal data within a segment of the university for internal administrative and operational purposes, • Providing security for the computer network and information. |
9. Transferring personal data
For the purpose of fulfilling legal obligations, Charles University may transfer select data for specific data subjects (e.g. to public authorities). This applies similarly to cases where authorization for transferring personal data inside Charles University has been provided by the individual consent of data subjects.
10. Period for storing personal data
Data are stored only for the period necessary in relation to the specific activity of processing personal data, and in accordance with the valid Archiving Procedures, the data are then destroyed or archived. We store the personal data that we process with your consent only for the duration of the purpose for which the consent was provided.
11. Rights of data subjects
The right of data subjects to information on processing
Data subjects are entitled to information on whether or not the controller processes their personal data and in what manner this processing is carried out.
The right to access personal data
If a controller processes the personal data of data subjects, the data subjects are entitled to obtain a copy of the data upon providing sufficient proof of their identity.
The right to corrections and supplementation
If the controller processes erroneous or outdated personal data, the controller is obliged to correct the data upon request of the data subjects.
The right to deletion (the right to “be forgotten”)
If consent was given to process data and there does not exist other legal grounds, or if the data subject believes that the controller no longer needs the personal data (because the purpose of the processing has expired), the data subject is entitled to request the termination of processing and deletion of the personal data.
The right to restricted processing
This involves restricting processing to just storing the data if the data subject contests the accuracy of the personal data and the controller needs an additional period for verifying the data or the data subject has objected to the processing based on the legitimate interest of the controller.
The right to data portability
The controller provides personal data in a structured, commonly used electronic format directly to the data subject. The controller may provide the personal data of a data subject to another controller only if it involves automated processing that is based on consent or an agreement, and if it is technically feasible.
The right to object
Data subjects may object to the processing of personal data that pertains to them only in the case of processing that is carried out in the public interest or based on the legitimate interest of the controller.
The right to review automated decisions
If data subjects are subject to decisions established solely on automated processing, they are entitled to review these decisions and any human intervention on the part of the controller.
The right to lodge complaints or to protection
Data subjects are entitled to lodge complaints against the processing of personal data with the supervisory authority (in the Czech Republic, this is the Office for Personal Data Protection) or to request court protection in relation to the supervisory authority, the controller, or the processor.
12. Exercising the rights of data subjects
Data subjects are entitled to exercise their rights arising from the GDPR, commencing on 25 May 2018. The data subjects must exercise their rights against the controller of personal data by sending a request to Charles University’s databox piyj9b4, by sending an e-mail to the officer , or by personal or electronic submission to the officer via the Registrar’s Office of Charles University. For more information on the manner of submission, visit the web page https://www.cuni.cz/UKEN-605.html.
Prior to processing the request, Charles University is entitled and obliged to verify the identity of the requesting party.
13. The right to lodge a complaint with the supervisory authority
Data subjects are entitled to lodge a complaint against the processing of personal data with the supervisory authority, which is the Office for Personal Data Protection.
Contact:
The Office for Personal Data Protection
address: Pplk. Sochora 27, 170 00 Prague 7
phone: +420 234 665 111
web: www.uoou.cz
Information on Reporting Breaches of Union Law (Whistleblowing)
Within the meaning of Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (the “Directive”), Charles University establishes an internal whistleblowing system.
The internal whistleblowing system is used to report any illegal conduct
-
of which the whistleblower became aware in a work-related context, and also
-
which, according to the whistleblower, has threatened or harmed the public interest in the areas specified in the Directive (e.g. public procurement, the prevention of money laundering and terrorist financing, consumer or environmental protection, or protection of the financial interests of the European Union).
Reports may be submitted
-
Electronically using this form
-
In writing to the following address: Charles University, Ovocný trh 560/5, 11636 Prague 1. The following phrase should be written on the envelope: “Neotvírat – k rukám ombudsmanky Univerzity Karlovy” (Do not open – For the attention of the Ombuds of Charles University)
-
In person (by prior agreement with the Ombuds)
-
Via the external whistleblowing system of the Ministry of Justice Oznamovatel (Whistleblower)
The Directive grants the whistleblower protected status, which protects their identity and prohibits retaliatory measures against them in connection with submitting the report.
The competent person who will investigate the report is the Ombuds of Charles University, e-mail:
Knowledge Security or Countering foreign interference at Charles University focuses on protecting the academic environment from unwanted influences that could threaten academic freedom, independence and integrity of the university. The aim is to strengthen institutional resilience to attempts of covert, manipulative or coercive influence, especially by foreign entities or other actors seeking to disrupt decision-making processes, research and teaching.
The main areas of action of the knowledge security are:
-
Protection of the academic environment from unwanted influences, including the prevention of attempts to manipulate teaching, research and decision-making processes in order to promote foreign interests.
-
Risk management and due diligence when cooperating with external entities, including evaluating potential partners, funding and other forms of academic cooperation, with a focus on security.
-
Preventing the spread of propaganda and misinformation by identifying and eliminating attempts to influence academic discourse through false or misleading information.
-
Protection against academic espionage and unauthorised transfer of technology and knowledge: strengthening mechanisms to protect sensitive research topics, intellectual property, and strategically important technologies.
-
Compliance with international sanctions regimes and control measures: ensuring that academic and research activities comply with applicable legal and regulatory requirements.
-
Strengthening knowledge security and awareness by educating staff and students on safe academic collaboration and protecting the university environment.
Guidelines
The knowledge security framework at Charles University is based on Rector's Directive No. 43/2021. All faculties and selected units of Charles University affected by the knowledge security agenda have their own counter foreign interference coordinator.
Charles University is actively involved in developing policies and methodologies that protect the academic environment. It cooperates with other universities, as well as national and international institutions and security forces. As part of these activities, the university has been involved in developing and implementing the Counter Foreign Interference Manual and other methodologies that provide specific recommendations for academia.
Counter Foreign Interference Manual for the Czech Academic Sector
Contacts
Ing. Valérie Hůrská
Institutional Resilience and Counter Foreign Interference Manager
e-mail: valerie.hurska@ruk.cuni.cz
Learn more about other areas of safety at Charles University:
Security and Occupational Safety Department of CU Rectorate.