Information on the processing of personal data

This information on the processing of personal data has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC (General Data Protection Regulation) and Act No 110/2019, on Personal Data Processing. The University of South Bohemia in České Budějovice, with its registered office at Branišovská 1645/31a, 370 05 České Budějovice, ID No: 60076658 (hereinafter also referred to as ‘USB’ or ‘Seller’), is the administrator of personal data and as such pays great attention to the protection of personal data. This document provides information on what personal data is processed about the customers of the conference operated on the website inproforum.ef.jcu.cz (hereinafter referred to as ‘web’), on what legal basis it is processed, for what purposes it is used, to whom it may be transferred and what rights the customers of the web have in connection with the processing of personal data.

1. Scope and purpose of the processing of personal data

1.1. When placing an order, it is necessary to provide information that is marked as mandatory in the order process. Without this information, USB is unable to fulfil its obligation under the contract.

1.2. Customers can also provide optional data within the order, which helps USB execute the concluded contract more efficiently. The customer provides the optional data voluntarily.

1.3. USB processes the following personal data:

  • identification data – particularly the name and surname, username and password; in case the buyer is a business entity also ID number and VAT ID number,
  • contact details – particularly the email address, telephone number and billing address,
  • account settings – data that the customer sets within his/her account on the web, e.g. saved addresses,
  • data on customer orders – data on the ordered services, the method of payment, including, where applicable, the payment account number, as well as information on complaints.

1.4. Reason for processing personal data:

  • Purchase of goods and services: personal data is necessary for the execution of the order by USB;
  • Exercise of rights and legal claims and inspections by public authorities: USB is also entitled to process personal data to exercise its rights and legal claims (e.g. in the event of an unpaid claim) or for the purposes of inspections by public authorities and for other similar reasons.

1.5. In case of customer registration:

  • If the customer creates a user account within the web, USB processes his/her identification and contact data, account settings and order data (if he/she makes submissions on the web) for the purpose of maintaining the user account.

2. Legal basis for the processing of personal data

2.1. Conclusion and execution of the contract

  • the majority of personal data is necessary for the conclusion of a contract within the web and the subsequent delivery of goods or provision of services. In the event that a natural person enters into a contract with USB as a representative of a legal person, USB processes the data of such a natural person for the same purpose on the basis of a legitimate interest consisting in the conclusion and execution of the contract with the person he/she represents;

b) USB may send e-mail messages to customers for the same legal reason.

2.2. Fulfilling legal obligations

  • On the basis of this legal basis, USB processes customer identification, contact and order data in order to comply with the following laws:
  • Act No 89/2012, the Civil Code,
  • Act No 634/1992, on Consumer Protection Act,
  • Act No 563/1991, on Accounting,
  • Act No 235/2004, on VAT.

3. Processing and transferring personal data to third countries

3.1. USB transfers the personal data of customers to contractual partners to ensure payment, and other order requirements. Customer personal data is also transferred to processors who process it according to USB’s instructions.

  • Payment cards – USB does not have customer payment card data. Only the secure payment gateway operated by Československá obchodní banka, a.s., ID 00001350 and the relevant banking institution have payment card data available.

3.2. USB does not transfer customers' personal data to third countries outside the European Union or the European Economic Area or an international organisation.

4. Period of processing of personal data

4.1. USB processes the personal data of customers for the duration of the contractual relationship. After this period, USB retains customer data on the basis of legitimate interest for the purpose of protecting legal claims and internal records and checks, for a period of 4 years with respect to the limitation period of 3 years and claims made at the end of the limitation period.

4.2. When judicial, administrative or other proceedings are initiated, USB processes personal data to the extent necessary for the duration of these proceedings, or for the remaining part of the limitation period after the end of the relevant proceedings.

4.3. USB processes the customer's data obtained through his/her user account for the duration of the use of USB services and then usually for 4 years after cancellation. Thereafter, only basic identification data or data forming part of operational backups are retained for a reasonable period of time.

4.4. USB brings attention to the fact that personal data necessary for the fulfilment of USB’s obligations, whether these obligations arise from a contract or from generally binding legal regulations, must be processed by USB for the period of time specified by or in accordance with the relevant legal regulations (e.g. for tax documents, a period of at least 10 years is specified).

5. Customer rights

As the subject of the data, the customer has all the rights granted by the General Data Protection Regulation and other legal regulations. This includes the right of access, rectification, erasure, restriction of processing, portability, objection and complaint submission:

Right of access: within the framework of the right of access, the customer of USB may request a copy of the personal data processed; the first copy is provided free of charge and subsequent copies upon the payment of a fee covering administrative costs.

The right to rectification: if the customer finds that JU processes inaccurate or incomplete data, he/she has the right to request that the data be rectified or completed.

Right to erasure: in some cases, the customer has the right to have their personal data erased. USB will delete personal data without undue delay if one of the following reasons is met:

  • the customer's personal data is not necessary for the purpose for which it is processed;
  • the customer withdraws his/her consent on the basis of which his/her personal data was processed and there is no further reason for processing it;
  • the customer exercises his/her right to object to the processing of personal data which USB processes on the basis of his/her legitimate interests and USB finds that it no longer has such legitimate interests which would justify such processing;
  • the personal data are processed unlawfully; or
  • the obligation of erasure is stipulated by a special legal regulation.

Right to object: if the personal data is processed on the basis of a legitimate interest of USB and there are reasons on the part of the customer, he/she may object to the processing of his/her personal data.

Right to restriction of processing: in addition to the right to erasure, the customer may exercise the right to restriction of processing of personal data if:

  • he/she denies the accuracy of the personal data processed;
  • the personal data are processed unlawfully and the customer refuses to delete the personal data and instead requests a restriction on their use;
  • USB no longer needs the personal data for the purposes of processing, but the customer requires it for the establishment, exercise or defence of legal claims;
  • where the customer has raised an objection under the previous clause until it has been verified that the legitimate grounds of USB outweigh the legitimate grounds of the customer.

In the event of a restriction on processing, USB may only process personal data, with the exception of storage, with the consent of the customer or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a member state.

The right to portability: the customer has the right to obtain the personal data relating to him/her that he/she has provided to USB from USB in a structured, commonly used and machine-readable format and the right to transfer this data to another administrator, in cases where:

  • the processing is based on the customer's consent or on a contract and the processing is executed by automated means.

Right to lodge a complaint: if the customer believes that his or her personal data is being processed unlawfully, he or she also has the right to lodge a complaint with the supervisory authority, the Office for Personal Data Protection.

6. Exercise of individual rights and contact details of the Data Protection Officer

In order to exercise their abovementioned rights, or in case of any questions, suggestions or comments in the area of personal data protection (hereinafter referred to as ‘request’), the customer may contact the Personal Data Protection Officer of USB via the data box vu8j9dv, e-mail poverenec@jcu.cz or in writing at Branišovská 1645/31a, 370 05 České Budějovice.

The application must show:

  • identification of the applicant whose personal data is the subject of the request or, where appropriate, identification of the applicant and the person authorised to represent the applicant;
  • the applicant's contact details;
  • the subject matter of the request (description of what the request concerns, what the applicant is asking for or what rights he/she is claiming);
  • the applicant's signature (in the case of the written form).

Should there be doubt as to the identity of the requesting party or in the event of processing a request concerning a special category of personal data, additional verification of the requesting party’s identity (by means of an assigned identifier, password, etc.) may be requested, depending on the nature and form of the request. In the case of an anonymous request or if the requesting party does not provide reliable proof of his or her identity, the request will not be processed. Where appropriate, the requesting party may be asked to supplement the request, for example, to clarify to what relationship between the data subject and the USB the request is related.

The request will be processed without undue delay but no later than thirty (30) days from the date of delivery. If the nature of the request does not allow it because of its complexity, time or technical difficulty or because of the number of requests, the abovementioned deadline for processing the request may be extended for up to additional sixty (60) days. The subject of the data will be informed of the extension and the reasons for it within thirty (30) days of the delivery of the request.