Data Protection

Preface

CERGE-EI is a joint workplace of CERGE – a university institute of Charles University – and the Economics Institute (EI) of the Czech Academy of Sciences – a public research institution. For CERGE, data protection falls fully under Charles University which has its Data Protection manifest available at https://www.cuni.cz/UK-9056.html (in Czech) and at https://cuni.cz/UKEN-903.html (in English). The Data Protection manifest of the Economics Institute is available at https://www.ei.cas.cz/pro-verejnost/ochrana-osobnich-udaju (in Czech language). Under the CERGE-EI umbrella, CERGE and EI share the key principles of data protection described below.

GDPR instructions & documents & knowledgebase for CERGE-EI employees and students


Data Controllers

In accordance with the General Data Protection Regulation (the "GDPR") and Czech laws related to data protection (the "Data Protection Laws" in general), we are Data Controllers as we determine the purposes for which, and the manner in which, any personal data is, or is likely to be, processed.

Specifically, the administrators of personal data are Univerzita Karlova, registered at Ovocný trh 560/5, 116 36 Praha 1, IČO: 00216208; and Národohospodářský ústav AV ČR, v. v. i., registered at Politických vězňů 936/7, 111 21 Praha 1, IČO: 67985998.


Data processing principles

In order to comply with our contractual, statutory, and management obligations and responsibilities, we need to process personal data relating to our employees and students, including ‘sensitive’ or ‘special’ categories of personal data, as defined in the GDPR. All personal data will be processed in accordance with the GDPR. 

The term ‘processing’ refers to all actions related to the handling of personal data and therefore includes collection, the holding and use of such data, as well as access and disclosure, through to final destruction. Staff should be aware that in certain circumstances, the GDPR permit us to process an employee’s personal data, and, in certain circumstances, sensitive personal data, without their explicit consent.

We will handle your personal data in accordance with the principles set out below:

  • Lawfulness, fairness and transparency (data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject);
  • Purpose limitation (data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes);
  • Data minimisation (data processing shall be limited to what is necessary in relation to the purposes for which they are processed);
  • Accuracy (data shall be kept accurate and, where necessary, kept up to date);
  • Integrity and confidentiality (data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures)

The Data Protection Laws require us to take reasonable steps to ensure that any personal data we process is accurate and up-to-date. Employees are responsible for informing us of any changes to the personal data that they have supplied during the course of their employment.

We do not use automated processing and decision making without manual intervention.


Purpose of processing

In fulfilling our mission, we process personal data for the following purposes:

  • To enable us to provide education and support services to our students and staff.
  • Undertaking research and fundraising.
  • Advertising and promoting CERGE and EI and the services we offer.
  • Publication of newsletters
  • Alumni relations.
  • To provide access to relevant systems to undertake staff, supervisory, executive and other roles.
  • To fulfil our obligations for the contract of employment.
  • Processing recruitment applications.
  • Paying and reviewing salary and other remuneration and benefits.
  • Internal audit and data collection.
  • Ensuring IT infrastructure compliance, reliability and systems protection. 
  • Use of CCTV systems to monitor and collect visual images for the purposes of security and the prevention and detection of crime
  • Ensuring legalities of employment contracts and relationships.
  • Maintaining sickness and other absence records.
  • Providing references and information to future employers and, if necessary, governmental bodies.
  • Processing information regarding equality of opportunity and treatment of data subjects in line with the monitoring of equal opportunities and access.

The information we process may be held on our institutional systems some of which may be owned and operated by third parties.  Where we engage with such third parties, we insist upon strict contractual requirements to be adhered to by them to protect the personal data.


Legal basis

Personal data as a part of the above activities are processed based on adequate legal grounds:

  • Is necessary to comply with a legal obligation of the data controller;
  • Is necessary for carrying out or entering into a contract with the data subject;
  • Is necessary to protect someone’s vital interests;
  • Has been consented to by the data subject;
  • Is necessary for the public interest or in the exercise of official authority; or
  • Is necessary for pursuing the controller’s legitimate interests (except where overridden by the interests or rights of the data subject).

Transferring personal data

For the purpose of fulfilling legal obligations, we may transfer select personal data for specific data subjects (e.g. data relating to tax; health insurance; statutory sick pay; statutory maternity pay; family leave; work permits; and equal opportunities monitoring).


Retention of your data

CERGE and EI will retain your data according to its data retention schedule which follows laws and legal purposes.


Rights of data subjects

  • To access personal data held by us about you;
  • To require us to rectify any inaccurate personal data held by us about you;
  • To require us to erase personal data held by us about you. This right will only apply where, for example, we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data;
  • To restrict our processing of personal data held by us about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims;
  • To receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organization;
  • To object to our processing of personal data held by us about you;
  • To withdraw your consent, where we are relying on it to use your personal data;
  • To ask us not to use information about you in a way that allows computers to make decisions about you and ask us to stop.

Exercising the rights of data subjects

If you have any questions or wish to exercise your rights in the area of data protection, you can contact Data Protection Officers at This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it..