background-pattern-full-black

Information about the conditions under which personal data are processed

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Amendments to Certain Acts (hereinafter also referred to as "Act No. 18/2018 Coll."), the University of St. Cyril and Methodius in Trnava informs the data subjects about the terms and conditions under which personal data are processed.

 

1. Personal data controller

The controller that processes your personal data is the University of St. Cyril and Methodius in Trnava, Nám. J. Herdu 2, 917 01 Trnava, ID : 36078913 ( hereinafter referred to as " UCM " )

 

2. Responsible person

Contact person responsible:

e-mail: zodpovedna.osoba(zav.)ucm.sk
tel.: + 421 33 55 65 126

If you have any questions or requests regarding the processing of your personal data, you can contact the person responsible.

 

3. Principles of personal data processing

We consider the protection of personal data to be important and therefore pay great attention to it. We only process your personal data to the extent necessary for the University's activities. The principles and rules for processing personal data at UCM are regulated by the Personal Data Protection Directive of the University of St. Cyril and Methodius in Trnava.

 

4. GDPR principles

a) The principle of lawfulness - according to which we must always process your personal data in accordance with the law and on the basis of at least one legal basis (contract, consent to the processing of personal data and Act No. 18/2018 Coll.), so that the rights of the data subject are not violated.

b) The principle of fairness and transparency - obliges us to process personal data in a professional and transparent manner and to provide you with information on how it will be processed, together with information on to whom your personal data will be disclosed. This includes our obligation to inform you in the event of a serious security breach or leak of personal data.

c) Purpose limitation principle - personal data is only collected for a specifically identified, explicitly stated and legitimate purpose and must not be further processed in a way that is incompatible with that purpose.

d) Principle of minimisation - the personal data processed must be adequate, relevant and limited to the extent necessary for the purpose for which it is processed.

(e) Principle of accuracy - the personal data processed must be accurate and kept up to date as necessary.

(f) Principle of minimum retention - personal data must be retained for as long as necessary for the purpose for which the personal data are processed, and may be retained for longer if they are to be processed solely for archiving purposes, scientific purposes, historical research purposes or statistical purposes pursuant to a specific regulation.

g) Integrity and Confidentiality Principle - obliges us to secure and protect your personal data against unauthorised, unlawful processing, loss, erasure or damage. For these reasons, we take numerous technical and organisational measures to protect your personal data. At the same time, we make sure that only authorised personnel have access to your personal data.

h) Accountability principle - the controller is responsible for compliance with the basic principles of personal data processing.

 

5. Purposes for which we process personal data

As a public institution, we process your personal data in most cases directly on the basis of the law ( e.g. Act No. 131/2002 Coll. on higher education institutions, as amended ) for the performance of our legal obligations and the performance of tasks carried out in the public interest. The processing of personal data is carried out for the following purposes:

1. Educational activities:

a) Study

b) Teaching

c) Admissions

d) Exchanges

e) Lifelong learning

2. Scientific - research, development and creative activities:

a) Project management

b) Organisation of conferences

c) Publication and publishing activities

d) Habilitation

3. Administration and operation of the organisation:

a) Personnel and payroll

b) Economics and accounting

c) Procurement

d) Asset management

4. Asset protection and security:

a) CCTV

b) Access to secure areas

c) Security incident handling

5. Commercial activities:

a) Accommodation and related services

6. Information and publicity activities:

a) Websites

b) Marketing and promotion

c) Alumni

d) Children's University

 

6. Categories of persons whose personal data we process

a) employees (persons in an employment relationship at UCM),

b) job applicants (persons interested in working at UCM),

c) students (persons participating in all forms of education at UCM),

d) applicants for studies (persons who are taking part in entrance examinations for the purpose of studying at UCM),

e) alumni ( persons who have previously studied at UCM),

f) external collaborators (persons without employment relationship at UCM involved in educational, research, contractual and other activities at UCM),

g) research participants (persons involved in research activities and projects at UCM),

h) customers (persons using and purchasing book products),

i) participants in workshops, seminars and lectures (persons who are part of lifelong learning at UCM).

 

7. From whom we collect personal data

1. Most often directly from you (if you are a study applicant, student, employee, participant of education at UCM, visitor to UCM, etc.);

2. In special cases, from third parties (e.g. from courts, bailiffs, social insurance companies, from available registers kept under specific legal regulations or directly from your close person).

3. The processing of your personal data obtained by UCM in the performance of its tasks from third parties is subject to the exceptions pursuant to Article 14(5) of the GDPR for the fulfilment of the controller's obligation to inform data subjects in a transparent manner. This includes, for example, personal data on members of a joint household when documenting the social circumstances of a student's family as an applicant for direct social support provided under the Higher Education Act.

4. Your personal data that UCM has not obtained directly from you may be processed by UCM in the performance of its duties and tasks under the law:

a) as an education provider,

b) as an employer,

c) as the entity managing its own registry centre

 

8. On what basis your data will be processed

 

Your personal data will be processed lawfully for a variety of purposes and the legal basis for the processing is one or more of the following:

a) the fulfilment of a legal obligation of the controller under specific statutory provisions;

b) the exercise of a public authority vested in the controller;

c) performance of a contract to which the data subject is a party or of a pre-contractual relationship at the request of the data subject;

d) processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child);

e) the data subject's consent to the processing of his or her personal data for one or more specified purposes.

 

9. To whom we provide personal data

The recipients of personal data of data subjects are different groups of entities to which we provide your personal data, most often in the context of fulfilling our legal obligations or our own employees with whom you come into contact as data subjects.

 

10. Transfer of personal data to a third country or international organisation

The transfer of personal data to a third country or an international organisation is generally not carried out for our processing purposes. The only exception is:

a) the provision of personal data of an employee as an EU International Project Promoter to a project coordinator in a third country (Serbia and other countries of future project consortia) for the purpose of International Projects,

b) the provision of personal data of participants in international mobility, e.g. ERASMUS+, to the HEI coordinator in the third country chosen by the participant as the destination country of his/her mobility.

The legal basis for the transfer to the third country in these cases is Article 46(2)(a) of EU Regulation 2016/679 (setting out adequate safeguards for the transfer by means of a legally binding and enforceable instrument between public authorities and public bodies).

 

11. Retention period of personal data

Your personal data shall be kept securely and only for as long as necessary to fulfil the purpose of the processing, for the period of storage of the files specified in the UCM Registry Regulations, or until the consent is withdrawn if it was the legal basis for obtaining your personal data; whichever is earlier.

 

12. Exercise of data subjects' rights

1. Withdraw consent - Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. You can withdraw your consent electronically, by contacting the person responsible, in writing, by notice of withdrawal of consent or in person at the office. Withdrawal of consent does not affect the lawfulness of the processing of personal data that we have processed about you on the basis of that consent.

2. Right of access - you have the right to be provided with a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written paper form, unless you request a different method of provision. If you have requested this information by electronic means, it will be provided to you electronically where technically possible.

3. Right of correction - We take reasonable steps to ensure that the information we hold about you is accurate, complete and up to date. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or complete the information.

4. Right to erasure (to be forgotten) - you have the right to ask us to erase your personal data, for example, if the personal data we have collected about you is no longer necessary and fulfils the original purpose of the processing. However, your right must be considered in light of all relevant circumstances. For example, we may have certain legal and regulatory obligations, meaning that we may not be able to comply with your request.

5. Right to restrict processing - in certain circumstances you are entitled to ask us to stop using your personal data. This is, for example, where you think that the personal data we hold about you may be inaccurate or where you think that we no longer need to use your personal data.

6. Right to data portability - in certain circumstances you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right of portability only applies to personal data that we have obtained from you on the basis of consent or on the basis of a contract to which you are a party.

7. Right to object - you have the right to object to processing that is based on our legitimate interests. If we do not have a compelling legitimate ground for processing and you object, we will no longer process your personal data.

8. The right to file a petition for initiation of personal data protection proceedings - if you believe that your personal data is being processed unfairly or unlawfully, you may file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic,

Hraničná 12, 820 07 Bratislava 27;
Tel. number: +421 /2/ 3231 3214;
mail: statny.dozor(zav.)pdp.gov.sk
https://dataprotection.gov.sk