Personal data controller: AMBIS College, Inc. (hereinafter referred to as "AMBIS College")
Registered office: Lindnerova 575/1, 180 00 Praha 8 ID No.: 61858307, VAT No. CZ61858307
Contact details of the administrator:
phone: +420 228 227 960, +420 605 222 975
Data Protection Officer: Ing. Milan Hála
Contact details of the Data Protection Officer: e-mail: email@example.com, tel: +420 778 403 716
A. Purpose for processing personal data
Personal data is any information that can be used to identify a data subject or that is associated with a natural person. AMBIS HEI processes personal data mainly for the following purposes:
1. Education at AMBIS University:
d. student mobility,
e. lifelong learning,
f. library services.
2. Research, development and creative activities:
a. Research and development activities,
b. organisation of conferences and seminars,
c. publishing activities.
3. Certification in selected fields of economics.
4. Operation of AMBIS University:
a. Personnel management,
d. asset management,
e. information security.
5. Commercial activities:
a. e-shop operation,
b. commercial activities.
6. Asset protection and security:
a. CCTV systems,
b. computer network security monitoring.
7. Marketing and information activities:
b. alumni club and other student associations,
c. marketing and promotion.
B. Categories of people whose data are processed
- Applicants for studies,
- Participants of CŽV,
- External collaborators.
C. Collection of information
We collect personal information directly from you (even if you communicate with us, for example, via email). We may also receive personal information from third parties such as government authorities, publicly available records, etc.
D. Basic principles for the processing of personal data
- Lawfulness principle - we always comply with applicable law when processing personal data.
- Fairness and Transparency Principle - we process personal data openly and transparently - we inform you about the processing of the data, and we are also obliged to inform you about security breaches during processing, for example.
- Purpose limitation principle - we only process data for the purpose for which we collect it and which we have publicly disclosed.
- Data minimisation principle - we only collect data that is strictly necessary.
- Accuracy Principle - we make every effort to process only valid and up-to-date data.
- Storage limitation principle - we only keep data for as long as necessary, after which it is destroyed or archived.
- Anonymisation principle - where possible, we work with data so that its subject cannot be identified.
- Integrity and confidentiality principle - we process data with the utmost care and security, and only those authorised to do so have access to it.
E. Legal basis for processing personal data
We may process your personal data if:
- To fulfil a legal obligation - this is required by law or other legal regulation (e.g. Act No. 111/1998 Coll., on universities and on amendments and supplements to other acts (Act on universities, Act No. 262/2006 Coll., Labour Code, Act No. 130/2002 Coll., on support for research and development from public sources, Act No. 563/1991 Coll., on accounting, etc.).
- Consent - the data is required for one or more specific purposes and you have given us your consent to do so.
- Performance of a contract - the data is necessary, for example, for the performance of a contract you have entered into with us.
- The performance of tasks in the public interest or in the exercise of public authority for which we are entrusted.
- Legitimate interest of the controller - the data is necessary e.g. to protect security or property.
F. The categories of personal data we process include, in particular:
- Basic information such as your name, title and your relationship to us, date of birth, birth number,
- contact details such as postal address, email address, telephone number,
- financial information, such as information relating to payment of fees associated with your studies, bank account,
- study information - information related to your studies at AMBIS HEI (previous education, entrance exams, specific study programme, language skills, courses enrolled in, results, etc.),
- data on activities - e.g. publications and other creative activities,
- photographs, audio-visual recordings where appropriate,
- information relating to the use of our website,
- other information you may provide.
G. Transfer and sharing of personal data
We may transfer or share your personal information with third parties if:
- We have a legal or other obligation (for example, to comply with the requirements of the Higher Education Act, the National Statistics Act or to carry out an audit or financial audit);
- it is necessary for the purposes of or in connection with legal proceedings, or for the exercise or protection of legal rights;
- due to organisational changes within AMBIS HE or the transfer of all or part of our business, we may need to transfer your information to new bodies or third parties;
- where it is important to pass on information to partner universities and parties with whom we work (e.g. exchange visits),
- you have given us your consent to do so,
- we pass on anonymised statistical information about users of our website
H. Data retention period
Personal data shall be retained for the necessary period of time in relation to the personal data processing activity in accordance with the applicable shredding plan and then destroyed or archived.
I. Data security
AMBIS HEI shall take the necessary measures to secure the information stored in electronic or paper form and to prevent unauthorised access to it. Data shall be stored in restricted areas or in databases requiring authorisation and authentication. Data security and data management agreements are in place with all data processors.
J. Rights relating to the processing of personal data
When processing personal data, the subject has the following legal rights:
1. The right of access to personal data, which means the right to request information as to whether or not your personal data is being processed. If we are processing it, you have the right to obtain it from us together with other information relating to its processing.
2. The right to rectification, which is our obligation to correct your personal data without undue delay if you notify us of its inaccuracy.
3. The right to erasure, which is our obligation to erase the personal data (unless prevented by the conditions set out in the Regulation) that we process about you where at least one of the conditions is met:
a. the personal data is no longer necessary for the purposes for which it was b. collected or otherwise processed, the subject withdraws consent to the processing of the personal data, and there is no further legal basis for the processing on our part,
c.you object to the processing of your personal data and there are no overriding legitimate grounds for processing on our side,
d. the personal data have been unlawfully processed,
e. the personal data must be erased to comply with our legal obligation,
f. the personal data was collected in connection with the offer of information society services.
4. The right to restriction of processing is your right to have us restrict the processing of your personal data if:
a. you contest the accuracy of the personal data we process about you for the time necessary for us to verify the accuracy of your personal data,
b. the processing of your personal data is unlawful but you refuse to erase it and instead request that we restrict its use,
c. the processing of your personal data is no longer necessary on our part, but you request it for the establishment, exercise or defence of your claims; or
d. you have objected to the processing on the grounds of decision-making based solely on automated processing, pending verification that our legitimate grounds outweigh your legitimate grounds.
5. The right to data portability is your right to obtain your personal data that you have provided to us in a structured, commonly used and machine-readable format and to transfer that data to another controller where
a. the processing of the personal data is based on consent or a contract; and
b. the processing is carried out by automated means.
6. The right to object to the processing of your personal data. If you exercise the right, we will not further process your personal data unless we can demonstrate compelling legitimate grounds that must override your rights and interests. We may further process such personal data where necessary for the exercise and defence of legal claims.
If you are dissatisfied with the manner in which we process your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which in the Czech Republic is the Office for Personal Data Protection, located at Pplk. Sochorova 27, 170 00 Prague 7, Czech Republic.