Přeskočit na hlavní obsah Přeskočit na podmenu

SPÚ

GDPR

Basic information about personal data processing at State Land Office

 

according to § 8 of Act no. No. 110/2019., referring to the GDPR regulation

 

Identification of controller and processor of personal data

State Land Office (SPÚ), Husinecká 1024 / 11a, 130 00 Prague 3 - Žižkov

https://www.spucr.cz/kontakty

Contact details - Data Protection Officer at SPÚ:

Jakub Janecký
e-mail address: poverenec@spu.gov.cz
phone: (+420) 723 744 579

address: State Land Office (SPÚ), Husinecká 1024 / 11a, 130 00 Praha 3 - Žižkov

Information on processing of personal data on SPÚ

The State Land Office, as a public authority (administrative authority), contractor and as an employer, processes the necessary personal data for the following legal purposes:

a) for the exercise of public authority base on applicable laws

b) for the performance of contractual obligations, including publication of contracts in the register of contracts;

c) to fulfill the legal obligations of the SPU as an employer, including the necessary transfer of employees' personal data (for example for social and health insurance purposes).

All these legitimate purposes of processing personal data preclude the use of the so-called "consent of the personal data subject to the processing of their personal data". Processing of personal data according to the above-mentioned legal purposes is terminated by shredding procedure according to Act no. No. 499/2004 Coll., on Archiving and File Service and on Amendments to Certain Acts, as amended, other generally binding legal regulations and the related internal regulation.

If the SPU provides optional individual services to a personal data subject (natural person) with the consent of that person, this person will be informed in advance. The consent may be revoked at any time by that person, the personal data in question for that service will be deleted according to the “right to be forgotten” and the service will be terminated.

 

General description of technical and organizational security measures

State Land Office has implemented the Information Security Management System, which is based on the requirements of Act No. 181/2014  and the related implementing regulation (on cyber security), which also fully covers the requirements of Act No. 110/2019 (on the processing of personal data) and GDPR requirements to ensure the security of the processed personal data.

Fundamental rights of data subjects

The data subject (natural person) has the right:

 

  • obtaining confirmation from the SPU whether or not its personal data are processed on the SPU (GDPR, Art. 15 (1)), to this end contact the Trustee or his representative, or generally the SPU,
  • if the applicant's personal data are processed at the SPU, he / she has the right to gain access to this information in the form of copies of the processed personal data with further information on their processing (GDPR, Article 15 (3)),
  • to request from the SPU the correction of such personal data or to object to such processing (GDPR, Art. 16), to this end contact the Trustee or his representative, or the SPU in general,
  • file a complaint with the Office for Personal Data Protection - https://www.uoou.cz/ (GDPR, Art. 77).

At the same time, the SPU draws attention to some of the limitations and conditions of GDPR that must be respected when exercising the above rights of the data subject:

 

  • If the SPU processes personal data from the titles of its statutory duties to a public authority or from the obligation of the employer, ie without the consent of the data subject, the data subject cannot claim the right to be forgotten (GDPR, Art. 17 (3) (b), (d), (e)), with the exception of their personal data with an already expired deletion / shredding period.
  • At the same time, the personal data subject requesting confirmation of the processing of his personal datas to the SPU, and possibly a copy of his / her processed CAs, must clearly prove his / her identity. Without confirmation of the identity of the applicant, for personal data protection reasons, this certificate and, where appropriate, a copy of the personal data processed may not be issued (GDPR - Article 12 (6)).
  • Without validating the identity of the applicant, only general inquiries that do not relate to specific personal data can be answered.
  • The applicant's identity shall be deemed to be established if any of the following conditions are met:
    • the request is sent from the data box of the subject of personal data (natural persons),
    • the physical request of a natural person sent through a postal service provider shall bear an officially authenticated signature,
    • the application is sent by e-mail and has a valid, recognized electronic signature of the applicant (natural person),
    • the applicant will come in person to some of the SPU departments and submit a written application and present a valid personal document (identity card or passport) to be included in the application.
    • for applicants - SPU employees, the application can be sent from their assigned service email.
    • The reply to the request is sent in the same way - data box, mail, or registered letter with delivery receipt to the given address (personal receipt by the applicant).
    • The required personal information is provided free of charge. Where requests made by the data subject are manifestly unfounded or disproportionate, in particular because they are repeated, the SPU may either impose a reasonable fee taking into account the administrative costs involved in providing the information requested or refuse to comply with the justification (GDPR, Article 12 (5)).