The controller of personal data is the National Library of the Czech Republic, a state contributory organisation established by the Ministry of Culture, with its registered office at Klementinum 190, 110 00 Prague 1 (hereinafter referred to as “NLCR”).
The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as the “GDPR”) and in accordance with the relevant Czech data protection legislation.
The NLCR processes personal data of various persons in the course of its activities, in particular the personal data of:
- visitors to the Klementinum and the Central Depository in Hostivař, which are secured by a camera system;
- library users at the time of registration or provision of services;
- visitors to cultural and educational events;
- authors, translators, publishers, etc. in the performance of their tasks;
- contracting parties at the time of conclusion and performance of contracts;
- employees and trainees.
Reasons for personal data processing:
- provision of services to library users and visitors;
- own library activities;
- organisation of cultural and educational events;
- fulfilment of contractual and legal obligations;
- protection of library collections, persons and property.
Legal grounds for personal data processing:
- consent from the data subject;
- fulfilment of the contractual obligations and legal obligations of the controller;
- performance of tasks carried out in the public interest;
- legitimate interest of the controller or a third party (protection of persons and property).
Categories of processed personal data:
- identification data (e.g. name, surname, title, date and place of birth, ID number, VAT number, personal number);
- contact details (e.g. address of permanent residence, delivery address, e-mail address, telephone number, data mailbox identifier);
- payment details (e.g. bank account number);
- other data necessary for performance of a contract;
- likeness and possible other data obtained through the CCTV system.
Personal data processing is carried out by the controller. Processing is carried out using computer technology or manually, in compliance with all security principles for the management and processing of personal data.
The controller obtains personal data mainly from the data subject or from freely available public sources.
The period of time for which personal data is processed is based in particular on the time limits specified in relevant contracts, in the controller's Filing and Shredding Rules, in relevant legal regulations, or on the capacity of technical systems. It is the time required to secure the rights and obligations arising from both the contractual relationship and relevant legal regulations.
Based on the foregoing, the data subject’s personal data may be transferred or disclosed only to persons, authorities or institutions who derive such right from the GDPR or from the law, or to other entities in the performance of tasks in the public interest. The processing of personal data by the National Library of the Czech Republic does not involve automated decision-making.
Data subjects have the following rights:
- Right of access to personal data (Article 15 of the GDPR)
The data subject has the right to obtain confirmation from the controller as to whether - and if so, what - personal data are being processed and more detailed information about their processing.
- Right to rectification, completion or erasure (Articles 16 and 17 of the GDPR)
The data subject has the right to rectification or completion of incomplete or inaccurate personal data, right to erasure of personal data if the conditions set out in the GDPR are met.
- Right to restriction of processing (Article 18 of the GDPR)
The data subject has the right to restrict the processing of their personal data if the conditions set out in the GDPR are met.
- Right to data portability (Article 20 of the GDPR)
When processing personal data on the grounds of consent or contract, the data subject has the right to have their personal data transferred to another controller, if technically feasible.
- Right to object (Article 21 of the GDPR)
If personal data are processed for the performance of a task in the public interest, for the purposes of the controller’s legitimate interests or in the context of direct marketing, the data subject has the right to object to the processing of personal data in accordance with the GDPR.
- Right to withdraw consent to personal data processing (Article 7 of the GDPR)
If the personal data of a data subject are processed on the basis of consent, the data subject has the right to withdraw consent to the processing of such personal data.
The department responsible for exercising the data subject's rights with the controller is: Office of the General Director. Rights can be exercised by the following means:
e-mail: gdpr@nkp.cz
data mailbox: 5qt8sy8
in writing:
Národní knihovna České republiky (National Library of the Czech Republic)
Kancelář generálního ředitele (Office of the General Director)
Mariánské nám. 190/5
110 00 Prague 1
To expedite the processing of your request, please indicate “GDPR - exercise of rights” in the subject line. The request for the exercise of rights can be downloaded at (add). If necessary, the controller may request the provision of additional information necessary to confirm the identity of the data subject.
The data subject has the right to refer the matter to the supervisory authority, which is:
Úřad pro ochranu osobních údajů (Personal Data Protection Office)
Seat: pplk. Sochora 727/27, 170 00 Prague 7 – Holešovice
phone: +420 234 665 111
e-mail: posta@uoou.cz