In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Regulation), Masaryk University informs data subjects, i.e. persons registered in the MU library system, about the circumstances under which their personal data are processed within the MU library system services.

Personal Data Controller

The controller of the personal data of the data subjects, i.e. the person who determines the purpose and means of processing personal data, carries out the processing and is responsible for it, is

Masaryk University, Žerotínovo nám. 617/9, 601 77 Brno,
IČO: 00216224, DIČ: CZ00216224,
data box ID: 9tmj9e4
(hereinafter also MU).

Information on the processing of personal data at Masaryk University is available on the Official Notice Board on the Personal Data Protection webpage.

Data Protection Officer

The Data Protection Officer of Masaryk University is Iva Zlatušková,

• e-mail: poverenec@muni.cz,
• phone: +420 549 491 030 (office), +420 603 289 580 (mobile).

You can contact the Data Protection Officer if you have any questions or requests regarding the processing and protection of personal data or to exercise your rights.

Purpose of data processing

The MU Libraries process personal data for the purpose of providing library, information and other services to users and informing users about these services, as well as for the purpose of protecting property and the library collection.

Categories of persons whose personal data are processed

Masaryk University processes personal data of Masaryk University employees and students and other users who have registered for MU library services.

Categories of personal data processed

MU Libraries process personal data of users in the following scope:

• contact data (postal addresses, e-mail addresses, or telephone numbers),
• user identifiers (user ID, barcode number and university smart card chip number),
• the user's relationship to MU (student, employee, freelancer, etc.),
• history and current status of the user's obligations to MU Libraries (requests, loans, reservations, fees).

Legal basis for data processing

MU Libraries processes users' personal data on the basis of a service contract in accordance with the General Data Protection Regulation (EU) 2016/679.

Transfer of personal data

The Personal Data Controller does not transfer processed personal data from the MU library system to third parties, abroad or to international organisations.

Retention period of personal data

The library retains personal data for a maximum of 24 months after the end of the contract and settlement of all obligations of the data subject towards MU. Thereafter, personal data are deleted (name, user contact details, etc.) or anonymised (borrowing history of library items for statistical purposes, etc.).

Security of personal data

Personal data is stored in such a way as to prevent access by unauthorised persons. Access to personal data is restricted to employees who handle it as part of their work tasks.

MU Libraries store personal data in electronic form in an automated library system. Access to this data is protected by a system of access accounts, passwords and rights set to the extent necessary for the performance of the individual employees' work tasks.

Rights of the data subject

Users have access to their personal data by logging in to their personal account in the MU library system.

According to the General Data Protection Regulation, the data subject has the right to:

• to request access to his or her personal data, provided that the conditions laid down in Article 15 of the General Regulation are met,
• to request their rectification or erasure in accordance with the conditions laid down in Articles 16 and 17 of the GDPR,
• to request the restriction of processing, subject to the conditions set out in Article 18 of the General Regulation,
• to object to the processing of personal data concerning him or her, provided that the conditions of Article 21 of the GDPR are met.

Exercise of the data subject's rights

The data subject shall be entitled to exercise his or her rights under the GDPR against the controller as follows:

• by a written request with a certified signature or on the basis of a certified power of attorney, sent to Masaryk University, Data Protection Officer, Žerotínovo nám. 9, 601 77 Brno, or
• by sending the request to the Masaryk University data box: 9tmj9e4, or
• by sending a request by e-mail from the MU institutional e-mail address to: poverenec@muni.cz, or
• by sending an application in the form of an e-mail message bearing at least a recognised electronic signature to the following address: poverenec@muni.cz.

Information for data subjects to exercise their rights is available on the Official Notice Board on the Exercise of the data subjects' rights webpage.

Right to lodge a complaint with the supervisory authority

The data subject has the right to submit a request, complaint or suggestion concerning the processing of personal data to the supervisory authority, which is

Úřad pro ochranu osobních údajů,
Pplk. Sochora 27, 170 00 Praha 7,
data box ID: qkbaa2n,
telephone number: +420 234 665 111,
website: www.uoou.cz,
electronic address: posta@uoou.cz.