GDPR and personal data protection

Under the General Data Protection Regulation,¹ we are required to inform data subjects that the Office of the Public Defender of Rights is a personal data controller.

Whose personal data we process, how and why?

We process, i.e. collect and store in paper and electronic form, the following personal data:

1. personal data of persons who approach us with their complaints pursuant to the Public Defender of Rights Act,² for the purposes of processing their complaint;
2. personal data of those requesting information under the Free Access to Information Act,³ for the purposes of processing their request for information;
3. personal data of persons deprived of liberty by a public authority or as a result of dependence on the care provided to them, who are present in facilities and other places listed by the Public Defender of Rights Act; we need the personal data in order to perform our statutory duties and prevent ill-treatment;
4. personal data of our current and former employees and their family members, within the scope necessary for the performance of contractual arrangements and related legal obligations of the Office of the Public Defender of Rights as the employer;
5. personal data of candidates seeking employment with the Office of the Public Defender of Rights, for the purposes of conducting the selection procedure and defence of potential legal claims;
6. personal data of our contractual partners and their employees, for the purposes of performance of contractual obligations;
7. personal data of participants in our awareness raising and educational events who give their consent to the processing of their personal data;
8. persons captured on CCTV footage, for the purposes of protection of property and legitimate interests of the Office of the Public Defender of Rights and third parties.

The personal data we process are only accessible to those employees of the Office of the Public Defender of Rights who have the necessary authorisation to handle personal data within their organisational and working responsibilities. Outside the Office of the Public Defender of Rights, we may disclose the processed personal data:

• to authorities, institutions, facilities and other entities whose activities are subject to the Defender’s inquiries, if this is necessary to process a complaint;
• to public authorities (e.g. law enforcement bodies or a court) based on the law and the Defender’s consent;
• to inspection bodies if this is necessary to inspect the activities of the Office of the Public Defender of Rights.

What statutory safeguards are there to protect your personal data? There are the following safeguards:

• you have the right of access to your personal data⁴ – you may request from us a confirmation that we process your personal data with an explanation of the reason why, to whom we have disclosed your personal data, how long we will continue processing the data, and who gave us your personal data in case we have not obtained them from you directly. If we are processing your personal data, we will provide a copy to you free of charge.
• you have the right to rectification of your personal data⁵ – contact us if some of your personal data that we process are inaccurate or incomplete, and indicate what should be changed or supplemented. If we need to check whether the data are truly inaccurate, we will restrict their processing.
• you have the right to erasure of your personal data (the “right to be forgotten”)⁶ – if you do not want us to continue processing some of your personal data, please let us know. We will evaluate the importance of the data and the possibility of their erasure and let you know.
• you have the right to object to the processing of your personal data⁷ – should you inform us of specific reasons why we should not process your personal data, we will restrict processing of your personal data until we determine whether your interests and rights outweigh our grounds for personal data processing. Accordingly, we will either cease further processing of the data or inform you of the grounds why we shall continue processing your personal data.
• you have the right to restriction of processing of your personal data⁸ – we will continue storing your personal data, but we will not process (or erase) them in any way for a period necessary for the establishment, exercise or defence of legal claims.
• you have the right to personal data portability⁹ – if we process your personal data on the basis of your consent or if processing is necessary to perform a contract to which you are a party, you may receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or we may transmit the personal data to another controller that you specify.
• you have the right to lodge a complaint with a supervisory authority, i.e. the Office for Personal Data Protection. More information on the activities of the Office for Personal Data Protection is available at www.uoou.cz.

You may exercise all your rights through an application addressed to the Office of the Public Defender of Rights, similarly as if you were lodging a complaint with the Public Defender of Rights.¹⁰

In all cases where you exercise your rights, we will inform you within one month of delivery of your request about the steps we have taken. If we find that we need to extend this deadline, we will inform you in advance and state the reasons for extension.

If you file your application in electronic form, we will also provide the information to you in electronic form, unless there are some obstacles or you request to be informed in some other manner.

Do you need to know more about the processing of personal data by the Office of the Public Defender of Rights? Contact our data protection officer JUDr. Veronika Gabrišová at her telephone No. 542 542 311 or e-mail poverenkyne@ochrance.cz.