Privacy Policy
This privacy policy is aimed to provide you with detailed and comprehensive information in light of Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”). This Privacy Policy relates to all data subjects that we process personal data about including students, employees, suppliers, contractual partners and persons located in our premises.
The Data Controller
The controller processing your personal data is SPECTRA Centre of Excellence EU, UM STU, Vazovova 5, 812 43 Bratislava, Slovak Republic (hereinafter referred to as “SPECTRA” or “we” or “us”). We may collect certain information about you in the course of our dealings and through transactions with you. We take privacy and security of your personal information seriously, will treat your personal data as confidential and only use it as set out in this privacy policy.
Data Protection Officer (DPO)
To enforce the legitimacy and safety of your personal data processing we have appointed a data protection officer (DPO), who is monitoring legality and security of personal data processing within SPECTRA.
DPO is your contact point for any questions and requests related to personal data protection.
Email: dpo@spectra-perseus.org
Contact address: Data Protection Officer, SPECTRA Centre of Excellence EU, UM STU, Vazovova 5, 81243 Bratislava, Slovak Republic
How we collect personal data ?
If the legal basis for the processing of your personal data is consent under Article 6 (1) a) GDPR you are never obliged to provide us with your personal data. The provision of your personal data is based on your own discretion and on voluntary basis. You have the right to withdraw your consent at any time. Non-disclosure of personal data should not have negative significant consequences, but you the convenience of using certain services and your news updates may be reduced.
If we use the legal basis for the processing of your personal data to conclude or perform a contractual relationship under Article 6 (1) b) GDPR the provision of personal data is a requirement that is needed to conclude a contract. Failure to provide personal data may result in non-conclusion of a contractual relationship.
If the legal basis for the processing of your personal data is the fulfillment of our legal obligation pursuant to Article 6 (1) c) GDPR or fulfillment of the public interest task under Article 6 (1) e) GDPR provision of your personal data is a legal requirement.
If the legal basis for the processing of your personal data is legitimate interest and we will use the legal basis for the processing of your personal data under Article 6 (1) f) GDPR you are required to abide but you have a right to object to this processing. You will learn more about this right in a particularly highlighted section below. We may also obtain your personal data from other public authorities or from publicly available registers.
For what purposes are we processing your personal data ?
Generally, as a centre of excellence we need to process personal data in order to fulfil our tasks prescribed to us by:
- generally binding legal regulations
- legitimate or public interests that we pursue
- our contractual relationships
Your personal data are processed for the following purposes:
Purpose | Primary legal ground | |
1 | Personnel & Payroll | Compliance with legal obligations Article 6 (1) c) GDPR |
2 | Employee monitoring mechanisms | Legitimate interest pursuant to Article 6 (1) f) GDPR: monitoring of compliance with employment discipline |
3 | Accounting & Tax | Compliance with legal obligations Article 6 (1) c) GDPR |
4 | Compliance with legal obligations | Legal obligation pursuant to Article 6 (1) c) GDPR |
5 | Management and provision of education (educational purposes) | Legal obligation pursuant to Article 6 (1) c) GDPR and tasks in public interest pursuant to Article 6 (1) e) GDPR |
6 | Voluntary publication of personal data | Consent pursuant to Article 6 (1) a) GDPR |
7 | Protection of property, order and security | Legitimate interest pursuant to Article 6 (1) f) GDPR: protection of property, order and security |
8 | Establishment, exercise or defense of legal claims (legal agenda) | Legitimate interest pursuant to Article 6 (1) f) GDPR: establishment, exercise and defense of legal claims |
9 | Management of IT Security | Legal obligation pursuant to Article 6 (1) c) GDPR |
10 | Scientific research | Article 89 GDPR |
11 | Academic, artistic and literary purpose | Sec. 78 (1) of Data Protection Act |
12 | Journalistic purposes | Sec. 78 (2) of Data Protection Act |
13 | Sending marketing communication (newsletter) | Consent pursuant to Article 6 (1) a) GDPR |
14 | Contractual relationships | Contract pursuant to Article 6 (1) b) GDPR. |
15 | Management of complaints | Legal obligation pursuant to Article 6 (1) c) GDPR |
16 | Statistical purposes | Article 89 GDPR |
17 | Archiving purposes | Article 89 GDPR in connection with Act on archives and registrars. |
What countries do we transfer your personal data to ?
By default, we seek not to transfer your personal data outside the EU and/or European Economic Area where not necessary. The reason is that these third countries do not ensure an adequate level of protection of personal data according the decisions of EU Commission. However, in some cases, such transfers occur. Your personal data may be transferred to a third country, in particular in cases where you request the SPECTRA for cross-border mobility within the available student or employee mobility programs that allow study and / or work visits to foreign universities. Without limitations, personal data may be transferred within the European Economic Area space and the following countries that currently provide an adequate level of protection for personal data as decided by the EU Commission: Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and Japan.
Transfer to any other third countries is a cross-border transfer of personal data to a third country that does not guarantee an adequate level of protection. If this is the case and transfer is necessary, we strive to rely on appropriate safeguard under Art. 46 GDPR where the recipient of personal data in a third country is bound by the equivalent data protection regime as in the EU. Most often we use standard contractual clauses approved by the EU Commission, if this is objectively possible. If using of standard contractual clauses is not possible, we have to follow the exceptions for the specific situations under Art. 49 GDPR. Most often, your consent to the transfer or performance of a contractual relationship is used.
How long do we store your personal data ?
We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Retention periods are either provisioned in respective laws or are set out by us in our internal policies. When processing of your personal data is based on consent and you decide to withdraw your consent, we do further not process your personal data for the specific purpose. However, it does not exclude the possibility that we process your personal data on different legal grounds especially due to our legal obligations.
What rights do you have ?
You have the right to withdraw your consent at any time.
You have a right to object to any direct marketing processing of your personal data including profiling.
You have right to object to any processing that is based on legitimate interest or public interest pursuant to Article 6 (1) e) and f) GDPR as described above.
It is our obligation to protect your personal data and therefore we strive to provide the protection with individual, modern, technical and organizational measures, as well as through the possibility to exercise your rights of the data subject at any time under the GDPR via a request.
You may send us requests for the exercise of the right of the data subject electronically or in writing to the above contact details of data protection officer. This procedure is without prejudice to your right to withdraw consent to the processing of personal data, which you can always withdraw in manner as it has been granted (for example, if you have given your consent electronically, you can always withdraw it by e-mail or application without sending a written request to the address of SPECTRA) or your right to object by automated means using the technical specifications if they are available. We advise to explain each request as much as possible especially in terms of what GDPR right you wish to exercise, what are your identification data (for authentication) and what purpose and personal data the request relates to. If a request is too general, we will ask for clarification.
The GDPR lays down general conditions for the exercise of your individual rights. However, their existence does not automatically mean that they will be accepted by us because in a particular case exception may apply. Some rights are linked to specific conditions that do not have to be met in every case. Your request for an enforcing specific right will always be dealt with and examined in terms of legal regulations and applicable exemptions.
Among others, you have:
- Right to request access to your personal data according to Article 15 of the GDPR. This right includes the right to confirm whether we process personal data about you, the right to access to personal data and the right to obtain a copy of the personal data we process about you if it is technically feasible.
- Right to rectification according to Article 16 of the GDPR, if we process incomplete or inaccurate personal data about you.
- Right to erasure of personal data according to Article of the 17 GDPR;
- Right to restriction of processing according to Article 18 GDPR;
- Right to data portability according to Article 20 GDPR;
- Right to object against processing based on legitimate interests or public interest pursuant to Article 21 GDPR.
You have a right to lodge a complaint related to personal data to the Office for Protection of Personal Data of the Slovak Republic pursuant to sec. 100 of Data Protection Act. More information is available on www.dataprotection.gov.sk.
We would like to bring to your attention that during management of your request to exercise the right of the data subject under GDPR, we may ask you to be verify your identity, especially in cases where there are doubts about your identity. It is our duty to prevent the provision personal data about you to an unauthorized person. The procedure of handling your request for the right of the data subject under the GDPR is free. However, if your claim is manifestly unreasonable or inappropriate, in particular because it is repeated, we are entitled to charge a reasonable fee that takes into account the administrative costs of the procedure.
How we protect your personal data ?
It is our obligation to protect your personal data in an appropriate manner and for this reason we focus on the questions related to protection of personal data. We have implemented generally accepted technical and organizational standards to preserve the security of the processed personal data, especially taking into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. In situations where special categories of data are processed we use encryption technologies e.g. during communication with the payment gateway.
Cookies
Cookies are small text files that improve website usage e.g. by allowing us to recognize previous visitors when logging in to a user environment, remembering a user's choice when opening a new window, measuring website traffic, or how evaluation of usage of the website for the improvement. Our website uses cookies in particular to measure its traffic and ensure functioning of the website. You can always stop storing these files on your device by setting up your web browser. Setting up your browser is within the meaning of Section 55 (5) of the Act on Electronic Communications considered as your consent to the use of cookies on our site. However, blocking cookies may restrict functionality of certain parts of the website (especially when sign-in is required).
Changes to the Privacy Policy
We regularly review and, where necessary, update our privacy information. Should there be any change of use of our privacy information, we’ll communicate the changes to individuals before starting any new processing.