UNYP Privacy Policy

University of New York in Prague, s.r.o. considers the protection of personal data to be a priority and is committed to handling it with the highest level of care and security.

We process personal data in accordance with applicable legal regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation – GDPR), as well as relevant Czech legislation governing personal data protection and electronic communications.

This Data Privacy Statement explains how we collect, use, process, store, and protect your personal data, and how we safeguard your privacy. It also outlines the key principles, terms, and procedures we apply when handling personal data.

By using our website and services, you acknowledge that you have read and understood this Data Privacy Statement and agree to the processing of your personal data as described herein.

The controller of your personal data is University of New York in Prague, s.r.o., with its registered office at Londýnská 506/41, Prague 2, 120 00, Czech Republic, Company ID No. 25676598, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File No. 60332 (hereinafter referred to as “UNYP”).

As the data controller, UNYP determines the purposes and means of processing your personal data and is responsible for ensuring compliance with all legal obligations and data protection principles.

For the purposes of this Privacy Statement, processing means any operation or set of operations performed on personal data, including but not limited to collection, storage, organization, use, or disclosure.

In certain cases, UNYP may engage data processors—third parties who process personal data on our behalf and strictly in accordance with our instructions. These processors may include, for example, external providers of e-learning service providers that operate online platforms for our courses.

UNYP ensures that all data processors provide adequate safeguards for the protection of personal data and enters into written agreements with them that govern the processing and security of personal data in accordance with applicable law.

You are a personal data subject solely in your capacity as a natural person. In the case of UNYP, personal data subjects are primarily individuals with whom we have entered into a contract, or whom we consider our customers and users of our services. Therefore, this main group includes, for example, university applicants, students, and graduates, as well as lecturers and employees. We usually process their data in order to execute contracts or to pursue our legitimate interests. However, you may also be the subject of the personal data we process when you give us, for example, your marketing consent to receive news by email, or when you visit our website without being our customer.

Our services that require registration are not intended for persons under 16 years of age, unless expressly provided otherwise therein. If you are a person under16 years of age and want to use any of our services, or give us your consent for processing your personal data, please notify us of this fact during registration or the granting of your consent (use the contact details provided by us) so that we may consider whether it is necessary to contact your legal representative and obtain their consent.

Some of your personal data is collected automatically through technical means and through the services you use. This may include, for example, data obtained through our website and cookies (for more information, please see the Cookies section), as well as data generated through your use of our network and information systems, such as the UNYP e-learning platform.

Most personal data, however, is provided directly by you. This may occur when you complete forms on our website, use online applications or services, communicate with us by email or telephone, or meet with us in person, for example, during standard interviews with university applicants. You provide this information voluntarily, and by doing so, you agree to the processing of your personal data in accordance with this Privacy Statement.

In limited cases, we may also receive personal data from third parties, such as partner universities or service providers with whom we cooperate.

We process personal data in clearly defined categories. Each category is processed for one or more specific purposes that are always legitimate and relevant to your relationship with UNYP.

Below is an overview of the main categories of personal data we may process and the purposes for which we use them.

Identification Data

Identification data may include, for example, your name, surname (including maiden name), academic titles, gender, language, domicile and permanent residence, date and place of birth, nationality, personal identifiers assigned by UNYP, details of identity documents (such as passport or ID card number, issuing authority, and validity), photograph from an identity document, login identifiers, dates of record creation or termination, employee or student number, job title, and signature.

These data are necessary to correctly identify individuals in their respective roles and to ensure the proper functioning of our academic, administrative, and operational activities.

Contact Data

Contact data includes correspondence address, telephone number, email address, data box details, and contact information used for social media or communication applications.

We process this data to communicate with you in connection with the services we provide, including admissions, studies, employment, and administration. Certain contact data, such as an email address, may also be used for marketing purposes where permitted by law, typically based on your consent.

Authentication and Authorization Data

Authentication and authorization data include usernames, email addresses, passwords, security questions, system roles, and access rights.

These data are processed to ensure the secure operation of our IT systems and to grant access only to authorized users, in accordance with their role.

Network Identifiers and Tracking Data

This category includes IP addresses, MAC addresses, cookies and similar tracking technologies, localization data, and browser or device settings.

These data are processed to ensure the secure and reliable operation of our network infrastructure and to analyze and improve the performance and usability of our websites and online services.

Transaction Data

Transaction data may include bank account numbers, payment card details, authorizations or powers of attorney, transaction dates, amounts, and purposes.

These data are processed to correctly record and allocate payments for services provided by UNYP, whether ordered online or through other means.

Data Related to Studies, Education, and Research

These data include course registrations, schedules, grades, credits, attendance records, submitted coursework, teaching records, and research-related documentation.

They are responsible for providing higher education, conducting scientific research, meeting accreditation requirements, and fulfilling obligations to regulatory and accrediting bodies.

Photographs, Audio, and Video Recordings

Photographs and audio or video recordings may be processed primarily to document and promote UNYP’s academic and community activities, always in compliance with applicable legal regulations.

Recruitment and Procurement Data

CVs, cover letters, and records related to recruitment or procurement are processed of hiring employees, managing selection procedures, and maintaining related records.

Payroll and Remuneration Data

These data include salary and remuneration details, bonuses and benefits, wage deductions, payment methods, insurance, taxes, tax declarations, and related supporting documentation.

They are processed for payroll administration, statutory reporting, and the fulfillment of employer obligations.

Employment Performance Data

This category includes information related to job position, cost center, supervisor, working hours, leave, sick leave, maternity or paternity leave, attendance records, business trips, training participation, access rights, entrusted equipment, work accidents, and timesheets.

These data are processed for personnel administration and employment relationship management.

Security System Data

Data from security systems, such as CCTV or alarm system records, are processed only to the minimum extent necessary to ensure the safety of persons and property on UNYP premises.

We process your personal data only where a valid legal basis authorizes us to do so in accordance with applicable data protection laws. The primary legal bases used by University of New York in Prague (UNYP) include the following:

Consent

We process certain personal data based on your consent, which is required for one or more specific purposes. For example, you may be required to provide consent to receive the UNYP Chronicle monthly newsletter via email. Any consent we request will be presented in clear, understandable language, separate from other agreements (such as contracts), and require your active confirmation. We do not use pre-ticked boxes or implied consent.

Performance of a Contract

We process personal data where necessary to enter into and perform a contractual relationship with you, or to take steps at your request prior to entering into a contract. A typical example is the processing of personal data in connection with a study contract or other agreements with UNYP.

Compliance with Legal Obligations

In some cases, we are required to process personal data in order to comply with legal obligations imposed by applicable laws. This includes, for example, reporting certain student-related data to public authorities as required by law.

Legitimate Interests

We may process personal data where such processing is necessary for the purposes of our legitimate interests, provided that these interests do not override your fundamental rights and freedoms. Legitimate interests may include ensuring the security of our systems, improving our services, or managing our operations effectively.

In limited and less frequent cases, we may also rely on the following legal bases:

Protection of Vital Interests

Processing may be necessary to protect your vital interests or those of another natural person, for example in emergency situations.

Public Interest or Exercise of Official Authority

We may process personal data when it is necessary of perform a task carried out in the public interest or in the exercise of official authority vested in UNYP as the data controller.

We process your personal data only for as long as necessary to fulfill the purpose for which it was collected.

Processing Based on Legal Obligations

Where personal data is processed in order to comply with legal obligations, the retention period is determined by the relevant legal regulations. At UNYP, this applies in particular to:

• student data processed for mandatory reporting to public authorities,
• employee data processed in accordance with labor law requirements, and
• accounting and tax records retained in compliance with applicable legislation.

Processing Based on Contractual Relationships

When personal data is processed of enter into or perform a contract (such as a study or employment contract), the data is retained for the duration of the contractual relationship. Once all contractual obligations have been fulfilled, we stop processing the data for this purpose and delete it, unless it is required for another lawful purpose.

Processing Based on Legitimate Interests

Personal data processed on the basis of UNYP’s legitimate interests is retained only for the period necessary in light of the nature and purpose of the data. For example, basic data and information about selected study programs submitted through the UNYP website as part of a study application are retained for up to five (5) years. Additional documents of a more personal nature uploaded to our systems are retained for no longer than one (1) year.

Processing Based on Consent

Where you have provided consent to the processing of your personal data, for example, for marketing purposes such as receiving the UNYP newsletter by email, your data will be processed until you withdraw your consent or until the consent expires and is not renewed.

We undertake not to hand over your personal data to third parties for consideration for any commercial purposes. In order to be able to share your personal data with third parties within or beyond the European Union and the European Economic Area, there must be a substantial and clearly defined reason to do so, supported by an executed contract, UNYP’s legitimate interest, or expressly provided consent by the personal data subject. Furthermore, such sharing must be implemented in a secure manner (e.g., encryption, pseudonymisation) and the scope of the personal data transferred must be strictly defined.

An example of a situation in which UNYP may hand over your personal data to a third party is studying abroad at one of our partner universities, the preparation and implementation of which require us to hand over, in particular, your basic identification and contract data and selected study records.

The basic question for us during any handover of data to third parties will always be whether it is in the best interests of the personal data subject and whether all possible steps have been taken to ensure procedural and technical security of such sharing.

The protection of your personal data is a top priority of UNYP. We handle all personal data with due care and apply appropriate technical and organizational measures to ensure a high level of security, in line with current technological standards and applicable legal requirements.

In particular, we follow these core data protection principles:

Lawfulness and Accountability
We process personal data only in compliance with applicable laws and always on the basis of at least one valid legal ground. We can also demonstrate compliance with these obligations at any time.

Fairness and Transparency
We process personal data in a transparent manner and provide clear information about how your data is handled. In the event of a serious personal data breach, we will inform you in accordance with legal requirements.

Purpose, Limitation, and Data Minimization
We collect and process personal data only for clearly defined purposes and only to the extent necessary to achieve those purposes.

Storage Limitation
Personal data are retained only for as long as necessary for the specific purpose for which they are processed, for example, for the duration of a contractual relationship.

Accuracy, Integrity, and Confidentiality
We take reasonable steps to ensure that personal data is accurate and kept up to date. We protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage, and ensure that access is limited to authorized personnel only.

Technical and Organizational Security Measures

To safeguard personal data, UNYP has implemented appropriate technical and organizational measures, including:

• Protection of physical access points using security technologies such as chip cards, security keys, electronically secured doors, and alarm systems.
• Restricted access to systems containing personal data is granted only to authorized users through secure authentication methods such as usernames, passwords, or other verification mechanisms.
• Clearly defined user roles with controlled permissions to read, copy, modify, or delete personal data.
• Where appropriate, the use of pseudonymization or anonymization techniques is employed to prevent data from being directly linked to an identifiable individual.
• Secure transmission of personal data using technical safeguards such as encryption to prevent unauthorized access, alteration, or loss during transfer.
• Secure disposal of obsolete or unnecessary personal data through safe digital deletion or certified physical destruction in accordance with recognized standards.

As a data subject, you have the right to exercise the following rights in relation to your personal data processed by University of New York in Prague (UNYP):

Right of Access
You have the right to request confirmation of whether we process your personal data and, if so, to access that data, together with additional information as specified in Article 15 of the GDPR.

Right to Rectification
You have the right to request the correction of inaccurate personal data concerning you. Taking into account the purpose of processing, you may also request that incomplete personal data be completed, in accordance with Article 16 of the GDPR.

Right to Erasure (“Right to Be Forgotten”)
You have the right to request the deletion of your personal data in the cases set out in Article 17 of the GDPR.

Right to Restriction of Processing
You have the right to request the restriction of processing of your personal data in the circumstances defined in Article 18 of the GDPR.

Right to Data Portability
You have the right to receive personal data concerning you that we process in a structured, commonly used, and machine-readable format, and, where applicable, to have that data transmitted to another controller, under the conditions and limitations set out in Article 20 of the GDPR.

Right to Object
You have the right to object to the processing of your personal data under the conditions set out in Article 21 of the GDPR, in particular where processing is based on legitimate interests and your specific situation warrants such an objection.

Handling of Requests

If you submit a request to exercise any of the above rights, we will inform you of the actions taken without undue delay and in any event within one (1) month of receiving your request. This period may be extended by up to two additional months, as needed, taking into account the complexity and number of requests.

In certain cases provided for by the GDPR, we may be entitled to refuse to act on a request or to charge a reasonable fee to cover administrative costs, particularly where a request is manifestly unfounded or excessive, for example, due to its repetitive nature.

If we have reasonable doubts about your identity, we may request additional information to verify it before processing your request.

For record-keeping and accountability purposes, we retain information about the exercise of data subject rights and how requests were handled for a reasonable period (typically up to five (5) years), in order to document compliance, improve our services, and protect our legal interests.

Right to Lodge a Complaint

If you believe that UNYP processes your personal data unlawfully or otherwise infringes your rights under data protection law, you have the right to lodge a complaint with the competent supervisory authority. In the Czech Republic, the authority responsible for personal data protection is the Office for Personal Data Protection.

Cookies

What are cookies?

Cookies are small data files that are necessary for some functions of websites, such as logging in. Thanks to cookies, a website may also remember settings such as the language, font, and other options you have selected when viewing the site. This is the reason why we place cookies in your computer. Most large websites and providers do the same thing.

What are the types of cookies?

Cookies can be classified into two basic categories based on their shelf life. While session cookies remain in your browser only until it is closed and then deleted, persistent cookies remain in the browser for a long time (depending on your browser settings and cookie settings) or until you manually delete them.

What cookies are we using on this site?

We use cookies to improve the functionality of the website and to better understand how visitors use the website, tools, and services. Cookies allow us to personalise and improve your experience on the website when you visit again, to collect information about user satisfaction, and to communicate with you elsewhere on the internet. Monitoring data may contain personal data such as the IP address of the visitor’s computer, browser type and operating system, referring websites, visited websites, order of visiting of websites, and hypertext links the visitor clicks on.

We use these cookies on our site:

• Technical (short-term): they are necessary to ensure basic site functionality, e.g., adding products to the shopping cart, the buying process, and displaying a page version that requires JavaScript or does not.
• YouTube (short and long-term) – uses the YouTube video player. They are placed on your computer when you start the player.
• Google Analytics (long-term) – to better customize your site, we use Google Analytics to track anonymous user behavior data.
• AdWords (long-term) – generated by the advertising system. Using these cookies, we can evaluate the effectiveness of our sales channels.
• Meta (both short and long term) – is used by the social networking widget Facebook that is included on this site.
• MailChimp (short- and long-term) – generated by Mailchimp. These cookies allow us to evaluate the effectiveness of the advertising channel.

How can you adjust the use of these cookies?

You may erase any cookies already present in your computer. Most browsers also provide the possibility to block the placement of cookies in your computer, though in that case you will not be able to use our online services. Detailed information on the settings of storing cookies in your browser is available on the website of the provider of the particular browser.

Copyright

The owner and provider of the website www.unyp.cz is a private college, University of New York in Prague, Ltd., which, according to the law no. 121/2000 Coll., On copyright, the owner is entitled to apply the law on property on this website.

All rights, including copyright to the content of websites www.unyp.cz, including all website design, text, graphics, the selection and arrangement, and all software compilations, underlying source code, software (including applets) and all other material on this website, the University of New York in Prague, all rights reserved.

User behavior

Users can not interfere with the security of the website, and cannot use these websites to spread malicious computer viruses. They should not attempt to access publicly inaccessible areas of this website. The user must respect the providers’ copyrights.

Liability and Legal Competence

The liability arising out of the use of these websites rests solely with the user and the provider does not bear any responsibility in particular for the content uploaded by users. All legal disputes arising out of the use of this website will be dealt with at the appropriate court in the Czech Republic and under the laws of the Czech Republic. If, for any reason, some of the provisions of these Terms become unenforceable, this provision will be deemed severable from the other terms and will not affect the intent of these terms, and the remainder of these terms and conditions will continue to be fully effective.

Accessibility statement

They declare that this website is making the most of its content and all its features for all Internet users. The presentation page is created using XHTML, with CSS2. We do not guarantee the correct rendering of pages, especially for some older web browsers or other than standard screen resolutions.

Site author

Our website has been created and is being managed by the CENTARIO internet agency to ensure trouble-free operation. If you have any questions, comments, suggestions for improvement, or technical difficulties, please contact info@centario.cz.

UNYP reserves the right to amend or update this Privacy Statement at any time and for any reason. Any material changes to the way we process or protect personal data will be published in this document.

We encourage you to review this Privacy Statement periodically to stay informed about how your personal data is protected.

Nothing in this Privacy Statement is intended to create a contractual or legal relationship between the University of New York in Prague and any individual who visits our website or provides personal data in any form.

If you have any questions, comments, or requests regarding the protection of your personal data, or if you wish to exercise your rights under applicable data protection laws, you may contact us using the details below:

University of New York in Prague, s.r.o.
Londýnská 506/41
Prague 2, 120 00
Czech Republic

Email: privacy@unyp.cz

Last updated: January 10, 2019