Privacy policy

  • 1. Introduction

    For the University of New York in Prague s.r.o., the protection of your personal information is a priority and we commit ourselves to make every effort to ensure their security. We declare that the processing of your personal data is performed in accordance with applicable legislation, in particular the European Parliament and of the Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ( "GDPR"), Act no. 127/2005 Coll., On electronic communications, as amended and Act No. 480/2004 Coll. on Certain Information Society Services, as amended.

    In this Privacy Statement we will let you know how we collect, process, use and protect your personal information to help protect your privacy. We will try to clarify the basic concepts, principles and privacy practices we use. By using our site and services, you agree to the terms of this statement.

  • 2. Who is the controller and processor of personal data?

    Personal data controller is the University of New York in Prague, s.r.o. with its registered office at Londýnská 506/41, Prague 2, postal code 120 00, Company ID: 25676598, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 60332 (hereinafter referred to as "UNYP"). As an administrator, we determine the purpose and means of processing your personal information and are responsible for complying with all our obligations and the principles of their protection. Processing means any operation or set of operations with personal data, such as collecting, processing, organizing, etc. Our contact information as an controller can be found in chapter “How can you contact us?”.

    The processor is the entity to whom we hand over your personal data as an controller, and who further treats them in accordance with our instructions. This is, for example, our external E-learning service provider, which runs an online portal for our online courses on our behalf. Sufficient security of personal data for processors is ensured by the conclusion of written contracts on the processing and protection of personal data.

  • 3. Who is the subject of personal data?

    Only natural persons are subjects of personal data. UNYP is the main group of subjects of a person with whom we have a contract or understand as our customers and service users. For example, our main group includes our study applicants, students, graduates, as well as lecturers and staff. We usually process their data for the purpose of concluding and executing contracts or on our legitimate interest. However, you can also become a subject of personal data processed by us in cases where you give us marketing consent to receive news by e-mail or you visit our website without being our customer at the same time.

    Our services, which require registration, are not intended for persons under the age of 16, unless expressly stated otherwise. If you were a person under the age of 16 and wanted to use our service, respectively, give us permission to process your personal information, please let us know when you register (please use our contacts), to consider whether it is a necesarry to contact your legal representative and obtain his consent.

  • 4. How we collect your data?

    We collect some of your personal data automatically using the technical resources and services you use. An example may be data obtained through our site and cookies (for more information, go to the Cookies chapter) or data recorded while using our network and other information and communication systems (such as the UNYP e-learning system).

    However, we will obtain most of your personal information directly from you, whether you contact us through forms on our website or other online applications and services, email them, communicate them to us by telephone, hand in person (typically interviews with applicants) or other ways. It is always true that you provide us with such information voluntarily and agree to the terms of the processing.

    On the margins, we can get your data from third parties, such as our partner universities and contractors.

  • 5. What data and for what purposes we collect?

    We divide personal data into different thematic categories, and it is always true that their processing is conditioned by the existence of at least one purpose of processing (often, however, for more than one category of data). The basic categories we can process and their purposes include:

    Identity information (name, surname, family name, address, title before / after name, gender, language, residence, permanent residence, date and place of birth, nationality / , ID number, ID number, VAT number, social security number, passport number, validity of the document, date and place of issue of the document, photograph of the identity card, log in to the application, date of birth / cancellation, employee number, job position, signature). absolutely necessary for the correct identification of individuals in each role across all of our services and activities.

    Contact details (mailing address, phone numbers, fax, e-mail address, data box, social media contact information and communication applications) are needed to ensure the necessary communication with you across all of the services we provide but also when negotiating . The individual purpose of processing certain data (e.g., email address) may be marketing activities. Such processing typically takes place on the basis of your consent.

    Authentication and authorization data of the IT systems (usernames, e-mail addresses, passwords, security issues, system roles and permissions) are processed to ensure the safe operation of these systems and to ensure that only authenticated users can access them and can do so only allowed actions.

    Network IDs and tracking data (IP address, MAC address, cookies, and other browser tracking mechanisms, location data, web browser setup data) are processed to provide seamless and secure network infrastructure and to track and improve our site statistics.

    Transaction data (bank account number, debit / credit card number, authorization / power of attorney, transaction date, transaction amount, purpose of the transaction) are necessary to correctly assign your payments to the services you have ordered through our website or otherwise.

    Data on study, teaching and research (course registration, timetables, grades, credits, attendance, surrendered work, hours of lessons, research records) are at the heart of our university and we process them for the purpose of providing higher education , for the purpose of demonstrating accreditation and other bodies.

    We process photo, video and audio records most often for purposes of documentation and promotion of our activities and services, always in accordance with valid legislation.

    We process CVs, motivation letters, and records from the selection process for the recruitment of new staff and HR management.

    Wages and similar data (wage / salary, wage compensation, average earnings, bonuses / benefit draws, wage deductions, payroll method, private account number, consumption of internal resources, insurance, taxes and levies, taxpayer's declaration, tax returns and background ) is processed for the purpose of managing personnel and for the purpose of paying employee compensation.

    Work performance data (job position, cost center, senior staff, working time, leave, sick leave, maternity / parental leave, career break, attendance, events, calendar, job descriptions and other changes in the employment relationship, timesheets, other values, hours worked, training sessions, access rights, work accidents, work for a third person) we process for the purpose of managing human resources.

    We process data from security systems (camera records, alarm) only to the minimum extent necessary to ensure the safety of persons and property in our premises.

    This list is incomplete and always depends on the role you play in relation to us (eg student, employee). If you want to know the details of which categories of data apply to you, please contact us at the e-mail address given in the chapter "How can you contact us?".

    We do not process the following sensitive data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and sexual orientation. Such data may damage the data subject in society, at work, at school, or may cause discrimination. If this information is required for you, we recommend that you do not pass it on.

  • 6. On what legal basis we process the data?

    We process your personal data solely on the basis of the legally defined titles that entitle us to do so. Major titles for processing at UNYP include:

    • Consent - You grant us permission for one or more specific purposes (for example, to send the monthly UNYP Newsletter Chronicle), the text of the consent will always be comprehensible, will be separate (not part of the contract) and will be given through active activity (so we will not pre- your consent).
    • Performance of the contract - We need your personal data here for the purpose of entering into a contractual relationship and subsequently executing it, or even before entering into a contract (for example, an order prior to the conclusion of the contract). A typical example of such a UNYP contract is a study agreement.
    • Compliance with legal obligations - We need your personal data here to process it to meet our statutory duty as an administrator. An example may be student data, which we are required to report periodically to state authorities.
    • Interest in your interest - processing your personal data would be necessary for the purposes of our legitimate interests, except in cases where your interests or your fundamental rights and freedoms prevail over these interests.

    Rather, as a title for processing some of your personal information, we may use:

    • Protection of the interests of data subjects - Processing of your personal data would be necessary to protect the vital interests of you or other individuals.
    • Public interest - We are required to process your personal data to fulfill our public interest task or to exercise public authority to be entrusted to us as an administrator.
  • 7. How long do we process the data?

    We only process your personal data for the duration of the reason for processing your personal information.

    In the case of the processing of personal data in order to fulfill a statutory obligation, the processing time is clearly stated in the related legal regulation. UNYP refers primarily to the personal data of students processed for mandatory reporting to the state administration (registry), personal data of employees related to the requirements of the Labor Code, or accounting records according to the relevant law.

    When processing data on the basis of the conclusion or performance of the contract (eg study agreement, employment contract, etc.), the processing time is limited by this contract. Once all the related contractual obligations have ceased to exist, we will cease processing your personal data for that purpose and erase it if those personal data or some of these are not processed for any other purpose.

    Personal data processed as legitimate interest are retained only for the necessary time we determine, taking into account the nature of the stored data. In the case of applications for study submitted via the UNYP website, for example, this period is set at 5 years for basic data and data on the selected program, but for additional documents of a more personal nature recorded on the server it is only 1 year.

    If you give us your consent to the processing of personal data, for example for marketing purposes (sending UNYP newsletter by e-mail), it will process the data until such consent is revoked or if the consent is not renewed after a certain lapse of time.

  • 8. When and how we pass personal information to third parties?

    We undertake not to sell your personal information to any third party for any commercial purpose. In order to share your personal data with third parties within or outside the European Union and the European Economic Area, there must be a strong and clearly defined reason for this sharing, which is underpinned by a signed contract, UNYP legitimate interest, or the express consent of the personal data subject. In addition, such sharing must be done in an adequately secure way (eg by encryption, pseudonymization, etc.) and the scope of the personal data transmitted must be strictly defined.

    An example of a situation where UNYP passes your personal data to a third party may be, for example, studying abroad at one of our partner universities for whose preparation and implementation it is necessary to pass in particular basic identification and contact details and selected study records.

    The fundamental question of any communication of data to third parties will always be for us, whether it is in the best interest of the data subject, and whether all possible steps have been taken to process this technically and share it.

  • 9. How do we protect your data?

    We consider the protection of personal data to be very important and therefore we pay close attention to it. We treat your data with due care and protect it as far as possible to a high technical standard and adhering to the following basic principles:

    • Legality and responsibility means processing your personal data in accordance with legal regulations under at least one legal title and being able to prove it.
    • Correctness and transparency impose an obligation to process the data openly and to provide you with information on how it is processed and, for example, serious breaches of security or personal data loss.
    • The purpose limitation and minimization allows data to be collected only for a clearly defined purpose and to a relevant and reasonable extent.
    • Time stamping allows us to process personal data only for a period of time that is necessary for a specific purpose (for example, for the duration of the contract).
    • Accuracy, integrity and confidentiality require that personal data be regularly updated and corrected and secured against unauthorized or unlawful processing, loss or destruction. At the same time, we ensure that only your selected employees have access to your personal information.

    We have also adopted the following technical and organizational measures to enhance the security of the processed personal data:


    • Protect the access points by appropriate technical means such as smart cards, security keys, electronically-locked doors, alarm, etc.
    • Access to personal data storage systems is only available to authorized persons, which are authenticated by username and password or other secure authentication method.
    • Permissions to read, copy, modify, delete data from the system are controlled with sufficient granularity and on the basis of clearly defined user roles.
    • Where possible and appropriate to the purpose and nature of the processing, we make adjustments to the data that make it unattached to a particular person (so-called pseudonymization or complete anonymization).
    • Protect the transfer of personal data by the necessary technical means (eg by encryption) to prevent unauthorized reading, copying, editing or deletion.
    • Dispose of any unnecessary or outdated personal data by safely removing it from digital media or by certified physical disposal according to recommended standards.
  • 10. What rights can you apply?

    A natural person is entitled to our company as a personal data administrator:

    require access to personal data processed by the trustee, which means the right to obtain from the trustee a confirmation that the personal data concerning him / her are processed or not and, if so, has the right to have access to these personal data and other the information referred to in Article 15 of the Regulation,

    require the processing of personal data processed if it is inaccurate (Article 16 of the Regulation). Taking into account the purposes of the processing, it may in some cases also require the addition of incomplete personal data,

    request the deletion of personal data in cases covered by Article 17 of the Regulation.

    require restrictions on the processing of data in cases covered by Article 18 of the Regulation,

    obtain personal data relating to it that we process in a structured, commonly used and machine-readable format, having the right to pass on this data to another Administrator under the conditions and restrictions set forth in Article 20 of the Regulation; and

    has the right to object to processing within the meaning of Article 21 of the Regulation on grounds relating to its particular situation.

    If we receive such a request, we will inform the applicant of the measures taken without undue delay and, in any case, within one month of receiving the request. This deadline can be extended by another two months, if necessary and in view of the complexity and number of applications. In certain cases, our company is not obliged to comply with the request in whole or in part. This will be the case in particular if the application is clearly unreasonable or disproportionate, in particular because it is repeated. In such cases, we may impose a reasonable fee, taking into account the administrative costs associated with providing the requested information or communication or making the required action, or refusing to comply with the request.

    If we receive the above request, but we will have reasonable doubt as to the identity of the applicant, we may ask him to provide additional identification data. The information that the data subject has exercised his rights with us and how we have resolved his request will be stored for a reasonable period (usually 5 years) to document this fact, for statistical purposes, to improve our services and to protect our rights.

    In case the data subject considers that UNYP processes his or her personal data unjustifiably or otherwise violates his / her rights, he / she has the right to file a complaint with the Supervisory Authority (in the Czech Republic, the Office for Personal Data Protection).

  • 11. Terms of use of our website


    What are cookies?

    Cookies are small data files that are necessary for some website features, such as logging in. With cookies, the site can also remember different settings, such as language, font, and other options you choose to display the site yourself. That's why we place cookies on your computer. The same is done by most large websites and providers.

    What are the types of cookies?

    Cookies can be divided into two basic species according to their durability. While session cookies remain in your browser only until it is closed and then deleted, persistent cookies remain in the browser for a long time (depending on your browser settings and cookies settings) or until you manually delete them.

    What are we using cookies on this site?

    Cookies are used to improve the functionality of the site and to better understand how our visitors use the site, tools and services. Cookies make it easy for you to personalize or improve your experience with the site on the next visit, to get information about user satisfaction and to communicate with you elsewhere on the Internet. Tracking data may include personal information such as the visitor's computer's IP address, browser type and operating system, referring pages, visited pages, the order in which they were visited, and which hyperlink the visitor clicked on.

    We use these cookies on our site:

    • Technical (short-term) - they are necessary to ensure elementary site functionality, ie inserting products into the shopping cart, buying process, and displaying a page version requiring javascript or without it.
    • YouTube (short and long-term) - uses the YouTube video player. They are placed on your computer when you start the player.
    • Google Analytics (long-term) - to better customize your site, we use Google Analytics to track anonymous user behavior data.
    • AdWords (long-term) - generated by the advertising system. Using these cookies, we can evaluate the effectiveness of our sales channels.
    • Facebook (both short and long term) - are used by the social networking widget Facebook that is included on this site.
    • Twitter (long-term) - are used by the Twitter social network widget that is inserted on these pages.
    • MailChimp (short- and long-term) - generated by Mailchimp. These cookies allow us to evaluate the effectiveness of the advertising channel.

    How to modify the use of cookies

    All cookies already on your computer can be deleted. Most browsers also offer the option of blocking cookies on your computer, but in that case you will not be able to use all of our online services. For detailed information about how cookies are stored in your browser, visit the browser's specific browser pages.


    The owner and provider of websites is a private college, University of New York in Prague, Ltd., which according to the law no. 121/2000 Coll., On copyright, is entitled to apply the law on property on this website.

    All rights, including copyright to the content of websites, including all website design, text, graphics, the selection and arrangement, and all software compilations, underlying source code, software (including applets) and all other material on this website the site owns or controls the University of New York in Prague, all rights reserved.

    User behavior

    Users can not interfere with the security of the website can use these websites to spread malicious computer viruses and do not try to enter publicly inaccessible parts of this website. The user is required to respect the copyrights of the providers.

    Liability and Legal Competence

    The liability arising out of the use of these websites rests solely with the user and the provider does not bear any responsibility in particular for the content uploaded by users. All legal disputes arising out of the use of this website will be dealt with at the appropriate court in the Czech Republic and under the laws of the Czech Republic. If, for any reason, some of the provisions of these Terms become unenforceable, this provision will be deemed severable from the other terms and will not affect the intent of these terms and the remainder of these terms and conditions will continue to be fully effective and effective.

    Accessibility statement

    They declare that this website is making the most of its content and all its features for all Internet users. The presentation page is created using XHTML, visual with CSS2. We do not guarantee the correct rendering of pages, especially for some older web browsers or other than standard screen resolutions.

    Site author

    Our websites have been created and their trouble-free run is provided by the CENTARIO Internet Agency. If you have any questions, suggestions, ideas for improvement or technical difficulties, feel free to contact

  • 12. Changes to the Privacy Statement

    We reserve the right, at any time and for any reason, to change or modify the privacy policy contained in this statement. If there are any significant changes to the content of this statement, they will be posted here. Therefore, we recommend that you regularly inform us of any changes to this page.

    Nothing in this Privacy Statement is intended to create a contractual agreement or legal relationship between the University of New York in Prague and any user who visits our website or provides personal information in any form whatsoever.

  • 13. How can you contact us?

    For any comments and queries about personal data protection and for contacting you about the performance of your legal rights, you can use the following contacts:

    University of New York in Prague, s.r.o.
    Londýnská 506/41, Praha 2, PSČ 120 00

    Date of the last revision:  25. 5. 2018


Follow us

Go to top