Privacy Policy

1. Introduction

University of New York in Prague, s.r.o. considers the protection of your personal data to be a priority and we undertake to exert maximum effort in order to secure them. We declare that we process your personal data in conformity with valid legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (‘GDPR’), Act No 101/2000 Coll, on Personal Data Protection, Act No 127/2005 Coll, on Electronic Communication, and Act No 480/2004 Coll on Some Services Provided by Information Companies.

In this Data Privacy Statement we will show you how we collect, process, use, and protect your personal data, and thus how we help to protect your privacy. We will try to explain basic terms, principles, fundamentals, and processes of personal data protection that we use. By using our website and services, you agree with the conditions stated herein.

2. Who is the personal data controller and processor?

The controller of personal data is University of New York in Prague, s.r.o., registered office Londýnská 506/41, Praha 2, postcode 120 00, company reg No: 25676598, registered in the Commercial Register administered by the Municipal Court in Prague, section C, file No 60332 (hereinafter referred to as ‘UNYP’). As a controller, we define the purpose and means for processing of your personal data, and we are responsible for the observance of all obligations and principles of their protection. Processing then means any operation or a set of operations performed on personal data such as collection, processing, arrangement, etc. Our contact details (as a controller) are provided herein.

The processor then is the entity which receives from us your personal data and which handles these personal data in conformity with instructions from us. The processor may be, for example, our external provider of e-learning services who  operates on our behalf an online portal for our online courses. We try to ensure sufficient securing of personal data with the processors by means of written contracts on processing and protection of personal data.

3. Who is a personal data subject?

You are a personal data subject exclusively as a natural person. In the case of UNYP, personal data subjects are primarily the persons with whom we have entered into a contract or whom we view as our customers and users of our services. Therefore this main group includes, for example, university applicants, students, and graduates but also lecturers and employees. We usually process their data in order to execute and perform contracts or based on our justified interest. However, you may also become the subject of the personal data processed by us when you give us for example your marketing consent for receiving news by email or if you visit our website without being our customer.

Our services that require registration are not intended for persons under 16 years of age, unless expressly provided otherwise therein. If you are a person under16 years of age and want to use any of our services, or give us your consent for processing your personal data, please notify us of this fact during registration or the granting of your consent (use the contact details provided by us) so that we may consider whether it is necessary to contact your legal representative and obtain their consent.

4. How do we collect your data?

We collect a part of your data automatically using technical means and through the services you use. An example of that may be the data obtained through our web and cookies (for more information go to the Cookies section), or the data recorded during the use of our network and other information and communication systems (eg UNYP e-learning system).

However, we obtain the majority of personal data directly from you, be they from our website forms or other online applications and services, from your emails, telephone calls, personal meetings (standard interviews with university applicants), or from other sources. You always disclose such data voluntarily, and by doing so you grant your consent to the processing conditions.

To a lesser extent, we obtain your personal data from third parties such as our partner universities and suppliers.

5. Which data do we collect and why?

We divide personal data into various topical categories and their processing is always subject to the existence of at least one purpose (however, often there are multiple purposes for one category). Basic categories which we may process and their purposes include the following:

Identification data (name, surname, maiden name, title, academic title before and after name, gender, language, domicile, permanent residence, date and place of birth, citizenship/nationality, personal identifier (assigned by UNYP), type of document, passport number, ID card number, company registration number, VAT number, social security number, passport number, document validity, date and place of issuing of a document, photograph from ID card, application login, date of establishment/termination of record, employee number, job title, signature) are necessary for proper identification of persons in individual roles across our activities and services.

We need contact data (correspondence address, telephone number, fax number, email address, data box, social media contact data, and communication applications) to secure requisite communication with you for all the services we provide as well as when ordering these services. The separate purpose(s) for processing of some data (eg email address) then may include marketing activities. Such processing typically occurs based on your consent.

Authentication and authorisation data in IT systems (user names, email addresses, passwords, security questions, system roles and authorisations) are processed for the purpose of safe operation of these systems and to make sure that only verified users are granted access to perform operations appropriate to their authorisation.

Network identifiers and tracking data (IP address, MAC address, cookies and other tracking mechanisms in browsers, localisation data, web browser setting data) are processed for the purpose of trouble-free and secure provision of network infrastructure and for monitoring the statistics of our web traffic and their improvement.

Transaction data (bank account number, debit/credit card number, authorisations/powers of attorney, transaction date, transaction amount, transaction purpose) are necessary for proper assignment of your payments to services you order through our website or through other means.

Data regarding studies, education, and research (registration in courses, schedules, grades, credits, attendance, submitted work, number of lessons taught, research records) are naturally the core of our university and we process these for the purpose of providing of university training for the purpose of scientific research, for the purpose of attestation by accrediting bodies and other bodies.

Photos and video and audio recordings are processed mostly for the purpose of documenting and promotion of our activities and services always in conformity with valid legislation. 

CVs, cover letters, and records of procurement procedures are processed for the purpose of hiring of new employees and keeping personnel records.

Wages and similar records (wages/remuneration, refund of wages, average pay, bonuses/use of benefits, wage deductions, manners of sending wages, personal account number, consumption of internal resources, insurance, taxes and deductions, tax payer statement, tax returns and supporting documents) are processed for the purpose of keeping personnel records and for the purpose of paying remuneration to employees.

Data regarding performance of work (post, cost centre, supervisor, working hours, leave, sick leave, maternity/paternity leave, career interruption, attendance, events, calendar, information about business trips and other changes in the employment relationship, timesheets, entrusted work equipment and other valuables, number of hours worked, attended training courses, access rights, book of work accidents, performance of work for a third party) are processed for the purpose of keeping personnel records.

Data from security systems (CCTV records, alarm records) are processed only within the minimum scope necessary for securing the safety of persons and property on our premises.

This list is not complete and it always depends on the role you have in relation to us (eg a student, employee). If you want to know which categories concern you, please contact us using the email address stated in the section ‘How can you contact us?’.

In principle, we do not process data regarding racial or ethnic origin, political views, religious or philosophical beliefs, membership in trade unions, or sexual orientation. These data on their own may harm the data subject in society, at work, at school, or may cause discrimination towards the data subject. If these data are requested of you, we recommend that you do not hand them over.

6. What is the legal basis for data processing?

We conduct processing of your personal data exclusively based on legally defined entitlement that give us authorisation to do so. The main legal entitlements for processing by UNYP include in particular:

  • Consent – we need your consent for one or several particular purposes (eg for the purpose of receiving monthly UNYP Newsletter Chronicle by email); the text of the consent will be always comprehensible, will be separate (not a part of a contract), and will be given actively (we will not therefore fill in boxes in advance on your behalf).
  • Performance of contract – we need your personal data here for the purpose of concluding of a contractual relationship and its subsequent performance and possibly also prior to entering into a contract (eg an order preceding execution of a contract). A typical example of such UNYP contract is a study contract.
  • Performance of legal obligations – we need your personal data here for the purpose of their processing in order to perform our legal obligation. An example of this may be data regarding students which we must regularly report to state authorities.
  • Legitimate interest – processing of your personal data is necessary for the purpose of our legitimate interests excluding the cases when your interests or fundamental rights and freedoms prevail over these interests.

The following entitlements are then applied rather rarely for processing of some of your personal data:

  • Protection of data subject interests – processing of your personal data is necessary for your protection or for the protection of other natural persons’ vital interests. 
  • Public interest – we are bound to process your personal data in order to accomplish our task performed in the public interest or when exercising a public authority with which we are assigned as the controller.
7. For how long do we process your data?

We always process your personal data only for the duration of the purpose for their processing.

In the case of processing your personal data in order to perform a legal obligation. the processing time is clearly given by the related legal regulation. Within UNYP this concerns particularly students’ personal data processed for the purpose of compulsory reporting to state administration bodies (registry office), employees’ personal data associated with the requirements stipulated by the Labour Code, or tax records according to the respective law.

When processing data based on execution or performance of a contract (eg study contract, employment contract, etc), the processing time is limited by the given contract. Upon expiry of all related obligations from the contract, we will stop processing your personal data for this purpose and we will delete them unless such data are processed for any other purpose.

We will keep the personal data processed based on the title of a legitimate interest only for a necessary time, which we define with regard to the nature of the kept data. In the case of study applications submitted via the UNYP web, such time limit is stipulated to 5 years for basic data and data about the selected programme; however, for additional documents of a more personal nature downloaded to our server, this time limit is only 1 year.

If you have given us your consent to the processing of your personal data e.g. for marketing purposes (sending of UNYP newsletter by email), processing of your personal data will occur until your consent is withdrawn or until you fail to renew such consent after a certain time.

8. When and how do we hand over your personal data to third parties?

We undertake not to hand over your personal data to third parties for consideration for any commercial purposes. In order to be able to share your personal data with third parties within or beyond the European Union and the European Economic Area, there must be a substantial and clearly defined reason to do so, supported by an executed contract, UNYP’s legitimate interest, or expressly provided consent by the personal data subject. Furthermore, such sharing must be implemented in an adequately secured way (eg encryption, pseudonymisation, etc) and the scope of the handed over personal data must be strictly defined.

An example of a situation when UNYP hands over your personal data to a third party may be, for example, studying abroad at one of our partner universities, the preparation and implementation of which requires that we hand over particularly your basic identification and contract data and selected study records.

The basic question for us during any handover of data to third parties will always be whether it is in the best interest of the personal data subject and whether all possible steps have been taken to achieve procedural and technical security of such sharing procedure.

9. How do we protect your data?

We consider the protection of your personal data to be a crucial matter and we pay our full attention to it. We handle your personal data with due care and protect them within the maximum scope of the corresponding technical level and while observing the following principles:

  • Lawfulness and responsibility means always processing your personal data in conformity with legal regulations based on at least one legal act and the ability to prove that.
  • Fairness and transparency means an obligation to process your personal data transparently and provide you with information regarding the manner of their processing and also about serious breaches of security or leaks of personal data.
  • Purpose limitation and minimisation allows the collection of data only for a clearly defined purpose in a corresponding and adequate scope.
  • Time limitation of storage allows us to process the personal data only for the period for which is necessary for a particular defined purpose (for example, for the term of an executed contract).
  • Accuracy, integrity, and confidentiality means an obligation to update personal data regularly and correct them and secure them against unauthorised or illegal processing, loss, or destruction. At the same time we make sure that only select employees have access to your personal data.

We have also adopted the following technical and organisational measures in support of securing the processed personal data:

  • We protect personal data access points using corresponding technical means such as chip cards, security keys, electronically locked doors, alarm systems, etc.
  • We allow access to systems containing personal data only to authorised persons verified by their user name and a safety password or another security authentication manner.
  • Authorisations to read, copy, alter, or remove data from the system are controlled with sufficient granularity and based on clearly defined user roles.
  • Where possible and suitable with regard to the purpose and nature of processing, we modify data so that they are not assignable to a particular person (so-called pseudonymisation or full anonymisation).
  • We protect transfer of personal data by requisite technical means (eg encryption) so that no unauthorised reading, copying, modification, or deletion may occur during transfer.
  • We destroy unusable or out-of-date data by means of safe deletion from digital media or by certified physical destruction according to recommended standards.
10. What rights may you exercise?

A natural person is entitled to request from us (as a controller of personal data):

  • access to personal data that the controller processes, which means the right to obtain from the controller confirmation regarding whether the personal data concerning the person are processed or not, and if so, you will have the right to gain access to these personal data and other information stated in Article 15 of the Regulation,
  • correction of personal data which are processed in relation to the data subject if such data are inaccurate (Article 16 of the Regulation). With regard to the purpose of processing in some cases you may be entitled to request complementation of incomplete personal data,
  • deletion of personal data in the cases stipulated in Article 17 of the Regulation.
  • restriction of processing of personal data in the cases stipulated in Article 18 of the Regulation.
  • personal data concerning the data subject and which we process in a structured, commonly used, and machine-readable format and which we have the right to transmit to another controller under the conditions and with the limitations stipulated in Article 20 of the Regulation, and
  • cessation or processing or other action in response to an objection to processing pursuant to Article 21 of the Regulation due to reasons concerning a subject’s particular situation.

If we receive such a request, we will inform the applicant of the adopted measures without undue delay, in any case not later than within one month of receiving the application. This time limit may be extended by another two months if necessary and with regard to the complexity and number of applications. In certain cases defined by the Regulation, our company is not bound to satisfy the request. This shall be in particular in situations when such request is apparently groundless particularly due to its repetition. In such cases we may impose an adequate fee due to administrative costs associated with provision of the requested information or statements or with the required actions or to refuse to satisfy such request.

If we receive a request stated above but have justifiable doubts regarding the identity of the applicant, we may ask the person to submit additional identification data. We will keep the information about the fact that the data subject has exercised its rights with us and the way we handled the application for a reasonable time (usually 5 years) for the purpose of documenting this fact for statistic purposes, to improve our services and protect our rights.

In the cases when the data subject believes that UNYP processes its personal data without authorisation or otherwise violates their rights, they are entitled to file a complaint with the supervisory body (in the Czech Republic, the Office for Personal Data Protection).

11. Terms of use of our website

Cookies

What are cookies?

Cookies are small data files that are necessary for some functions of websites such as logging in. Thanks to cookies, a website may also remember various settings such as the language, font, and other options you have selected for viewing the website. This is the reason why we place cookies in your computer. Most large websites and providers do the same thing.

What are the types of cookies?

Cookies can be divided into two basic species according to their durability. While session cookies remain in your browser only until it is closed and then deleted, persistent cookies remain in the browser for a long time (depending on your browser settings and cookies settings) or until you manually delete them.

What are we using cookies on this site?

We use cookies to improve the functionality of the websiteand to better understand the way visitors use the website, tools, and services. Cookies allow us to personalise and improve your experience with the website when you visit it again, to obtain information about user satisfaction, and to communicate with you elsewhere on the internet. Monitoring data may contain personal data such as the IP address of the visitor’s computer, browser type and operating system, referring websites, visited websites, order of visiting of websites, and hypertext links the visitor clicks on.

We use these cookies on our site:

  • Technical (short-term) — they are necessary to ensure elementary site functionality, ie inserting products into the shopping cart, buying process, and displaying a page version requiring javascript or without it.
  • YouTube (short and long-term) — uses the YouTube video player. They are placed on your computer when you start the player.
  • Google Analytics (long-term) — to better customize your site, we use Google Analytics to track anonymous user behavior data.
  • AdWords (long-term) — generated by the advertising system. Using these cookies, we can evaluate the effectiveness of our sales channels.
  • Facebook (both short and long term) — are used by the social networking widget Facebook that is included on this site.
  • Twitter (long-term) — are used by the Twitter social network widget that is inserted on these pages.
  • MailChimp (short- and long-term) — generated by Mailchimp. These cookies allow us to evaluate the effectiveness of the advertising channel.

How can you adjust the use of these cookies

You may erase any cookies already present in your computer. Most browsers also provide the possibility to block placement of cookies in your computer, though in that case you will not be able to use our online services. Detailed information about the settings regarding the storage of cookie files in your browser are available on the website of the provider of the particular browser you are using.

Copyright

The owner and provider of websites www.unyp.cz is a private college, University of New York in Prague, Ltd., which according to the law no. 121/2000 Coll., On copyright, is entitled to apply the law on property on this website.

All rights, including copyright to the content of websites www.unyp.cz, including all website design, text, graphics, the selection and arrangement, and all software compilations, underlying source code, software (including applets) and all other material on this website the site owns or controls the University of New York in Prague, all rights reserved.

User behavior

Users can not interfere with the security of the website can use these websites to spread malicious computer viruses and do not try to enter publicly inaccessible parts of this website. The user is required to respect the copyrights of the providers.

Liability and Legal Competence

The liability arising out of the use of these websites rests solely with the user and the provider does not bear any responsibility in particular for the content uploaded by users. All legal disputes arising out of the use of this website will be dealt with at the appropriate court in the Czech Republic and under the laws of the Czech Republic. If, for any reason, some of the provisions of these Terms become unenforceable, this provision will be deemed severable from the other terms and will not affect the intent of these terms and the remainder of these terms and conditions will continue to be fully effective and effective.

Accessibility statement

They declare that this website is making the most of its content and all its features for all Internet users. The presentation page is created using XHTML, visual with CSS2. We do not guarantee the correct rendering of pages, especially for some older web browsers or other than standard screen resolutions.

Site author

Our website has been created and its trouble-free operation is secured by the CENTARIO internet agency. If you have any questions, comments, ideas for improvement, or technical difficulties, do not hesitate to write to info@centario.cz.

12. Changes to the Privacy Statement

We reserve the right to change or adjust at any time and for any reason the principles of protection of personal data set forth in this statement. If there are any substantial changes in the content of this statement, these will published in this document. We therefore recommend that you regularly check for any contingent changes at this website.

Nothing in this data privacy statement intends to create a contract or a legal relationship between University of New York in Prague and any user who visits our website or provides personal data in any form.

13. How can you contact us?

You may use the following contact details for any comments and queries regarding personal data protection and when exercising your legal rights:

University of New York in Prague, s.r.o.
Londýnská 506/41, Praha 2, postcode 120 00
Email: privacy@unyp.cz

(Last revision date:  January 10, 2019)

Follow us

UNYP Chronicle Newsletter

The e-mail address you provide will be used only to send you the newsletter. Your privacy is important to us.

For more information download our UNYP Brochure.

UNYP logo

Contacts

University of New York in Prague
Londýnská 41, 120 00 Praha

ID no: 25676598
Phone: +420 224 221 261   Skype
Email: unyp@unyp.cz

Back to top