Privacy policy

BASIC INFORMATION

On 25 May 2018, the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “GDPR”) entered into force, which, together with the Personal Data Processing Act (whose draft is currently in the legislative process), replaces the existing legal framework for personal data protection.

The full text of the GDPR is available here.

ZÁKLADNÍ ŠKOLA a MATEŘSKÁ ŠKOLA TIP TOES s.r.o. (hereinafter the “school”), as the controller of personal data, processes your personal data in accordance with the GDPR and applicable Czech legislation. The school processes personal data exclusively on the legal bases set out in Article 6 of the GDPR, i.e. in particular for compliance with legal obligations applicable to the school, performance of a contract, performance of tasks carried out in the public interest or in the exercise of official authority vested in the school, for the purposes of the legitimate interests of the controller or a third party, or on the basis of your consent to the processing of personal data. All personal data are processed only to the necessary extent and for the necessary period.

More detailed information on the basic aspects of personal data processing carried out within the school’s activities, as well as on your rights as data subjects and the ways to exercise them in accordance with the GDPR, can be found in the document Information on the Processing of Personal Data.

If you wish to contact us with a suggestion, inquiry, or a request to exercise your rights related to the processing of your personal data or your children’s data, you can do so (preferably in writing) using the contacts below. We will address your submission and work with you to resolve it.

Contact details of the personal data controller

ZÁKLADNÍ ŠKOLA a MATEŘSKÁ ŠKOLA TIP TOES s.r.o.
Registered office: Křenecká 52, 277 14 Lhota
Represented by the headmistress: Mgr. Jarmila Dvořáková
IČO: 24256510
IZO: 181 043 939
Data box ID: eiejfj9
E-mail: director@tiptoes.cz
Tel: +420 739 047 470

Contact details of the Data Protection Officer

Mgr. Hana Chlupová
Tel.: +420 731170785
E-mail: poverenec@tiptoes.cz

The exercise of data subjects’ rights must not adversely affect the rights and freedoms of other persons. For this reason, we ensure sufficient identification and verification of the identity of the data subject who is exercising a right.

If you still believe that your personal data have not been handled in accordance with the law, you can contact the Office for Personal Data Protection (http://www.uoou.cz).

Mgr. Jarmila Dvořáková
Headmistress

INFORMATION ON PERSONAL DATA PROTECTION

ZÁKLADNÍ ŠKOLA a MATEŘSKÁ ŠKOLA TIP TOES s.r.o. (hereinafter the “School”) hereby informs you, as the personal data controller and in accordance with the principle of transparency within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (the “GDPR”), how we process your personal data within our activities, including information about your rights and how to exercise them.

The controller of your personal data is

ZÁKLADNÍ ŠKOLA a MATEŘSKÁ ŠKOLA TIP TOES s.r.o.
Registered office:  Křenecká 52, 277 14 Lhota
Represented by the headmistress: Mgr. Jarmila Dvořáková
IČO: 24256510
IZO: 181 043 939
Data box ID: eiejfj9
E-mail: director@tiptoes.cz
Tel: +420 739 047 470

Data Protection Officer

The School has appointed, in accordance with Article 37 GDPR, a Data Protection Officer who helps us protect your personal data.

Our Data Protection Officer is:
Mgr. Hana Chlupová
Tel.: +420 731 170 785
E-mail: poverenec@tiptoes.cz

You may contact the Data Protection Officer with your questions, suggestions, or requests to exercise your rights concerning your personal data processed within any agenda of our primary or nursery school, particularly if you do not wish to contact the School’s representative directly.

Basic terms

  • Processing of personal data – any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure, or destruction.
  • Data subject – a natural person to whom the personal data relate (not a legal entity).
  • Personal data – any information relating to a data subject, i.e. an identified or identifiable natural person who can be identified directly or indirectly, in particular by reference to an identifier (e.g. name, address, number, location data, online identifier) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Special categories of personal data (formerly sensitive data) – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; processing of genetic data; biometric data for the purpose of uniquely identifying a natural person; and data concerning health or a natural person’s sex life or sexual orientation.
  • Controller – any entity which determines the purposes and means of the processing of personal data and is primarily responsible for the processing. The controller processes personal data for purposes arising from its activities (e.g. legal obligations, contracts), as well as for its legitimate interests, etc.
  • Processor – any entity which carries out processing operations for the controller on the basis of a specific law or the controller’s authorisation and instructions. This includes, for example, external network administrators, information system operators, cloud storage providers, external accounting firms (or freelancers), etc.
  • Purpose of processing – an activity, process, or operation for which it is necessary or appropriate to process the data subject’s personal data.
  • Legal basis for processing – the lawfulness of processing. The School processes only those personal data for which it is authorised by a special legal regulation, or based on a voluntary contractual arrangement, in its legitimate interest, in the exercise of official authority, in the performance of a task carried out in the public interest, or based on the data subject’s free and informed consent.
  • Sources of personal data – a natural or legal person, public authority, agency, or other body from which personal data are obtained.
  • Recipient – a natural or legal person, public authority, agency, or other body to which the personal data are disclosed; however, public authorities acting within the scope of their investigative powers are not considered recipients. A recipient may also be a processor (e.g. an information system operator).
  • Profiling – any form of automated processing of personal data consisting of the evaluation of certain personal aspects relating to a natural person.

Main principles for processing personal data

The School considers the protection of personal data important and pays due attention to it. Your personal data are processed and protected in accordance with the GDPR and other legal regulations governing personal data protection, and processing takes place according to the following principles set out in Article 5 GDPR:

  • lawfulness, which requires us to process your personal data always in compliance with legal regulations and only on the basis of one of the defined legal bases (consent or another legal ground for processing),
  • fairness and transparency, which requires the School to process your personal data openly and transparently and to provide you with information on how they are processed and how you can exercise your rights. This also includes our obligation to inform you in cases of serious security breaches or personal data leaks,
  • purpose limitation, which allows us to collect your personal data only for clearly defined purposes,
  • data minimisation, which requires us to process personal data only to the extent strictly necessary for the given purpose of processing,
  • accuracy and timeliness, whereby the School ensures that inaccurate, erroneous, or outdated personal data are promptly corrected or erased,
  • storage limitation, which requires us to keep your personal data only for as long as necessary to fulfil the specific purpose for which they are processed, and thereafter to proceed according to the approved filing and shredding rules (subject to exceptions for further processing),
  • integrity, confidentiality, non-repudiation, and availability, which requires us to secure your personal data and process them in a manner that ensures appropriate protection using suitable technical and organisational measures against unauthorised or unlawful processing and against accidental loss, damage, or destruction,
  • accountability, i.e. responsibility for complying with and demonstrating compliance with all rules laid down by the GDPR.

These principles must be adhered to by both the controller (the entity deciding on and responsible for the processing) and the processor (processing data for the controller).

Legal bases for processing personal data

Within its activities, the School processes your personal data in accordance with one of the defined legal bases under Article 6 GDPR:

  • compliance with the School’s legal obligations, in particular under Act No. 561/2004 Coll., on pre-school, primary, secondary, tertiary professional and other education (the Education Act), as amended, and related legal regulations
  • performance of a contract
  • performance of a task carried out in the public interest or in the exercise of official authority
  • protection of the vital interests of the data subject or another natural person
  • the School’s or a third party’s legitimate interest
  • consent to the processing of personal data

If the processing of personal data is based on consent, you may withdraw your consent at any time in writing. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

For what purposes we process your personal data

ZÁKLADNÍ ŠKOLA a MATEŘSKÁ ŠKOLA TIP TOES s.r.o. processes your personal data in particular for the following purposes:

  • keeping the school register (matrika)
  • admission to and course of pre-school education
  • admission to primary education and compulsory school attendance
  • course of primary education
  • provision of school catering
  • school club activities
  • provision of counselling activities in a school counselling facility
  • provision of leisure education in the school club
  • ensuring safety and health protection
  • providing leisure education in the school club
  • providing information under Act No. 106/1999 Coll., on Free Access to Information, as amended, and handling suggestions and complaints
  • management of employment relationships and HR agenda
  • keeping the School’s accounting and tax records
  • for the purposes of concluding and performing contracts by the School
  • statistical reporting
  • presentation of the School (website, annual reports, presentation of artworks, etc.)
  • ensuring the protection of property and the safety of persons at the School

What personal data we process

Your personal data are processed in connection with the operation and activities of the School in accordance with the GDPR only to the extent necessary to fulfil the individual purposes of processing, generally to the extent in which they were obtained from the data subjects. The scope of personal data is determined by the relevant legal regulations or by the purpose of processing. In fulfilling its obligations, the School processes only such personal data as required by legal regulations, or where the right or obligation to process corresponds to the School’s duties, or for which the School has been given consent by the data subject. After the specified purpose has been fulfilled, personal data are stored to a limited extent in accordance with legal regulations and destroyed after the statutory periods have expired.

Within its activities, the School processes the following categories of personal data – identification, address, and descriptive personal data, as well as personal data falling into special categories of personal data (so-called sensitive data). These concern in particular personal data of children, pupils, legal guardians, employees, suppliers or their representatives, and other persons, such as for example:

first and last name; birth number (or date of birth if a birth number has not been assigned to the child/pupil); citizenship; place of birth; place of permanent residence, or place of residence in the Czech Republic according to the type of stay of a foreign national, or place of residence abroad if the child, pupil, or legal guardian does not reside in the Czech Republic; information on previous education, including the level of education attained; date of commencement of education at the School; information on the course and results of education at the School; language of instruction; information on the pupil’s disadvantages; information on exceptional talent; information on support measures provided to the pupil by the School and on the conclusions of examinations stated in the recommendation of a school counselling facility; information on fitness for education and on health difficulties that may affect the course of education; date of completion of education at the School; numbers of documents submitted; telephone numbers and contact e-mail; data relating to the admission of children to the School and to the course of their attendance; documented work experience; education attained; knowledge and skills of job applicants; bank details; IČO; DIŠ; photographic images; audio and video recordings, etc.

From whom we obtain personal data

The School obtains personal data in particular directly from the data subject upon admission of a child to pre-school education, upon admission of a pupil to compulsory school attendance, upon admission to leisure education in the school club, upon admission to school catering, when entering into employment, when concluding contracts, and when requesting supplies and services. The School also obtains certain personal data from public registers, from public authorities, or on the basis of special legal regulations, e.g. in the case of a pupil’s transfer (the original school provides the new school with a copy of the documentation from the school register), or in the case of cooperation with school counselling centres.

The School also processes photographs, audio, and video recordings made at events organised by the School. We obtain and publish these personal data on the basis of consent, or within the framework of journalistic licence to inform about the School’s activities, and we generally store (archive) them for the duration of the child’s pre-school attendance or the pupil’s compulsory school attendance at the School.

To whom we disclose personal data

In justified cases, we disclose your personal data to recipients to whom we are obliged to provide them under the relevant legal regulations (e.g. the founder, the Czech School Inspectorate, ministries and other central authorities; in the case of employees, health insurance companies, the Czech Social Security Administration, tax authorities, labour offices), and further to contractual parties that are parties to contractual relationships with the School (personal data of employees), healthcare facilities, insurance companies, participants in administrative proceedings, applicants, or other authorised entities with regard to specific processing.

On the basis of the organisation’s legitimate interest, certain personal data may also be disclosed to other persons as recipients of personal data for the purposes of drawing subsidies or demonstrating compliance with the conditions of a subsidy programme for a subsidy already drawn.

Recipients may also include processors entrusted by the School, as controller, with a specific activity for which the processing of personal data is necessary. Such processing may only be carried out on the basis of a data processing agreement, i.e. with clear guarantees of organisational and technical safeguards of the data, a defined purpose of processing, and a prohibition on using the disclosed personal data for other purposes or by other processors without the controller’s consent.

Transfers of personal data to third countries

We do not transfer your personal data or your children’s personal data to third countries or international organisations outside the scope of the GDPR.

Period for which personal data are stored

We store personal data in accordance with the GDPR and applicable legislation, in particular Act No. 499/2004 Coll., on Archiving and Records Management and on Amendments to Certain Acts, and the School’s adopted filing and shredding rules, only for the period strictly necessary in relation to the given activity and the specified purpose of processing. Personal data processed with your consent are stored only for the duration of the consent and for the purpose for which the consent was granted. Upon expiry of statutory periods, personal data are archived or destroyed in accordance with legal regulations.

Security of personal data

Your personal data are rigorously protected with us. Personal data are processed manually in paper form and in electronic information systems that are subject to physical, technical, and procedural control.

To protect data, we have established security mechanisms including technical, organisational, and personnel measures.

Rights of the data subject

In addition to the general right to information regarding processed personal data, you may also exercise the following rights, the exercise of which the School fully respects:

  • right of access – you have the right to request from the controller confirmation as to whether or not your personal data are being processed, and, where that is the case, information on the purpose of processing, the categories of personal data concerned, the recipients or categories of recipients, information on transfers to third countries, the storage period, the right to lodge a complaint with the Office for Personal Data Protection, information on the source of the personal data, and whether automated decision-making including profiling is taking place,
  • right to rectification or completion – the right to have inaccurate or incomplete personal data corrected,
  • right to erasure (the “right to be forgotten”) – concerns the controller’s obligation to erase processed personal data if the data are no longer necessary for the purposes for which they were collected, if consent to processing has been withdrawn and there is no other legal ground for processing, if the data have been processed unlawfully, or if the data subject objects to processing and there are no overriding legitimate grounds for processing, etc. The right to erasure does not always apply; in each case the controller must consider whether an exception under Article 17(3) GDPR applies,
  • right to restriction of processing – this means limiting processing to mere storage if the data subject contests the accuracy of the personal data and the controller needs more time to verify them, or if the data subject has objected to processing based on the controller’s legitimate interest,
  • right to data portability – you may request that the School, where not prevented by a legal obstacle, transmit personal data to a controller designated by you. The controller will provide the personal data in a structured, commonly used electronic format directly to the data subject. The controller may provide the data to another controller only in the case of automated processing based on consent or a contract and where technically feasible,
  • right to object – the data subject may object to the processing of personal data concerning him or her, but only where the processing is carried out in the public interest or on the basis of the controller’s legitimate interest.
  • right not to be subject to a decision based solely on automated processing, including profiling – we do not use personal data for automated decision-making.
  • right to lodge a complaint – the data subject has the right to lodge a complaint regarding the processing of personal data with the supervisory authority (in the Czech Republic, the Office for Personal Data Protection) or to seek judicial protection against the supervisory authority, the controller, or the processor.

How you can exercise your rights

The data subject is entitled to exercise his or her rights under the GDPR against the controller in several ways:

  • in writing by postal mail to the School’s address, with an officially verified signature,
  • via the data box, from the data subject’s own data box,
  • by e-mail sent to the controller or the Data Protection Officer, where the submission is accompanied by a valid qualified electronic signature,
  • in person at the School’s office, after identity verification by an authorised employee of the School.

In the case of a request to exercise your rights, you will be provided with information on the measures taken without undue delay, but no later than within 30 days of receipt of the request. Where necessary, taking into account the complexity and number of requests, this period may be extended by a further two months. You will be informed in writing of any such extension and the reasons for it within one month of receipt of your request.

All your requests to exercise rights will be handled free of charge, except in cases where the request is manifestly unfounded or excessive, for example because it is repetitive. In such cases, the School may charge a reasonable fee reflecting the administrative costs incurred.

Right to lodge a complaint with the supervisory authority

If you believe that we are not processing your information correctly, you may lodge a complaint with the supervisory authority:

Office for Personal Data Protection (Úřad pro ochranu osobních údajů)
Address: Pplk. Sochora 27, 170 00 Prague 7
Tel.: +420 234 665 111 (switchboard)
E-mail: posta@uoou.cz
Data box ID: qkbaa2n
Website: www.uoou.cz

DATA PROTECTION OFFICER

ZÁKLADNÍ ŠKOLA a MATEŘSKÁ ŠKOLA TIP TOES s.r.o., Křenecká 52, 277 14 Lhota, IČO 24256510
as the personal data controller, in accordance with Article 37(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), publishes the contact details of the Data Protection Officer:

Mgr. Hana Chlupová
Tel.: +420 731 170 785
E-mail: poverenec@tiptoes.cz

Data Protection Officer:

  1. provides information and advice to controllers or processors and to employees who carry out processing regarding their obligations under the GDPR and other regulations,
  2. monitors compliance with the GDPR and other regulations, with the controller’s or processor’s concepts in the field of personal data protection, including the allocation of responsibilities, raising awareness and training of staff involved in processing operations, and related audits,
  3. provides advice upon request regarding data protection impact assessments and monitors their application under Article 35 GDPR,
  4. cooperates with the Office for Personal Data Protection,
  5. acts as a contact point for the supervisory authority on issues relating to processing, including prior consultation pursuant to Article 36 GDPR, and, where appropriate, consults on any other matter,
  6. data subjects may contact the Data Protection Officer on matters related to the processing of their personal data and the exercise of their rights under the GDPR.

Under Article 38(5) GDPR, the Data Protection Officer is bound by secrecy or confidentiality in accordance with Union or Member State law in connection with the performance of his or her tasks.

You can contact the Data Protection Officer with any questions, suggestions, and requests to exercise your rights relating to your personal data or your children’s data used within any school agenda, particularly if you do not wish to contact us directly as the controller of personal data. In cooperation with the Data Protection Officer, we will address your submissions and work with you to resolve them.

Přihlaste své dítě na zkušební den

Vyplňte prosím své kontaktní údaje a my se vám ozveme.

    Odesláním tohoto formuláře vyjadřujete svůj souhlas se zpracováním osobních údajů.

    Do you have a question that you haven't found the answer to?

    Please do not hesitate to contact us.

      By submitting this form, you express your consent to the privacy policy.

      None of these dates are convenient for you? Arrange a personal meeting.

      Please fill in your contact details and we will get back to you.

        By submitting this form, you express your consent to the privacy policy.

        Interested in transfer

        Please fill in your contact details and we will get back to you.

          By submitting this form, you express your consent to the privacy policy.

          Interested in scholarship

          Please fill in your contact details and we will get back to you.

            By submitting this form, you express your consent to the privacy policy.