Last review date: 15 January 2025
Yes.
The following are potential legal bases for processing personal data:
☒ the data subject has provided consent to the processing for the identified purposes
☒ the personal data is necessary to perform a contract with the data subject
☒ the personal data is necessary to comply with a legal obligation
☒ the personal data is necessary to protect the vital interests of a natural person
☒ the personal data is necessary for a public interest
☒ the personal data is necessary to fulfil a legitimate interest of the controller or third party (provided that the interest is not overridden by the data subject's privacy interests and the data subject has not made use of his/her right to object)
☒ other
Pursuant to Sec. 17 para. 1 of the Act on Processing of Personal Data, personal data may furthermore be processed if the processing serves journalistic purposes or the purposes of academic, artistic or literary expression in a proportionate manner. Such processing is not subject to approval from the Office for Personal Data Protection and does not have to be notified to it.
Controllers are, unless otherwise stipulated by the applicable law, permitted to process personal data for a purpose other than the one for which the data has been collected, pursuant to Sec. 6 para. 1 of the Act on Processing of Personal Data (compatibility test for secondary use of data) in order to secure a protected interest (protected interests are those listed in Article 23(1) GDPR and mirrored in Sec. 6 para 2 of the Act on Processing of Personal Data), provided such processing is necessary and appropriate for the purposes of:
- fulfilling an obligation to which the controller is subject; or
- performing a task carried out in the public interest or in the exercise of official authority vested in the controller.
Last review date: 15 January 2025
Yes
The following are potential legal bases for processing special categories of personal data:
☒ the data subject has given consent to the processing, where consent is measured to a higher standard than for non-sensitive personal data (for example, additional requirement for consent to be "explicit")
☒ processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
☒ processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent
☒ processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and further conditions
☒ processing relates to personal data which are manifestly made public by the data subject
☒ processing is necessary for the establishment, exercise or defense of legal claims
☒ processing is necessary for reasons of substantial public interest
☒ processing is necessary for the purposes of medicine, the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services
☒ processing is necessary for reasons of public interest in the area of public health
☒ processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
☒ other
Processing special categories of personal data is also permitted, pursuant to Sec. 17 para. 1 of the Act on Processing of Personal Data, in a proportionate manner for journalistic purposes, purposes of academic, artistic or literary expression. The assessment of proportionality has to take into account whether special categories of personal data or data regarding an individual's criminal convictions, offences and related security measures are processed.
Data subject to additional requirements:
- Processing of data about criminal convictions, offenses and related security measures is only permitted:
- under the control of an official authority; or
- when the processing is authorized by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects (e.g., processing of convictions of some employees pursuant to labor law, processing in a proportionate manner for journalistic purposes, purposes of academic, artistic or literary expression).
Disclosure of information about data subjects involved in criminal proceedings is subject to additional requirements.
- Processing of national identification number (birth number) is only permitted:
- for ministries, other public authorities and notaries in the course of their official activities; or
- if stipulated by special law; or
- if necessary for enforcement of claims and the prevention of defaults, provided specific measures are taken to protect the rights and freedoms of data subjects; or
- if the data subject consents.
The processing of location data is subject to the requirements set out in Act No. 127/2005 Coll., on Electronic Communications Services.
Last review date: 15 January 2025
Yes.
A minor within the meaning of the Czech laws (including the data privacy laws) is a person below the age of 18 years. However, in regard to the offer of information society services for which the GDPR foresees special requirements in relation to minors a minor is a person below the age of 15 years.
Last review date: 15 January 2025
In the context of information society services only if processing is based on consent
Last review date: 15 January 2025
☒ consent must be given or authorized by the holder of parental responsibility over the child
☒ other
Any information and communication addressed to a child should be in clear and plain language.
With regard to the processing ground of legitimate interest, special attention and consideration has to be given to the fact that the data subject is a child.