General data protection regulation

I. Responsibility for the administration of personal data and contact details

The Administrator of personal data is the Research Institute for Labour and Social Affairs, v.v.i., with its registered office at Dělnická 213/12, 170 00 Prague 7, ID number 45773009, Tax number CZ45773009 (hereinafter referred to as “RILSA” or the “Administrator”). As the Administrator of personal data, RILSA determines the purpose, means and method of the processing of personal data, processes the data and is fully responsible for these tasks.

Detailed information is provided by the Administrator on the processing of personal data via the following:

  • data box: xy9n88n
  • e-mail:
  • by post: Dělnická 213/12, 170 00 Praha 7
  • via personal submission at RILSA’s head office

The personal data protection administrator can be contacted by email at:

II. Personal data processing principles

When processing personal data, the Administrator fully respects the right to the protection of personal data and adheres, in particular, to the following principles:

  1. personal data is processed in an appropriate, legal and transparent manner;
  2. personal data is collected only on the basis of specific, explicitly stated and legitimate purposes; no personal data is further processed in a manner that is incompatible with these purposes;
  3. the range of personal data processed is rational, relevant and necessary for achieving the stated purposes;
  4. measures have been adopted that ensure that only accurate personal data is processed; the data is updated when deemed necessary;
  5. personal data is kept for the time deemed necessary for its processing;
  6. processed personal data is properly secured, especially against unauthorised or illegal processing and against accidental loss, destruction or damage.

III. The types of personal data processed

The Administrator processes only that personal data that is related to the performance of the respective agenda. In accordance with the relevant legal regulations, such data consists of the following and their combinations, and sets and selections thereof:

  1. identification and contact data: name, surname, academic qualifications, date and place of birth, identity card number, marital status, birth number, nationality, permanent residence address, telephone number, email address, personal number, IP address;
  2. descriptive data: education, knowledge of foreign languages, professional knowledge and skills, number of children, employment history, health insurance provider, salary, bank details;
  3. data on other persons: address and identification data of a family member.

IV. Whose personal data is processed

The Administrator primarily processes the personal data of:

  1. its employees (including former employees) and their family members, job applicants and members of advisory organisations;
  2. physical and legal persons with whom RILSA has a contractual relationship.

V. From whom the personal data is obtained

The Administrator obtains personal data directly from the subject of the data, from other persons, and from publicly available sources.

VI. The purposes for which personal data is processed

The Administrator processes personal data:

  1. so as to fulfil the relevant legal obligations;
  2. for concluding and fulfilling its contractual relationships;
  3. for the purposes of the protection of the legitimate interests of RILSA (e.g. the protection of RILSA’s assets);
  4. on the basis of the provision of consent to the processing of personal data;
  5. for the purpose of sending RILSA’s newsletter;
  6. for the purpose of completing electronic questionnaires and the submission of inquiries.

VII. To whom personal data is provided

In certain cases, in accordance with the relevant legal regulations, the Administrator is obliged to provide personal data to other personal data administrators, particularly the following:

  1. law enforcement authorities;
  2. other state administration bodies in fulfilment of the respective legal obligations;
  3. other member states of the European Union or international organisations if this is required according to directly applicable regulations of the European Union and international treaties to which the Czech Republic is a signatory and in connection with other international obligations.

VIII. The length of time over which personal data is kept

The Administrator stores personal data for the period specified in legislation and adheres to the principle of minimisation. Alternatively, the period of storage is determined by the RILSA filing and shredding plan.

In other cases, personal data is kept only for the time necessary for its processing.

IX. How personal data is processed and secured

Personal data is processed both manually and automatically. Automated processing is conducted within the RILSA information system or that of its processors.

The Administrator has adopted the appropriate measures for the securing of personal data, in particular to prevent the unauthorised or illegal processing, accidental loss, destruction or damaging of personal data.

Only authorised employees are allowed access to personal data. They are required to maintain the confidentiality of personal data and to ensure the application of security measures.ích.

RILSA concludes written contracts with its processors. It only uses those processors that are able to provide sufficient guarantees concerning the protection of personal data during its processing.

X. The rights of the subject of the data

The subject of the data is entitled to request from the Administrator (at the above address) access to their personal data, its correction or deletion and limitations to its processing, to object to the processing of their data and to exercise the right to data portability.

If data processing is based on consent or express consent, the subject of the data is entitled to revoke consent at any time, without prejudice to the legality of the processing based on consent granted prior to its revocation.

Furthermore, the subject of the data is entitled to register a complaint with the supervisory authority, i.e. the Office for the Protection of Personal Data with its headquarters at: (address) Pplk. Sochora 27, 170 00 Prague 7, email:, data box ID: qkbaa2n.