Processing of personal data is carried out in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as Regulation), and Act No. 110/2019 Coll., on personal data processing, as amended.

Personal data comprising name and surname, e-mail address, and information stating whether such personal data is no more than 12 months old (hereinafter referred to as personal data) are processed in compliance with Article 6 (1) (f) of the Regulation, i.e. for the purposes of the legitimate interests pursued by the controller consisting in identification of users, identification of threats, abuse, and detection of security incidents or illegal activities as well as administration and operation of HPC technologies, protection of IT4I computing systems, and their users and data.

Personal data are processed for as long as the IT4I systems are used as well as for the period necessary for reverse detection of a person committing an unlawful act related to the use of the computing systems. Data processed for the purpose of administration and implementation of projects and grants are processed for the entire duration of the overall evaluation of a project or grant and further in pseudonymized form for the programme sustainability period, i.e. for a maximum of 10 years.

In some cases of personal data processing, for example, in the case of projects and grants, users may be required to provide specific categories of personal data (sensitive data). Such processing is carried out on legal basis in compliance with Article 6 (1) (c) of the Regulation, i.e. compliance with legal obligation, or in compliance with Article 6 (1) (b) of the Regulation – performance of a contract.

The legal obligation to process personal data primarily follows from the Regulation (EU) No. 1303/2013 or the Regulation (EU) No. 1304/2013 of the European Parliament and of the Council in order to provide financial support, monitoring, control, reporting, and evaluation of the success rate in providing financial support, and further from Act No. 218/2000 Coll., on Budget Rules and Amendments of Some Relating Acts, or Act No. 250/2000 Coll., on Budgetary Rules of Territorial Budgets.

Personal data may be transferred to the following third parties: CESNET, z.s.p.o., ID No. 63839172, and Masaryk University (CERIT-SC), ID No. 00216224, within the e-INFRA consortium for the purpose of ensuring the functionality of technical support across the e-INFRA consortium. In addition to the above, personal data may only be passed on to grant and project providers, or on the basis of applicable legislation, e.g. to state authorities, courts, law enforcement authorities in connection with possible administrative, criminal and civil court proceedings. Personal data of IT4I users are processed jointly by all e-INFRA CZ operators under the regime of joint controllers within the meaning of Article 26 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).