Processing of personal data is carried out in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as Regulation), and Act No. 110/2019 Coll., on personal data processing, as amended.

Personal data comprising name and surname, e-mail address, and information stating whether such personal data is no more than 12 months old (hereinafter referred to as personal data) are processed in compliance with Article 6 (1) (f) of the Regulation, i.e. for the purposes of the legitimate interests pursued by the controller consisting in identification of users, identification of threats, abuse, and detection of security incidents or illegal activities as well as administration and operation of HPC technologies, protection of IT4I computing systems, and their users and data.

In some cases of personal data processing, for example, in the case of projects and grants, users may be required to provide specific categories of personal data (sensitive data). Such processing is carried out on legal basis in compliance with Article 6 (1) (c) of the Regulation, i.e. compliance with legal obligation, or in compliance with Article 6 (1) (b) of the Regulation – performance of a contract.

The legal obligation to process personal data primarily follows from the Regulation (EU) No. 1303/2013 or the Regulation (EU) No. 1304/2013 of the European Parliament and of the Council in order to provide financial support, monitoring, control, reporting, and evaluation of the success rate in providing financial support, and further from Act No. 218/2000 Coll., on Budget Rules and Amendments of Some Relating Acts, or Act No. 250/2000 Coll., on Budgetary Rules of Territorial Budgets.

Personal data shall not be transferred to any third party except for grant and project providers and, where relevant, in compliance with applicable legislation, for example, to state authorities, legal courts, and law enforcement authorities in the context of a possible administrative, criminal, and civil proceedings.

For internal purposes, personal data comprising name and surname, e-mail address, and information stating whether such personal data is no more than 12 months old (hereinafter referred to as personal data) shall be disclosed to the IT4Innovations Users Council on a quarterly basis.

Personal data are processed for as long as the IT4I systems are used as well as for the period necessary for reverse detection of a person committing an unlawful act related to the use of the computing systems. Data processed for the purpose of administration and implementation of projects and grants are processed for the entire duration of the overall evaluation of a project or grant and further in pseudonymized form for the programme sustainability period, i.e. for a maximum of 10 years.