The personal data protection principles at OICT:

  • Lawfulness, fairness, transparency – a controller must process personal data on the basis of at least one legal ground and transparently for the data subject;
  • Purpose limitation – personal data may only be collected for specific and legitimate purposes and may not be processed in a manner noncompliant with those purposes;
  • Data minimisation – personal data must be appropriate and relevant to the purpose for which they are being process;
  • Accuracy – personal data must be accurate;
  • Storage limitation – personal data should be stored in a form allowing for the identification of the data subject for no longer than is necessary for the purpose for which the data are being processed;
  • Integrity and confidentiality – technical and organisational safeguards with respect to personal data.

Notice concerning the rights of data subjects:

A data subject has the right to be informed about the processing of his / her personal data.  This means the right to certain information about the processing of his / her personal data such that the principle of transparency of processing is fulfilled, above all.  This includes, but is not limited to, information about the purpose of processing, identification of the controller, its legitimate interests, and about personal data recipients.  This is a passive right of the data subject, as it is the data controller who has to take action in order to provide or make accessible to the data subject the information specified in the General Regulation.

For a comprehensive list of the information that is to be provided by a data controller in the case of personal data collecting, see Articles 13 and 14 of the General Regulation.  The General Regulation makes a formal distinction between the provision of information in the event that personal data has been obtained from the data subject and when they were obtained otherwise.  The right to be informed is an equivalent of the right to information about processing set out in Section 11 of the applicable Act No. 101/2000 Coll., on personal data protection.

Additional rights of data subjects, many of which require some activity (request) on the part of the data subject, include

  • Right to access to personal data;
  • Right to rectification or supplementation;
  • Right to erasure;
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object;
  • Right to not be subject of automated individual decision-making, including profiling, with legal or similar effects.

Contact information for issues and processes in which OICT performs the role of the controller or processor:

Operátor ICT, a.s.

Dělnická 213/12
170 00 Prague 7
ID No.: 02795281, TIN: CZ02795281

Data box: 3xqfe9b

Contact information for the personal data controller for the Lítačka card (OICT is the processor with respect to the Lítačka card):

Prague City Hall

Mariánské nám. 2
Prague 1, 11001

Contact information of the OICT DPO (Data Protection Officer):

DPO, Data Protection Officer

Operátor ICT, a.s.

Dělnická 213/12
170 00 Prague 7

Telephone: +420 246 030 986

Records of processing activities – summary of personal data in OICT processes and issues

Records of processing activities – for the Lítačka card