101/2000 Sb.
LAW
from day 4. April 2000
on the protection of personal data and on amendments to certain laws
Change: 227/2000 Coll.
Change: 177/2001 Sb.
Change: 450/2001 Sb.
Change: 107/2002 Sb.
Change: 310/2002 Sb.
Change: 517/2002 Sb.
Change: 439/2004 Sb.
Change: 480/2004 Coll.
Change: 439/2004 Coll. (part), 626/2004 Sb.
Change: 413/2005 Coll., 444/2005 Sb.
Change: 342/2006 Sb.
Change: 109/2006 Sb.
Change: 170/2007 Sb.
Change: 52/2009 Sb.
Change: 41/2009 Sb.
Change: 227/2009 Sb.
Change: 281/2009 Sb.
Change: 468/2011 Sb.
Change: 375/2011 Sb.
Change: 64/2014 Sb.
Change: 250/2014 Sb.
Parliament has passed the following Act of the Czech Republic:
PART THE FIRST
PROTECTION OF PERSONAL DATA
TITLE I OF THE
INTRODUCTORY PROVISIONS
§ 1
The subject of the edit
This law, in accordance with the law of the European Union, "^ 1") of the international
the contracts, which the Czech Republic is bound, ^ 1a) and to the fulfillment of the rights
each of the protection against unauthorized privacy zasahováním governs the
rights and obligations when processing personal data and sets out the conditions for the
where the transmission of personal data is carried out in other States.
§ 2
(1) there is hereby established the Office for the protection of personal data, based in Prague (hereinafter
"the authority").
(2) the authority is the central administrative authority for the area of the protection of personal data
to the extent provided for in this law, the specific legislation of the ^ 1)
international treaties, which are part of the rule of law, and the right
the applicable provisions of the European Union.
(3) the Office shall exercise the scope of the supervisory authority for the area of the protection of
personal data resulting from international agreements, which are part of the
the rule of law.
§ 3
The scope of the law
(1) this law shall apply to personal data which are processed by State
authorities, authorities of local authorities, other public authorities, as well as
natural and legal persons.
(2) this Act applies to all processing of personal data, whether
It occurs automatically, or by other means.
(3) this Act does not apply to the processing of personal data
performed by a natural person exclusively for personal use.
(4) this Act does not apply to accidental personal data collection
If these data are not further processed.
(5) this law also applies to the processing of personal data,
and if the rule of law) of the Czech Republic shall first use on the basis of
public international law, even if the controller is not established on the territory of the
The Czech Republic,
(b) if the administrator), which is established outside the territory of the European Union, carried out
processing in the territory of the Czech Republic and it is not only about the transmission of the
personal data through the territory of the European Union; in this case, the administrator
obliged to authorise the procedure laid down in article 6 on the territory of the Czech Republic
the processor.
If the processing is carried out through its organizational Manager
units located on the territory of the European Union, shall ensure that these
the organizational unit will process personal data in accordance with the
the national law of the Member State of the European Union.
(6) the provisions of § 5 (3). 1 and section 11 and 12 shall not apply to the processing of
personal data necessary for the fulfilment of the obligations laid down by the Manager
special laws for ensuring
and the security of the Czech Republic), "^ 4)
(b) the defence of the Czech Republic), ^ 5)
(c)) of the public order and internal security, ^ 6)
(d)) the prevention, search, detection and prosecution of crime
offences, ^ 7)
(e) significant economic interest) of the Czech Republic or the European
Union, ^ 8)
(f) significant financial interest) of the Czech Republic or the European Union,
that is, in particular, the stability of the financial market and the currency, the functioning of the money
circulation and payment systems, as well as the budget and tax measures, ^ 9)
(g)) performance control, surveillance, supervision, and regulation of related
public authority in the cases referred to in subparagraphs (a) (c)), d), (e) and (f))) ^ 10)
or
h) activities making former State volumes
safety. ^ 10a)
§ 4
Definition of terms
For the purposes of this Act, means the
and any personal indication) information relating to the designated or
určitelného of the data subject. The data subject shall be considered specified or
identifiable, if the data subject can be directly or indirectly identify
in particular, on the basis of the numbers of the code or of one or more elements, specific
for his physical, physiological, mental, economic, cultural
or social identity,
(b) sensitive personal information), an indication of ethnic, racial
or ethnic origin, political attitudes, membership in the Trade Union
organizations, religion and philosophical belief, a conviction for
crime, health and sex life of the data subject and
the genetic information of the data subject; sensitive information is also a biometric
indication which allows direct identification or authentication of the entity
data,
(c) the indication of such an indication) anonymous, either in original form or after
carried out by processing cannot be related to a designated or určitelnému
of the data subject,
(d)) the data subject means a natural person, to which the personal data refer,
e) processing of personal data means any operation or set of operations,
that the administrator or processor systematically carried out with personal information
and it automatically or by other means. Processing of personal data
means, in particular the collection, storing the information media,
disclosure, modification, or alteration, retrieval, use,
transmission, distribution, publication, storage, Exchange, sorting or
combining, blocking, and disposal,
(f) the collection of personal information) a systematic procedure, or file
practices, whose aim is to gain personal information for the purpose of their further
Save on carrier information for their immediate or later
processing,
(g) storing personal data maintenance) of the data in a form which is
allows you to further process,
h) blocking of the operation or system operations, which provided for
time limits the way or means of the processing of personal data, with the exception of the
the necessary interventions,
I) disposal of personal data means the physical destruction of their carriers,
their physical clearing or their permanent exclusion from other
processing,
(j)) by the administrator of each body, which determines the purposes and means of processing
of personal data, the processing and shall be responsible for it. The processing of
personal data administrator can authorize or entrust the processor, if
the special law provides otherwise, the
for each processor) the body which, on the basis of a special law or
the credentials of the administrator processes personal data in accordance with this Act,
l) published personal information that the personal is exposed by in particular
mass media, other public communication, or as
part of the public list,
m) records or data file of personal data (hereinafter "data
the file ") any file of personal data organised or
zpřístupnitelný by common or specific criteria,
n) the data subject's consent free and conscious will of a body
data whose content is the data subject's consent to the processing of personal
data,
about) the recipient of each entity to whom personal data are disclosed; for
the recipient is not a body which processes personal data in accordance with section 3 of the
paragraph. 6 (a). (g)).
TITLE II
RIGHTS AND OBLIGATIONS WHEN PROCESSING PERSONAL DATA
§ 5
(1) the administrator is obliged to
and) to establish the purpose for which the personal data are to be processed,
(b) provide the means and the method) of the processing of personal data,
(c)) to handle only accurate personal information in accordance with this
by the law. If necessary, the personal information updates. If it finds
the administrator of the personal data processed by it are not, having regard to the established
the purpose of accurate, without undue delay, carry out adequate measures, in particular
the processing of personal data blocks and repairs, or make up, otherwise the personal
data destroyed. Inaccurate personal data can only be processed within the
referred to in section 3, paragraph 3. 6. ^ 11) Inaccurate personal data must indicate.
Information about the blocking, correction, completion or liquidation of personal data
the administrator is obliged without delay to pass all recipients,
d) collect personal data corresponding to its intended purpose and only in the
extent necessary for the fulfillment of the purpose of the tent,
e) keep personal information only for the period that is necessary for the purpose of
their processing. After this period, the personal data may be
kept only for the purposes of the national statistical services, for the purposes of scientific
and for the purposes of archival science. When used for these purposes, care should be taken
the right to protection from unauthorized zasahováním to private and personal
the life of the data subject and personal data anonymous, as soon as possible,
(f)) process personal data only in accordance with the purpose for which they were
collected. Process for another purpose can be personal information only within the limits of
the provisions of section 3 (3). 6, or if the data subject in advance
consent,
g) collect personal data only openly; It is impossible to collect
information under the guise of another purpose, or other activities
h) nesdružovat personal data which have been obtained for different purposes.
(2) the administrator may process personal data only with the consent of the subject
of the data. Without this consent can handle,
and if the processing) necessary for compliance with a legal obligation
Administrator, ^ 12)
(b)) if the processing is necessary for the performance of the contract, the Contracting
the data subject is party or for negotiations on the conclusion or amendment of
the Treaty on a proposal made by the data subject,
(c)) where it is absolutely necessary to protect the vital interests
of the data subject. In this case, without undue delay, obtain
his consent. If consent is not given, the administrator must stop processing and
the information discarded,
(d)) if it is a rightfully disclosed personal information in accordance with the
special legislation. ^ 13) However, this shall not affect the right to the protection of
private and personal life of the data subject,
(e)) where it is necessary for the protection of the rights and protected interests of law
Administrator, the consignee or any other interested person; such processing of personal
the data, however, must not be in conflict with the law on the protection of the data subject
private and personal life,
(f)) provides personal information on public engaged person, officials or
the staff of the public administration, which speaks volumes about his public or
the official activities of its functional or work, or,
(g)) if it is solely for the purpose of processing the archives under the
a special law.
(3) if the administrator carries out the processing of personal data on the basis of the Special
law, ^ 12) is obliged to ensure the right to the protection of private and personal
the life of the data subject.
(4) the data subject must be informed consent, for
What is the purpose of the processing of personal data and to which the consent is given, which
Administrators, and at what period. Data subject's consent to the processing of
personal data administrator must be able to demonstrate all the time
processing.
(5) if the administrator or processor for the processing of personal data
the purpose of offering trade services or the data subject can be used for this purpose
use the name, surname and address of the body data, if these data were
obtained from the public list or in the context of its activities
as the administrator or processor. However, the administrator or processor shall not
the figures further process, unless the data subject has expressed
the opposition. The opposition of the processing is necessary to express in writing. Without
consent cannot be assigned to the data for more personal
the data.
(6) the administrator who handles personal information in accordance with paragraph 5, the following
data to pass to another administrator only under the following conditions:
and the information of the data subject) have been obtained in connection with the activities of the administrator
or is it a published personal information,
(b)) the data will be used only for the purpose of offering trade and services,
(c)) the data subject has been about how to do this, the administrator is notified in advance and
voiced disagreement with this procedure.
(7) another administrator, which were forwarded to the data referred to in paragraph 6 shall not
to forward this information to any other person.
(8) the disapproval to the processing referred to in paragraph 6 (a). (c)) shall, subject
the information in writing. The administrator is obliged to inform everyone, Manager
which transmitted the name, surname and the address of the data subject, that
the data subject has expressed disagreement with the processing.
(9) in order to exclude the possibility that the name, surname and address of the body
the data will be reused to the offer of trade and services, the administrator
entitled to further process for its own account name, surname and
the address of the data subject, the data subject nevertheless expressed disapproval by
paragraph 5.
§ 6
If the authorization did not result from legal regulation, the administrator must be
contract processor for the processing of personal data. The contract must
be in written form. It shall in particular be explicitly stated, in which
range, for what purpose and to what period is concluded and must contain the
warranty the processor on the technical and organisational security protection
of personal data.
section 7 of the
The obligations laid down in § 5 shall apply mutatis mutandis also to processors.
§ 8
If the processor finds that the administrator is in breach of the obligations laid down
This law, is obliged to immediately notify it to it and stop
the processing of personal data. If you fail to do so, shall be liable for damage, which
the data subject originated, jointly and severally with the data controller. By
is without prejudice to his responsibility under this Act.
§ 9
Sensitive data
Sensitive data may be processed only if the
and) the data subject gave explicit consent to the processing. The data subject must
be informed consent, for what the purpose of the processing and
how personal data is the consent given, what administrators and on what time period.
The existence of the consent to the processing of personal data must
be able to demonstrate to the administrator for the entire processing time. The administrator is
obliged to inform the data subject in advance to learn of his rights under sections 12 and 21,
(b)) this is necessary in order to preserve the life or health of the data subject
or other persons, or avert the imminent serious danger
threatened their property, if it is not possible to obtain his consent, in particular
for reasons of physical, mental or legal incapacity, if that is
missing, or for other similar reasons. The administrator must stop
the processing of data, as referred to the reasons for, and the data must
disposed of, unless the data subject has given consent for further processing,
(c)) is a process in the provision of health services, the protection of
public health, health insurance and the performance of State administration in the field of
health care according to a special law ^ 15) or on the assessment of
the State of health in the other cases provided for in the specific
by law, ^ 15a)
d) processing is necessary for compliance with the obligations and rights of the administrator
responsible for processing in the field of labour law and employment,
established by a special law, ^ 16)
(e)) for the processing, which pursues political, philosophical, religious,
or trade union objectives, carried out within the legitimate activities of the civil
associations, foundations or other legal entities (hereinafter referred to as a non-profit-making nature
"the Association"), and applies only to the members of the Association or persons with which
the Association is in the repeating of the contact associated with the authorized activities
Association, and personal data are not made available without the consent of the subject
data,
(f)), by a special Act on the data necessary for the implementation of the
sickness insurance, pension insurance (security), the State
social support and other State social benefits, social
services, social welfare, assistance in material need, and social and legal protection
children, and to ensure the protection of such data in accordance with the law,
(g)), the processing concerns personal data published by the data subject,
h) processing is necessary to ensure the application of legal claims,
ch) are processed exclusively for the purposes of archival administration under the Special
the law, or
I) processing under special laws in the prevention,
Search, detection of crime, the prosecution of criminal offences and
the search for people.
§ 10
When processing personal data and the processor Manager shall ensure that the operator
the data has not suffered the injury on their rights, in particular the law on the conservation of
human dignity, and also to ensure protection against unauthorized zasahováním
the private and personal life of the data subject.
§ 11
(1) the administrator is in the collection of personal information shall be required to inform the data subject
to inform, to what extent and for what purpose the personal information
processed, the who and how they will handle your personal information, and to whom
personal data may be made available to the data subject are not these
information already known. The administrator shall inform the data subject about his or her right
access to personal data, the right of rectification of personal data, as well as on the
other rights laid down in section 21.
(2) in the case where the administrator processes the personal data obtained from the entity
the data, the data subject must learn about it, whether it is the provision of personal
mandatory or voluntary. If the data subject pursuant to
a special Act to provide for the processing of personal data, it shall instruct the
the administrator of this fact, as well as the consequences of refusal to provide
of personal data.
(3) Information and guidance referred to in paragraph 1 is not required to administrator
to provide, in cases where personal information gained from the data subject,
If
and) handles the personal information solely for the purposes of the performance of national statistical
services, scientific or archival purposes and the provision of such information would
involve a disproportionate effort or disproportionately high costs; or if the
Save on carrier information or disclosure is expressly laid down
a special law. In these cases the administrator is obliged to accept the
the necessary measures against unauthorised interference with private and
the personal life of the data subject,
(b)), the processing of personal data under the special law, or such
the data necessary to the application of the rights and obligations arising from special
the laws,
c) handles exclusively legitimately published personal information, or
d) processes personal data collected with the consent of the data subject.
(4) the preceding provisions shall not affect the rights of the data subject
to request information under special legislation. ^ 18)
(5) when processing personal data pursuant to § 5 (3). 2 (a). (e)) and § 9
(a). (h)) is a manager shall without undue delay inform the data subject
inform you about the processing of his personal data.
(6) Any decision of the controller or of the processor, the effect of which is
intervention in the legal and law-protected interests of the data subject, cannot be without
the verification issue, or make based solely on automated
the processing of personal data. This does not apply in the event that such a decision
It was made in favour of the data subject and, at his request.
(7) the information duty modified in section 11 may for the administrator to carry out
the processor.
§ 12
The data subject's access to information
(1) if the data subject so requests for information about the processing of their personal
the data manager is obliged to this information without undue delay
pass.
(2) the content of the information is always a communication on
and the purpose of the processing of personal data),
(b)), or the personal data the categories of personal data, which are
the subject of processing, including any available information on their
the source,
(c)) the nature of the automated processing in the context of its use for
decisions are made on the basis of the processing operations
or decision of which content is intervention in the rights and legitimate interests of the
of the data subject,
(d) the recipients or categories of) recipients.
(3) the administrator has the right to request an appropriate for providing the information
remuneration not exceeding the costs necessary for the provision of information.
(4) the obligation to provide information to the data subject administrator modified in section
12 may for the administrator to carry out the processor.
Obligations of persons in the security of personal data
section 13
(1) the controller and the processor are required to take such measures, in order to
prevent unauthorized or inadvertent access to personal
data, to change them, the destruction or loss of, unauthorized traffic to
their other unauthorized processing, as well as to other abuse
of personal data. This obligation shall also apply after the termination of the processing of personal
of the data.
(2) the administrator or processor is required to process and document
adopted and implemented technical and organisational measures to ensure the protection of
personal data in accordance with the law and other legislation.
(3) within the framework of measures referred to in paragraph 1 shall examine the administrator or processor
risks relating to
and the implementation of the guidelines) for processing of personal data by the persons that have
immediate access to personal data,
(b) to prevent unauthorized persons to access), personal data and to
resources for their processing,
(c)) to prevent the unauthorized reading, creating, copying, transmission,
Edit or delete records that contain personal information, and
d) measures to determine and verify, to whom personal data
passed.
(4) in the area of automated processing of personal data is administrator
or processor under the measures referred to in paragraph 1 shall also
and) to ensure that the systems for the automated processing of personal data
use only the authorized person,
(b)) to ensure that natural persons authorized to use the systems for
the automated processing of personal data have access only to the personal
the data corresponding to the permission of such persons, and on the basis of specific
user permissions set up exclusively for these individuals,
(c)) to make electronic records, which will allow to determine and verify, when,
by whom, and for what reason they were personal information recorded or otherwise
processed, and
(d)) to prevent unauthorized access to data carriers.
§ 14
The staff of the administrator or processor and other persons, that process
the personal data on the basis of a contract with the administrator or processor may
process personal data only under the conditions and to the extent the administrator or
the processor set.
§ 15
(1) employees of the administrator or processor, other natural persons that
process personal data on the basis of a contract with the administrator or
processor, and other persons who, in the performance of statutory
permissions and obligations come into contact with personal information manager
or the processor, are required to maintain the confidentiality of any personal
information on safety measures, the disclosure of which would endanger
the security of personal data. Obligation of secrecy endures even after the end of
employment or the relevant work.
(2) the provisions of the preceding paragraph is without prejudice to the obligation of
confidentiality in accordance with special laws. ^ 19)
(3) the obligation to maintain confidentiality shall not apply to the information
the obligation under special legislation. ^ 20)
section 16 of the
The obligation of notification
(1) Whoever intends to process personal data administrator, or change the
processing registered under this Act, with the exception of the processing
referred to in section 18, is obliged to notify this fact to the Office before
the processing of personal data.
(2) the notice must contain the following information:
and the administrator identification data) for natural persons, that is not
entrepreneur, name, where applicable, the name, surname, date of birth and address of the
the place of permanent residence, with other entities of the business name or name,
registered office and number of the person, if it was granted, and the name,
where appropriate, the name and surname of the person, which are their statutory
representatives,
(b) the purpose or purposes of the processing),
(c) the categories of data subjects) and personal data that these bodies
concern,
(d) the source of the personal data),
e) description of how the processing of personal data,
f) place or places of processing of personal data,
(g)) the recipients or categories of recipients,
h) estimated transfer of personal data to other States,
I) a description of the measures to ensure the protection of personal data in accordance with § 13.
(3) if the notification contains all the elements referred to in paragraph 2, and if it is not
proceedings under section 17, paragraph. 1, after the expiry of 30 days from the
the date of receipt of the notification to initiate the processing of personal data. The authority in this
the case of the information referred to in the notice, writes to the registry.
(4) if the notification does not contain all the elements provided for in paragraph 2, the Office shall
the notifier shall send immediately to the challenge, in which notifies you of missing or
insufficient information and set a time limit for completion of the notification. In the case of
supplement the notice period begins on the date of delivery in accordance with paragraph 3
Supplement notification. In the event that the Office does not receive the notification in the Tween
the prescribed time limit, upon notification, as it would not be
has been lodged.
(5) on the implementation of the registration, the Office shall issue on request a certificate manager
contains the date, reference number, name, surname and signature of the
the person who issued the certificate, the imprint of the official stamp, identification
the data controller and the purpose of the processing.
(6) if the notified pursuant to paragraph 1 of the processing, which is the subject of
checks, the Registration Authority does not. The Office of registration, as soon as
a check is completed.
§ 17
(1) If a notice of a reasonable concern that the processing of personal
the data could lead to a violation of this Act, the authority shall, on its own
initiative management.
(2) if the Office finds that the notified processing does not violate the administrator
the conditions laid down in this law, the procedure stops and performs registration pursuant to
§ 16. 3. from the day following as soon as possible after registration can be
to initiate the processing of personal data. In the event that the notified processing
does not meet the conditions laid down in this law, the processing of personal data
The authority shall not authorise.
§ 17a
(1) if the Office finds, that the administrator, whose notification was entered in the
the registry violates the conditions set by this law, shall decide on cancellation
registration.
(2) pass away if the purpose for which it was registered, the Office of the
its own initiative or at the request of the administrator shall decide on cancellation of registration.
section 18
(1) the obligation of notification under section 16 shall not apply to the processing of
of personal data,
and) that are part of publicly available data files on the basis of the
a special law,
(b)) that stores the specific law or administrators is of such personal data
need to exercise the rights and obligations arising from the special law,
or
(c)) in the case of processing, which pursues political, philosophical,
religious or trade union objectives, the activities carried out in the framework of the legitimate
the Association, and which applies only to the members of the Association, or people with whom
the Association is in the repeating of the contact associated with the authorized activities
Association, and personal data are not made available without the consent of the subject
of the data.
(2) the administrator who performs the processing in accordance with section 18, paragraph. 1 (a). (b)),
shall ensure that information concerning in particular the purpose of the processing,
categories of personal data, the categories of data subjects, categories of recipients
and retention period, which would have been otherwise accessible through the registry
maintained by the Office pursuant to section 35, have been made available, and even remote
or any other appropriate form.
§ 19
If the Administrator intends to terminate its activities, the Office is obliged to
notify, as loaded with personal information if, in their
processing subject to the notification obligation.
section 20
Disposal of personal data
(1) the administrator, or on the basis of his instruction, the processor is required to perform
disposal of personal data as soon as it has passed the purpose for which personal
the data processed, or at the request of the data subject pursuant to § 21.
(2) a special Act provides for the exceptions relating to the storage of personal
data for the purpose of archiving and application of rights in the civil
proceedings, criminal proceedings and administrative proceedings.
Protection of the rights of the data subjects
section 21
(1) any data subject who finds or assumes that the administrator or
the processor performs the processing of his personal data, which is in violation of the
with the protection of private and personal life of the data subject or
the law, in particular where personal data are inaccurate having regard to the purpose of the
their processing, may
and ask the administrator or processor) for an explanation,
(b)) require that the administrator or processor resulting
status. In particular, it may be blocking, correction, supplementation
or destruction of personal data.
(2) If a data subject's request referred to in paragraph 1 are found to be justified,
the administrator or processor shall immediately removes the defective condition.
(3) If the result of processing of personal data of the data subject
other than property damage progresses in the application of its claim
under the special law. 22 ^ ^)
(4) If during the processing of personal data in violation of the obligations
imposed by law for the administrator or processor responsible for them
jointly and severally liable.
(5) the controller shall without undue delay inform the recipient of the
the request of the data subject in accordance with paragraph 1 and on the blocking, correction, addition
or destruction of personal data. This does not apply if the information
recipient of the impossible or would involve a disproportionate effort.
section 22
cancelled
section 23
cancelled
section 24
cancelled
§ 25
Compensation for damage
In matters not regulated by this Act shall apply the General adjustment
liability. ^ ^ 23), 24)
section 26
Obligations under section 21 to 25 are, mutatis mutandis, also apply to persons who
collected personal information improperly.
TITLE III
TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES
section 27 of the
(1) the free movement of personal data cannot be restricted, if the data are
transmitted to the Member State of the European Union.
(2) in the third country of personal data may be communicated, if the prohibition
restrictions on the free movement of personal data resulting from international treaties,
to whose ratification Parliament gave consent and which is Czech Republic
bound ^ 1a) or personal data are passed on the basis of the decision of the authority
Of the European Union. Information about these decisions type exposes the Office in
Journal.
(3) if the condition referred to in paragraphs 1 and 2 are fulfilled, the surrender may be
of personal data take place, if the administrator establishes that
and data transmission) is done with the consent of the subject or on the basis of the order
data,
(b)) are in a third country, where personal data are to be processed, created
sufficient special guarantees protection of personal data, for example,
through other legal or professional rules and
the security measures. Such guarantees may be specified, in particular,
the contract concluded between the controller and the recipient, if this agreement
ensures the application of these requirements or if the contract contains the
contractual clauses for the transfer of personal data to third countries, published
in the journal of the Office,
(c)) of the personal data, which are based on a special law, part of the
data files publicly available or accessible to whoever proves the
the legal interest; in this case, the personal data may be made available only in the
the extent and under the conditions laid down by a special law,
(d) the transfer is necessary) for the application of important public interest
resulting from a special law or international treaty, which
the Czech Republic is bound,
(e)) is the transmission of the necessary for the negotiations on the conclusion or amendment of the Treaty,
carried out on the initiative of the data subject, or for the performance of the contract, the
the data subject is a party,
(f)) is necessary for the performance of a contract concluded in the interest of the body
data between the controller and a third party, or for the application of other laws
claims, or
(g)) is necessary for the protection of the rights or the vital interests
of the data subject, in particular, to save the life or to provide
health services.
(4) prior to the transfer of personal data to third countries referred to in paragraph 3 is
the administrator shall be obliged to ask the Bureau for authorisation to transfer, unless the
the special law to the contrary. ^ 25) in assessing the application, the Office shall review all
the circumstances surrounding the disclosure of personal data, in particular source, final
destination and category of the transmitted personal data, the purpose and duration of the processing,
taking into account the available information about the laws or other regulations
governing the processing of personal data in the third country. In the authorisation to
the handover of the Office shall lay down the amount of time that an administrator can perform the transfer.
If there is a change in the conditions under which authorisation was granted, in particular,
on the basis of the decision of the authority of the European Union, the Office of this permit changes
or cancel.
TITLE IV
THE STATUS AND SCOPE OF THE OFFICE
section 28
(1) the authority is an independent body. In his activity proceed independently and controls
the only laws and other legislation.
(2) The activities of the Office can only intervene on the basis of the law.
(3) the activity of the Office is paid from a separate chapter of the State budget
Of the Czech Republic.
section 29
(1) the Office of the
and) performs the supervision of compliance with the obligations laid down by law in the
processing of personal data,
(b)) maintain a register of personal data processing,
(c)) and accepts complaints on the violation of the obligations laid down
by law, when processing personal data and shall inform about their discharge,
(d)) and to the public makes the handles an annual report on its activities,
e) performs other scope laid down the law to him,
f) hears misdemeanors and other administrative offences and penalties under the
This law,
(g) ensuring compliance with the requirements) arising from international treaties,
which the Czech Republic is bound, and the directly applicable provisions of the
The European Union,
h) provides consultation in the field of protection of personal data,
I) cooperates with similar authorities in other States, with the institutions of the European Union
and with the authorities of the international organisations active in the field of the protection of
of personal data. The authority, in accordance with the law of the European Union shall be obliged
an obligation to the institutions of the European Union. ^ 25a)
(2) for the performance of supervision in the form of control of the process according to the Special
legislation. ^ 26)
(3) supervision of the processing of personal data carried out by the intelligence
the service provides for special legislation. ^ 27)
section 29a
(1) the Ministry of the Interior or the police of the Czech Republic provides the Office
for the performance of the scope provided for by this law and other laws
regulations
and data from Basic) reference population register,
(b)) the data from the agendového information system of the population register,
(c)) the data from the agendového information system for foreigners.
(2) Information Provided pursuant to paragraph 1 (b). and) are
and last name)
(b) the name or names),
(c) the address of the place of stay)
(d)) date of birth.
(3) Provided the information referred to in paragraph 1 (b). (b))
and, where applicable, names) the name, surname, maiden name, if applicable,
(b) the date of birth),
(c) the address of the place of residence), including previous address space
permanent residence,
(d)) the beginning of permanent residence, where appropriate, the date of cancellation of residence
or the date of their permanent residence on the territory of the Czech Republic.
(4) the information Provided under paragraph 1 (b). (c))
and, where applicable, names) the name, surname, maiden name, if applicable,
(b) the date of birth),
(c)) kind of place of residence and address,
(d) the number and validity) permission to stay,
(e)) the beginning of the stay, where appropriate, the date of their stay.
(5) data that are kept as reference in the principal registry
the population recovered from the agendového information system registration
of the population or agendového information system for foreigners only if they are
in the shape of the previous status quo.
(6) the data provided can be used in a particular case only
such information, which are necessary to fulfil that task.
THE HEAD OF THE
ORGANIZATION OF THE OFFICE
section 30
(1) employees of the Office are the President, inspectors and other staff.
(2) the audit activities of the Office are carried out by inspectors and staff credentials
(hereinafter referred to as "controlling").
(3) the President of the Office shall be entitled to salary, reimbursement of expenses, the kind of performance and
severance as the President of the Supreme Audit Office under the Special
Bill. ^ 26a)
(4) the Authority's Inspectors are entitled to salary, reimbursement of expenses and remuneration
performance as members of the Supreme Audit Office under the Special
Bill. ^ 26a)
section 31
The control activities of the Office shall be carried out on the basis of the inspection plan or on the
the basis of the suggestions and complaints.
§ 32
The President Of The Office
(1) the authority shall be governed by the President, which the President of the Republic appoints and replaces the
on a proposal from the Senate of the Parliament of the Czech Republic.
(2) the President of the Office shall be appointed for a period of 5 years. May be appointed
a maximum of 2 consecutive terms. The President of the Office shall be deemed to
Business Authority and is entitled to give orders to employees of State
the performance of the civil service under the Civil Service Act.
(3) the President of the Office may be appointed only a citizen of the Czech Republic,
which
and) is eligible to legal capacity,
(b)), satisfies the conditions laid down by specific legal
^ Regulation 30) and his knowledge, experience and moral qualities are
the expectation that the play will be their function properly,
(c)) have completed higher education.
(4) it must be for the purpose of this Act, a natural person who has not been
been sentenced for an intentional offence or a criminal offence
committed by negligence in relation to the processing of personal data.
(5) with the performance of the President of the Office is incompatible function members
or Senator, a judge, a Prosecutor, any function in the public
Administration, a member of the bodies of territorial self-government and membership in the political
Parties and movements.
(6) the President of the Office may not hold other paid function, be it in the next
employment or exercising a gainful activity, with the exception of the Administration
own assets and the activities of the scientific, educational, literary,
current affairs and the arts, if this activity does not affect the dignity or
It does not affect confidence in the independence and impartiality of the Office.
(7) from the President of the Office, the function is cancelled, stopped to meet one of the
the conditions for the appointment.
(8) of the feature may be the President revoked even if does not
for a period of 6 months its function.
The Inspectors Of The Office
section 33
(1) an inspector is appointed and recalled by the President of the Republic on the proposal of the Senate
The Parliament of the Czech Republic.
(2) the Inspector is appointed for a period of 10 years. May be appointed
repeatedly.
(3) the inspector shall be governed by the control and performs other tasks that are in the
the scope of the Office.
(4) the activities referred to in paragraph 3 shall exercise the Office of inspectors 7.
§ 34
(1) an inspector may be appointed to a citizen of the Czech Republic, which is
eligible legal capacity, integrity, satisfies the conditions laid down
a special law ^ 30) and has a completed vocational higher education
education.
(2) with the performance of the functions of the Inspector is incompatible members or function
the Senator, a judge, a Prosecutor, any function in the public
Administration, a member of the bodies of territorial self-government and membership in the political
Parties and movements. The inspector shall not perform other paid function, be
in the employment, nor to exercise a gainful activity, with the exception of the Administration
own assets and the activities of the scientific, educational, literary,
current affairs and the arts, if this activity does not affect the dignity or
It does not affect confidence in the independence and impartiality of the Office.
(3) the function is revoked, the officer stopped to meet one of the
the conditions for the appointment.
TITLE VI OF THE
ACTIVITIES OF THE OFFICE
section 35
The registry
(1) the processing of personal data in the registry is written to the persons of the administrators
information from the notification under section 16. 2 and, where appropriate, the date of implementation,
the cancellation of the registration.
(2) the information recorded in the registry, except for the information referred to in section
16. 2 (a). (e)) and i), are publicly available, in particular the way
enabling remote access.
(3) the cancellation of registration under section 17a Announces Office in the Gazette of the Office.
section 36
Annual report of the
(1) the annual report of the Office shall include in particular information on the made
control activities and its evaluation, and assessment of the State of the information in the
the field of the processing and protection of personal data in the Czech Republic and
the appreciation of other activities of the Office.
(2) the President of the Office shall submit the annual report for the information of the
the House and Senate of the Parliament of the Czech Republic and the Government of the Czech Republic
2 months after the end of the financial year and publishes it.
§ 37
Equipment, the permissions to the access to information
Controlling is when checking the processing of personal data shall be entitled to
get all the information to the extent necessary to achieve the
the purpose of the inspection, including sensitive data.
section 38
The card equipment
Inspector is obliged to prove the controlled specimen card
provides for the regulation of the Government, and that is at the same time to check credentials.
section 39
cancelled
Measures to remedy the
section 40
If there is a breach of the obligations laid down by law or imposed on his
under when processing personal data, saves Inspector measures to
removal of detected deficiencies and set a time limit for their removal.
§ 40a
If there is a remedy of the infringement in accordance with the imposed measures
or immediately after the infringement has been found, the
The Office shall refrain from the imposition of fines.
§ 41
cancelled
section 42
cancelled
§ 43
cancelled
TITLE VII
ADMINISTRATIVE OFFENCES
§ 44
the title launched
(1) a natural person who
and) is the controller or the processor in a work or other similar
the ratio,
(b)) performs for the administrator or processor on the basis of the agreement,
or
(c)) in application of the special law imposed obligations and permissions
the administrator or processor comes into contact with personal information
is guilty of an offence that violates any obligation of secrecy (section 15).
(2) a natural person as the administrator or processor commits an offence
When processing personal data
and unless otherwise provided in the purpose, resources), or how to handle [§ 5, paragraph 1 (b).
and (b)))], or laid down the purpose of the processing of the breach of an obligation or
exceeds permission under the special law,
(b) inaccurate personal data) [section 5, paragraph 1 (b) (c))],
(c)) collects or handles the personal information in the extent or manner
that does not match the intended use [section 5, paragraph 1 (b), (d)), f) to (h))],
d) stores personal data for longer than necessary for the purpose of processing
[§ 5, paragraph 1 (b) (e))]
e) processes personal data without the consent of the data subject outside of the cases
referred to in the Act (article 5, paragraph 2, and article 9),
(f) fails to provide the information to the data subject) in the range or the law
specified way (§ 11),
g) refuses to provide the information required to the data subject (article 12 and 21)
(h)) does not accept or does not measure to ensure the safety
processing of personal data (§ 13),
I) does not comply with the obligation of notification under this Act (sections 16 and 27), or
(j)) does not perform within the time limit imposed measures to remedy the situation.
(3) a natural person as the administrator or processor commits an offence
by that, when processing personal data from any of the treatments referred to in
paragraph 2
and a larger number of persons) would threaten the wrongful zasahováním to the private
and personal life, or
(b) the breach of obligations) processing of sensitive data (article 9).
(4) the offence referred to in paragraph 1 may be to impose a fine in the amount of 100 000 Czk.
(5) for the offence referred to in paragraph 2 can impose a fine to a maximum of 1 0000 0000
CZK.
(6) for the offence referred to in paragraph 3 may be imposed a fine up to 5 0000 0000
CZK.
§ 44a
(1) a natural person has committed an offence that violates the ban on the publication of the
the personal data provided for by other legislation.
(2) for the offence referred to in paragraph 1 may be to impose a fine up to Czk 1 0000 0000.
(3) the offence referred to in paragraph 1 is committed by the press, film, radio,
tv, a publicly accessible computer network, or other similarly
an effective way to impose a fine up to 5 0000 0000 Czk.
section 45
the title launched
(1) a legal person or a natural person operating under the Special
regulations as the administrator or processor commits misconduct
When processing personal data
and unless otherwise provided in the purpose, resources), or how to handle [§ 5, paragraph 1 (b).
and (b)))], or laid down the purpose of the processing of the breach of an obligation or
exceeds permission under the special law,
(b) inaccurate personal data) [section 5, paragraph 1 (b) (c))],
(c)) collects or handles the personal information in the extent or manner
that does not match the intended use [section 5, paragraph 1 (b), (d)), f) to (h))],
d) stores personal data for longer than necessary for the purpose of processing
[§ 5, paragraph 1 (b) (e))]
e) processes personal data without the consent of the data subject outside of the cases
referred to in the Act (article 5, paragraph 2, and article 9),
(f) fails to provide the information to the data subject) in the range or the law
specified way (§ 11),
g) refuses to provide the information required to the data subject (article 12 and 21)
(h)) does not accept or does not measure to ensure the safety
processing of personal data (§ 13),
I) does not comply with the obligation of notification under this Act (sections 16 and 27),
(j)) does not list the cases of violation of privacy under section 88
paragraph. 7 of the law on electronic communications, or
k) does not within the time limit imposed measures to remedy the situation.
(2) a legal person as the administrator or processor is guilty of administrative
tort by when processing personal data from any of the treatments referred to in
paragraph 1
and a larger number of persons) would threaten the wrongful zasahováním to the private
and personal life, or
(b) the breach of obligations) processing of sensitive data (article 9).
(3) for the administrative offence referred to in paragraph 1 shall be imposed in the amount of 5 000
USD.
(4) in the administrative offence referred to in paragraph 2 shall be imposed in the amount of 10 000
USD.
§ 45a
(1) a legal person or a natural person-entrepreneur commits an administrative
tort that violates the prohibition on disclosure of personal information provided for any other
legal regulation.
(2) for the administrative offence referred to in paragraph 1 is imposed to 1 0000 0000 Czk.
(3) for the administrative offence referred to in paragraph 1, committed by the press, film,
radio, television, a publicly accessible computer network, or other
Similarly, in an effective manner is saved a penalty to 5 0000 0000 Czk.
section 46
the title launched
(1) a legal person under the administrative tort does not match, if he proves that
made every effort, that it was possible to require that the infringement of the
a legal obligation.
(2) when deciding on the amount of the fine to take account in particular of the seriousness,
the manner, duration and consequences of the infringement and to the circumstances,
under which the offence was committed.
(3) liability of legal persons for the administrative offence shall cease, if the
the administrative authority about him has commenced proceedings to 1 year from the date on which it
learned, but no later than 3 years from the day when it was committed.
(4) administrative offences under this law are heard at first instance
The Office.
(5) The liability for the acts, which took place in the business of physical
person or in direct connection with it, shall apply the provisions of
the liability of legal persons and sanctions.
(6) the financial penalty is payable within 30 days of the date when the decision on its imposition
has acquired power.
(7) the fine levied by the Office. Revenue from fines is the income of the State budget.
TITLE VIII
THE PROVISIONS OF THE COMMON, TRANSITIONAL AND FINAL
section 47
The arrangements for the transitional period
(1) every person who handles on the date of entry into force of this law, personal
data and on which subject to notification pursuant to section 16, shall be obliged to
do so no later than 6 months from the date of entry into force of this
the law.
(2) the processing of personal data carried out prior to the effectiveness of this law is to
to be given in accordance with this Act until 31 December 2006. December 2001.
(3) in the event that it finds violations of the obligations under the control
paragraph 2, the provisions of § 46 paragraph. 1 and 2 in this case, to 31.
December 2002 shall not apply.
section 48
Cancellation provisions
Act No. 256/1992 Coll., on the protection of personal data in the
information systems.
PART THE SECOND
cancelled
section 49
cancelled
PART THE THIRD
section 50
The amendment to the law on free access to information
Act No. 106/1999 Coll., on free access to information, is amended
as follows:
1. In article 2, paragraph 3, including footnotes, no. 1):
"(3) the Act shall not apply to the provision of personal data and information
under special legislation. ^ 1)
for example, 1) Law No. 101/2000 Coll., on the protection of personal data and amendment
Some laws, and law No. 123/1998 Coll., on the right to information about the
the environment. ".
2. In article 5 (3). 3, the second sentence shall be replaced by the phrase, including notes
footnote No. 3a):
"On these bodies for this purpose does not extend the obligation to avoid
the pooling of information under special legislation. ^ 3a)
3A) § 5 (3). 1 (a). h) of the Act No. 101/2000 Coll., on the protection of personal
data and on amendment to certain laws. ".
3. In article 8, paragraphs 1 and 2, including title and footnote No. 5)
shall be deleted.
PART THE FOURTH
The EFFECTIVENESS of the
section 51
This law shall enter into force on 1 January 2005. in June 2000, with the exception of the provisions
§ 16, 17 and 35, which shall take effect on 1 January 2005. December 2000.
Klaus r.
Havel in r.
Zeman in r.
Selected provisions of the novel
Article II of law No 439/2004 Sb.
Transitional provisions
1. Notification and decision in the case of registration of personal data processing
pursuant to section 16, 17 and 17a of the Act No. 101/2000 Coll., on personal data protection and
on the amendment to certain acts, as amended by Act No. 450/2001 Coll., brought on and
issued before the date of entry into force of this law shall remain in force.
2. the authorisation to transfer or a transfer of personal data to another country
issued before the date of entry into force of this law shall cease on the date of acquisition
the effectiveness of this law if the State, which has been
to enable the addressees, the Member State of the European Union or the State, for which the
the prohibition of restrictions on the free movement of personal data resulting from the renowned
international treaties, to whose ratification Parliament gave assent, and which
the Czech Republic is bound. Authorization to transfer or communication of personal
data to a State that is not listed in the previous sentence, issued before the date of
the entry into force of this Act remains in force.
3. the proceedings initiated and the hedge contingent exposures prior to the date of application of this
the Act is completed according to the existing legislation, with the exception of
the procedure for authorisation to transfer or a transfer of personal data to the Member
State of the European Union or of a State, that the prohibition of restrictions on the free
movement of personal data resulting from the renowned international treaties, to which the
the ratification of Parliament gave consent, and that the Czech Republic is bound,
that will stop.
4. the administrator performing the processing of personal data, as
the existing legislation was needed, registration, and that from the
date of entry into force of this law shall be subject to registration, such
processing of personal data, notify the Office for the protection of personal data in the 6
months from the date of entry into force of this Act.
1) section 10 (1). 1 (a). a) of Act No. 480/2004 Coll., on some service
the information society and on amendments to certain acts (the Act on certain
information society services).
1) directive of the European Parliament and of the Council 95/46/EC of 24 September 1996. October 1995
on the protection of individuals with regard to the processing of personal data and on the
the free movement of such data.
1A) the Convention on the protection of individuals with regard to automatic processing of
personal data no. 108, well-known under the No 115/2001 Coll. m. with.
3) section 1 of Act No. 133/2000 Coll., on registration of the population and the social security numbers and
on the amendment of certain laws (the law on the register of the population), as amended by
amended.
4) for example, Constitutional Act No. 110/1998 Coll., on the Czech safety
Republic, as amended by Act No. 300/2000 Coll., Act No. 219/1999 Coll., on the
the armed forces of the Czech Republic, as amended, the law
No 238/2000 Coll., on the Fire Rescue Corps of the Czech Republic and amending
certain laws, as amended, law no 240/2000 Coll.
on crisis management and on amendments to certain acts (the crisis Act), as amended by
Act No. 320/2002 Coll., Act No. 153/1994 Coll., on the news
the services of the Czech Republic, as amended, law No.
154/1994 Coll., on the security information service, as amended
regulations, and Act No. 148/1998 Coll., on the protection of classified information and
on the amendment to certain acts, as amended.
5) for example, Act No. 222/1999 Coll., on ensuring the defence of the Czech
Republic, as amended by Act No. 320/2002 Coll., Act No. 218/1999 Coll., on the
the extent of military conscription and the military administrative offices (the military
Act), as amended, Act No. 219/1999 Coll., on the
the armed forces of the Czech Republic, as amended, and
Act No. 124/1992 Coll. on Military Police, as amended
regulations.
6) for example, Act No. 240/2000 Coll., on crisis management and amending
Some laws (emergency law), as amended by Act No. 320/2002 Coll.
Act No. 283/1991 Coll., on the police of the Czech Republic, as amended
regulations, and Act No. 553/1991 Coll. on the municipal police, in the text of the
amended.
for example, law No 7) 61/1996, on certain measures against the
the legalization of proceeds from crime and on the amendment and supplement of the related
laws, as amended, Act No. 141/1961 Coll., on criminal
judicial proceedings (code of criminal procedure), as amended, and Act No.
200/1990 Coll. on offences, as amended.
for example, 8) Law No. 241/2000 Coll., on economic measures for
crisis States and amending certain related laws, as amended by
amended, law no 240/2000 Coll., on crisis management and amending
Some laws (emergency law), as amended by Act No. 320/2002 Coll., and
Act No. 148/1998 Coll., on the protection of classified information and on the change
certain acts, as amended.
for example, 9) Law No. 218/2000 Coll., on the budgetary rules and the change
some related acts (budgetary rules), as amended by
amended, law no 250/2000 Coll. on budgetary rules
local budgets, as amended, law No 6/1993 Coll., on the
The Czech National Bank, in wording of later regulations, and Act No. 212/1992
Coll. on the system of taxation, as amended by Act No. 302/1993 Coll.
for example, 10) Act No. 166/1993 Coll. on the Supreme Audit Office, in
as amended, Act No. 337/1992 Coll., on administration of taxes and
fees, in the wording of later regulations, and Act No. 552/1991 Coll., on the
State control, as amended.
10A) Law No. 140/1996 Coll., on making volumes resulting from the activities of the
the former State security, as amended by law No 107/2002 Sb.
11) for example, Act No. 13/1993 Coll., the Customs Act, as amended
regulations.
12), for example, Act No. 111/1998 Coll., on universities and amending and
supplement other laws (the law on universities), as amended
legislation, Act No. 564/1990 Coll. on State administration and self-government in the
education, as amended, Act No. 153/1994 Coll., on
the intelligence services of the Czech Republic, as amended,
Act No. 154/2000 Coll., on the breeding, breeding and registration of economic
animals and amending certain related laws (plemenářský Act),
as amended, law No 166/1999 Coll. on veterinary care and
amending certain related laws (health law), as amended by
amended, Act No 246/1992 Coll., on the protection of animals against
cruelty, as amended, law No. 147/1996 Coll., on
plant health care and certain related laws, changes in the
as amended, and Act No. 219/2003 Coll., on the circulation of
the seed and the seed of cultivated plants and on amendments to certain acts (the Act on
circulation of seed and propagating material).
13) Act No. 81/1966 Coll. on periodical press and other bulk
information resources, in wording of later regulations.
15) for example, Act No. 20/1966 Coll., on the health care of the people, in the text of the
amended, law No 258/2000 Coll., on the protection of public health
and amending certain related laws, as amended,
Act No. 48/1997 Coll., on public health insurance and amending and
addition of related laws, as amended,
Law No. 280/1992 Coll., on departmental, industry, corporate, and other
health insurance companies, as amended, law No.
551/1991 Coll., on general health insurance company in the Czech Republic, in the
as amended, and Act No. 592/1992 Coll., on insurance on
General health insurance, as amended.
15A) for example, Act No. 582/1991 Coll., on the Organization and implementation of the
social security, as amended.
16) for example, Act No. 65/1965 Coll., the labour code, as amended
legislation, Act No. 1/1992 Coll. on wages, remuneration for work stand-by and
the average earnings, as subsequently amended, Act No. 218/2002
Coll., on the service of civil servants in administrative authorities and on the remuneration of
These employees and other employees in administrative offices
(business law), as amended by later regulations, and Act No. 1/1991 Coll.,
on employment, as amended.
18) for example, Act No. 123/1998 Coll., on the right to information on the
environment, Act No. 367/1990 Coll., on municipalities (municipal establishment), as amended by
amended, law No 106/1999 Coll., on free access to
information.
for example, the law of 19) No 148/1998 Coll., as amended,
Law No. 89/1995 Coll., Act No. 20/1966 Coll., as amended
legislation, law No. 15/1998 Coll., on the Securities and Exchange Commission and about the change and
supplement other laws.
for example, section 20), 167 and 168 of the Act No. 140/1961 Coll., the criminal code, in the
as amended, law No 21/1992 Coll., on banks, as amended by
amended, Act No. 20/1966 Coll., as amended
regulations.
22) section 13 of the civil code.
23) Act No. 40/1964 Coll., as amended.
24) Act No 513/1991 Coll., the commercial code, as amended
regulations.
for example, 25) section 5 c of Act No. 1/1991 Coll., on employment, as amended by
Act No. 167/1999 Coll., Act No. 155/2000 Coll. and Act No. 220/2002
Coll., section 71a of the Act No. 325/1999 Coll., on asylum and on the amendment of Act No. 283/1991
Coll., on the police of the Czech Republic, as amended, (the Act on
asylum), as amended by law No. 2/2002 Coll., section 35, paragraph. 3 of Act No. 359/1999
Coll. on social and legal protection of children, as amended, and section
4A, paragraph. 3 of Act No. 13/1993 Coll., the Customs Act, as amended by Act No.
1/2002 Sb.
25A) article 8 (2). 6 and article 26(3). 3 of Directive No 95/46/EC.
26) Act No. 552/1991 Coll., on State control, as amended
regulations.
26A) Law No 236/1995 Coll., on salary and other terms associated with the
the performance of the functions of State power and some of the representatives of State authorities and
the judges, in the wording of later regulations.
27) section 12 of Act No. 153/1994 Coll.
30) Law No. 451/1991 Coll.
31) Law No 412/2005 Coll., on the protection of classified information and on the
Security eligibility.
32) Law No. 71/1967 Coll., on administrative proceedings (administrative code), as amended by
Act No. 29/2000 Sb.
