Privacy policy

Revoke consent

---

Last updated: March 20, 2026

This Privacy Policy describes how we collect, use, and disclose Personal Data when you use the Service and informs you about your privacy rights and how the law protects you, in particular Regulation (EU) 2016/679 (GDPR). We use your Personal Data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. DATA CONTROLLER

The data controller is:

Brno University of Technology
Antonínská 548/1, 602 00 Brno
(hereinafter referred to as “the University”)

 

2. DEFINITIONS

For the purposes of this Privacy Policy:

Account
means a unique account created for you to access our Service or parts of our Service.

Affiliate
means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

Personal Data (Personal Information)
means any information relating to an identified or identifiable natural person. We use “Personal Data” and “Personal Information” interchangeably unless a law requires a specific term.

Service
refers to the Website https://www.distressriskinaudit.eu/.

Website
refers to the project “Distress risk in audit”, accessible from https://www.distressriskinaudit.eu/.

You (User)
means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Device
means any device that can access the Service such as a computer, a mobile phone or a digital tablet.

Service Provider
means any natural or legal person who processes the data on behalf of the University (e.g., web hosting provider, analytics service).

Usage Data
refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit, IP address, browser type).

Cookies
are small files that are placed on your Device by a website, containing the details of your browsing history on that website among its many uses.

 

3. TYPES OF DATA COLLECTED

We collect the following categories of Personal Data:

• identification data (e.g., name, surname – if you provide them)
• contact data (e.g., email – if you contact us)
• technical data about your Device and connection (IP address, Device type, browser type and version, operating system)
• data about Service usage (visited pages, date and time of access, time spent on pages, referring URL)
• data from cookies and similar technologies

The specific scope of data collected depends on how you use the Service (passive browsing vs. active communication with the University).

 

4. PURPOSES OF PROCESSING

We process Personal Data for the following purposes:

• providing and operating the Service (displaying content, ensuring website functionality)
• managing user accounts (if available)
• performing contractual and pre-contractual obligations
• communicating with users (responding to inquiries, sending information about Service changes)
• marketing and sending information about similar projects (only based on consent, if required)
• analyzing Service usage and improving it (statistics, content optimization)
• protecting the rights and legitimate interests of the University (e.g., preventing abuse, resolving incidents)
• fulfilling legal obligations (accounting, tax, and other obligations established by law)

 

5. LEGAL BASIS FOR PROCESSING

We process Personal Data based on:

• performance of a contract or pre-contractual measures
• legitimate interest of the University (e.g., ensuring security, analyzing Service usage, basic statistics)
• consent of the data subject (especially for certain cookies, marketing communications)
• compliance with legal obligations (e.g., retaining data for tax and accounting purposes)

If processing is based on consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

6. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies (tags, scripts, web beacons) to:

• ensure basic website functionality
• store your preferences (e.g., language)
• analyze website traffic and Service usage

Types of cookies

Necessary (technical) cookies
These cookies are essential to provide you with services available through the Website and to enable you to use some of its features. Without these cookies, the services cannot be provided properly.

Preference and functionality cookies
These cookies allow us to remember your choices (e.g., language, login credentials). They enhance the comfort of using the Service.

Analytics and statistical cookies
These cookies help us understand how the website is used (traffic, visitor behavior). We use these cookies only based on your consent, if required by law.

If the law requires consent for non-essential cookies, we process them only after consent is granted. You can change or withdraw consent at any time through browser settings or (if available) our cookie tool.

 

7. SHARING PERSONAL DATA

We may share Personal Data:

• with Service Providers (e.g., web hosting, analytics services) who process data on behalf of the University based on contracts and only according to our instructions
• with business partners, if necessary for cooperation or project implementation
• with public authorities, if required by law or binding decision
• within the University ‘s affiliated entities (if any), provided these Privacy Policy principles are respected
• in connection with legal claims or asset transfers (e.g., reorganization, merger), if relevant to the project

We do not sell Personal Data to third parties.

 

8. RETENTION OF PERSONAL DATA

We retain Personal Data only for as long as necessary to fulfill the purposes stated above or as required by legal regulations.

Typical maximum retention periods:

• data related to user accounts – for the duration of the account and up to 24 months after its deletion (dispute resolution, claims)
• data about website usage and analytics data – typically up to 24 months from the last visit
• server logs (IP addresses, access times) – up to 24 months for security, debugging, and abuse prevention
• After the retention period expires, Personal Data will be:
• deleted, or
• anonymized (so that it is no longer possible to identify a specific person)

Backup copies may contain Personal Data even after the retention period has expired; these backups are kept for a limited time and are not routinely used, only for system recovery in case of an incident.

 

9. TRANSFER OF DATA TO THIRD COUNTRIES

If Personal Data is transferred outside the EU and EEA, we will ensure that:

• there is an adequate level of protection (e.g., adequacy decision), or
• we use appropriate safeguards (e.g., EU standard contractual clauses) and, if necessary, supplementary measures

The transfer will always be carried out in accordance with GDPR and applicable legal regulations.

 

10. DATA SUBJECT RIGHTS

You have the following rights:

• right of access to Personal Data and to obtain a copy of the data being processed
• right to rectification of inaccurate or incomplete data
• right to erasure (“right to be forgotten”), if the conditions of GDPR are met
• right to restriction of processing
• right to data portability (for data processed automatically based on consent or contract)
• right to object to processing based on legitimate interest
• right to withdraw consent at any time, if processing is based on consent
• right to lodge a complaint with a supervisory authority

The supervisory authority in the Czech Republic is:

Office for Personal Data Protection
Pplk. Sochora 27, 170 00 Prague 7
www.uoou.cz

 

11. DATA PROTECTION AND SECURITY

We use appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, or misuse. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

 

12. PERSONS UNDER 16 YEARS OF AGE

Our Service is not intended for persons under 16 years of age. We do not knowingly collect Personal Data from persons under 16. If we discover that we have processed such data without appropriate consent from a legal guardian, we will delete it.

 

13. LINKS TO OTHER WEBSITES

The Service may contain links to third-party websites over which we have no control. We recommend that you review the privacy policy of each such website. We are not responsible for the content or practices of third parties.

 

14. MANAGING COOKIES

If you do not wish to receive cookies, you can change your browser settings. Please note that disabling cookies that are essential for authentication, security and the retention of your preferences may hinder, and in extreme cases prevent, your use of the website

To manage your cookie settings, select the web browser you use from the list below and follow the instructions:

• Edge
• Internet Explorer
• Chrome
• Safari
• Firefox
• Opera

Mobile devices:

• Android
• Safari (iOS)
• Windows Phone

 

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will post the new version on this page along with the effective date. In the event of significant changes, we may also inform you by email or through a notice on the website.

 

16. CONTACT

If you have any questions regarding the protection of Personal Data, you can contact us:

Email: lunacek@vutbr.cz