Legal information

• prof. Ing. Miroslav Tůma, CSc. – chairman
• Ing. Radek Holý, Ph.D. – vice chairman
• Mgr. František Potužník – vice chairman
• Mgr. Michal Bulant, Ph.D.
• Ing. Jan Gruntorád, CSc.
• doc. RNDr. Pavel Satrapa, Ph.D.
• Ing. Tomáš Zouhar

• Ing. Michal Sláma – chairman
• Mgr. Kamil Gregorek, MBA
• Mgr. Martin Maňásek
• prof. JUDr. Radim Polčák, Ph.D.
• RNDr. David Skoupil

Ing. Jakub Papírník

How we protect your personal data

CESNET users’ personal data are treated legally and with due care in compliance with personal data protection regulations. The same principles apply in respect of the user data stored with us.

The priority is to ensure data confidentiality, availability and integrity, i.e. prevent any unauthorised access to data, their unauthorised leak, disclosure or other unauthorised processing while ensuring their high availability.

The core of security measures applied in the CESNET e-infrastructure consists in cutting-edge devices, highly qualified and ethical staff, customised physical protection, and a number of further organisational measures. We are aware that the softest spot of security is the human factor; accordingly we put great emphasis on continuous training of employees and raise their awareness of fundamental principles of security and privacy protection.

Technical measures

• Personal data are kept in a safe environment, only accessible by Association’s employees.
• Encryption and encrypted protocols are used to process personal data (i.e. in accessing them or in their transmission).
• Before accessing or altering own personal data, the users (data subjects) must verify their identity by providing individual login data.
• In order to ensure data availability, confidentiality and integrity, strict rules in respect of the backup of user personal data backup (and data in general) have been defined.
• The traffic is being monitored meticulously and systematically, thus allowing that any operation and security issued are addressed timely and efficiently and their impact is mitigated.
• The operated systems are being tested continuously to identify any vulnerability and other soft spots in their protection.

Organisational measures

• The minimisation principle in respect of granting privileged access rights is adhered by.
• Strict measures in respect of user identity administration, authentication and authorisation are applied.
• All Association’s employees adhere by confidentiality and secure data treatment principles.
• A number of workshops focusing on security is held, available (some of them even compulsory) to all employees.
• Personal data protection commissioner has been appointed, acting also as privacy protection consultant.
• Procedures for maintain processing logs and risk assessment have been introduced.
• Data processing agreements have been concluded with sub-contractors commissioned to process the data by the Association.

Physical measures

• The Association’s premises, including special work places (laboratories, computer halls, etc.), are protected by means of access management and CCTV systems.
• The fundamental features of the communication infrastructure and services have sufficient performance and redundancy, thus ensuring smooth operation.

Overview of your information – Your user profile in the Perun system.

Služba Zoom poskytovaná sdružením CESNET a ochrana osobních údajů

Sdružení CESNET zajišťuje přístup ke cloudové videokonferenční službě Zoom pomocí uživatelských účtů v rámci e-infrastruktury CESNET.

K zajištění přístupu ke službě Zoom je nezbytné pracovat s následujícími údaji, které mohou být spojeny s konkrétním uživatelem (subjektem dle GDPR):

• Emailová adresa – emailová adresa uživatele slouží jako primární identifikátor uživatele pro službu Zoom,
• Křestní jméno, Příjmení, Zobrazované jméno – slouží pro snazší identifikaci uživatele v rámci meetingů,
• Afiliace – seznam všech afiliací uživatele využívaný pro potřeby autorizace uživatele (licencované účty na službě Zoom například neposkytujeme studentům),
• Organizace – organizace uživatele sloužící pro zpracování statistik a vykazování využití služby. 

Uvedené osobní údaje uvolňuje při přístupu ke službě Zoom prostřednictvím https://cesnet.zoom.us/ a Sign in with SSO nebo v Zoom klientovi na všech platformách při při přihlášení pomocí SSO v doméně cesnet.zoom.us uživatel. 

Výše uvedené osobní údaje jsou při přístupu ke službě Zoom přebírány z IdM systému Perun, který provozuje sdružení CESNET. Jejich zpracování na straně sdružení CESNET se řídí pravidly ochrany osobních údajů sdružení CESNET.

Uvedené osobní dále zpracovává Zoom Video Communications Inc., 55 Almaden Blvd, 6 th Floor, San Jose, CA 95113 v rámci poskytování služby Zoom v cloudu. Zpracování osobních údajů na straně Zoom Video Communications Inc. se řídí podmínkami poskytování služby Zoom, prohlášením o ochraně osobních údajů společnosti Zoom Video Communications Inc. a je v souladu s nařízením GDPR.

Další informace k ochraně osobních údajů najdete také na hlavních stránkách sdružení CESNET.

Information on the privacy policy of the eduroam Federation can be found here : eduroam

Identity Federation and Personal Data Protection

Personal Certificates

Personal data in the services of electronic mailing lists

1. In compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, further in this text referred to as ‘GDPR’), the CESNET association informs the entities on terms and conditions under which personal data in providing the electronic mailing list service are processed. Data subjects are natural persons using the electronic mailing list service.
2. The personal data controller is CESNET, z. s. p. o., Zikova 1903/4, 160 00 Prague 6, id. no.: 63839172, tax id. no: CZ63839172 (“the CESNET Association“). The contact information you can found at our website.
3. The objective of this electronic email list (“the List”) is to share and exchange information, experience and guidelines among the professional community within a particular industry.
4. Your personal data which we retain in relation to the List administration are and shall only be used in relation to the administration of the List, namely to send e‑mails with registration to the List, e-mails from moderator or administrator and other List members.
5. Please be aware that the e‑mails are stored in archives accessible only to the List members, information about conference traffic is stored in logs for operational and security purposes.
6. Your personal data relating to the administration of the List shall only be stored as long as you remain member of the List. The List archives are kept over the entire period of List’s existence.
7. Your personal data are not made accessible to third parties nor traded with. On the contrary, we care for their protection from the technical, organisational and ethical point of view.
8. You keep all rights to the personal data which we retain in relation to the administration of the List as defined by GDPR. You can claim your rights through the contacts listed in note 2 above.
9. These rules are available in Czech and English. Should any discrepancies between the two versions occur, the Czech version shall prevail.

Rules – version 1.0 have been published 22 May 2018.

Consent to personal data processing in relation to the provision of electronic newsletter

1. In compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, further in this text referred to as ‘GDPR’), the CESNET association requests your consent to process personal data for the purpose of sending an e‑mail newsletter.
2. You give your consent to the personal data controller CESNET, z. s. p. o., Zikova 1903/4, 160 00 Prague 6, Id. No.: 63839172, tax id. no.: CZ63839172 (“the CESNET Association“). The contacts can found in the Contact section.
3. You consent that the CESNET Association sends you their e‑mail newsletter( eNews). In order to be able to send it to you, we need to retain the following personal data:

• Name
• Surname
• E-mail

4. Your personal data are and shall only be used in relation to the subscription to the newsletter.
5. The objective of the electronic newsletter is to inform the subscribers about the activities of the CESNET association, about the organised events (workshops, conferences, trainings) and about the news relating to the CESNET Association.
6. Please be aware that the eNews has the following attributes:

• the news into the newsletter are provided solely by the CESNET Association (the Controller);
• the news are saved in the archives, available on the www.cesnet.cz website;
• anyone can subscribe to the newsletter;
• personal data you have provided us shall only be stored as long as you remain the subscriber of the eNews;
• the eNews can be unsubscribed at any time. Once you have unsubscribed, your personal data shall be deleted from the electronic newsletter database.

7. Personal data provided are processed by The Rocket Science Group LLC d/b/a MailChimp, which operates the technology to distribute email campaigns. MailChimp used to distribute our electronic newsletter. The registered office of MailChimp and personal data processing servers are located in the USA. In order to ensure personal data protection while processing the data, CESNET and the company concluded an agreement on personal data processing.
8. You keep all rights to the personal data which we retain in relation to the provision of the electronic newsletter as defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). You can claim your rights through the contacts listed in note 2 above.
9. These rules are available in Czech and English. Should any discrepancies between the two versions occur, the Czech version shall prevail.

These rules – version 1.0 have been published 24 May 2018.

Information on the use of cookies on the CESNET’s website(s)

• Cookies are short text files generated by a web server and saved on your computer via your web browser.
• Unless otherwise stated, the websites operated by CESNET use only technical cookies, which are necessary for the operation of these websites. The technical storage of these cookies on a terminal device does not require the consent of the data subject, or "subscriber" within the meaning of Section 89(3) of Act No. 127/2005 Coll., on Electronic Communications.
• The information obtained by means of technical cookies is not transfered to anyone.
• Only on those websites operated by CESNET, where this is explicitly stated, are analytical, marketing or other similar cookies used, the storage of which would require consent.
• You can view the technical cookies used by a particular website in your browser.
• On the website of the CESNET association (www.cesnet.cz), Google Analytics (analytics cookies) are used on the basis of the data subject's consent. These cookies are used to optimise the use of the website.
• Cookies settings for the website www.cesnet.cz

Information on the Processing of Personal Data for Persons Cooperating with the TMC department at CESNET

Persons working with the CESNET Administration and Security Tools Department (referred to as the "TMC Department") access internal information and tools through the CESNET TMC IdM system. To facilitate this, an account is created for these individuals, involving the processing of personal data. Below is information regarding this data processing in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR").

Data Controller

CESNET, an interest association of legal entities ("CESNET Association"), is the data controller under the GDPR. CESNET is responsible for ensuring the lawful and proper processing of personal data. For contact details of CESNET and its data protection officer, please visit [link to contact information].

Data Processing

In the CESNET TMC system, only the personal data necessary for creating a user account is processed. This includes basic identification and contact details provided during registration. The purpose of processing this data is to manage access to the TMC Department's internal tools and information.

Legal Basis and Retention

The processing of personal data is based on CESNET's legitimate interest in protecting its internal tools and information from unauthorized access. Data is retained for the duration of the user account and will be deleted six months after the end of cooperation or termination of membership in a TMC working group.

Data Transfers

Personal data may be transferred to third-party services used for collaboration within the TMC Department. This primarily includes external cloud services or communication platforms. An updated list of these services and the types of data transferred can be found at [link to list of services].

Contact Information

For questions about personal data processing, please contact us at oou@cesnet.cz or use the contact details provided above.

Last updated: 2 August 2022

Information on the Processing of Personal Data for Participants of Public Events Organized by CESNET Association

When organizing public events, CESNET Association processes personal data of the participants. This document provides information on this data processing in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR").

Data Controller

The data controller under the GDPR is CESNET Association, an interest association of legal entities. CESNET Association is responsible for the fair and lawful processing of personal data. For contact details of CESNET Association and its data protection officer, please visit: CESNET Contacts.

Data Processing

For public events, CESNET Association processes only the personal data necessary for communication with participants. This includes basic identification and contact details provided during event registration.

Personal data is processed for the following purposes:

1. Event Organization: To manage the event, including confirming attendance, sending organizational instructions, and distributing event materials. This processing is necessary for event implementation and involves sending information emails to the address provided during registration.

2. Invoicing and Tax Compliance: For paid events, personal data is processed to fulfill tax and accounting obligations. This processing is based on the contract or CESNET Association’s legitimate interest in recovering unpaid amounts and complying with legal requirements. Data is retained in accordance with statutory limitation periods and mandatory retention for accounting and tax purposes.

3. Networking Opportunities: At networking events, information about the participant's organization may be included on their nameplate. This processing is based on CESNET Association’s legitimate interest in promoting cooperation in the information technology field, which is one of its core objectives.

4. Participant Feedback: Feedback collected from participants helps improve the quality and effectiveness of events. This processing is based on CESNET Association’s legitimate interest in enhancing its event offerings.

5. Archiving Attendance Lists: Attendance records are archived for five years due to funding requirements. This retention is based on CESNET Association’s legitimate interest in documenting the use of its resources.

6. Event Invitations: Personal data may be used to invite participants to similar future events. This processing is based on CESNET Association’s legitimate interest in expanding awareness of its activities. Participants may opt out of receiving such invitations at any time. Data for this purpose is retained for 24 months.

Data Transfers

Personal data of event participants is not transferred to other entities unless required by law.

Rights of Participants

Participants have the following rights regarding their personal data:

• Right to information and access (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to object (Article 21 GDPR)
• Right to lodge a complaint with the Personal Data Protection Office

Requests to exercise these rights may require identification. While exercising these rights is generally free, CESNET Association may charge a fee for manifestly unfounded or excessive requests, or refuse such requests. Any enforcement of rights must not infringe on the rights of third parties.

CESNET Association will respond to requests within one month of receipt. This period may be extended by an additional two months, depending on the complexity and volume of requests.

Contact Information

For questions regarding personal data processing or to exercise your rights, please contact us at oou@cesnet.cz or use the contact details provided on our website.

Last updated: December 7, 2022

CESNET Articles of Association
These articles of association serve as the foundational document governing the association's structure, operations, and membership.

Terms and Conditions of Access to the CESNET e-Infrastructure
Effective from January 1, 2017, these terms and conditions outline the regulations and requirements for accessing and using the CESNET e-infrastructure.

Green Energy Policy
This policy details CESNET's commitment to environmental sustainability through the adoption of green energy practices.

V rámci e-infrastruktury CESNET naplňujeme zákonné požadavky na blokaci nepovolených webů. Tato stránka popisuje důvody a technickou realizaci blokace.

Uvedené předpisy ukládají poskytovatelům připojení k internetu na území České republiky povinnost zamezit v přístupu k internetovým stránkám dle rozhodnutí příslušných orgánů výkonu státní správy:

Technický popis blokace

Blokujeme pomocí DNS

Blokujeme doménová jména na veřejných rekurzivních resolverech. Tato technika je nenáročná na prostředky a způsobuje jen minimální vedlejší škody.

Standardním řešením pro blokování určitých doménových jmen je technologie RPZ (Response Policy Zone). Jedná se o speciální zónový soubor, který namísto obyčejných DNS dat obsahuje instrukce k blokování, případně pozměňování odpovědí DNS serveru. Sdružení CESNET pro tyto účely zřídilo veřejně dostupnou zónu rpz.cesnet.cz na serveru nsa.cesnet.cz. Obsahuje jeden testovací a jeden ostrý záznam, včetně několika metadat:

blokovane.internetovehazardnihry.cz   IN CNAME *.poker.cesnet.cz.
1xbet.com             IN CNAME *.poker.cesnet.cz.
_info.1xbet.com       IN TXT "pub: 26.7.2017"
_sha256sum.1xbet.com  IN TXT ( "c44ff24b5148803d223d2d9495863"
                               "993c0cfe0f37775583f2ff953e0427e528b"
                               "Zverejnovane-udaje-ze-Seznamu-"
                               "nepovolenych-internetovych-her_v1.pdf" )

Takto nastavená RPZ zóna provádí naprosto minimální zásahy do DNS provozu. Pouze přesná shoda doménového jména vyvolá změnu IP adresy v odpovědi. To je výhoda například v porovnání s blokováním pomocí prázdných DNS zón, kdy by došlo k zablokování nejen určeného doménového jména, ale i všech případných subdomén. Blokování subdomén přitom ani předpisy nepřikazují.

Informační stránka

Blokovaná doménová jména nahrazujeme v DNS odpovědích adresou serveru poker.cesnet.cz. Jedná se o samostatný server se základní instalací webserveru NGINX, který na jakýkoli dotaz vrátí informační stránku o blokování.

V souladu s RFC 7725 vrací stránka speciální stavový kód HTTP 451 – Nedostupné z právních důvodů, který byl přesně pro tento účel standardizován. Server také vkládá HTTP hlavičku, identifikující entitu, která provedla blokaci. Relevantní část konfigurace webserveru vypadá takto:

error_page 404 403 451 =451 /451.html;
add_header Link "<https://www.cesnet.cz/>; rel=\"blocked-by\"" always;

Použití v DNS serveru BIND

Vlastní nasazení blokace v DNS resolveru BIND je otázkou jen několika málo konfiguračních voleb. Nejprve je nutné nakonfigurovat RPZ zónu. V tomto případě jako sekundární, přenášenou zónovým přenosem z master serveru:

zone "rpz.cesnet.cz" {
    type slave;
    masters {
        2001:718:1:101::144:228;
        195.113.144.228;
    };
    file "rpz.cesnet.cz";
};

Pak už jen stačí přidat definici RPZ zóny do globální konfigurace:

options {
    …
    response-policy {
        zone "rpz.cesnet.cz";
    };
};

Použití v Unbound

DNS resolver Unbound bohužel dosud RPZ zóny nepodporuje. Na druhou stranu, zablokování konkrétního doménového jména je možné dosáhnout velmi triviálně v konfiguraci. Je však nutné nahrazovat přímo IP adresy (tedy A/AAAA záznamy). Použití aliasu (CNAME) možné není:

server:
    local-data: "1xbet.com IN A 78.128.216.33"
    local-data: "1xbet.com IN AAAA 2001:718:ff05:202::33"

Abychom se vyhnuli spravování dvojí databáze, používáme jednoduchý skript, který stáhne RPZ zónu a následně ji převede do podoby konfiguračního souboru. Takový skript spouštíme cronem jednou denně.

Seznam blokovaných stránek spravujeme ručně

Seznamy nejsou státními orgány vydávány ve spolehlivě strojově zpracovatelném formátu, změny sice jsou automatizovaně sledovány, ale zpracování a zanášení je prováděno ručně. Ze strany sdružení CESNET je také prováděna kontrola seznamů proti několika dalším nezávislým zdrojům, které se snaží o totéž (např. zde či zde).

S ohledem na výše uvedené není reálné, aby blokace a odstranění blokací proběhlo bezprostředně po změně seznamů. Zároveň se nelze vyhnout vadám způsobeným nutností přepisu nestrojově zpracovatelného formátu do strojově zpracovatelné formy.

Kontrola seznamu zakázaných stránek probíhá bezprostředně.

Na základě uvedeného je třeba upozornit, že ověření přesnosti a validity seznamu zakázaných stránek spočívá pouze na daném poskytovateli připojení k internetu.

Řešení je k dispozici

Jak již bylo uvedeno, příslušná zóna rpz.cesnet.cz je na serveru nsa.cesnet.cz veřejně dostupná a je možné do ní nahlédnout například tímto příkazem:

$ dig rpz.cesnet.cz axfr @nsa.cesnet.cz

Každý tedy může ověřit, která doménová jména jsou rekurzivními resolvery filtrována, případně zónu použít jako zdroj dat pro své vlastní DNS servery.

Princip síťové neutrality – otevřený internet

I přes výše uvedené stále platí princip rovnoprávnosti přenášených dat po internetu. Vše o něm, o legislativním zakotvení včetně výjimek z něj v podobě nutnosti blokování obsahu, můžete přehledně nalézt na webových stránkách Českého telekomunikačního úřadu.

S účinností od 1. 1. 2026 byla ČTÚ svěřena nově i kompetence vést tzv. jednotný seznam blokovaných internetových stránek (§ 115b ZEK), který doplní dosavadní praxi, a sjednotí na jednom místě údaje ze seznamů vedených dalšími orgány státní správy, jako jsou například Ministerstvo financí, Státní ústav pro kontrolu léčiv nebo Státní zemědělská a potravinářská inspekce.

The full text of the Terms of Service can be found here.

The full text of the Terms of Service can be found here.