Legal information

Basic Information

CESNET, an interest association of legal entities, was established under Section 20f et seq. of Act No. 40/1964 Coll., the Civil Code. Founded by all public universities in the Czech Republic and the Academy of Sciences of the Czech Republic, the association's founding agreement and statutes were signed on 6 March 1996.

CESNET was officially registered with the District Office in Prague 6 on 13 March 1996, with registration number ZS 22/2/96. It is now a legal entity listed in the Register of Associations at the Municipal Court in Prague under file number L 58848. The Czech Statistical Office assigned it identification number 63839172 on 19 March 1996, and the VAT registration certificate CZ63839172 was issued by the Financial Office for Prague 6 on 30 October 1996.

On 1 July 1996, CESNET took over the operation of the CESNET network, with a data circuit speed of up to 1 Mbps, from the Czech Technical University in Prague through a cession agreement.

  1. To conduct independent basic and industrial research, as well as experimental development in information and communication technologies and their applications, and to disseminate the results in all available forms, including through technology transfer.

  2. To build, develop, and operate the CESNET research infrastructure on a long-term basis, and to promote the advancement, adoption, and utilization of cutting-edge communication and information technologies.

  3. To support, with the payment of associated costs, the dissemination of education, culture, and knowledge; to facilitate collaboration between members and practical applications; and to enhance the CESNET research infrastructure by acquiring additional participants, information resources, and services.

CESNET's main activities center around supporting its members, connected organizations, and their representatives in the following key areas:

  • Development and Operation: Building and maintaining national communication and information infrastructure that connects members' networks, provides access to CESNET’s resources, and links to similar external networks, including the Internet.

  • Creation of Shared Resources: Developing and managing shared technical, communication, and software resources, along with providing information services.

  • Validation and Collaboration: Testing new applications and fostering collaboration among members to achieve standards comparable to leading international academic and research infrastructures.

Specifically, CESNET engages in:

  • Research and Development: Conducting independent R&D in information and communication technologies and offering research services in this field.

  • Education Promotion: Advancing education in information and communication technologies.

  • Technology Transfer: Implementing the results of research and development through internal technology transfer, ensuring that profits are reinvested into core activities.

In addition to its primary activities, CESNET also undertakes supplementary activities to optimize asset utilization, ensuring these do not compromise the achievement of its main objectives.

Additional activities include:

  • Providing other voice services
  • Renting circuits
  • Offering data transmission services
  • Delivering Internet access services
  • Conducting consulting, advisory, and training in telecommunications and information technology
  • Purchasing goods for resale and sale

As a non-profit organization, CESNET is dedicated to pursuing its objectives rather than generating profit. Any surplus generated is reinvested to support and advance CESNET’s mission.

Director: Ing. Jakub Papírník

Independent positions and portions managed directly by the director:

  • Secretariat
  • Advisor to the Director
  • Human resources
  • Technical Coordinator
  • Cyber Security Manager
  • Cybersecurity Architect
  • Cybersecurity Methodologist
  • Cybersecurity Auditor
  • Data Protection Officer

e-Infrastructure unit

  • Network infrastructure department
  • Distributed computing department
  • Data storage department
  • Multimedia department
  • Federated identities department
  • Support services department
  • ServiceDesk
  • Authorisation and authentication infrastructure department
  • Security Operations Center department

Research and Development unit

  • Optical networks department
  • Network applications technology department
  • Administration and security tools department
  • Project support department

Finance and Administration unit

  • Information Systemsd department
  • Finance department
  • Legal department
  • Secretary of the Development fund

Service delivery Unit

  • Communications department
  • User liaison department

Association Bodies

The General Assembly meets twice a year, usually in June and December.

  • prof. Ing. Miroslav Tůma, CSc. – chairman
  • Ing. Radek Holý, Ph.D. – vice chairman
  • Mgr. František Potužník – vice chairman
  • Mgr. Michal Bulant, Ph.D.
  • Ing. Jan Gruntorád, CSc.
  • doc. RNDr. Pavel Satrapa, Ph.D.
  • Ing. Tomáš Zouhar
  • Ing. Michal Sláma – chairman
  • Mgr. Kamil Gregorek, MBA
  • Mgr. Martin Maňásek
  • prof. JUDr. Radim Polčák, Ph.D.
  • RNDr. David Skoupil

Ing. Jakub Papírník

How CESNET processes personal data

Who is the data controller and who is the data subject

CESNET association contacts and contacts to data protection officer:

The CESNET e-Infrastructure, which is operated by the CESNET Association, is a large research infrastructure within the meaning of Act No.130/2002 Coll., on Support of Research and Development from Public Funds, and provides services to organisations that comply with the Terms and conditions for the access to the CESNET e-infrastructure. By accessing the CESNET e-Infrastructure, an organisation (and through it, individuals – i.e. employees and students, and thus data subjects as defined by the GDPR) gains access to a unique set of ICT services: superior high-speed access to the Internet and to partner networks for science, research and education worldwide, data storage, compute-intensive environments, collaboration support, security, identity management and other services.

Personal data processing in e-INFRA CZ

The CESNET e-infrastructure is part of a unique e-infrastructure for research, development and innovation in the Czech Republic called e-INFRA CZ, which consists of:

  •     e-infrastructure CESNET, operated by CESNET, an association of legal entities, ID No.: 63839172;
  •     CERIT Scientific Cloud, operated by Masaryk University, ID No.: 00216224
  •     IT4Innovations national supercomputing centre, operated by VSB – Technical University of Ostrava, ID No.: 61989100.

One of the goals of e-INFRA CZ is to connect its individual parts so that users gain unified access to e-INFRA CZ services and unified user support when using these services. The e-INFRA CZ services can be used by users who, in accordance with the Conditions for access to e-INFRA CZ infrastructure, have the status of e-INFRA CZ user.

For the purpose of operation and fulfilment of the objectives of e-INFRA CZ, selected personal data of users of the CESNET e-infrastructure, for which it is necessary, are processed jointly by all operators of e-INFRA CZ in the regime of so-called joint controllers within the meaning of Article 26 GDPR. The joint processing of personal data will not apply to users for whom this is legally excluded (see Article  II paragraph  3 of the Conditions for access to e-INFRA CZ infrastructure).

Detailed information on the joint processing of personal data in e-INFRA CZ can be found on the web page:

Purposes and legal basis for the processing of personal data in e-Infrastructure CESNET

We only process data that is necessary for the provision of services and user support, for the fulfilment of obligations arising from legislative regulations and other obligations (e.g. conditions of support providers in the framework of projects). We process data from users of our services (current and former) and, to a limited extent, from potential users who have expressed an interest in the services and with whom communication is established to make the services available. It is not possible to use the CESNET e-infrastructure services without providing personal data required for the operation of the e-infrastructure.

When providing CESNET e-infrastructure services, we process your basic personal and contact data, data from operation and use of services, data from communication with you, or other data so that the scope of these data is appropriate and limited to the necessary scope in relation to the purpose for which we collect and process your personal data.

Unless otherwise stated, we process the following categories of personal data on the basis of the legitimate interest of CESNET in providing the following services:

  • of an appropriate quality, so we monitor the operation of the services and carry out evaluations of them;
  • secure manner, so we monitor the network and applications and respond promptly to detected threats;
  • provided in compliance with funding bodies and their rules, so we modify the rules for using the services and keep records of them to the required extent;
  • in collaboration with national and international organizations and infrastructures with similar focus.

Providing access to service

To access services that require authentication and authorization for quality assurance and security purposes, the user needs to create a user identity in one of the IdM systems. In providing these services, we need to know your basic identification, contact information and home organization information. This information is provided to us when you first access the CESNET e-infrastructure. In addition, we record various internal identifiers and information about user permissions in order to perform authorization and authentication.

In the context of accessing CESNET’s e-infrastructure services that do not require authentication and authorisation, personal data such as IP address (as well as other identifiers that allow tracking the source and destination of communications) and other unique identifiers used by each service are processed.

Providing the actual operation of the service

In order to provide you with access to CESNET e-infrastructure services, to offer quality services, to develop them, to solve operational and security problems and, among other things, to protect your personal data, we analyze and process records from operation of systems and services (logs), operational and location data from operational and security monitoring and optimize the running of sub-tasks and the service itself.

Monitoring and Security

To ensure the stability of operation and security of services, to protect users and their data as well as to deal with cyber security events and incidents, we process information from network traffic and from user access to individual services (so-called operational and location data, logs). This information may include, for example, the technological identifiers of the traffic, information about the identity of the user requesting access to the service, the result of the authentication process or time stamps of the access or access attempt.

We process the above information not only on the basis of our legitimate interest, but also for the purpose of fulfilling our legal obligations. These legal obligations stem, for example, from Act No. 127/2005 Coll., on Electronic Communications, and Act No. 181/2014 Coll., on Cyber Security, which set out obligations in the area of storing traffic and location data and detecting and reporting cyber security incidents.


For the sustainability of the operation of the CESNET e-infrastructure and its services, for development, security and quality of service improvement, and for reporting to the purpose support providers and members, we process primary data using statistical methods. These data typically include the usage rate of CESNET e-infrastructure, the way CESNET e-infrastructure is used, the usage of services, the number of detected and reported operational and security problems, the types and severity of operational and security problems, etc.


We process information from communications made, from meetings, consultations, from telephone calls (in the form of minutes and records), from e-mail communications when solving operational or security problems (in tickler system environment) including the resolution of complaints, service requests or information from communications when providing access to service, etc. This information enables us to improve services, internal processes and user support. We also process feedback, comments, suggestions and the results of non-anonymous surveys as personal data.

Personal data retention period

  • When processing your personal data, we follow the rule of minimization. We only keep the data that is necessary to provide the CESNET e-infrastructure services and your rights.
  • The processing of personal data is initiated when you first use the CESNET e-Infrastructure service and personal data such as name, surname, e-mail, telephone number, name of your home organisation, user identity in an external IdM system (e.g. EPPN) are stored in a non-anonymised form for the entire period of use of the CESNET e-Infrastructure service.
  • Personal data: first name, last name, e-mail, name of the home organisation, user identity in the external IdM system (e.g. EPPN), user identity created for the CESNET e-Infrastructure and unique user identifier for the CESNET e-Infrastructure are kept after the end of the use of the CESNET e-Infrastructure services for security reasons (in particular to prevent duplication of user account identities) and for reporting on the use of CESNET e-Infrastructure resources. The controller shall establish the technical and organisational conditions for the security of personal data to ensure their integrity and confidentiality.
  • Personal data in the nature of traffic and location data (so-called logs), such as IP address (as well as other identifiers enabling the source and destination of communication to be traced) and other unique identifiers used by the individual services of the CESNET e-Infrastructure, shall be retained for 18 months and then deleted, unless otherwise specified in the terms and conditions of operation of a particular service.
  • Personal data appearing in security incident reports, together with the entire course of the security incident resolution, i.e. including communication with the person responsible for the resolution (which usually includes the following data – first name, last name, e-mail, name of the home organization) are kept in unaltered form and are not deleted. Similarly in the case of reporting and resolving operational issues.
  • Information from monitoring of the communication infrastructure, i.e. information obtained by collecting data from active network elements and information about IP flows, we keep in full quality (without loss of information value) for 6 months, summarized (with loss of information value) in the form of statistical data for 5 years. We keep personal data related to information on the use of CESNET e-infrastructure resources for as long as they are needed for the operation and improvement of the service, or, in the case of projects, for the period specified by the individual providers of targeted support, but at least 5 years after completion of the projects.

Recipients of personal data

CESNET transfers personal data to other entities only in necessary cases. Where possible (i.e. where this does not contradict the purposes of the transfer listed below), we only transfer anonymised data.

Transfer on the basis of a legal provision

Under the Cybersecurity Act, CESNET is obliged to report detected cybersecurity incidents. Cybersecurity incident reporting may include IP addresses related to the reported incident, to a lesser extent other technical identifiers, and to a very limited extent the information may be of such a nature that it can be linked to the data subject.

According to the Electronic Communications Act, the CESNET association is obliged to provide operational and location data to designated entities in specified cases. CESNET shall transmit such data in the case of services covered by this Act.

We are also obliged to hand over network traffic records, which may contain identifiers such as IP address, MAC address or other technical identifiers, to law enforcement authorities upon request.

Transmission based on legitimate interest

Personal data in the form of operational and location data and other unique identifiers used by individual CESNET e-Infrastructure services may be disclosed to network and service administrators from organisations connected to the CESNET e-Infrastructure and to members of security teams as part of the process of resolving operational problems and security incidents.

The association is a member of national and international security infrastructures (Fenix, TF-CSIRT, CSIRT.CZ Working Group), where an informal condition of participation is the sharing of experience and information in the field of security, which includes sharing information about detected security events, anomalies and vulnerabilities.

Personal data in the nature of statistically processed data on the use of CESNET e-infrastructure resources is provided to CESNET members and providers of targeted support.

Rights of data subjects

You can exercise the following rights with CESNET Associationin relation to the personal data processed in the CESNET e-infrastructure:

  • the right to information and access to personal data (Art. 15 GDPR),,
  • the right to rectification (Art. 16 GDPR),
  • the right to erasure (Art. 17 GDPR),
  • the right to restriction of processing (Art. 18 GDPR),
  • the right to object (Art. 21 GDPR),
  • the right to raise a complaint to the Office for Personal Data Protection – you can contact the Office for Personal Data Protection, pplk. Sochor 27, 170 00 Prague 7, at any time with a request, suggestion or complaint.

We will require your identification if you choose to exercise your rights in privacy matters. Exercising your rights is free. CESNET may charge a fee for processing a request if the request is clearly unfounded or unreasonable (in which case we may also refuse to comply with the request). The exercise of any right must not affect the rights of third parties.

If you exercise any of your rights in relation to the personal data we process, we will inform you of the resolution of your request within one month of receipt of the request. We may extend this time limit by two months in view of the complexity and number of requests we process, in which case we will inform you accordingly.

Contact details for exercising your rights can be found at www.cesnet/en/contacts.

How we protect your personal data

CESNET users’ personal data are treated legally and with due care in compliance with personal data protection regulations. The same principles apply in respect of the user data stored with us.

The priority is to ensure data confidentiality, availability and integrity, i.e. prevent any unauthorised access to data, their unauthorised leak, disclosure or other unauthorised processing while ensuring their high availability.

The core of security measures applied in the CESNET e-infrastructure consists in cutting-edge devices, highly qualified and ethical staff, customised physical protection, and a number of further organisational measures. We are aware that the softest spot of security is the human factor; accordingly we put great emphasis on continuous training of employees and raise their awareness of fundamental principles of security and privacy protection.

Technical measures

  • Personal data are kept in a safe environment, only accessible by Association’s employees.
  • Encryption and encrypted protocols are used to process personal data (i.e. in accessing them or in their transmission).
  • Before accessing or altering own personal data, the users (data subjects) must verify their identity by providing individual login data.
  • In order to ensure data availability, confidentiality and integrity, strict rules in respect of the backup of user personal data backup (and data in general) have been defined.
  • The traffic is being monitored meticulously and systematically, thus allowing that any operation and security issued are addressed timely and efficiently and their impact is mitigated.
  • The operated systems are being tested continuously to identify any vulnerability and other soft spots in their protection.

Organisational measures

  • The minimisation principle in respect of granting privileged access rights is adhered by.
  • Strict measures in respect of user identity administration, authentication and authorisation are applied.
  • All Association’s employees adhere by confidentiality and secure data treatment principles.
  • A number of workshops focusing on security is held, available (some of them even compulsory) to all employees.
  • Personal data protection commissioner has been appointed, acting also as privacy protection consultant.
  • Procedures for maintain processing logs and risk assessment have been introduced.
  • Data processing agreements have been concluded with sub-contractors commissioned to process the data by the Association.

Physical measures

  • The Association’s premises, including special work places (laboratories, computer halls, etc.), are protected by means of access management and CCTV systems.
  • The fundamental features of the communication infrastructure and services have sufficient performance and redundancy, thus ensuring smooth operation.


Služba Zoom poskytovaná sdružením CESNET a ochrana osobních údajů

Sdružení CESNET zajišťuje přístup ke cloudové videokonferenční službě Zoom pomocí uživatelských účtů v rámci e-infrastruktury CESNET.

K zajištění přístupu ke službě Zoom je nezbytné pracovat s následujícími údaji, které mohou být spojeny s konkrétním uživatelem (subjektem dle GDPR):

  • Emailová adresa – emailová adresa uživatele slouží jako primární identifikátor uživatele pro službu Zoom,
  • Křestní jméno, Příjmení, Zobrazované jméno – slouží pro snazší identifikaci uživatele v rámci meetingů,
  • Afiliace – seznam všech afiliací uživatele využívaný pro potřeby autorizace uživatele (licencované účty na službě Zoom například neposkytujeme studentům),
  • Organizace – organizace uživatele sloužící pro zpracování statistik a vykazování využití služby. 

Uvedené osobní údaje uvolňuje při přístupu ke službě Zoom prostřednictvím a Sign in with SSO nebo v Zoom klientovi na všech platformách při při přihlášení pomocí SSO v doméně uživatel. 

Výše uvedené osobní údaje jsou při přístupu ke službě Zoom přebírány z IdM systému Perun, který provozuje sdružení CESNET. Jejich zpracování na straně sdružení CESNET se řídí pravidly ochrany osobních údajů sdružení CESNET.

Uvedené osobní dále zpracovává Zoom Video Communications Inc., 55 Almaden Blvd, 6 th Floor, San Jose, CA 95113 v rámci poskytování služby Zoom v cloudu. Zpracování osobních údajů na straně Zoom Video Communications Inc. se řídí podmínkami poskytování služby Zoom, prohlášením o ochraně osobních údajů společnosti Zoom Video Communications Inc. a je v souladu s nařízením GDPR.

Další informace k ochraně osobních údajů najdete také na hlavních stránkách sdružení CESNET.

Information on the privacy policy of the eduroam Federation can be found here : eduroam

Personal data in the services of electronic mailing lists

  1. In compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, further in this text referred to as ‘GDPR’), the CESNET association informs the entities on terms and conditions under which personal data in providing the electronic mailing list service are processed. Data subjects are natural persons using the electronic mailing list service.
  2. The personal data controller is CESNET, z. s. p. o., Zikova 1903/4, 160 00 Prague 6, id. no.: 63839172, tax id. no: CZ63839172 (“the CESNET Association“). The contact information you can found at our website.
  3. The objective of this electronic email list (“the List”) is to share and exchange information, experience and guidelines among the professional community within a particular industry.
  4. Your personal data which we retain in relation to the List administration are and shall only be used in relation to the administration of the List, namely to send e‑mails with registration to the List, e-mails from moderator or administrator and other List members.
  5. Please be aware that the e‑mails are stored in archives accessible only to the List members, information about conference traffic is stored in logs for operational and security purposes.
  6. Your personal data relating to the administration of the List shall only be stored as long as you remain member of the List. The List archives are kept over the entire period of List’s existence.
  7. Your personal data are not made accessible to third parties nor traded with. On the contrary, we care for their protection from the technical, organisational and ethical point of view.
  8. You keep all rights to the personal data which we retain in relation to the administration of the List as defined by GDPR. You can claim your rights through the contacts listed in note 2 above.
  9. These rules are available in Czech and English. Should any discrepancies between the two versions occur, the Czech version shall prevail.

Rules – version 1.0 have been published 22 May 2018.

Consent to personal data processing in relation to the provision of electronic newsletter

  1. In compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, further in this text referred to as ‘GDPR’), the CESNET association requests your consent to process personal data for the purpose of sending an e‑mail newsletter.
  2. You give your consent to the personal data controller CESNET, z. s. p. o., Zikova 1903/4, 160 00 Prague 6, Id. No.: 63839172, tax id. no.: CZ63839172 (“the CESNET Association“). The contacts can found in the Contact section.
  3. You consent that the CESNET Association sends you their e‑mail newsletter( eNews). In order to be able to send it to you, we need to retain the following personal data:
  • Name
  • Surname
  • E-mail
  1. Your personal data are and shall only be used in relation to the subscription to the newsletter.
  2. The objective of the electronic newsletter is to inform the subscribers about the activities of the CESNET association, about the organised events (workshops, conferences, trainings) and about the news relating to the CESNET Association.
  3. Please be aware that the eNews has the following attributes:
  • the news into the newsletter are provided solely by the CESNET Association (the Controller);
  • the news are saved in the archives, available on the website;
  • anyone can subscribe to the newsletter;
  • personal data you have provided us shall only be stored as long as you remain the subscriber of the eNews;
  • the eNews can be unsubscribed at any time. Once you have unsubscribed, your personal data shall be deleted from the electronic newsletter database.
  1. Personal data provided are processed by The Rocket Science Group LLC d/b/a MailChimp, which operates the technology to distribute email campaigns. MailChimp used to distribute our electronic newsletter. The registered office of MailChimp and personal data processing servers are located in the USA. In order to ensure personal data protection while processing the data, CESNET and the company concluded an agreement on personal data processing.
  2. You keep all rights to the personal data which we retain in relation to the provision of the electronic newsletter as defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). You can claim your rights through the contacts listed in note 2 above.
  3. These rules are available in Czech and English. Should any discrepancies between the two versions occur, the Czech version shall prevail.

These rules – version 1.0 have been published 24 May 2018.


Information on the use of cookies on the CESNET’s website(s)

To ensure the functionality of the CESNET¨s website(s), the use of so-called functional cookies is essential.

  • Cookies are short text files generated by a web server and stored on your computer via your web browser.
  • Functional cookies are necessary to ensure the basic functions of the website and cannot be disabled without blocking the website functions.
  • Information obtained via functional cookies is not passed on or processed by external subjects.
  • Functional cookies can be deleted via options in your web browser.

The performance (analytics) cookies are used on the CESNET’s website(s).

The above information is valid from 1 January 2024.

Information on the processing of personal data in CESNET is available at


Information on the Processing of Personal Data for Persons Cooperating with the TMC department at CESNET

Persons working with the CESNET Administration and Security Tools Department (referred to as the "TMC Department") access internal information and tools through the CESNET TMC IdM system. To facilitate this, an account is created for these individuals, involving the processing of personal data. Below is information regarding this data processing in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR").

Data Controller

CESNET, an interest association of legal entities ("CESNET Association"), is the data controller under the GDPR. CESNET is responsible for ensuring the lawful and proper processing of personal data. For contact details of CESNET and its data protection officer, please visit [link to contact information].

Data Processing

In the CESNET TMC system, only the personal data necessary for creating a user account is processed. This includes basic identification and contact details provided during registration. The purpose of processing this data is to manage access to the TMC Department's internal tools and information.

Legal Basis and Retention

The processing of personal data is based on CESNET's legitimate interest in protecting its internal tools and information from unauthorized access. Data is retained for the duration of the user account and will be deleted six months after the end of cooperation or termination of membership in a TMC working group.

Data Transfers

Personal data may be transferred to third-party services used for collaboration within the TMC Department. This primarily includes external cloud services or communication platforms. An updated list of these services and the types of data transferred can be found at [link to list of services].

Contact Information

For questions about personal data processing, please contact us at or use the contact details provided above.

Last updated: 2 August 2022

Information on the Processing of Personal Data for Participants of Public Events Organized by CESNET Association

When organizing public events, CESNET Association processes personal data of the participants. This document provides information on this data processing in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR").

Data Controller

The data controller under the GDPR is CESNET Association, an interest association of legal entities. CESNET Association is responsible for the fair and lawful processing of personal data. For contact details of CESNET Association and its data protection officer, please visit: CESNET Contacts.

Data Processing

For public events, CESNET Association processes only the personal data necessary for communication with participants. This includes basic identification and contact details provided during event registration.

Personal data is processed for the following purposes:

  1. Event Organization: To manage the event, including confirming attendance, sending organizational instructions, and distributing event materials. This processing is necessary for event implementation and involves sending information emails to the address provided during registration.

  2. Invoicing and Tax Compliance: For paid events, personal data is processed to fulfill tax and accounting obligations. This processing is based on the contract or CESNET Association’s legitimate interest in recovering unpaid amounts and complying with legal requirements. Data is retained in accordance with statutory limitation periods and mandatory retention for accounting and tax purposes.

  3. Networking Opportunities: At networking events, information about the participant's organization may be included on their nameplate. This processing is based on CESNET Association’s legitimate interest in promoting cooperation in the information technology field, which is one of its core objectives.

  4. Participant Feedback: Feedback collected from participants helps improve the quality and effectiveness of events. This processing is based on CESNET Association’s legitimate interest in enhancing its event offerings.

  5. Archiving Attendance Lists: Attendance records are archived for five years due to funding requirements. This retention is based on CESNET Association’s legitimate interest in documenting the use of its resources.

  6. Event Invitations: Personal data may be used to invite participants to similar future events. This processing is based on CESNET Association’s legitimate interest in expanding awareness of its activities. Participants may opt out of receiving such invitations at any time. Data for this purpose is retained for 24 months.

Data Transfers

Personal data of event participants is not transferred to other entities unless required by law.

Rights of Participants

Participants have the following rights regarding their personal data:

  • Right to information and access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to object (Article 21 GDPR)
  • Right to lodge a complaint with the Personal Data Protection Office

Requests to exercise these rights may require identification. While exercising these rights is generally free, CESNET Association may charge a fee for manifestly unfounded or excessive requests, or refuse such requests. Any enforcement of rights must not infringe on the rights of third parties.

CESNET Association will respond to requests within one month of receipt. This period may be extended by an additional two months, depending on the complexity and volume of requests.

Contact Information

For questions regarding personal data processing or to exercise your rights, please contact us at or use the contact details provided on our website.

Last updated: December 7, 2022



CESNET Articles of Association
These articles of association serve as the foundational document governing the association's structure, operations, and membership.

Terms and Conditions of Access to the CESNET e-Infrastructure
Effective from January 1, 2017, these terms and conditions outline the regulations and requirements for accessing and using the CESNET e-infrastructure.

Green Energy Policy
This policy details CESNET's commitment to environmental sustainability through the adoption of green energy practices.

V rámci e-infrastruktury CESNET naplňujeme zákonné požadavky na blokaci nepovolených webů. Tato stránka popisuje důvody a technickou realizaci blokace.

Uvedené předpisy ukládají poskytovatelům připojení k internetu na území České republiky povinnost zamezit v přístupu k internetovým stránkám dle rozhodnutí příslušných orgánů výkonu státní správy:

Důvod blokace Orgán výkonu státní správy Zákonné zmocnění
Hazardní hry Ministerstvo financí 186/2016 Sb., o hazardních hrách
Nelegální nabídka léčivých přípravků Státní úřad pro kontrolu léčiv 378/2007 Sb., o léčivech
Nelegální nabídka nebezpečných potravin Státní zemědělská a potravinářská inspekce 146/2002 Sb., o Státní zemědělské a potravinářské inspekci
Nelegální nabídka veterinárních biopreparátů a léčiv Ústav pro státní kontrolu veterinárních biopreparátů a léčiv 378/2007 Sb., o léčivech
Usnesení vlády č. 195 ze dne 27. března 2024

Finanční analytický úřad

1/2023 Sb., sankční zákon
69/2006 Sb., o provádění mezinárodních sankcí


Technický popis blokace


Blokujeme pomocí DNS

Blokujeme doménová jména na veřejných rekurzivních resolverech. Tato technika je nenáročná na prostředky a způsobuje jen minimální vedlejší škody.

Standardním řešením pro blokování určitých doménových jmen je technologie RPZ (Response Policy Zone). Jedná se o speciální zónový soubor, který namísto obyčejných DNS dat obsahuje instrukce k blokování, případně pozměňování odpovědí DNS serveru. Sdružení CESNET pro tyto účely zřídilo veřejně dostupnou zónu na serveru Obsahuje jeden testovací a jeden ostrý záznam, včetně několika metadat:   IN CNAME *             IN CNAME *       IN TXT "pub: 26.7.2017"  IN TXT ( "c44ff24b5148803d223d2d9495863"
                               "nepovolenych-internetovych-her_v1.pdf" )

Takto nastavená RPZ zóna provádí naprosto minimální zásahy do DNS provozu. Pouze přesná shoda doménového jména vyvolá změnu IP adresy v odpovědi. To je výhoda například v porovnání s blokováním pomocí prázdných DNS zón, kdy by došlo k zablokování nejen určeného doménového jména, ale i všech případných subdomén. Blokování subdomén přitom ani předpisy nepřikazují.


Informační stránka

Blokovaná doménová jména nahrazujeme v DNS odpovědích adresou serveru Jedná se o samostatný server se základní instalací webserveru NGINX, který na jakýkoli dotaz vrátí informační stránku o blokování.

V souladu s RFC 7725 vrací stránka speciální stavový kód HTTP 451 – Nedostupné z právních důvodů, který byl přesně pro tento účel standardizován. Server také vkládá HTTP hlavičku, identifikující entitu, která provedla blokaci. Relevantní část konfigurace webserveru vypadá takto:

error_page 404 403 451 =451 /451.html;
add_header Link "<>; rel=\"blocked-by\"" always;


Použití v DNS serveru BIND

Vlastní nasazení blokace v DNS resolveru BIND je otázkou jen několika málo konfiguračních voleb. Nejprve je nutné nakonfigurovat RPZ zónu. V tomto případě jako sekundární, přenášenou zónovým přenosem z master serveru:

zone "" {
    type slave;
    masters {
    file "";

Pak už jen stačí přidat definici RPZ zóny do globální konfigurace:

options {
    response-policy {
        zone "";


Použití v Unbound

DNS resolver Unbound bohužel dosud RPZ zóny nepodporuje. Na druhou stranu, zablokování konkrétního doménového jména je možné dosáhnout velmi triviálně v konfiguraci. Je však nutné nahrazovat přímo IP adresy (tedy A/AAAA záznamy). Použití aliasu (CNAME) možné není:

    local-data: " IN A"
    local-data: " IN AAAA 2001:718:ff05:202::33"

Abychom se vyhnuli spravování dvojí databáze, používáme jednoduchý skript, který stáhne RPZ zónu a následně ji převede do podoby konfiguračního souboru. Takový skript spouštíme cronem jednou denně.


Seznam blokovaných stránek spravujeme ručně

Seznamy nejsou státními orgány vydávány ve spolehlivě strojově zpracovatelném formátu, změny sice jsou automatizovaně sledovány, ale zpracování a zanášení je prováděno ručně. Ze strany sdružení CESNET je také prováděna kontrola seznamů proti několika dalším nezávislým zdrojům, které se snaží o totéž (např. zde či zde).

S ohledem na výše uvedené není reálné, aby blokace a odstranění blokací proběhlo bezprostředně po změně seznamů. Zároveň se nelze vyhnout vadám způsobeným nutností přepisu nestrojově zpracovatelného formátu do strojově zpracovatelné formy.

Kontrola seznamu zakázaných stránek probíhá bezprostředně.

Na základě uvedeného je třeba upozornit, že ověření přesnosti a validity seznamu zakázaných stránek spočívá pouze na daném poskytovateli připojení k internetu.


Řešení je k dispozici

Jak již bylo uvedeno, příslušná zóna je na serveru veřejně dostupná a je možné do ní nahlédnout například tímto příkazem:

$ dig axfr

Každý tedy může ověřit, která doménová jména jsou rekurzivními resolvery filtrována, případně zónu použít jako zdroj dat pro své vlastní DNS servery.


Princip síťové neutrality – otevřený internet

I přes výše uvedené stále platí princip rovnoprávnosti přenášených dat po internetu. Vše o něm, o legislativním zakotvení včetně výjimek z něj v podobě nutnosti blokování obsahu, můžete přehledně nalézt na webových stránkách Českého telekomunikačního úřadu.

S účinností od 1. 1. 2026 byla ČTÚ svěřena nově i kompetence vést tzv. jednotný seznam blokovaných internetových stránek (§ 115b ZEK), který doplní dosavadní praxi, a sjednotí na jednom místě údaje ze seznamů vedených dalšími orgány státní správy, jako jsou například Ministerstvo financí, Státní ústav pro kontrolu léčiv nebo Státní zemědělská a potravinářská inspekce.

Nenašli jste, co jste hledali? Ozvěte se nám.