Processing of personal data

PRINCIPLES OF PERSONAL DATA PROCESSING AND PRIVACY PROTECTION

This document defines the basic principles of personal data processing in the operation of the server https://www.medicalprotect.cz/.

I. Personal Data Administrator:

Name:                   MEDICAL PROTECT, s.r.o.

ID:                          01639331                                                                        

Headquarters:     Fanderlíkova 602/44 616 00 Brno

Kept by:                Regional Court in Brno under file No. C 78920                                           

Tel.:                       +420 602 624 266

Email:                    info@medicalprotect.cz    

(hereinafter referred to as the „Operator“)

II. Authorized Person for Personal Data Protection

The Operator has not appointed any authorized person for personal data protection because it is not a public authority or body, its main activities are not processing operations that would require extensive regular and systematic monitoring of persons, nor extensive processing of specific categories of data.

III. Legal Base for Personal Data Processing

When processing personal data, the Operator is based on the main principles of the Regulation 2016/679 on protection of individuals with regard to the processing of personal data and on free movement of such data (hereinafter GDPR or Regulation) and all related laws. The Regulation is valid from 25 May 2018. Furthermore, Act No. 110/2019 Coll., on processing of personal data, Act No. 127/2005, on electronic communications and Act no. No. 480/2004 Coll., on certain services of an information company. In accordance with these regulations, the legal basis for the processing of personal data has been set to the following extent:

Contract Fulfilment

This legal title applies to cases where the user actively requests a certain service or goods from the Operator. In addition to concluding a contractual relationship in the form of a contract, etc., this also includes other activities carried out for the purpose of using a certain service or purchasing goods, including entering a URL into a browser to gain access to a specific service or goods. An example of this processing of personal data is, for example, the identification of the client before the actual conclusion of the contract, the data needed for invoicing (if there is a cash payment for the provision of the service).

Legitimate Interest of the Operator

The Operator has the opportunity to process the user's personal data in its own subjectively determined interest. The user therefore has the right to object to the said processing, the right to deletion and also the right to assess the legitimacy of such processing. This category is commonly covered by activities to exercise freedom of expression, protection of services from abuse (including fraud prevention), enforcement of claims and legal claims in general, direct marketing, network and information security arrangement measures or processing for the purpose of reporting potential crimes.

Processing of Personal Data with Consent

In these cases, explicit consent to the processing of personal data by the user will be granted. The request for consent to the processing of personal data will be provided separately from other facts. The user has the right to revoke the granted consent. In this case, it is mainly the consent to the provision of selected personal data (e-mail address) to send marketing offers of the Operator, or inclusion in the user satisfaction survey.

Fulfilment of Legal Obligations

In this case, the legal reason for processing personal data arises from specific national or European legislation. The Operator is bound by this obligation. Examples may include processing due to obligations imposed by the tax office or responding to court decisions and passing on specific data to law enforcement authorities.

The Operator processes the following personal data:

• name, surname, residential address, registered office address, delivery address, email address, identification number, tax identification number, IP address, access password, telephone numbers, date and time of visit, user communication, device identification.

VI. Purpose of Personal Data Processing

The Operator uses the collected personal data for fulfilment of a certain, explicitly expressed and legitimate purpose. As part of the services of the server https://www.medicalprotect.cz/ your personal data is processed for the following purposes:

• to fulfil the contract concluded between the Operator and the personal data subject,
• to identify the contracting party before concluding the contract,
• to fulfil legal obligation,
• to improve and enhance the Operator's services,
• to measure the traffic of the Operator's internet server,
• to ensure the safety of the Operator's services and to protect against their misuse,
• for the purpose of direct marketing of the Operator's services,
• to collect debts and claims for damages,
• to evaluate user satisfaction.

The processing of personal data is performed by the Operator through IT equipment or manually - by authorized employees, or third party on the basis of a contractual relationship, all in compliance with the requirements of the GDPR for the management and processing of personal data. When processing personal data by the Operator, there is no automatic individual decision-making.

The user provides personal data completely voluntarily, he is not obliged to provide it. However, if the user does not provide personal data to the Operator, he will not be able to enter into any contract with him and perform from such a contract. It is entirely up to the user whether or not to use the server.

V. Personal Data Recipients:

Personal data may be passed on to the following recipients:

• Public authorities (e.g. courts, administrative authorities),
• Providers of maintenance and information systems,
• Google Advertising System (Google AdWords)
• Providers of other services (e.g. transport, payment system, external accountant or tax advisor).

VI. Time of Personal Data Processing:

Personal data will be processed for the duration of the contractual relationship between the parties and after its termination they will be disposed of in accordance with applicable law, especially Act No. 499/2004 Coll. (act on archiving and filing services and amending certain laws) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR Regulation).

VII. Use of Cookies

Cookies are very small text files that the displayed website stores in the browser of the user's end device (computer, tablet, smartphone, etc.).

The Operator's website works with:

1.) technical and security cookies, which are necessary for its correct display and functionality. For this reason, they are mandatory and cannot be turned off, then with

2.) analytical cookies allowing to monitor traffic and the way of use of the site, so the site can be better optimized for a better user experience, further with

3.) personalized and advertising cookies, which record a specific visit to the site, thanks to which advertising can be personalized for the user.

Temporary cookies are stored only for the duration of the user's visit to the website. Persistent cookies remain stored longer, depending on their function.

The Operator informs the user in advance about the use of cookies on this website and its scope and purpose of their processing. To do so, he will require prior consent to their storage in cases ad 2.) and 3.). If the user does not want the Operator to store cookies on his device, he can change the cookie management settings of his web browser, where he will disable the storage of cookies. Cookies can also be blocked only for individual websites according to the user's internet browser settings.

If the user disables cookies (in any of the above ways), these sites and the services provided through them may not function properly. Cookies can be re-enabled at any time.

VIII. User’s Rights

• Right of access - the user has the right to obtain information on whether his personal data is processed and, if so, what the data is and how it is processed.
• Right of correction - the user has the right for the Operator to correct inaccurate personal data concerning him without undue delay. The user has the right to add incomplete personal data at any time.
• Right to delete - the user has the right to request the Operator to delete the processed personal data and if the legal conditions are met, this request will be complied with.
• Right to restrict processing - the user has the right for the Operator to restrict the processing of his personal data in certain cases.
• Right to object - the user is entitled to object at any time against processing that is based on the legitimate interests of the Operator, a third party or is necessary for the performance of a task performed in the public interest or in the exercise of public power.
• Right to data portability - the user has the opportunity to obtain personal data provided to the Operator in a common and machine-readable format. He may then pass this information on to another administrator or, if technically possible, request that the administrators pass it on to each other.
• Right to file a complaint - in the event that the user is in any way dissatisfied with the processing of his personal data by the Operator, he may file a complaint directly to him or contact the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), based in Pplk. Sochora Sochora 27170 00 Prague 7, www.uoou.cz.
• Right of the subject to withdraw the consent to the processing of personal data at any time - this right testifies to the user if he has given his consent to the processing of personal data.