The personal data administrator in accordance with Article 4 (7) of the Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is d-Health s.r.o., identification number 61247651 with its registered office at Hradešínská 2144/47, Praha 10-Vinohrady (hereinafter referred to as the “Administrator”).
2. The administrator contact details:
Address: Hradešínská 2144/47, Praha 10-Vinohrady, 101 00
Telephone: +420 725 450 656
Personal data means all information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, particularly by reference to a definite identifier, such as name, identification number, location information, network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or the social identity of this natural person.
Administrator did not appoint a representative for personal data protection.
II. Sources and categories of processed personal data
The administrator processes the personal data you provided to them or the personal data that the administrator has acquired as a result of your order performance.
The administrator processes your identification and contact information and the data necessary for the performance of the contract.
III. Legal reason and purpose of personal data processing
The legal reason for the processing of personal data is:
- performance of the contract between you and the administrator pursuant to point (b) of Article 6(1) GDPR,
- legitimate interest of the administrator in providing direct marketing (especially for sending commercial messages and newsletters) pursuant to point (f) of Article 6(1) GDPR,
- Your consent to processing for the purpose of providing direct marketing (particularly for sending commercial messages and newsletters) pursuant to point (a) of Article 6(1) GDPR in conjunction with Section 7 (2) of Act No. 480/2004, on some services of the information company, in case the goods or services were not ordered.
The purpose of processing personal data is:
· processing your order and exercising the rights and obligations derived from the contractual relationship between you and the administrator; personal data are required for successful order processing (name and address, contact) providing personal data is a necessary requirement for the conclusion and performance of the contract, it is not possible to conclude the contract or perform it by the administrator without providing the personal data,
· sending commercial messages and doing other marketing activities.
There is no automatic individual decision-making by the administrator defined in Article 22 of the GDPR. You have given your explicit consent to such processing.
IV. Data retention period
The administrator storages personal data
· for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Administrator, and the enforce the rights arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
· for the period till withdrawal of consent to the processing of personal data for marketing purposes, 3 years at most, if the personal data are processed on the basis of consent.
After the personal data retention period has expired, the administrator will delete them.
V. Recipients of personal data (subcontractors of the administrator)
The recipients of personal data are persons
· involved in the delivery of goods / services / payments under contract,
· providing e-shop operation services and other services related to e-shop operation,
· providing marketing services.
The administrator does not intend to transfer personal data to a third country (to a non-EU country) or to an international organization.
Operational services providing marketing and support services
Google analytics – records cookies and website usage
Google Adwords – records cookies and website usage
Google shopping - review request, records email if you agree in the order process
Heureka - records purchase conversions and email for "Verified by customers" service
Zboží.cz - records purchase conversions and email
Sklik – records cookies, website usage, purchase conversion
VI. Your rights
Under the conditions laid down in GDPR you have:
· the right of access to your personal data pursuant to Article 15 of the GDPR,
· the right to correct your personal data pursuant to Article 16 of the GDPR, or to limit the processing pursuant to Article 18 of the GDPR.
· The right to have your personal data deleted pursuant to Article 17 of the GDPR.
· The right to object to processing pursuant to Article 21 of the GDPR, and
· The right to data portability pursuant to Article 20 of the GDPR.
The right to withdraw consent to the processing in writing or electronically to the address or email of the administrator under conditions specified in Article III. You can withdraw your consent anytime in your own customer account.
You also have the right to file a complaint with the data protection authority if you believe that your right to personal data protection has been violated.
VII. Terms of personal data security
The administrator declares that has taken all appropriate technical and organizational measures to secure personal data.
The administrator has taken technical measures to secure data and personal data storage in paper form, especially secure / encrypted access to the web, encrypting customer passwords in the database, regular system updates, regular system backups.
The administrator declares that only the persons authorized by him/her have access to personal data.
VIII. Final provisions
By submitting an order from the online order form, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
You agree to these terms by checking your consent by the online form. By checking your consent, you acknowledge that you are familiar with the terms of personal data protection and that you accept them in their entirety.
The Administrator is entitled to change these terms. The administrator will publish the new version of personal data protection on his/her website and at the same time send you a new version of these terms to your e-mail address, which you provided to the administrator.
These terms come into effect on: 25th May 2018 Ing. Libor Svatoň – executive director