Privacy policy
Through this Privacy Policy (hereinafter referred to as the "Policy"), we inform the data subjects whose personal data we process about all processing activities and about the privacy protection principles of the data subjects.
1. Responsible persons
Personal data manager:
Natios Health, s.r.o., Reg. No: 28582292, with registered office at Trocnovská 1088/2a, 702 00 Ostrava - Přívoz, Czech
republic
Contacts for exercising your rights: Phone: +420 558 274 254, E-mail: info@natios.cz
(hereinafter also referred to as “we”; “us” or “our” )
2. Basic terms
GDPR:
Regulation (EU) 2016/679 of the European Parliament and of the Council 2016/679 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC effective from 25/05/2018.
Personal data:
Personal data in the sense of Regulation (EU) 2016/679 of the European Parliament and of the Council 2016/679 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (hereinafter referred to as "GDPR") is understood all information about an identified or identifiable natural person (i.e. about the data subject = you).
Special personal data:
Special personal data means data on racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, processing of genetic data, biometric data for the purpose of unique identification of a natural person and data on the state of health or sex life or sexual orientation of a natural person persons.
Data Subject = You:
Data subject means an identified or identifiable natural person, whereby an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example name, identification number, location data, network identifier or to one or more special elements of physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person.
Processing of personal data:
Processing of personal data within the meaning of Article 4(2) of the GDPR means any operation or set of operations with personal data or sets of personal data which is carried out with or without the aid of automated procedures such as collection, recording, arrangement, structuring, storage, customization or alteration, retrieval, viewing, use, disclosure by transmission, dissemination or any other disclosure, arrangement or combination, restriction, erasure or destruction.
Administrator:
In the sense of Article 4, Paragraph 7 of the GDPR, a Administrator is a natural or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means of personal data processing. We act as an administrator in relation to your personal data.
Processor:
A processor in the sense of Article 4, paragraph 8 of the GDPR means a natural or legal person, public authority, agency or other entity that processes personal data for the controller.
Supervisory Authority:
Supervisory authority in the Czech Republic means the Office for the Protection of Personal Data (hereinafter referred to as "ÚOOÚ").
Risk processing:
Risky processing means processing that is likely to pose a risk to the rights and freedoms of data subjects, the processing is not occasional, or includes the processing of special personal data or personal data related to judgments in criminal cases and offenses referred to in Article 10 of the GDPR.
Automated individual decision-making incl. profiling:
Automated individual decision-making incl. profiling generally means any form of decision based on the automated processing of personal data, i.e. without human intervention, consisting, among other things, of evaluating some personal aspects related to the data subject, especially for the purpose of analysis or estimation or analyzing or predicting aspects related to his work performance, economic situation, health status, personal preferences, interests, reliability, behavior, location or movement.
3. Category of entities, processed personal data, purpose, legal basis and processing time
We process personal data for a clearly defined purpose:
| Categories of data subjects | The purpose of personal data processing | Legal basis and processed personal data | Processing time |
|---|---|---|---|
| Our customers | Fulfillment and implementation of contracts concluded with customers | The legal basis is the fulfillment of the contract. Identification data (name, surname), contact data (delivery address or residential address, e-mail, telephone), accounting data (credit card number, bank account number), order history, IP address, cookies and account registration data, through which you log in, and data from the complaint form (product identification, product defects). | For this purpose, personal data may be processed for the duration of the contractual relationship and the warranty period. |
| Exercising claims from contractual relationships after the termination of the contract | The legal basis is our legitimate interest consisting of the right to collect claims, compensation
for damage and other claims that may have arisen during the duration of our contractual relationship.
Identification data (name, surname), contact data (delivery address or address of permanent residence, e-mail, telephone), accounting data (bank account number), order history, IP address, cookies and registration data for the account through which you log in , and data from the complaint form (product identification, product defects) are necessary after the termination of the contract for the processing of complaints, the collection of claims and other contractual obligations from the contracts concluded between us and these data subjects. | For this purpose, personal data may be processed for a period of four years from the termination of the contractual relationship, in the case of legal proceedings, for the entire duration of the proceedings. | |
| Fulfilling our accounting and tax obligations | The legal basis is the fulfillment of a legal obligation imposed on us by legal regulations such as
the Accounting Act or the Value Added Tax Act.
Identification data (name, surname), contact data (delivery address or address of permanent residence, e-mail, telephone), accounting data (bank account number and other information on tax documents). | For this purpose, personal data may be processed for up to 10 years from the end of the tax period in which the performance provided to the customer took place. | |
| Dissemination of business communications in the form of professional information and reports, marketing materials, offers of our goods or services | The legal basis is our legitimate interest to provide and offer you similar services or goods that
meet your needs, based on our joint business relationship.
The identification and contact personal data of customers is processed for the purpose of disseminating commercial messages. | For this purpose, personal data may be processed for the duration of the contractual relationship. | |
| Website visitors | Statistics before data anonymization, display of advertisements for our services or goods | The legal basis is our legitimate interest in the sense of a) improving our services and focusing on
what really interests you; b) offer you similar services or goods that meet your needs, based on access to
our website.
Identification data (name, surname), contact data (address, e-mail, telephone), IP address and cookies. | For this purpose, personal data may be processed for a period of 6 months. |
| Sending a response to a website visitor's query | The legal basis is performance of the contract or your consent Identification data (name, surname), contact data (address, e-mail, telephone), IP address and cookies, inquiry made through the form. | For this purpose, personal data may be processed until the inquiry from the contact form is processed, but no longer than 30 days or the period for which your consent to the processing lasts. | |
| News subscribers | Regular sending of commercial messages by e-mail | The legal basis is the consent you gave us when registering for the newsletter. Identification data (name and surname), contact data (e-mail). | For this purpose, personal data may be processed until consent is revoked. |
4. Time of personal data processing
We keep personal data only for the time necessary for the purpose of their processing - see the table above. After this period, personal data may only be kept for the purposes of the state statistical service, for scientific purposes and for archival purposes.
5. Recipients of personal data and transfer of personal data outside the European Union
In justified cases, we may transfer your personal data to other entities (hereinafter referred to as "recipients"). Personal data may be transferred to the following recipients:
- Processors who process your personal data according to our instructions, especially in the area of contact with the public, electronic data management or accounting;
- public authorities and other entities, if required by valid legal regulation;
- other entities in the event of an unexpected event in which the provision of data is necessary for the purpose of protecting life, health, property or other public interest or if it is necessary to protect our rights, property or safety.
6. Cookies
After your first visit to our website, our server sends a small amount of data to your computer and stores it there. The browser then sends this data back to the server with each subsequent visit to the site. This small file is called a "cookie" and is a short text file containing a specific string of characters with unique information about your browser. We use cookies to improve the quality of our services and to better understand how people use our site. That is why we store user preferences in cookies and use them to monitor user trends and how people behave on our pages and how they view them.
Most browsers are set to accept cookies. However, you have the option to set your browser to block cookies or to notify you when cookies are sent. However, some services or functions will not work properly without cookies.
Our website uses "first-party" cookies, i.e. cookies used only by our website (hereinafter referred to as first-party cookies) and "third-party" cookies (i.e. cookies originating from third-party websites). We use first-party cookies to store user preferences and data, needed during your visit to the website (e.g. the contents of your shopping basket). We use third-party cookies to track user trends and patterns of behavior, target advertising, with the help of third-party providers of web statistics. Third-party cookies used to track trends and patterns of behavior are used only by our website and the web statistics provider, they are not shared with any other third party.
In particular, we use the following cookies:
- Google Analytics
- Google AdWords
- Facebook Pixel
- Sklik
7. Principles of personal data processing
Legality
We process your personal data in accordance with applicable legal regulations, especially GDPR.
Consent of the data subject
We process personal data only in the manner and to the extent to which you have given us consent, if consent is the title of processing.
Minimization and limitation of personal data processing
We process personal data only to the extent necessary to achieve the purpose of their processing and for no longer than is necessary to achieve the purpose of their processing.
Accuracy of processed personal data
We process personal data with an emphasis on their accuracy, using available measures. And we process updated personal data using reasonable means.
Transparency
Through these Policies and the contact person, you have the opportunity to familiarize yourself with the way in which we process your personal data, as well as with their scope and content.
Purpose limitation
We process personal data only to the extent necessary to fulfill the stated purpose and in accordance with this purpose.
Safety
We process personal data in a way that ensures their proper security, including their protection by means of appropriate technical or organizational measures, against unauthorized or illegal processing and against accidental loss, destruction or damage.
8. Automated individual decision-making and profiling
When processing personal data there is no automated individual decision-making, not even on the basis of profiling.
9. Your rights as a data subject
Right of access to personal data
You have the right to request access to your personal data from us. In particular, you have the right to obtain confirmation from us as to whether personal data concerning you are or are not processed by us, as well as to provide additional information about the processed data and the method of processing in the sense of the relevant provisions of the GDPR (purpose of processing, category of personal data, recipients, planned storage period, existence of your right to request correction, erasure, restriction of processing or right to object, source of personal data and right to file a complaint). If you request it, we will provide you with a copy of the personal data we process about you, free of charge. In the event of a repeated request, we may charge a reasonable fee corresponding to the administrative costs of processing for providing a copy.
To gain access to your personal data, use your user account or the contacts listed in this policy.
The right to withdraw consent to the processing of personal data, if the processing is based on consent
You have the right at any time to revoke your consent to the processing of personal data that is processed by us on the basis of this consent.
You can withdraw your consent through your user account or the contacts listed in this policy.
Right to rectification, restriction or erasure
If you find that the personal data we hold about you is inaccurate, you can request that we correct this data without undue delay. If it is reasonable with regard to the specific circumstances of the case, you can also request the addition of the data we keep about you.
You can request correction, restriction of processing or deletion of data through your user account or the contacts listed in this policy.
The right to erasure of personal data
You have the right to request that we delete the personal data we process concerning you without undue delay, in the following cases:
- If you revoke your consent to the processing of personal data and there is no other legitimate reason for their processing on our side that would override your right to erasure;
- if you object to the processing of personal data (see below);
- Your personal data is no longer needed for the purposes for which we collected or otherwise processed it;
- personal data were processed by us unlawfully;
- personal data were collected by us in connection with the offer of information society services to a person under the age of 18;
- personal data must be deleted to fulfill a legal obligation set out in the law of the European Union or in the Czech legal order that applies to us.
You can request deletion in these cases through your user account or the contacts listed in these policies.
Pthe right to request deletion of personal data is not given in a situation where processing is necessary
- To exercise the right to freedom of expression and information;
- to comply with our legal obligations;
- for reasons of public interest in the field of public health;
- for the purposes of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes, if it is likely that the deletion of the data would make it impossible or seriously jeopardize the fulfillment of the objectives of the said processing;
- for the determination, exercise or defense of legal claims.
You can find out whether there are reasons for not being able to use the right to erasure through your user account or the contacts listed in this policy.
Právo na omezení zpracování osobních údajů
You have the right to restrict the processing of your personal data in cases where:
- you deny the accuracy of the personal data. In this case, the restriction applies for the time required for us to verify the accuracy of the personal data.
- the processing is unlawful and you refuse the erasure of the personal data and request the restriction of their use instead.
- We no longer need your personal data for the purposes for which we processed them, but you require them to determine, exercise or defend legal claims;
- you object to the processing (see below). In this case, the restriction applies until it is verified whether the legitimate reasons on our side outweigh your legitimate reasons.
During the period of restriction of personal data processing, we may process your personal data (with the exception of their storage) only with your consent, or for the purpose of determining, exercising or defending our legal claims, for the purpose of protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a member state. As mentioned above, you can request restriction of processing through your user account or the contacts listed in this policy.
The right to object to processing
You have the right to object to the processing of your personal data in the following cases:
- In the event that personal data is processed for the reason that the processing is necessary for the fulfillment of a task carried out in the public interest or in the exercise of public authority entrusted to us, or for the purposes of our legitimate interests, and you object to the processing, we cannot further to process unless we demonstrate serious legitimate grounds for processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of our legal claims.
- If personal data is processed for direct marketing purposes and you object to the processing, we will no longer process the personal data for these purposes.
- If your personal data is processed for the purposes of scientific or historical research or for statistical purposes, we will not process it further, unless the processing is necessary to fulfill a task carried out for reasons of public interest.
You can file an objection through your user account or the contacts listed in this policy.
Right to data portability
In the event that we process your personal data on the basis of your consent or because it is necessary to fulfill the contract concluded between us, you have the right to obtain from us the personal data that concern you and that you have provided to us, in a structured , a commonly used and machine-readable format, if personal data is processed by us. You have the right to transfer this data to another data controller or to request that we provide this data directly to another data controller if technically feasible. You can obtain your personal data through your user account or the contacts listed in this policy.
The right not to be subject to any decision based solely on automated processing, including profiling
We do not use personal data for automated decision making.
The right to receive information about a breach of the security of your personal data
If it is likely that a breach of our security will result in a high risk to your rights and freedoms, we will notify you of the breach without undue delay. If appropriate technical or organizational measures have been used to process your personal data, ensuring, for example, that it is not comprehensible to an unauthorized person, or if we have taken additional measures to ensure that a high risk does not manifest itself, we do not have to pass on information about the breach to you.
The right to lodge a complaint with the supervisory authority
If you believe that the processing of your personal data violates the obligations set out in the GDPR, you have the right to file a complaint with the supervisory authority. The supervisory authority in the Czech Republic is the Office for the Protection of Personal Data.
This Privacy Policy is effective from 01/01/2024.
