PRIVACY POLICY
Contact details of the administrator:
Name: Moje srdce s.r.o.
Headquarters: Oblouková 848/25, Prague 10, 10100
ID: 10688099
E-mail: podpora@mojesrdce.cz
www: mojesrdce.cz
("Administrator" or "Company")
1. INTRODUCTORY PROVISIONS
1.1 This privacy policy ("Policy") is part of the general terms and conditions of use of the mojesrdce.cz application ("Application") and has been created to inform you about how we collect, use and protect your personal data when operating the Application.
1.2 You acknowledge that by registering on the Application, using the Application, signing up for the newsletter and your other activity towards our Company, your personal data may be used by the Administrator. In order to protect your privacy and security, we hereby assure you that your data will never be processed otherwise and for purposes other than as set out in this Policy, and any processing will always be carried out in compliance with the high standards of protection under the applicable law.
2. SOURCES OF PERSONAL DATA
2.1 The Controller shall process your personal data to the extent that you provide it to it in connection with your activities relating to the Application. In justified cases, we also obtain personal data from publicly accessible registers, lists and records.
2.2 In some cases, a feature of the Application requires a connection to a third party service. In this case, we will also obtain Personal Data from that third party through the specific linked service. We undertake that the collection of your personal data through third party services will never take place without your knowledge.
3. WHAT DATA DO WE PROCESS?
3.1 In order to provide you with the services offered through the Application, we process personal data about you. We also process personal data about you if you do not yet use the Application but are interested in using the services provided through the Application. Specifically, we process the following categories of personal data for these purposes:
a. name and surname;
b. contact and/or delivery address;
c. e-mail;
d. telephone;
e. gender;
f. age;
g. health data;
h. the content of the query entered in the online advice available in the Application.
3.2 In addition to the above, we also hold information about your use of the App. We process your location, MAC address, IP address (if using a browser) and operating system. You can deactivate the location service at any time in the settings of your mobile device.
4. PURPOSE AND SCOPE OF PROCESSING
Performance of the contract
4.1 We process your personal data primarily for the purpose of performing the contract you have entered into with us regarding your use of the App. The lawful basis for processing in this case is Article 6(1)(b) GDPR. In this context, we may process your personal data for the purposes of registering on the Application, ensuring the operation of the Application, using its functionalities, etc. For these purposes, we process in particular the following personal data:
a. name and surname;
b. e-mail address;
c. a contact and/or delivery address;
d. telephone;
e. gender;
f. age.
4.2 In the event that you have not consented to us processing your sensitive personal data for the purposes of displaying recommendations relevant to you within the Application, the above personal data may also be processed for these purposes under the above legal authority.
4.3 We must process this personal data, otherwise the performance of the contract for the use of the App will become impossible for us. However, we only process personal data to the extent necessary and exclusively for the duration of the contractual relationship in question. In justified cases, the processing of personal data may exceed the duration of the contractual relationship, in particular due to the assertion of legal claims of our company from expired contracts. The controller undertakes that the period of processing of personal data in this case will never exceed the statutory limitation period of 10 years.
Legitimate interest
4.4 We further process your personal data in order to protect and exercise our legitimate interests. In this case, the legal basis for the processing is Article 6(1)(c) GDPR. In this context, we may process your personal data for the purposes of optimising the processes in the App, maintaining it, providing support, displaying offers to purchase the paid version of the App or its other functionalities, as well as related discounts and promotions, etc. For these purposes, we process in particular the following personal data:
g. name and surname;
h. e-mail address;
i. how to use the Application;
j. position;
k. IP address;
l. MAC address;
m. the type of operating system of your device.
4.5 The processing of the personal data in question is based on our legitimate interests, except where these interests are overridden by your interests or fundamental rights and freedoms. If you have any doubts in relation to our legitimate interests, you have the right to contact us at any time to object to the processing. The controller undertakes that the period of processing of personal data for these purposes will never exceed 3 years.
Consent to processing
4.6 We process your personal data not least for the purpose of providing some of our services on the basis of your consent. The lawful basis for processing in this case is Article 6(1)(a) GDPR. In this context, we may process your personal data for the purposes set out in the specific consent you give us, in particular for the purposes of displaying personalised health recommendations within the App, arranging contact with a consulting doctor within the App, sending newsletters, etc. For these purposes, we process in particular the following personal data:
a. name and surname;
b. contact and/or delivery address;
c. e-mail;
d. telephone;
e. gender;
f. age;
g. health data;
h. the content of the query entered in the online advice available in the Application.
4.7 We process personal data for these purposes until your consent is withdrawn, for a maximum period of 1 or 3 years from the date of consent. In the event that special categories of personal data are processed in this way, we undertake to make additional efforts to minimise their processing and to protect them from misuse.
5. RECIPIENTS OF PERSONAL DATA
5.1 In addition to employees and managers of the Controller, third parties may be recipients of your personal data. Our Company carefully selects its business partners to whom it entrusts data subjects' data and who are able to ensure the technical and organisational security of your personal data at the highest possible level.
5.2 The third parties who may have access to your personal data are:
a. persons who provide the technical operation of a service for us or the operators of the technologies we use for our services;
b. electronic communications service providers;
c. persons operating tools that allow us to analyse how our Application is used;
d. payment service providers and payment processors for the purpose of securing and executing payment transactions; and
e. persons who provide us with the recovery of our Company's debts.
5.3 The controller does not intend to transfer your personal data of data subjects to a third country. In the event that personal data of data subjects is transferred to third countries outside the EU, this will be done in accordance with the legal requirements and in any case the protection of personal data of data subjects will be ensured. Our company undertakes to inform you immediately of any such transfer.
6. YOUR RIGHTS
6.1 As a data subject, you have the right to request information about the processing of your personal data and the purpose of the processing, the scope of the processing, the categories of personal data subject to processing, the processors, and the recipients of the personal data. You also have the following rights in relation to us:
a. The right of access to personal data - this is the possibility to obtain information from the Controller as to whether or not personal data concerning the subject are being processed.
b. The right to an explanation - if you believe that the Controller carries out processing that is contrary to the protection of your private and personal life or contrary to the law.
c. Right to rectification - in case you believe that the Controller processes personal data inaccurate or incorrect.
d. The right to erasure of personal data.
e. The right to restriction of data processing in cases provided for by law.
f. The right to object to processing - in this case, personal data will no longer be processed unless there are compelling legitimate grounds for processing which override the interests of the subject or his or her rights and freedoms, or unless it is processed for the establishment, exercise or defence of legal claims. They can be raised via the contact details above.
g. The right to data portability.
h. The right to apply to the competent supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7.
7. SECURITY OF PERSONAL DATA
7.1 The processing of your personal data is carried out on the Company's premises, or the processing of personal data of data subjects is carried out by our processors on their premises by individual authorised employees of the processor who are sufficiently bound by the obligation of confidentiality. The processing takes place both electronically, i.e. by means of computer technology, and in paper form, i.e. manually, in compliance with all security principles.
7.2 All personal data you provide to the Administrator is secured by standard procedures and technologies, and all data transmission is encrypted. We have strictly monitored data management processes in place to track security breaches, both on the part of our suppliers and employees. However, despite our best efforts and preventative mechanisms, our security measures may be breached. In such a case, we are committed to proceeding as quickly and efficiently as possible so that the interference with your right to privacy is minimized and the consequences are remedied as soon as possible, as required by applicable law.
8. FINAL PROVISIONS
8.1 We reserve the right to amend this Policy, if necessary, in particular in light of developments in national legislation, the decision-making practice of the Office for Personal Data Protection and other recommendations and opinions of other bodies whose outputs relate to the area of personal data protection. We encourage you to review this Policy periodically to stay up-to-date on how we are helping to protect the personal data we process about you.
8.2 If you have any data protection queries or withdraw your consent to further processing of your personal data, you can contact us using the contact details above or contact our Data Protection Officer using the contact form on our App.
8.3 This Policy shall take effect on 13.12.2024