PRINCIPLES OF PERSONAL DATA PROTECTION 

BASIC PROVISIONS 

The controller of personal data according to Article 4 point 7 of the Regulation of the European Parliament and of the Council (EU) 2016/679, on Protection of Individuals with regard to the Processing of personal data and on the free movement of such data (the “GDPR”) is MEDICEM Technology s.r.o., with its registered office at Karlovarská třída 20, 273 01 Kamenné Žehrovice, IČ 48036374, registered in Commercial Register administered by Municipal Court in Prague, file no. C 15107 (the “Controller”). 

Controllers’ contact information: 

Address: Karlovarská třída 20, 273 01 Kamenné Žehrovice 

Email: technology@medicem.com 

Phone: +420 317 070 390 

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier, for example it is name, identification number, location data, network identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

CATEGORIES OF PERSONAL DATA PROCESSED 

The Controller processes personal data, which you have provided to it through the completion of the application form. On the basis of information from application form you will be automatically sent logging information to customer account. Using your logging information you are able to make an order through Website. 

The personal data to be processed is information showed on application form (name and surname, email, company, contact and/or address for service). 

LEGITIMATE REASON AND PURPOSE OF PROCESSING PERSONAL DATA 

Legitimate reason of processing of personal data shall be: 

• Performance of the contract between you and the Controller according to Article 6 point 1 letter b) of the GDPR; 

• Legitimate interest of the Controller for providing of direct marketing (especially for sending of commercial communication and newsletters) according to Article 6 point 1 letter f) of the GDPR; 

• Your consent with personal data processing for the purpose of providing direct marketing (especially for sending of commercial communication and newsletters) according to Article 6 point 1 letter f) of the GDPR, in connection with § 7 provision 2 of Act 480/2004 Coll., on certain services of the information society in case that there was no order for the goods or services. 

Purpose of processing personal data shall be: 

• Execution of your order and exercise of the rights and obligations arising from the contractual relationship between you and the Controller; when making the order the personal data is required for the purpose of successful execution of order (name 

and address, contact), provision of personal data is necessary for conclusion and performance of a contract. Without providing personal date it is not possible to conclude a contract between parties or to provide fulfillment from the contract from the side of the Controller. 

From the side of the Controller there is no automatic individual decision making within the meaning of Article 22 of the GDPR. 

PERIOD OF DATA RETENTION 

We shall process your data for as long as you use our services (i.e. for the duration of the contractual relationship with us) and then for a reasonable period necessary to protect our interests or for period necessary for fulfillment of archiving or other obligations in accordance with valid legal provisions, such as the Accounting Act, Archiving Act, VAT Act and others. 

We would like to point out that we have to process personal data which are necessary for proper provision of a service, or for fulfilment of any of our obligations, whether the obligations arise from a contract between us or from generally binding legal regulations, for a period specified in applicable legal regulations regardless of your consent, or in accordance with them even if you withdraw your consent. 

SECURITY CONDITIONS OF PERSONAL DATA 

Our company has introduced strict internal rules for the processing of personal data which need to be complied with by all of our employees. Our employees are obliged to maintain confidentiality and they are regularly trained and monitored in this area. Likewise, all our contract partners are bound by a contract to maintain confidentiality, take effective safety measures to protect personal data and process personal data only in a manner and for the purposes specified by our company. Any technology and software applications that we use are properly secured. 

YOUR RIGHTS 

In connection with your personal data, you have the following rights in accordance with GDPR: 

• the right to withdraw your consent at any time, 

• the right to rectify or amend your personal data, 

• the right to request restriction of processing, 

• the right to object to or complain about the processing in certain cases, 

• the right to request portability of data, 

• the right of access to your personal data. 

To exercise your rights, send an e-mail to: gdpr@medicem.com or a letter to the address of the Controller’s registered office. Depending on the nature of the data, you may be required to prove your identity.

FINAL PROVISION 

By submitting an order you acknowledge and agree that you are familiar with the principles of personal data protection and accept them in their entirety. The Controller is entitled to change these terms. It will publish a new version of the principles of personal data protection on its website. 

These terms come into effect on 25. 05. 2018