Personal data processing policy of Avenier a.s.
This document is dedicated to the topic of personal data protection in relation to the validity of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) — (hereinafter referred to as “GDPR”) (General Data Protection Regulation).
General principles for the processing of personal data of the company Avenier a.s., with registered office at Bidláky 837/20, 639 00 Brno, ID No.: 26260654, a company registered in the Commercial Register maintained by the Regional Court in Brno, Section B, Insert 3646 (hereinafter referred to as the “Company”), express our commitment to strive to protect the personal data of our employees, job applicants, customers, suppliers and business partners. This policy sets out how this commitment will be implemented and the Company’s position as data controller.
The company is bound by local legislation. In the area of personal data protection, the Office for Personal Data Protection (OPDP) is the supervisory authority in the Czech Republic.
The GDPR applies to wholly or partially automated processing of personal data and to non-automated processing of personal data contained in or intended to be contained in a record.
The Company may supplement this policy with sub-policies and notices that comply with the GDPR and the Privacy Rules.
Our web address is: https://www.avenier.cz/
Personal data processing policy of Avenier a.s.
- 1. Introduction
- 2. Privacy Policy and Rules
- 2.1. Cookie services and their use
- 2.2. How cookies are divided
- 2.3. What we use cookies for
- 2.4. How to modify the use of cookies
- 2.5. This website uses Google Analytics
- 2.6. How to disable Google Analytics tracking
- 3. Category and scope of data processed
- 3.1. Categories of personal data
- 3.2. Special categories of personal data
- 3.3. Processing time
- 3.4. Data sources
- 4. Purposes of the processing of personal data
- 4.1. Lawfulness of the purposes of processing
- 4.2. Lawfulness of the purpose of processing based on Consent
- 5. Rights of data subjects
- 5.1. Exercise of data subjects’ rights
- 5.1.1. Information and access to personal data
- 5.1.2. Portability
- 5.1.3. Restrictions on processing
- 5.1.4. Correction and deletion of personal data
- 5.1.5. Information regarding rectification or erasure of personal data or restriction of processing
- 5.1.6. Right to object
- 5.1.7. Exclusion from automated decision-making, including profiling
- 5.2. Children — exercising the rights of minors and representation
- 6. Contact details of the Company
- 7. Overriding/overriding interests
- 8. Transfer of personal data to third parties
- 9. List of entities that may come into contact with your personal data
- 10. Rules for data transfer outside the European Union (to third countries or international organisation)
- 11. Monitoring and compliance with legal standards
This document is dedicated to the topic of personal data protection in relation to the validity of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) — (hereinafter referred to as “GDPR”) (General Data Protection Regulation).
The General Business Policy of Avenier a.s., with registered office at Bidláky 837/20, 639 00 Brno, ID No.: 26260654, a company registered in the Commercial Register maintained by the Regional Court in Brno, Section B, Insert 3646 (hereinafter referred to as the “Company”), expresses our commitment to strive to protect the personal data of our employees, job applicants, customers, suppliers and business partners. This policy sets out how this commitment will be implemented and the Company’s position as data controller.
The company is bound by local legislation. In the area of personal data protection, the Office for Personal Data Protection (OPDP) is the supervisory authority in the Czech Republic.
The GDPR applies to wholly or partially automated processing of personal data and to non-automated processing of personal data contained in or intended to be contained in a record.
The Company may supplement this policy with sub-policies and notices that comply with the GDPR and the Privacy Rules.
We consider the protection of your privacy in the processing of personal data to be an important matter and pay special attention to it. Our privacy policy complies with the provisions of the law and our Company-wide code of conduct.
We emphasize cooperation with companies that comply with the rules and legal provisions and conduct their activities in accordance with the GDPR. More about the processors and beneficiaries below.
The Company’s employees are bound by confidentiality and the Company’s internal rules. The company organizes and provides training to employees on the rules and other obligations related to data security and protection, as well as internal audits aimed at checking compliance with these rules and policies when working with personal data. Access to personal data is controlled and based on the rights of individual employees as necessary for the work of each workplace.
We process personal data collected during visits to our website in accordance with the legal provisions in force in the Czech Republic. We automatically collect and store a range of information to optimize this website for system performance, usability and to provide useful information about products and services. This information typically includes information about your IP address, browser type, language setting, operating system, Internet Service Provider (ISP), and the date and length of your visit.
We use this information to effectively administer the website, to obtain information about user behavior on the website, to analyze trends, and to gather demographic data about our users as a whole. The information collected in this way may be used for marketing and promotional purposes and for communication purposes (e.g. to make it easier for users to navigate the site, to provide attractive special offers and services, etc.) with your prior consent.
The Company’s website may include links to other websites that are not covered by this privacy and cookie policy.
The Company’s websites, email messages, online services, advertisements and interactive applications may use so-called “cookies” to optimize services. “cookies” if you give your consent to this via the Company’s website.
A “cookie” is a small file, usually consisting of letters and numbers, which we send via our web server to a browser cookie on your computer’s hard drive. This allows us, for example, to recognise a user’s device when a connection is made between a web server and a web browser. The main purpose of cookies is to enable our web server to provide the user with the website they are used to so that the visit to the Company’s website is more personal to the user and can better respond to their individual needs.
Cookies can be divided according to who places them on your website, i.e. On:
- First party cookie — these are limited to the domain of the website you are viewing. These cookies are considered to be more secure.
- Third party cookie — these are placed by a script from another domain. Users can thus be tracked across domains. They are often used to evaluate the effectiveness of advertising channels.
According to their durability, cookies can be divided into:
- Short-term (session cookies) — they are deleted from your computer when you close your browser
- Persistent cookies — we may use persistent cookies to make it easier and more convenient for users to navigate the site (e.g. faster and easier navigation). These cookies remain in your browser’s cookie file for a longer period of time, depending on your browser settings. Persistent cookies allow information to be transferred to the web server each time you visit the site. Persistent cookies are also known as tracking cookies. You can also remove them manually.
The use of cookies can be categorised as follows:
- Technical – these cookies are needed for the proper functioning of the website, security, correct display on your computer or mobile phone, functioning filling out and submitting forms, etc. Technical cookies cannot be disabled because the website would no longer function properly.
- Analytical and performance – Analytical and performance cookies allow us to measure the performance of our website and our advertising campaigns. We use them to determine the number of visits and sources of visits to our website. We process the data collected by these cookies in aggregate, without using identifiers that point to specific users of our website. The more people who have statistical cookies enabled, the better we can optimise our site to be more relevant to what people are doing on the site.
- Personalised and advertising – by using personalised cookies, we won’t have to ask you for the same information over and over again, or we can offer you products based on your interests or tailor the content of the site to you. Advertising cookies are used by us or our partners to remind you of offers you have viewed on our site and elsewhere on the internet: on Facebook, on Google or on Seznam. With this consent, you won’t see more ads, but you’ll mainly see ads that are relevant to your search. Consent to these cookies can be withdrawn at any time.
We use the following cookies on our website:
- Technical – first parties, short term. They ensure the basic technical functionality of the website, i.e. logging in, using services, etc.
- Google Tag Manager – the service is only for easy management of measurement codes, it does not use any cookies and does not record any data. Terms of data processing by Google Tag Manager.
- Google Analytics — first party, long term. They are used to generate anonymous statistics about the use of the website. Google LLC is the data processor of the data obtained from cookies. Terms and conditions for data processing by Google Analytics.
- Google Ads — first party, long term, remarketing and conversion. Ads data processing terms.
- Sklik – third party, long term, personalised and advertising. Our website uses retargeting technologies from the Sklik service operated by Seznam.cz, a.s. This allows us to show visitors who have already shown interest in our products our ads in the advertising network of Seznam.cz, a.s. Terms of data processing by Sklik.
Our website uses retargeting technologies from the Sklik service operated by Seznam.cz, a.s. This allows us to show visitors who have already shown interest in our products our ads in the advertising network of Seznam.cz, a.s. We never place sensitive or personal data in cookies. We may place a user ID in cookies, but this does not allow third parties to identify a specific person.
Deleting
You can delete cookies in your browser — usually located in the “History” of the pages you visit.
Blocking
Browsers allow you to block the placement of cookies on your computer. In this case, however, the functionality of this website will be limited. For information on how to set your browser to store cookies, please visit the website of your browser provider:
- Chrome
- Firefox
- Internet Explorer
- Android – different browsers
For more information about cookies and their use, please visit https://www.aboutcookies.org/.
This website uses Google Analytics, provided by Google, Inc. (“Google”). Google Analytics uses cookies. Information about your use of the site, together with the contents of the cookie, will be transferred to and stored by Google on servers in the United States. Google will use this information for the purposes of evaluating your use of the site and compiling reports on site activity for its operators and for the provision of other services relating to site activity and internet usage in general. Google may also disclose this information to third parties if required to do so by law or if such third parties process this information for Google. Google Analytics is enhanced by related advertising features provided by Google, namely:
- Google Ad Network Impression Reports,
- remarketing (displaying ads on the content network based on product views),
- Enhanced demographic reports (reporting of anonymous demographic data),
- user id — a Google Analytics feature that allows you to measure and analyse user behaviour across devices. We use a string of numbers or letters as user id’s, we never use personal information that would allow third parties to identify a specific person.
For more information about the processing and use of data, please refer to Google’s terms and conditions.
If you do not want to provide anonymous web usage data to Google Analytics, you can use a plugin provided by Google. Once installed in your browser and activated, no further data will be sent.
With regard to data protection, we limit the processing of personal data to data that is adequate and relevant for the purpose in question. These are personal data for identification and communication with you and special categories of personal data that are necessary for our activities in accordance with applicable legal standards.
As part of our business, we collect personal data from employees, customers, business partners or suppliers to uniquely identify a person.
We collect and process personal data about our employees (and, to the extent described below, their family members) in accordance with the GDPR:
- title
- Name,
- last name,
- Address,
- birth number,
- ID card number or number and type of other identity document,
- maiden name,
- former surname,
- place of birth,
- citizenship,
- marital status,
- private phone,
- private email,
- health insurance company code,
- bank connection,
- Photographs,
- a criminal record extract (if legally required),
- a statement of the driver’s score,
- copies of proof of education and qualifications,
- proof of medical examination,
- Thomas International questionnaire (psychodiagnostic),
- a statement from the Labour Office,
- credit card,
- Contracts and amendments (e.g. pension plans, life insurance),
- supporting documents for tax settlement (e.g.: disability, blood donation, loan, foreclosure, personal data of family members and dependents — name, surname, address, date of birth, birth number, birth certificate of children),
- details of the private vehicle (in the case of an approved business trip using a private vehicle).
We collect and process personal data about job applicants in accordance with the GDPR:
- the information contained in the CV (title, name, surname, etc.)
- contact details (phone, e‑mail),
- residential address,
- details of studies, further specialised education and experience).
We collect and process personal data about our suppliers in accordance with the GDPR:
- name and surname,
- the name of the company,
- company headquarters,
- billing correspondence address,
- phone,
- e‑mail,
- ID number (personal identification number),
- TIN (tax identification number),
- bank account number.
We collect and process personal information about the clients of the Vaccination and Travel Medicine Centres, if applicable. sensitive data in accordance with the GDPR:
- name and surname,
- address of permanent residence,
- phone,
- e‑mail,
- birth number,
- sex,
- medical records (medical history, diagnosis, clinical information, regular medication, vaccinations, etc.),
- health insurance company code,
- records of telephone calls to the Company’s customer service line,
- records of e‑mail communications,
- identification data of the legal representative, if applicable. loved ones.
We collect and process personal data about our pharmaceutical distribution customers in accordance with the GDPR:
- name and surname,
- the name of the company,
- Expertise,
- date of birth,
- the date of the holiday,
- company address, delivery address, billing address, correspondence address,
- phone,
- e‑mail,
- bank account number,
- ID number (personal identification number),
- The ID number (identification number of the facility),
- TIN (tax identification number),
- a recording of a telephone call to the Company’s customer service line,
- records of e‑mail communications,
- identification of the authorised person and the representative.
We collect and process personal data about VacciWay students in accordance with the GDPR:
- name and surname,
- date of birth,
- your permanent address,
- phone,
- e‑mail,
- TIN (tax identification number),
- employer/school
- education attained
The Company processes special categories of personal data (“sensitive personal data”) to the extent necessary for the performance of its activities on the basis of statutory obligations (primarily on the basis of the provisions of Section 53 of Act No. 372/2011 Coll., on Health Services, and further pursuant to Article 9(2)(h), GDPR).
Sensitive personal data is data concerning health, in particular data concerning:
- history,
- diagnosis,
- clinical information,
- regular medication,
- health services provided that are indicative of health status.
We work with your personal data:
- for the period of time necessary to fulfil the relevant purpose (i.e. at least the duration according to the statutory regulations or termination of the relationship in another form),
- for the establishment, exercise or defence of legal claims.
At the end of the specified period for processing and storing personal data, your data will be securely deleted or destroyed or anonymised.
If you have given your consent to the processing of your personal data, e.g. for marketing purposes (including profiling for the purpose of offering suitable products and services), the data is processed for the duration of the consent for the given processing purpose.
The data we process is mainly obtained through our employees (e.g.: doctors and nurses in the Vaccination and Travel Medicine Centres, distribution specialists, customer care consultants, etc.) and from you (the data subjects). We may also obtain data from other sources (e.g. the commercial register, the National Health Information System, etc.) to verify its accuracy and completeness.
The personal data of natural persons of our business partners and suppliers are updated directly by the data subject or communicated by the employer of the natural person during the course of our business relationship.
If you are our employee or job applicant, references from former employers or references from online sources such as social networks like LinkedIn or job portals can also be a source of data.
If you are a client of our Vaccination and Travel Medicine Centres, we may obtain sensitive information from your treating physician in the context of providing follow-up health services under Act No. 372/2011 Coll., the Act on Health Services and Conditions of their Provision (Health Services Act).
We collect your personal data as well as your sensitive personal data from you for the purpose of fulfilling our contractual obligations.
We also process personal data legally obtained from public registers or in cooperation with government authorities and institutions (e.g. in the sense of Act No. 253/2008 Coll., on certain measures against the legalization of proceeds of crime and terrorist financing).
The processing of personal data may also take place if your data is provided by a third party to whom you have given your consent or direct power of attorney for this purpose.
The Company processes personal and sensitive data only to the extent necessary for the fulfilment of the relevant purpose. Personal and possibly. even sensitive data (in particular health data) may be processed in one or more of the following circumstances:
If you are dealing with the Company as a customer, business partner or supplier, we will ask you to provide personal data for the following purposes:
- the conclusion, administration and performance of contracts (Article 6(1)(b) GDPR),
- relationship management, provision of contacts (Article 6 (1) ©, (f) GDPR),
- product development (Article 6(1)(f) GDPR),
- marketing and customer/process analysis (Article 6(1)(f) GDPR),
- scientific and statistical analysis (Article 6(1)(f) GDPR),
- compliance with legal and regulatory obligations (Article 6(1)© GDPR).
If you are a job applicant or a former or current employee, your personal data is processed for the following purposes:
- performance of employment contracts, contractual obligations, (Article 6(1)(b) GDPR),
- human resources management (existing staff only), (Art. 6 para. 1. Point. b), ©, (f) GDPR),
- internal management, including evaluation of the organisation or corporate culture, (Article 6(1)(f) GDPR),
- the health and well-being of employees (Article 6(1)(f) GDPR),
- fraud detection, prevention (Article 6(1)(f) GDPR),
- compliance with legal and regulatory obligations (Article 6(1)© GDPR),
- analysis of employee profiles (Article 6(1)(f) GDPR),
- recruitment and filling of vacancies, incl. former employees and job applicants (Article 6(1)(f) GDPR).
If you are a supplier working with our Company (generally) we will ask you to provide personal data for the following purposes:
- the conclusion, administration and performance of contracts (Article 6(1)(b) GDPR),
- relationship management, provision of contacts (Article 6(1)(f) GDPR),
- product development, (Article 6(1)(f) GDPR),
- marketing and customer/process analysis (Article 6(1)(f) GDPR),
- compliance with legal and regulatory obligations (Article 6(1)© GDPR).
If you are a client of our Vaccination and Travel Medicine Centres, we will ask you to provide personal data for the following purposes:
- the conclusion, administration and performance of contracts (Article 6(1)(b) GDPR),
- compliance with legal and regulatory obligations (Article 6(1)© GDPR).
If you are a customer of a pharmaceutical distributor, we will ask you to provide personal data for the following purposes:
- the conclusion, administration and performance of contracts (Article 6(1)(b) GDPR),
- relationship management, provision of contacts (Article 6(1)(f) GDPR),
- product development (Article 6(1)(f) GDPR),
- marketing and customer/process analysis (Article 6(1)(f) GDPR),
- compliance with legal and regulatory obligations (Article 6(1)© GDPR).
If you are a student in our VacciWay programme, we will ask you to provide personal data for the following purposes:
- improving the qualifications of employees, (Article 6(1)(f) GDPR),
- improving the skills of the professional public (Article 6(1)(b) GDPR)
If none of the above is the case, consent will be obtained from the data subjects before processing their Personal Data. We will provide you with the following information when you give your consent:
- the identity and contact details of the controller and his representative, if any;
- contact details of the Data Protection Officer;
- the processing purposes for which the personal data are intended;
- the possible recipients or categories of recipients of the personal data;
- the controller’s intention, if any, to transfer the personal data to a third country or an international organisation and the existence or absence of a Commission decision on adequate protection or, in the cases of transfers referred to in Articles 46 or 47 or in Article 4(1)(b) of Directive 95/46/EC, the existence or absence of a Commission decision on adequate protection. 49 para. 1, second subparagraph, a reference to appropriate safeguards and means of obtaining a copy of that data or information on where the data have been made available.
- the period for which the personal data will be stored or, if this cannot be determined, the criteria used to determine that period;
- the existence of the right to request from the controller access to, rectification or erasure of, or restriction of processing of, personal data relating to the data subject and to object to processing, as well as the right to data portability;
- the existence of the right to withdraw consent at any time, without prejudice to the lawfulness of processing based on consent given before its withdrawal;
- the existence of a right to lodge a complaint with a supervisory authority;
- whether the provision of personal data is a legal or contractual requirement or a requirement to be included in a contract, whether the data subject is under an obligation to provide personal data and the possible consequences of not providing such data;
- the fact that automated decision-making, including profiling, referred to in Art. 22 para. 1 and 4 and, at least in those cases, meaningful information concerning the procedure used as well as the significance and foreseeable consequences of such processing for the data subject.
With your consent, we may process data for the following purposes:
- Marketing,
- processing of sensitive data.
If the processing is reasonably necessary to process the request, the data subject’s consent is presumed (for example, visiting the website, using the Company’s applications, visiting in person or attending an educational event).
Consent should be the free, specific, informed and unambiguous consent of the data subject to the processing of personal data relating to him or her in the form of a written statement, whether made electronically or by other active expression of will.
The data subject has the right to refuse or withdraw consent to the processing of personal data at any time.
With the entry into force of the General Data Protection Regulation, the owners of personal data (data subjects) have the right to:
- information and access to personal data,
- data portability,
- processing limitations,
- correction and deletion of personal data,
- information regarding the rectification or erasure of personal data or restriction of processing,
- objection,
- exclusion from automated decision-making, including profiling.
The roles in which we may record your personal data and uniquely identify you are:
- you are our employee — current employee, former employee, job applicant, close relative or family member of an employee,
- you’re our supplier,
- you’re a client of our Vaccination and Travel Medicine Centers,
- you are our drug distribution customer,
- a student in the VacciWay program.
If you are a natural person other than those mentioned above, whose data has been obtained in the course of our activities, these data are not further processed and we are not able to identify you unambiguously from these personal data. These data are used for informational purposes of our company only and are not passed on to other processors or third parties.
Furthermore, we would like to inform you that exercising your rights in relation to the protection of personal data may result in certain limitations of our activities towards you and our contractual relationship.
In order to exercise the rights of personal data subjects, we accept applications at our address Bidláky 837/20, 639 00 Brno or do not hesitate to contact us at +420 533 337 511 or at info@avenier.cz.
In the event that we receive your personal data for processing directly from you, we are obliged to tell you the following:
- the identity and contact details of the Company,
- the purposes of the processing for which the personal data are collected and the legal basis for the processing,
- the legitimate interests of the controller or of a third party where those interests override the interests and rights of the data subject,
- the possible recipients of the personal data and the intention to transfer your personal data to a third country or an international organisation,
- the period for which the data will be used, if applicable. saved,
- a list of your rights, including the right to complain,
- whether the provision of personal data is a legal or contractual requirement,
- the fact that automated decision-making, including profiling, takes place.
If your personal data was not obtained directly from you, we are also obliged to provide you with information on the category of personal data concerned and the source from which the data was obtained.
The data subject has the right to obtain the personal data he or she has provided to us in a structured form in a commonly used and machine-readable format. At the same time, as a data subject, he or she has the right to transfer this data to another controller. The transfer of personal data is only possible for personal data that are obtained on the basis of consent or for the performance of a contract and are processed by automated means. The rights and freedoms of other persons shall not be adversely affected by the transmission of data.
As a data subject, you have the right to have us restrict the processing of your personal data if:
- deny the accuracy of the personal data,
- you suspect unlawful processing of personal data, but you refuse to erase this personal data and instead request a restriction on its use,
- we no longer need the personal data for the purposes of processing, but you as the data subject require it for the establishment, exercise or defence of legal claims,
- you object to processing — processing will be limited to the time necessary to verify whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
We would like to inform you that in the event of a request to restrict the processing of your personal data, our activities towards you and our contractual relationship may be restricted.
As a data subject, you have the right to have inaccurate or outdated personal data concerning you corrected.
You can exercise the right to erasure or the right to be forgotten if:
- the personal data is no longer necessary for the purpose for which it was collected and processed,
- you withdraw the consent on the basis of which we process the data and there is no other legal basis for the processing,
- personal data are processed unlawfully,
- personal data has been collected under the terms of the child’s consent in connection with information society services.
In the event that the right to erasure of personal data that has been disclosed or transmitted by us to third parties is exercised, we take the necessary steps to contact all recipients of your personal data and send them a notice to delete all references.
Your right to erasure can only be exercised after the expiry of the time limit for the establishment, exercise or defence of legal claims.
Whenever you, as a Data Subject, request it, we will inform you of the recipients of your personal data at the time your data is disclosed to them. We will also inform you about corrections, deletions or if the processing of personal data concerning you is restricted.
You can only object in certain specific cases, namely:
- processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or for the purposes of our legitimate interests or the interests of a third party (including profiling): if you object with relevant reasons, we will provide you with the reasons for the processing. If our reasons do not override your interests and rights or are not for the establishment, exercise or defence of legal claims, the processing of personal data will be discontinued.
- processing for direct marketing purposes (including profiling): if you object and do not wish your data to be further processed for this purpose, there is no need to provide reasons for termination. Upon receipt of an objection, we will stop using your data for this purpose. However, if we also process the relevant data for another purpose on another legal basis, such processing is not affected by the objection.
- processing for scientific or historical research purposes or for statistical purposes: If you object with relevant reasons, we will provide you with the reasons for the processing. The right can only be exercised if the processing is not for the performance of a task carried out in the public interest.
We will explicitly notify you of your right to object (except for the last point of processing) at the latest at the time of the first communication, clearly and separately from other information.
As a Data Subject, you have the right not to be subject to any decision based solely on automated processing. It is protection from a potentially adverse decision that could have been made without human intervention. We hereby confirm to you that, according to the legal definitions, no automated decision-making, including profiling, takes place in our Company.
In the case of the provision of information services to a minor, the child’s consent to the processing of his or her personal data is deemed lawful if the child is at least 13 years old. The consent of a child under the age of 13 must be expressed or approved by a legal guardian (person with parental responsibility for the child).
The above does not apply to the general contract law of the Member States, for example rules on the validity, conclusion or effect of a contract in relation to a child.
The personal data controller is the Company: Avenier a.s., Bidláky 837/20, 639 00 Brno, phone: +420 533 337 511 email: info@avenier.cz, ID No.: 26260654, VAT No.: CZ26260654, File No.: B, Section 3646, registered at the Regional Court in Brno, date of registration: 17.9.2001, mailbox ID d9tcy64.
In case you wish to send a complaint with regard to your rights, the DPO of the Company is competent to receive this complaint, e‑mail: dpo@avenier.cz.
We will process your request/complaint without undue delay and will inform you of the processing within 30 days of receipt of the request/complaint. (This deadline may be extended by a further two months if necessary, taking into account the complexity and number of applications, and you will be informed of any extension of this deadline, together with the reasons for the delay, within one month of receipt of your application)
Some of the Company’s rights and obligations may override the rights of individuals if, in the particular circumstances, there is a legitimate interest that outweighs the interest of the individual (overriding interest). An overriding interest exists if it is needed:
- Protect the Company’s legitimate business interests including: (health, safety or security of individuals, intellectual property rights, trade secrets or the Company’s name, continuity of business operations)
- prevent or investigate violations of law, actual or suspected, based on reasonable suspicion (including cooperation with law enforcement), contracts, or our Company policies,
- otherwise protect or defend the rights of the Company, its employees or others.
In the course of our business, your personal data may be provided:
- to statutory entities, e.g. courts, the Czech National Bank, bailiffs or insolvency administrators,
- other rights protection bodies (e.g. courts, contract doctors, investigators, court commissioners, etc.),
- processors who guarantee the technical and organisational security of the protection of personal data,
- to other health professionals and medical facilities (laboratories, contract doctors or specialised medical centres).
Personal data is only transferred to third parties to the extent necessary for the fulfilment of the purpose.
The Company only cooperates with processors that provide sufficient guarantees to implement appropriate technical and organizational measures to ensure that the processing complies with legal requirements and to ensure the protection of the rights of Data Subjects. The Company has always concluded the relevant contract on personal data processing with these processors.
Beneficiaries:
- public authorities and the courts (particularly in the performance of our legal duties),
- auditors or other independent persons to ensure compliance with legal obligations,
- information technology providers or operators,
- providers of services necessary for the performance of our activities (administrative activities, archiving, legal advice, claims management, etc.),
- health service providers (when investigating insurance claims),
- commercial intermediaries authorised to broker the Company’s products,
- insurance service providers.
This Article sets out additional rules for the transfer of personal data to third parties located in a country that is not expected to provide an adequate level of protection of personal data (country with an inadequate situation).
Personal data may only be transferred to a third party located in a country with an inappropriate status if:
- a contract has been entered into between the Company and the relevant third party which provides assurances that the third party will maintain a similar level of protection to that provided by our Company;
- the third party has been certified under a code of conduct or certification programme that is recognised under applicable law as providing an ‘adequate’ level of data protection; t
- the third party has put in place binding corporate rules or a similar mechanism to control the transfer of personal data that provides appropriate safeguards under applicable law;
- the data subject has been informed of the potential risks to him or her as a result of the absence of an adequacy decision and appropriate safeguards and has subsequently given his or her explicit consent to the proposed transfer;
- the transfer is necessary for the performance of a contract between the data subject and the controller or for the implementation of pre-contractual measures taken at the request of the data subject;
- the transfer is necessary for the conclusion or performance of a contract concluded in the interests of the data subject between the controller and another natural or legal person;
- the transfer is necessary for important reasons of public interest;
- the transfer is necessary for the establishment, exercise or defence of legal claims;
- the transfer is necessary to protect the vital interests of the data subject or other persons where the data subject is not physically or legally able to give his or her consent.
Our Company conducts internal audits of processes and procedures involving the processing of personal data in order to comply with established policies and rules.
In Brno, on 27.11.2023
For Avenier a.s.
Board of Directors