Privacy Policy

Privacy Policy

The following privacy policy outlines the principles on which Eir Health processes your data.

1. GENERAL INFORMATION

This Policy is issued by Eir Group s.r.o., Malešická 2855/2b, Žižkov, 130 00 Praha 3, Czech Republic, ICO: 21325634 and is addressed to all users (hereinafter: "Users") of our website (hereinafter: "Website"). Definitions used in this Policy are explained in section 13 below.

The Data Controller is EIR GROUP based in Czech Republi. The contact details of the Administrator are provided in Section 12 below.

This Policy may be changed and updated to reflect changes in practices related to the Processing of Personal Data by the Administrator or changes in applicable law. We encourage you to read this Policy carefully and regularly check this page to verify any changes that the Administrator may make in accordance with the provisions of this Policy.

2. PROCESSING OF USERS' PERSONAL DATA

Acquisition of Personal Data: The Administrator may acquire Users' Personal Data, such as: name, surname, address, and contact details, including email address, phone number, as well as position, company data. The Administrator may acquire Users' Personal Data, in particular, in the following cases:
  • when Users provide Personal Data (e.g., email contact, telephone, through a form, or in any other way).
  • acquisition of Users' Personal Data as a result of conducting business relationships / concluding or executing a contract (e.g., purchase by the User of a service or product of the Administrator).
  • acquisition of Users' Personal Data published in social media (e.g., acquisition of information from Users' social media profiles, to the extent that this information is visible as public).
  • acquisition of Personal Data from third parties (e.g., from contractors, from financial intermediaries, from law enforcement entities, including administrative or judicial authorities, etc.).
  • acquisition or request for Users to provide their Personal Data during Users' visits to the Administrator's pages or use of any functions or resources available on or through the Website. When Users visit the Website, Users' devices and browsers may automatically provide certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates, and times of connection to the Website and other technical communication information), some of which may constitute Personal Data. During a visit to the Website, no Personal Data of Users will be stored by the Administrator without the prior, explicit consent of Users. However, the temporary storage of log files and cookies facilitates the use of our Website. Therefore, Users are asked to express their consent on our Website. Giving the above consent is optional and does not affect the ability to use the Website. In some cases, without giving such consent, the ability to use our Website may be somewhat limited.

 

Processed Personal Data: The categories of Users' Personal Data Processed by the Administrator may, in particular, include:

  • Personal data: name (names), surname (surnames), used name, gender, date of birth/age, nationality, photo.
  • Contact data: delivery address, company (employer) address, phone number, fax number, email address, social media profile details.
  • Payment data: billing address, bank account number, name and surname of the bank account holder, account security data.
  • Content of messages: all messages, inquiries, statements, views, and opinions about us, sent by Users or published on social media or via the Website.

Legal basis for Processing Personal Data: During the Processing of Users' Personal Data for the purposes indicated in this Policy, the Administrator may rely on one or more of the following legal bases, depending on the circumstances:

  • Processing takes place on the basis of the User's prior voluntary, specific, informed, and unequivocal consent to the Processing;
  • Processing is necessary for the performance of a contract that the User has entered into or intends to enter into with the Administrator;
  • Processing is necessary to fulfill a legal obligation incumbent on the Administrator;
  • Processing is necessary to protect the vital interests of any natural person;
  • Processing is necessary for the management, conduct, and promotion of the Administrator's activities and does not infringe the interests or fundamental rights and freedoms of the User.

Purposes of Processing Personal Data: The purposes for which the Administrator may process Users' Personal Data are as follows:

  • The Administrator's Website: conducting and managing our Website, presenting its content; publishing advertisements and other promotional and marketing information; communication and contacts with customers and suppliers, as well as potential employees or collaborators, through our Website.
  • Offering Users the Administrator's products and services: presenting our Website and other services; providing promotional materials at the request of Users; communication related to the Administrator's services.
  • Marketing communication: presenting in any way (including email, phone, text message, social media, mail, and personal contact) messages and other information that may interest Users, including the distribution of newsletters and other commercial information, after obtaining Users' consent to send information in an appropriate way, based on applicable law.
  • Communication and IT operations: managing communication systems, operating for IT security purposes, and IT security audits.
  • Financial management: sales, finance, audit, and sales management.
  • Research: engaging Users to obtain information about Users' opinions on the Administrator's products and services;
  • Improving our products and services: identifying problems with existing products and services; planning improvements to existing products and services; and creating new products and services.

 

3. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

The Administrator may disclose Users' Personal Data:

  • To administrative or judicial authorities, at their request, to inform about actual or suspected violations of applicable law;
  • To persons conducting audits, lawyers, PR agencies, subject to the confidentiality obligation arising from the contract or imposed on these entities by law;
  • To third parties processing entrusted data on behalf of the Administrator, regardless of their location, in accordance with the requirements contained in this section III below;
  • To any entity authorized for the purposes of preventing, investigating, detecting, or prosecuting prohibited acts or executing criminal measures, including securing and counteracting threats to public security;
  • To any entity taking over, in the event of the sale or transfer of any organized part of the Administrator or shares in the Administrator's share capital (including in the case of reorganization, dissolution, or liquidation). Regardless of the above, the Website may use plugins or content presented by third parties. If Users decide to use them, Users' Personal Data may be disclosed to third parties or social media platforms. The Administrator hereby recommends familiarizing yourself with the privacy policy of the third party before using its plugins or content.

 Currently, we use redirects to the following social media portals on our pages: https://www.facebook.comhttps://www.instagram.comhttps://vimeo.comhttps://www.youtube.com, https://tiktok.com.

If we engage a third party to Process Users' Personal Data, in accordance with the data processing agreement concluded with such an entity, the Processing Entity will be obliged to: (i) Process only the Personal Data specified in the Administrator's previous written instructions; and (ii) apply all measures to protect the confidentiality and security of Personal Data and comply with all other requirements of generally applicable law.

4. INTERNATIONAL TRANSFER OF PERSONAL DATA

Currently, the Data Controller does not transfer and does not intend to transfer any User Personal Data to third countries outside the European Union or to international organizations. If such a need arises, this Policy will be amended, and the transfer of User Personal Data will only occur based on standard contractual clauses that the Data Controller will implement before transferring such Personal Data. In this case, Users will be entitled to request a copy of the standard contractual clauses used by the Data Controller, using the contact details provided in section 12 below.

5. DATA PROTECTION

The Data Controller informs that appropriate technical and organizational measures have been implemented to protect Personal Data, especially against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law.

The Data Controller is not responsible for the actions or omissions of Users. Users are responsible for ensuring that all Personal Data is transmitted to the Data Controller in a secure manner.

6. DATA ACCURACY

The Data Controller takes all appropriate measures to ensure that:
  • The Personal Data of Users processed by the Data Controller are accurate and, if necessary, up to date;
  • All Personal Data of Users processed by the Data Controller that are incorrect (considering the purpose for which they are processed) will be deleted or corrected without undue delay.
  • The Data Controller may, at any time, ask Users about the accuracy of the Personal Data being processed.

7. DATA MINIMIZATION

The Data Controller takes all appropriate measures to ensure that the scope of the Personal Data of Users being processed is limited to the Personal Data adequately required for the purposes indicated in this Policy.

8. DATA RETENTION

The criteria determining the duration of the period in which the Data Controller stores the Users' Personal Data are as follows: The Data Controller retains copies of the Users' Personal Data in an identifiable form only as long as necessary to achieve the goals indicated in this Policy, unless the laws require a longer period of storage of Personal Data. In particular, the Data Controller may store the Personal Data of Users for the entire period necessary to establish, use, or defend legal claims.

9. USERS' RIGHTS

In accordance with the General Data Protection Regulation, regarding the Personal Data of Users processed by the Data Controller, Users have the following rights:
  • The right of access to personal data;
  • The right to rectification of personal data;
  • The right to erasure of personal data;
  • The right to restrict the processing of personal data;
  • The right to data portability;
  • The right to object to the processing of personal data;
  • The right not to be subject to a decision based solely on automated processing.

If the processing of Personal Data is based on the consent expressed by Users, Users have the right to withdraw their consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

In the case of improper processing of Personal Data, Users have the right to lodge a complaint with the national supervisory authority for data protection, i.e., the President of the Personal Data Protection Office.

The above does not affect the rights of Users arising from statutory laws or other generally applicable legal provisions.

To exercise one or more of these rights or to inquire about these rights or any other provisions of this Policy, or about the processing of Users' Personal Data, please contact using the contact details indicated in section 12 below.

10. COOKIES

A cookie is a small file placed on the User's device during a visit to a website (including our Site). It records information about the device, browser, and in some cases, also about preferences and typical actions that Users perform while browsing websites. The Data Controller may process the Personal Data of Users through Cookie technology, in accordance with the Data Controller's Cookie Policy.

11. NEWSLETTER

If Users voluntarily, specifically, consciously, and unambiguously consent to receive the Administrator's newsletter, the Administrator may send Users an electronic newsletter with commercial information for promotional and informational purposes. Personal Data provided to the Administrator in connection with subscribing to the newsletter will be used exclusively for the purpose of sending the newsletter. At any time, Users may unsubscribe from the newsletter by using the opt-out option included in the newsletter, using the opt-out link located in the footer of the email message, or by contacting the Administrator in another way.
The Personal Data received from Users will be stored exclusively for the above purpose and for the period during which Users subscribe to the newsletter and until Users withdraw their consent to the newsletter subscription.

The newsletter is distributed by Mailchimp, which processes Users' Personal Data on behalf of the Administrator. The processor also ensures the full security of Users' Personal Data through the use of appropriate and latest technical and organizational measures. This entity stores and processes Users' Personal Data obtained in the registration process, i.e., email address and, if applicable, IP address and newsletter subscription data. The processor may not use the Personal Data provided to it for purposes other than those for which it received them. The Administrator has entered into a data processing agreement with the processor, under which the processor is obliged to comply with requirements regarding the protection of Users' Personal Data.

The transfer of Users' Personal Data related to receiving the newsletter is neither legally nor contractually required, nor is it necessary to enter into any contract. Therefore, providing this data or expressing consent to receive the newsletter is not mandatory for Users. The legal basis for receiving the newsletter is solely the consent expressed by the Users (Art. 6 (1) (a) of the General Data Protection Regulation). If such consent is not given, the newsletter will not be sent.

12. CONTACT DETAILS

For any questions, doubts, or comments regarding the information contained in this Policy or other issues related to the Processing of Users' Personal Data by the Administrator, including the exercise of rights mentioned in section IX of this Policy, please contact: info@eirhealth.com or by mail: Eir Health, ul. Młyńska 12/107, 61-730 Poznań, Poland.

13. DEFINITIONS

  • Data Controller refers to the entity that decides how and for what purposes Personal Data are processed. The Data Controller is responsible for ensuring that processing is compliant with applicable data protection laws.
  • Personal Data means any information about an identified or identifiable natural person. Examples of Personal Data that the Data Controller may process are listed in section II above.
  • Process, Processing, or Processed refer to any operations performed on Personal Data, whether automated or not, such as: acquisition, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing through transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing, or destroying.
  • Processor refers to any person or entity that Processes Personal Data on behalf of the Data Controller (other than an employee of the Data Controller).