Information on Personal Data Processing (GDPR)

1. Data Controller

1.1 The Controller of personal data is the company RESETfyzio, s.r.o., Company ID: 21644373, with its registered office at Příčná 1892/4, Nové Město, 110 00 Prague (hereinafter referred to as the "Controller").

1.2 Contact details of the Controller:

2. Processed Personal Data

2.1 The Controller processes the following personal data:

  • Name and surname
  • Address
  • Phone number
  • E-mail address
  • Date of birth
  • Health data related to the provided services
  • Payment details
  • Identification and contact details (name, surname, academic title, phone, e-mail)
  • Billing and payment data (method and date of payment, payment via payment gateway)
  • System data (logs, IP addresses)

3. Purpose of Personal Data Processing

3.1 Personal data is processed for the following purposes:

  • Transferring information to an independent entity providing services on an intermediary basis
  • Management of orders and reservations
  • Invoicing and accounting
  • Communication with clients
  • Fulfillment of legal obligations
  • Marketing activities (only with the explicit consent of the client)
  • Conclusion and performance of a contract
  • Processing of special categories of personal data necessary for the provision of healthcare
  • Protection of the legitimate interests of the Controller
  • Sending commercial communications (newsletters)

4. Legal Basis for Personal Data Processing

4.1 The legal bases for processing personal data are:

  • Performance of a contract between the Controller and the client
  • Compliance with legal obligations of the Controller
  • Legitimate interest of the Controller in improving provided services and communication with clients
  • Consent of the data subject (for marketing purposes)

5. Recipients of Personal Data

5.1 Personal data may be made available to the following categories of recipients:

  • Collaborators/Associates of the Controller
  • Independent self-employed persons (contractors) with whom the service is ordered
  • Data processors (e.g., IT service providers, accounting services)
  • Public authorities in case of a legal obligation

5.2 The Controller may transfer personal data to third countries (e.g., the USA) only if the processing of personal data takes place in accordance with European security standards and legal regulations.

6. Data Retention Period

6.1 Personal data is retained for the period strictly necessary to fulfill the purpose of its processing, but no longer than the period established by relevant legal regulations.

6.2 Retention periods for personal data:

  • Conclusion and performance of a contract: For the period necessary to fulfill the contract.
  • Compliance with legal obligations: For the period established by relevant legal regulations.
  • Legitimate interests: For the duration of the relevant limitation periods, which may be up to 15 years.
  • Sending commercial communications: Until consent is withdrawn.

7. Rights of Data Subjects

7.1 Data subjects have the following rights:

  • Right of access to personal data
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure of personal data (right to "be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to the processing of personal data
  • Right to withdraw consent to the processing of personal data (if processing is based on consent)

7.2 Data subjects may exercise these rights via the Controller's contact details listed in section 1.2.

8. Filing Complaints

8.1 Data subjects have the right to lodge a complaint with a supervisory authority, which is the Office for Personal Data Protection (ÚOOÚ), if they believe that the processing of their personal data violates the GDPR regulation.

9. Personal Data Security

9.1 The Controller adopts all appropriate technical and organizational measures to secure personal data against loss, misuse, unauthorized access, and other unlawful processing.

9.2 Security measures include:

  • Implementation and enforcement of internal regulations on personal data protection
  • Antivirus protection and firewalls
  • Encryption
  • Access control to personal data and authorization data
  • Backups
  • Physical protection measures

10. Final Provisions

10.1 This Information on Personal Data Processing becomes effective on the day of its publication on the Controller's website.

10.2 The Controller reserves the right to update this information at any time. The current version will always be published on the Controller's website.

In Prague, on January 1, 2024

RESETfyzio, s.r.o.
Příčná 1892/4, Nové Město, 110 00 Prague

Establishment: Sokolská 35, Prague 2, 120 00
📞 +420 773 087 655
📧 info@resetfyzio.cz
🌐 www.resetfyzio.cz