Dear Sir or Madam,
Let us inform you on the principles and procedures at the processing of personal data, which are in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and Act No. 110/2019 Coll., on the processing of personal data, as amended.
The Declaration on the processing of personal data shall be updated by us if needed. The current version of the Declaration on the processing of personal data shall be always available on the website www.testlinecd.com and in the registered office of the company. If any substantial change in the ways of handling of personal data occurs in the Declaration on the processing of personal data, we shall inform about such change on our website.
Notice: In case of any discrepancy between the Czech and any of the foreign language versions of these Declaration on the processing of personal data, the Czech version shall prevail.
THE GENERAL INFORMATION ON PROCESSING OF PERSONAL DATA
Identification and contact data of the controller: TestLine Clinical Diagnostics s.r.o., company ID 47913240, registered office Křižíkova 188/68, Královo Pole, 612 00 Brno, registered in the Commercial Registry maintained by the Regional Court in Brno, section C, inset 10122 (hereinafter “TestLine Clinical Diagnostics“), contact email: email@example.com, telephone: +420 549 121 239.
Data protection officer: The controller has not appointed a data protection officer as he is not an obliged entity pursuant to the article 37 of the GDPR.
Automated individual decision-making: The controller does not perform automated individual decision-making or profiling pursuant to the article 22 of the GDPR.
Supervisory authority: Supervisory Authority is an independent public authority, competent to the protection of personal data in a relevant country. The supervisory authority at the place of the registered office of the controller is the Office for Personal Data Protection, based at Pplk. Sochora 27, 170 00 Prague 7, e-mail: firstname.lastname@example.org, phone: +420 234 665 125.
THE OTHER INFORMATION ON PROCESSING OF PERSONAL DATA
The data subject, purpose and extent of processing:
For the fulfilment of a contract (particularly conclusion of the contract, communication with a customer, offer processing, or price calculation) or for taking the measures adopted before the conclusion of the contract (negotiations preceding the conclusion of the contract), the controller particularly processes: name, surname, title, date of birth, ID / VAT No., billing and delivery address, telephone, e-mail of the customer or a customer's representative.
For fulfilment of legal obligations (particularly the bookkeeping, tax documents issuing and records), the controller particularly processes: name, surname, title, ID / VAT No., billing address of the customer, bank account number.
For reasons of legitimate interest, the controller processes: e-mail (sending commercial communication, providing direct marketing).
Registration: On the controller's website, customers are allowed to register by entering personal data. Upon registration, the controller is provided with the following personal data: name, surname, title, ID / VAT No., billing and delivery address, e-mail and telephone number of the customer or a customer's representative.
The controller adheres to the principle of data minimization, and therefore only the necessary fields are marked as mandatory during registration.
Registration is used to place orders on the controller's e-shop.
b. Website visitors
The controller further processes the data obtained from the data subjects who have visited the website: IP address or other online identifiers. These personal data are processed by the controller on basis of his legitimate interest or consent of the website visitors. Information on cookies is available here: https://www.testlinecd.com/information-about-the-processing-of-personal-data-through-cookies.
The controller does not process the special category of personal data pursuant to the article 9 of the GDPR or the personal data relating to criminal convictions and offences pursuant to the article 10 of the GDPR.
If the controller intends to process any other personal data than stated above, or for different purposes, he can do it on the basis of valid given consent with the processing of personal data. Such consent to the processing of personal data is given by the data subject in a separate document.
Time of data processing:
Personal data processed for the fulfillment of obligations arising from special legal regulations shall be processed by the controller for the period specified by these legal regulations. If it is necessary to use personal data to protect legitimate interests, the controller processes these personal data for the time necessary to exercise these rights. If personal data are processed on basis of the consent, the controller shall perform the processing only for the period for which the consent is granted.
RECIPIENTS OF PERSONAL DATA
The controller does not hand on any personal data to any other controllers or processors of personal data.
Personal data processed for meeting the obligations arising from special legal regulations are handed on by the controller to the state administration bodies or other competent offices only in cases required by law.
The controller does not hand on personal data to any third countries or international organizations pursuant to the article 44 et seq of GDPR.
RIGHTS OF THE DATA SUBJECTS
In connection with the protection of personal data, you have the following rights. If you are willing to exercise any of the rights, do not hesitate to contact us via contact e-mail. There are certain exceptions related to the exercise of the rights, therefore they might not be applied in all situations.
As the data subject you have:
Right of access to personal data (art. 15 of the GDPR): You have the right to obtain confirmation from the controller as to whether or not your personal data are being processed. If your personal data are being processed by the controller, you have the right to obtain access to the personal data and information stipulated in the article 15 of the GDPR. You have also the right to obtain a copy of the personal data being processed. You can be charged a reasonable fee for other copies by the controller, taking administrative costs into account.
Right to rectification of personal data (art. 16 of the GDPR): You have the right to obtain from the controller without undue delay the rectification of your inaccurate personal data, or to have incomplete personal data completed.
Right to erasure of personal data (art. 17 of the GDPR): You have the right to obtain from the controller without undue delay the erasure of your personal data in the cases stipulated in the article 17 of the GDPR. The rights to erasure shall not be applied if the processing is necessary for compliance with legal obligations, for establishment, exercise or defense of legal claims and other cases stipulated in the GDPR.
Right to restriction of processing (art. 18 of the GDPR): You have the right to obtain from the controller restriction of processing in any of the following cases: a) you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; d) you have objected to processing pending the verification whether the legitimate grounds of the controller override those of you.
Right to information regarding rectification or erasure of personal data or restriction of processing (art. 19 of the GDPR): The controller shall notify each recipient to whom personal data have been disclosed of any rectification or erasure of personal data or restriction of processing unless this proves impossible or involves disproportionate effort. If you ask, the controller shall inform you about those recipients.
Right to data portability (art. 20 of the GDPR): If technically realizable, you have the right to receive your personal data and give them to another controller.
The right not to be subject to automated individual decision-making, including profiling (art. 22 of the GDPR): While processing personal data, the controller does not perform automated individual decision-making or profiling pursuant to the article 22 of the GDPR.
Right to be informed in case of breach of personal data protection (art. 33 of GDPR): If it is supposed that a certain case of breach of personal data protection results in a high risk for your rights and freedoms, the controller shall notify you of such breach without undue delay.
Right to file a complaint with the supervisory authority: If you think that the controller fails to process your personal data in a legitimate way, you have the right to file a complaint with the supervisory authority, whose contact data are stated above.
We appreciate if you contact us first. We will do the best to rectify such a detrimental situation and process your personal data in a legitimate way.
Right to object to processing (art. 21, clause 1 of the GDPR): You have the right to object at any time to processing of your personal data processed by the controller on the basis of the legitimate interest. In that event the controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Right to withdraw consent with the processing of personal data: If the controller processes any of the personal data on the basis of your consent, you have the right to withdraw your consent in writing at any time, by sending your disagreement with the processing of personal data to the contact e-mail address. By the withdrawal of your consent, the processing of personal data is not affected in the cases when any consent is not required.
SENDING COMMERCIAL COMMUNICATION, INFORMATION ON DIRECT MARKETING
When sending commercial communication, we proceed in accordance with Act No. 480/2004 Coll., on some services of the information company, as amended. Sending commercial communication may be cancelled by using deregistration reference in each e-mail sent.
Right to object to processing for the purposes of direct marketing (art. 21, clause 2 of the GDPR): If we process your personal data for direct marketing purposes, you have the right to object at any time to such processing. In that event the controller does not process personal data any further.
DATA SECURITY METHODS
In order to secure the data subject's data against unauthorized or accidental disclosure, the controller uses adequate and appropriate technical and organizational measures. All data is located only on servers located in the European Union.
Information on processing cookies is listed here: https://www.testlinecd.com/information-about-the-processing-of-personal-data-through-cookies.