1.1 By submitting personal data, the user confirms that they are familiar with the terms of personal data protection, that they express their consent to their content, and that they accept them in full.
1.2 The Provider is the controller of users' personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR"). The Provider undertakes to process personal data in accordance with legal regulations, especially the GDPR.
1.3 Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.4 Personal data required when placing an order are necessary for successful order processing (name and address, contact details). The purpose of processing personal data is to process the user's order and to exercise rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal data is also to send commercial communications and conduct other marketing activities. The legal basis for processing personal data is the performance of a contract pursuant to Article 6(1)(b) GDPR, the fulfillment of the controller's legal obligation pursuant to Article 6(1)(c) GDPR, and the Provider's legitimate interest pursuant to Article 6(1)(f) GDPR. The Provider's legitimate interest is the processing of personal data for direct marketing purposes.
1.5 The Provider uses the services of subcontractors to fulfill the license agreement, especially providers of mailing services (personal data are stored in third countries) and web hosting providers. Subcontractors are verified in terms of secure processing of personal data. The Provider and the web hosting subcontractor have concluded a data processing agreement, according to which the subcontractor is responsible for the proper security of the physical, hardware and software perimeter, and therefore bears direct responsibility to the user for any leakage or breach of personal data.
1.6 The Provider stores the user's personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the provider and the user and to assert claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship). After its expiry, the data will be deleted.
1.7 The user has the right to request access to their personal data from the provider pursuant to Article 15 GDPR, rectification of personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR. The user has the right to erasure of personal data pursuant to Article 17(1)(a) and (c) to (f) GDPR. Furthermore, the user has the right to object to processing pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR.
1.8 The user has the right to lodge a complaint with the Office for Personal Data Protection if they believe that their right to personal data protection has been violated.
1.9 The user is not obliged to provide personal data. However, the provision of personal data is a necessary requirement for concluding and performing the contract, and without providing personal data it is not possible to conclude the contract or to perform it on the part of the provider.
1.10 The Provider does not carry out automated individual decision-making within the meaning of Article 22 GDPR.
1.11 An interested party in using the Provider's services, by filling out the contact form:
consents to the use of their personal data for the purposes of electronic sending of commercial communications, advertising materials, direct sales, market research and direct offers of products from the Provider and third parties, but no more frequently than once a week, and at the same time1.11.2 declares that they do not consider the sending of information pursuant to point
as unsolicited advertising within the meaning of Act No. 40/1995 Coll. as amended, because the user expressly consents to the sending of information pursuant to point n conjunction with Section 7 of Act No. 480/2004 Coll.
The user may revoke consent pursuant to this paragraph at any time in writing to musalek.pe@seznam.cz
1.12 The Provider uses so-called cookies in its presentation in order to increase the quality of services, personalize the offer, collect anonymous data and for analytical purposes. By using the website, the User agrees to the use of this technology.
2.1 The Provider is a processor pursuant to Article 28 GDPR in relation to personal data of the users' clients. The User is the controller of such data.
2.2 These terms and conditions regulate mutual rights and obligations in the processing of personal data to which the Provider gained access as part of the fulfillment of the license agreement concluded by accepting the general terms and conditions at www.eternalclinic.cz (hereinafter referred to as the "license agreement") concluded with the User on the date of creation of the user account.
2.3 The Provider undertakes to process personal data for the User to the extent and for the purpose specified in Articles 2.4 – 2.7 of these terms and conditions. The means of processing will be automated. Within the framework of processing, the Provider will collect, store on information carriers, keep, block and destroy personal data. The Provider is not authorized to process personal data in contradiction with or beyond the scope defined by these terms and conditions.
2.4 The Provider undertakes to process personal data for the user to the following extent:
ordinary personal data,
special categories of data pursuant to Article 9 GDPR, which the User obtained in connection with their own business activities.
2.5 The Provider undertakes to process personal data for the user for the purpose of processing inquiries and requests from clients obtained from the contact form.
2.6 Personal data may only be processed at the Provider's workplaces or at the workplaces of their subcontractors pursuant to Article 2.8 of these terms and conditions, within the territory of the European Union.
2.7 The Provider undertakes to process personal data of the User's clients for the User for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and to assert claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
2.8 The User grants permission with the involvement of a subcontractor as another processor pursuant to Article 28(2) GDPR, which is the application hosting provider. The User further grants the Provider general permission to engage another processor of personal data in the processing, however, the Provider must inform the user in writing of all intended changes concerning the engagement of other processors or their replacement and provide the user with the opportunity to raise objections to these changes. The Provider must impose on their subcontractors in the position of processor of personal data the same obligations for the protection of personal data as are set out in these terms and conditions.
2.9 The Provider undertakes that the processing of personal data will be secured in particular in the following manner:
Personal data are processed in accordance with legal regulations and on the basis of the User's instructions, i.e., to perform all activities necessary to provide the web platform.
The Provider undertakes to technically and organizationally secure the protection of processed personal data so that unauthorized or accidental access to data, their alteration, destruction or loss, unauthorized transfers, their other unauthorized processing, as well as other misuse cannot occur, and so that all obligations of the processor of personal data arising from legal regulations are personally and organizationally continuously secured throughout the period of data processing.
The adopted technical and organizational measures correspond to the degree of risk. Through them, the Provider ensures the constant confidentiality, integrity, availability and resilience of processing systems and services, and restores the availability of personal data and access to them in a timely manner in the event of physical or technical incidents.
The Provider hereby declares that the protection of personal data is subject to the Provider's internal security regulations.
Only authorized persons of the Provider and subcontractors pursuant to Article 2.8 of these terms and conditions will have access to personal data, who will have the conditions and scope of data processing determined by the Provider, and each such person will access personal data under their unique identifier.
Authorized persons of the Provider who process personal data according to these terms and conditions are obliged to maintain confidentiality about personal data and about security measures, the disclosure of which would endanger their security. The Provider will ensure their demonstrable commitment to this obligation. The Provider will ensure that this obligation for the Provider and authorized persons will continue even after the termination of the employment or other relationship with the Provider.
The Provider will assist the user through appropriate technical and organizational measures, where possible, to fulfill the user's obligation to respond to requests for the exercise of data subject rights established in the GDPR; likewise, in ensuring compliance with obligations pursuant to Articles 32 to 36 GDPR, taking into account the nature of processing and the information available to the Provider.
After the termination of the provision of services associated with processing, pursuant to Article 2.7of these terms and conditions, the Provider is obliged to delete all personal data or return them to the User, unless they have an obligation to store personal data on the basis of a special law.
The Provider will provide the User with all information necessary to demonstrate that the obligations under this agreement and the GDPR have been fulfilled and will allow audits, including inspections, carried out by the User or another auditor authorized by the user.
2.10 The User undertakes to immediately report all known facts that could adversely affect the proper and timely fulfillment of obligations arising from these terms and conditions, and to provide the Provider with the cooperation necessary to fulfill these terms and conditions.2.10 Uživatel se zavazuje neprodleně ohlašovat všechny jemu známé skutečnosti, které by mohly nepříznivě ovlivnit řádné a včasné plnění závazků vyplývajících z těchto podmínek na a poskytnout Poskytovateli součinnost nezbytnou pro plnění těchto podmínek.
3.1 These terms and conditions cease to be valid upon the expiry of the period specified in Articles 1.6 and 2.7 of these terms and conditions.
3.2 The User agrees to these terms and conditions by checking the consent box through the internet form. By checking the consent box, the user expresses that they have read these terms and conditions, that they express their consent to them and that they accept them in full.
3.3 The Provider is authorized to change these terms and conditions. The Provider is obliged to publish the new version of the terms and conditions on their website without undue delay, or to send the new version to the User at their email address.
3.4 Contact details of the Provider in matters concerning these terms and conditions: +420 721 142 096, musalek.pe@seznam.cz
3.5 Relations not expressly regulated by these terms and conditions are governed by the GDPR and the legal order of the Czech Republic, especially Act No. 89/2012 Coll., the Civil Code, as amended.
These terms and conditions enter into force on 15 June 2023
