Personal data protection

Welcome to the website elizabethclinic.cz, operated by:

Elizabeth Beauty Concept s.r.o
Černochova 1291/2
Praha 5, 15800
IČO: 10825720

ID: 10825720

(hereinafter referred to as the “Administrator”)

We are pleased with your interest and appreciate your trust.

As part of our services, we take great care to protect your personal data, rights, as well as your right to be informed when obtaining, processing and using your personal data. We handle your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “Regulation”)

Collection and use of personal data

As a data controller, we process the following data about you via this website: your name, surname, e-mail, telephone number, IP address, cookies, your comment in the contact form (hereinafter referred to as “Personal Data”).

We declare that all Personal Data is confidential and will not be disclosed to any third party. Exceptions are entities that provide activities related to the activities of the Controller for the Controller. We provide Personal Data to the minimum extent necessary to provide health care, health protection and related activities.

To whom your personal data is provided

The processing of personal data is carried out by the Controller, but personal data may also be processed for the Controller by the following processors:

• Healthcare institutions, healthcare registries, state organizations that enter into the process of registration, treatment, control and contact with the patient;
• Persons and companies that provide the technical operation of a service for us or operators of the technologies we use for our services;
• Persons who provide accounting and economic services for us;
• Providers of communication and postal services, including electronic communications;
• Marketing agencies for the purpose of presenting and targeting offers of our services and products;
• Operators of advertising systems and technical solutions that allow us to show you only relevant advertising and offers;
• Providers of solutions for sending commercial communications;
• Software/IT providers.

Consent to the use of personal data when registering for the Newsletter

When you register for the newsletter, we process the following data:

• email address
• IP address

We process the email address for 3 years after you have given your consent for the purpose of sending commercial communications. You can withdraw your consent at any time by contacting info@beautyconcept.cz or by following up the newsletter in the sent commercial communication.

Recipients of personal data for the purpose of distributing the Newsletter

In the context of communicating business messages, news and interesting facts via the Newsletter, your personal data may be provided to the following categories of recipients:

• Employees of the Controller in the performance of their duties;
• To suppliers of the Administrator’s PR and marketing services;
• The Administrator’s IT and hosting service providers;
• The providers of the MailChimp marketing platform, The Rocket Science Group Llc, GA 30308.

The Controller will provide you with an up-to-date list of Processors upon request and without undue delay via the contact details above.

In order to use the services of the MailChimp platform, the Controller transfers your personal data abroad, specifically to the USA. The operator of the MailChimp platform, The Rocket Science Group Llc, is a company certified under the European Commission’s EU-U.S. and Swiss-U.S. Privacy Shield Framework, which ensures a sufficient level of security of your personal data when transferred to the USA. A current list of companies covered by this program is available on our website at www.privacyshield.gov.

You can read in detail about our cookie policy here.

Period of storage of personal data

In the case of processing that takes place for the performance of a legal obligation, the period of storage of personal data (processing period) is determined by the relevant legal regulation. In the case of processing carried out in the performance of a contract, the processing period is determined at least by the duration of the contractual relationship or the time necessary to ensure all rights and obligations arising from the contractual relationship.
At the end of the period of legitimate processing, the Controller shall cease to process the relevant personal data and shall ensure their destruction in accordance with the relevant legal regulations.

Data protection rights

In accordance with Articles 12 to 22 of the Regulation, subjects may exercise their rights. The individual rights of subjects shall be exercised by written request to the Controller, to which the organisation shall respond without undue delay, but at the latest within one month of receipt of the request. In exceptional cases, the organisation is entitled to extend the time limit for processing the request by a maximum of two months.

You have the right to exercise the following rights in accordance with these provisions

• the right of access to personal data (Article 15 of the Regulation) – individuals may request information about what data the Data Controller processes about them;
• the right to rectification of personal data (Article 16 of the Regulation) – individuals have the right to request rectification of incomplete or incorrect personal data concerning them;
• the right to restriction of the processing of personal data (Articles 18 and 19 of the Regulation) – if the person considers that the processing of his or her personal data should be restricted, in particular because the processing of such personal data by the Controller is in breach of the law;
• the right to object to the processing of personal data (Article 21 of the Regulation) – in cases of processing of personal data carried out on the basis of the Controller’s legitimate interest under Article 6(1)(f), individuals have the right to object to the processing;
• the right to erasure of personal data (Article 17 of the Regulation) – if a person considers that the processing of personal data concerning him or her is not justified, he or she may request the erasure of personal data which, in his or her opinion, is processed in breach of the Regulation (except where the processing is for the performance of a legal obligation);
• the right to the portability of personal data (Article 20 of the Regulation) – personal data of persons processed by automated means on the basis of their consent or on the basis of the legal title of performance of a contract may be transferred to another Controller at the request of the data subject.

To exercise all your rights, you can contact the Data Controller directly via the e-mail address info@beautyconcept.cz. If you consider that your personal data is being processed in breach of the Regulation, you may lodge a complaint with the supervisory authority, without prejudice to your right to judicial protection.

Secure communication during processing

SSL-certifikát
When transferring data, we use the so-called SSL-security system (Secure Socket Layer) in conjunction with 128-bit encryption. This technique offers the highest security and is therefore used, for example, by banks to protect personal data in online banking. You can tell that your data is being transmitted encrypted by the lock symbol next to the address in the top bar of your browser.

reCAPTCHA Google Inc.
In order to guarantee sufficient security when submitting forms, we use Google Inc.’s reCAPTCHA service in certain cases. This is mainly used to distinguish whether the data has been entered by a human or automatically by a machine. Here, a different privacy policy from Google Inc. applies. For more information on the privacy policy of Google Inc. please visit the following link: https://www.google.com/intl/cs/policies/privacy/