PHC personal data processing principles
The mission of Pears Health Cyber Inc. is to innovate communications in the healthcare sector to enable both, customers and healthcare professionals (doctors, pharmacists and medical staff) to choose the healthcare option and to develop expertise based on new, especially digital technologies.
For this mission it is crucial that we can clearly and comprehensively inform you about how we treat your personal data, which personal informations we collect and how we use it.
Introduction
We run the first internet pharmacy in the Czech Republic www.lekarna.cz and in Slovakia www.mojalekaren.sk, the first electronic university for doctors, pharmacists and medical staff www.euni.cz, digital solutions and applications for professional development of healthcare professionals and patients. Customers use our services to help them find the best deal in the sections of medicines, dietary supplements, cosmetics and everything related to health and at the same time, we try to offer a professional service to help them find solutions for their health, including prevention and for their professional development. In order to be truly unique in our mission we have adopted this Privacy Policy for any customer, partner or visitor to our portals.
Our registered users, due to the personal data saving, are able to get back to their orders, get acquainted with news and current offers according to their interests, they can evaluate their knowledge and gain credits for lifelong learning, exchange their experiences, publish and view relevant content and learn new healthcare skills. Content in some of our services is also available to unregistered users.
Personal data processing informations
PEARS HEALTH CYBER Inc., CIN: 25784684, with its registered office at Voctářova 2449/5, Prague 8 – Libeň, registered in the Commercial Register by the Municipal Court in Prague under sp. C 69981 (also referred to as the „PHC“), as a personal data administrator, hereby informs about the personal data processing, including the scope of the data subject’s rights relating to the processing of their personal data by the PHC.
Personal data control
All personal data are processed by Pears Health Cyber Inc. in the Czech Republic.
Purpose and scope of personal data processing:
The PHC only processes accurate personal data obtained in accordance with law no. 101/2000 Coll. and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council from 27 April 2016 of the Personal Data Protection and on the free movement of such data (also referred to as the Regulation). The PHC collects and processes personal data only for the intended purpose, in the extent specified below, for the duration of the contractual relationship and/or the existence of the valid agreement of the data subject and/or for the duration of the legitimate interest pursued and subsequently for the period specified by other legislative requirements. Personal data are in the PHC always processes corretly, lawfuly and transparently. The PHC minimizes personal data informations to the extent necessary in relation to the purpose for which they are processed.
The PHC does not process specific categories of personal data within the meaning of article 9 of the Regulation.
Personal data processing by agreement
Based on your agreement we process these personal information (the specific range depends on what personal data you have given to us): Name and surname, shipping address, billing address, phone number, email address, items from your order, date of birth, date of registration, date of the order, date of last login and marketing segmentation. We process the data based on your agreement for the purposes of effective communication with you. All peronal data we processed with your agreement will be processed only for the duration of your greement.
You can cancel your agreement at any time (specific steps are Access to personal data related to the data subject). Canceling of your agreement is without prejudice to the legality of processing based on agreement given prior to this canceling. Contract performances including the provision of the PHC services is never conditioned by the PHC’s agreement to the processing of personal data that is not necessary for the performance of the contract.
Personal data processing by contract performances
For the purpose of performing agreement we process these personal data (the specific range depends on what personal data you have given to us): Name and surname, shipping address, billing address, phone number, email address, items from your order, IP address, date of registration, dates of orders. We process the data for the purpose of delivering the ordered goods/services and to handle any complaints. Personal data we process on the basis of performance of the contract are saved for a period of 2 years.
Personal data processing based on the legitimate interest of the PHC
For the purpose of the legitimate interest of PHC, we process these personal data: Name and surname, shipping address, billing address, phone number, email address, items from your order, IP address, web browser information, date of registration, dates of the orders, date of last login, marketing segmentation and for EUNI.cz also informations about the workplaces of the users – doctors, their specialization and the mMC ID. We process the data for direct communication, possible legal disputes, security of our information systems and fraud prevention. We apply a legitimate interest in customers who have placed an order in the last 2 years.
Personal data and its processing based on the basis of compliance with legislative requirements
For the purpose of complying with the legal requirements, we process these personal data: Name and surname, shipping address, billing address, phone number, email address, items from your order, IP address and dates of your orders. We process these data for the purpose of managing taxes and transmitting informations from government authorities (such as the State Institute for Medicaments Control). To fulfill legal requirements we process personal data for 10 years from the end of the tax period in which the tax benefit occurred.
Profile
You have many setting options on your profile such as items of interest, product category preferences, news interests. Healthcare professionals can create a special profile based on their specialization, workplace, professional interests and can get more out of our services thanks to this information. It is your decision whether or not to provide us with these personal informations on your profile that serves only to create better services and offers for you.
Using our services
If there is a legal reason for processing (see above), we record your visits and use of our services, including mobile applications.
We record all data when you visit or use our services, including our websites, applications, and technologies such as viewing content (such as educational or product videos) or advertising (on our websites and within or outside of our applications) or click on them when searching, installing one of our mobile applications or sharing your experiences. In order to identify and record your usage of our services, we use login informations, cookies, device informations and Internet Protocol („IP“) address.
How we use your data
We only use your data in accordance with applicable law to provide, support, adapt and develop our services.
How we use your personal data depends on what services you use, how you use it and what data you give us. Data about you that we have is used to provide, support, and customize our services (including advertisements) to make them more relevant and useful for you and others.
Personal data sources
PHC get personal informations from you, a data subject, when placing an order and when you sign up for one of our services.
Processors and recipients
Personal data may be processed besides PHC and its employees also by PHC processors on the basis of contracts for the processing of personal data concluded in accordance with regulations . The PHC uses only those processors who provide reasonable assurance and implemented appropriate technical and organizational steps to ensure compliance with the requirements of the regulations and to ensured the protection of the rights of the data subject.
List of personal data processors
PHC process personal data manually and automatically. The protection of personal data is technically and organizationally secured in accordance with the requirements of the regulations and the Act No. 101/2000 Coll. on the protection of personal data and using the requirements of ISO / IEC 27001. The same security requires PHC also from its personal data processors.
The PHC informs that your personal data may, upon a legal request, be transferred to third subject that have the legal authority to request the transmission of the personal data.
Technical and organizational security of personal data
The PHC, aware of the importance of ensuring the protection of processed personal data in terms of confidentiality, integrity and availability, internally adopted a set of rules based on the requirements of ISO / IEC 27001: 2014 and the performed analysis of the risks. The main principles implemented in the PHC management system include:
- only persons who need the informations to carry out their work have access to the informations,
- copying personal data is not allowed,
- the principle of separation of incompatible obligations and responsibilities for relevant processes is implemented,
- accesses to personal data are kept in the audit information records and regularly analyzed,
- network measures to limit accesses to systems containing personal data have been implemented,
- all processors have secure (encrypted) personal data transfer mechanisms (your personal data is never transmitted without proper encryption),
- we use only internally approved and tested software with regularly applied security patches,
- we regularly verify the security of our information systems and networks by using penetration tests,
- we do not test our systems using real personal data if this is not strictly necessary,
- we detaily and carefully control access rights to information systems that contain personal data informations and regularly review the correctness of their settings,
- from our employees and suppliers we require to use quality and secure passwords that we regularly change,
- we keep a clean table and a blank screen policy,
- we store paper documents containing personal data in secure (locked) spaces,
- we do not store personal data in unencrypted form on unencrypted media,
- we control physical entries of both our employees and potential suppliers to the PHC offices,
- we always encrypt informations stored on laptops,
- we review all employees who have access to personal data before we assign access to them,
- we have defined the process of managing security incidents,
- we have set up an internal auditing process in the area of personal data security, we are similarly supervising our processors.
Data subject rights
You have the right to access, correct, delete, restrict, and transfer your personal data to another subject. You may also object to processing, or set up a complaint at Office for Personal Data Protection. How to apply your rights can be found in detail on our website – enforce the laws – Access to personal data related to the data subject.
Personal data protection officer
In order to ensure maximum protection of your personal data, the PHC appoints the Data Protection Officer. You can contact him by email at dpo@pearshealthcyber.cz, specific personal cast is listed on our website.