Praha
+420 776 776 500

Privacy Policy



This Privacy Policy establishes the obligations of the Supplier to not disclose and ensure the confidentiality of personal data provided by the User.
The Service Provider is Fillers Group s.r.o., registered at 13000 Praha 3 - Žižkov, Orebitská 616/9 (hereinafter referred to as the Supplier).
The User is any legal or natural person who orders services from the Provider in writing or orally. Before the provision of the service, the User will receive an email notification with a link to this Privacy Policy, including Consent to Data Processing (see below).


I. Protection of personal data

1.1. By filling out any form related to the order (request, application or order form), the User confirms that he is familiar with the conditions for the protection of personal data, agrees with their wording and accepts them in full.
1.2. The provider is the controller of personal data pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general data protection regulation) (hereinafter referred to as the General Data Protection Regulation). The provider undertakes to process personal data in accordance with legal regulations, in particular the General Data Protection Regulation.
1.3. Personal data - any information relating to a specific or identifiable natural person (subject of personal data); a identifiable natural person may be identified directly or indirectly, in particular by reference to identifiers such as a name, an identification number, location data, an online identifier, or one or more factors specific to physical, physiological, genetic, mental, economic , cultural or social identity of the person.
We will process all personal data provided by the patient for the needs of the clinic, as part of the maintenance of medical records or commercial communications. Personal data includes contact data (name, surname, address, e-mail address, telephone number) and, if necessary and depending on the type of business relationship, identification and payment data (IČO, DIČ, payment card number, account number) . All data provided is necessary solely for the implementation of quality service. All data is processed and used during the duration of the contractual relationship and subsequently archived for a period of 10 years after the termination of the contractual relationship.
1.4. When ordering, personal information is required for the successful completion of the order (name and address, contact, e-mail, telephone). The purpose of processing personal data is to fulfill the user's order and exercise the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal data is to send business messages and implement other marketing tasks. The legal basis for the processing of personal data is the performance of a contract in accordance with Article 6 (1) b) GDPR, the fulfillment of a statutory obligation of the administrator in accordance with Article 6 (1) c) GDPR and the legitimate interests of the Provider in accordance with with Article 6 (1) f) GDPR. The dominant interest of the Provider is the processing of personal data for the purposes of direct marketing.
1.5. The provider uses the services of subcontractors, mainly email service providers (personal data may be stored in countries outside the EU) and web hosting providers to fulfill the license agreement. Subcontractors have been verified by the Supplier for the secure processing of personal data. The Supplier and subcontractors have entered into a personal data processing agreement, according to which the subcontractor is responsible for ensuring appropriate physical, technical and software protection and, therefore, is directly liable towards the User for any leakage or breach of personal data security.
1.6. The Provider stores the user's personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User, and the requirements arising from these contractual relationships (for 15 years from the date of termination of the contractual relationship). After this period, the data will be deleted.
1.7. The User has the right to request the Provider to access his personal data in accordance with Art. 15 GDPR, to request changes to personal data in accordance with Art. 16 GDPR or, if necessary, impose restrictions on data processing in accordance with Art. 18 GDPR. The user has the right to delete personal data in accordance with Art. 17 (1) (a) and (c) - (f) GDPR. The user also has the right to object to the processing of data in accordance with Art. 21 GDPR and the right to data portability in accordance with Art. 20 GDPR.
1.8. The user has the right to file a complaint with the Office for the Protection of Personal Data if he considers that his right to the protection of personal data has been violated.
1.9. The User is not obliged to provide personal information, however, the provision of personal data is a necessary requirement for the conclusion and execution of the contract, and without the provision of personal data, the conclusion of the contract or the fulfillment of its conditions by the Supplier is impossible.
1.10. On the part of the Supplier, no automation of individual decision-making within the meaning of Art. 22 GDPR.
1.11. By placing an order for the provision of the Supplier's services, the User:
1. agrees to the use of his personal data for the purpose of sending commercial messages, promotional materials, direct sales, market research and direct offers from the Supplier and third parties, but not more than once a week, and
2. declares that he does not consider the distribution of information in accordance with paragraph 1.11.1 as unsolicited information of an advertising nature within the meaning of Law No. 40/1995 of the Collection of Laws, as amended, since the User agrees to sending information in accordance with clause 1.11.1, as well as with § 7 of Law no. 480/2004 Coll.
3. The user may at any time revoke the consent in accordance with this paragraph in writing to info@fillersgroup.cz
1.12. The provider uses so-called cookies to improve the quality of service,
personalize the offer, collect anonymous data and for analytical purposes.


II. Rights and obligations between the controller (administrator) and the processor (processor)

2.1. With regard to personal data, the Provider is a processor in accordance with Art. 28 of the General Data Protection Regulation. The user is the controller of personal data.
2.2. These terms and conditions govern the mutual rights and obligations in the processing of personal data to which the Supplier has gained access as part of the fulfillment of the terms of the contract concluded in the form of acceptance of the General Terms and Conditions on the website http://fillersgroup.cz/ (hereinafter referred to as the Contract), concluded with the User on the day of commencement of the execution of the contract.
2.3. The Provider undertakes to process the User's personal data to the extent and for the purposes specified in Articles 2.4 - 2.7 of these Terms. Processing resources will be automated. The Provider will collect, place on storage media, store, block and destroy personal data in the course of processing. The provider is not entitled to process personal data in violation of these conditions or beyond them.
2.4. The Provider undertakes to process the User's personal data of the following types:
1. general personal data,
2. special categories of data in accordance with Art. 9 GDPR,
which the User received in connection with the conduct of business.
2.5. The Supplier undertakes to process personal data towards the User in order to provide online marketing services, consultations, as well as administration / creation of a website / electronic store in the form of pre-agreed orders.
2.6. Personal data may be processed only at the workplace of the Provider or its subcontractors in accordance with Article 2.8 of this Privacy Policy in the territory of the European Union.
2.7. The Provider undertakes in relation to the User to process personal data of customers for the time necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User, and from the implementation of the requirements for these contractual relationships (within 15 years from the date of termination of the contractual relationship - the last agreed order).
2.8. The user authorizes the use of subcontractors as processors in accordance with Article 28 (2) of the General Data Protection Regulation. The User also gives the Provider general permission to use another processor for data processing, but the Provider must inform the User in writing of any proposed changes regarding the use or replacement of additional processors and give the User the opportunity to object to these changes. The Supplier shall impose on its subcontractors engaged as personal data processors the same personal data protection obligations as in this Privacy Policy.
2.9. The Supplier undertakes to ensure the processing of personal data in a secure manner, namely:
1. Personal data is processed in accordance with legal regulations and on the basis of the instructions of the User, that is, in order to perform all the actions necessary for the provision of online marketing services, consultations and administration / creation of websites or an electronic store in the form of pre-agreed orders.
2. The Provider undertakes to provide technical and organizational protection of the processed personal data, preventing unauthorized or accidental access to data, their modification, destruction or loss, unauthorized transfers, as well as any other unauthorized data processing and abuse, and guarantees that all obligations under The processing of personal data resulting from the law is guaranteed continuously during the personal and organizational continuity of data processing.
3. The technical and organizational measures taken must correspond to the level of risk. Through these measures, the Provider ensures the continued confidentiality, integrity, availability and resilience of processing systems and services and restores the availability and access to personal data in a timely manner in the event of physical or technical incidents.
4. The Provider hereby declares that the protection of personal data is subject to the Provider's internal security rules.
5. Personal data will only be available to authorized persons and subcontractors in accordance with Art. 2.8 of this Policy, by which the Provider will determine the conditions and scope of data processing, and each of which will have access to personal information under its own unique identifier.
6. Supplier's authorized persons who process personal data in accordance with this Policy are required to maintain the confidentiality of personal data and security measures, the disclosure of which may compromise their security. The supplier must ensure that authorized persons strictly comply with this obligation. The Supplier guarantees that he and his authorized persons will comply with this obligation even after the termination of employment and other relations between them.
7. The Provider will assist the User with appropriate technical and organizational measures, if possible, in order to comply with the User's obligation to respond to requests regarding the exercise of the rights of the data subject set out in the General Data Protection Regulation, as well as to ensure compliance with obligations under from Art. 32-36 of the General Data Protection Regulation, taking into account the nature of the processing and the information that is available to the Provider.
8. At the end of the provision of services related to processing in accordance with Article 2.7 of this Policy, the Provider is obliged to delete all personal data or return them to the User if they cannot be stored under the special law.
9. The Provider will provide the User with all the information necessary to demonstrate that the obligations under this Agreement and the General Data Protection Regulation have been complied with, allow audits to be carried out, including checks performed by the User or another Auditor appointed by the User.
10. The User undertakes to immediately report any facts known to him that may adversely affect the proper and timely fulfillment of obligations arising from this Policy, and provide the Supplier with the necessary assistance to meet the conditions of this Policy.
11. The Supplier undertakes to maintain the confidentiality of the processed personal data, in particular, it must not disclose, distribute or transfer to other persons, except for persons who are in an employment relationship with the Supplier, or other persons who are authorized to process personal data. The Supplier is obliged to ensure that its employees and other authorized persons comply with confidentiality obligations even after termination of the contractual relationship. The Supplier is also obliged to maintain confidentiality regarding the security measures taken to ensure the protection of personal data, including after the termination of this contractual relationship.


III. Final provisions

3.1. The validity of this Personal Data Privacy Policy expires upon the expiration of the period specified in Art. 1.6 and Art. 2.7 of this document.
3.2. The user agrees to the terms of this Policy by entering into a contract, and thereby confirms that he has read this Policy and fully agrees with it.
3.3. The Supplier has the right to change the provisions of this Policy. The Provider is obliged to publish the new version of the Policy without any undue delay on its website and, if necessary, send the new version to the User by e-mail.
3.4. Supplier's contact details for resolving all issues related to this Personal Data Privacy Policy: +420 777 244 970, info@fillersgroup.cz
3.5. Relationships not expressly regulated by the terms and conditions of this Policy are governed by the General Data Protection Regulation and the legal order of the Czech Republic, in particular by Act No. 89/2012 of the Collection of Laws, the Civil Code as amended.
This Policy will come into effect on 27/06/2022
Statement
Beauty Market honestly declares that, as the administrator of the personal data of its patients, it fulfills all legal obligations required applicable law, in particular the Law on the Protection of Personal Data, and that it:
• processes personal data only on the basis of legal title (the patient has expressed his free and voluntary consent to the processing of his personal data);
• fulfills the registration obligation with the Office for the Protection of Personal Data,
• fulfills the obligation to provide information to its patients in accordance with the Law on the Protection of Personal Data,
• allows its patients to exercise their rights under the Personal Data Protection Act,
• performs all other duties of a personal data controller in accordance with the Law on the Protection of Personal Data.