* The outcomes of this diet depend on the person's individual predispositions and cannot be guaranteed in every person. We advise you to consult your doctor before you start a diet programme.
Your personal data are safe with us
We take personal data protection and your privacy seriously; therefore, we will always retain and process your data in line with the applicable legislation, including with the Act on Personal Data Protection, with the relevant provisions of the Civil Code and EU legislation, and as from 25 May 2018 also with the General Data Protection Regulation of the European Parliament (GDPR).
We protect your personal data to the maximum extent taking into account the state-of-the-art technology. We have databases in which we record personal and operational data (hereinafter jointly referred to as the “Data”) and which we have obtained in connection with your contract with us, providing products and/or services, and/or with other direct or indirect contact with you.
This policy will provide you with the information on the methods of the processing of your personal data.
Who is the Data Controller?
The Data Controller is KetoDiet CZ s.r.o., with its registered office at Kolovratská 58/1, 100 00 Prague 10, Company Id. No. 02648661, registered with the Companies Register kept by the Municipal Court in Prague, File No. C221830.
How to contact us?
You can contact us by post at: KetoDiet CZ s.r.o., Generála Svobody 748, 533 51 Pardubice, by phone at: +420 608 044 100, by e-mail at: email@example.com, or by other channels as specified on our website.
Who is the Data Subject?
Any natural person who starts any contractual relationship with us, or a representative of such natural person, or a person authorised to act on behalf of this natural person and/or the natural person’s contact person.
What are the sources of the Data that we use?
We either obtain the data directly from you, or we obtain the data through services or from third parties (yet only on the condition that there is a legal basis for the processing of such data). If there is a change in your personal data, you should inform us of that change.
What data do we process?
Personal data means any information concerning an identified or identifiable natural person. In other words, any data connected to a certain person that can (on its own or in combination with other data) result in identification of the specific person. Any information that cannot be linked to a specific person, and any anonymous or aggregated data, i.e. any data that cannot be connected to a specific person from the beginning of the processing or thereafter, will not be considered personal data.
We process the following categories of data, and the scope of the processing depends on the products and services that you make use of:
Identification data: academic degree, name and surname, Company Id. No. and Tax Id. No., residence, business address, billing address
Contact details: telephone number, e-mail address, social media nickname
Invoicing and payment details: information on account numbers and payment method, data on received payments and outstanding debts, data on late payment history
Information on services/products provided: products and services provided, ancillary services (including membership in our loyalty programmes, etc.) customer category, price for the products and services provided
Special information: Login and password (e.g. to the customer section or loyalty programme)
Cookies and tools for analysis: You will find more information under section “Cookies” hereinbelow.
We may process also other data if you provide them to us in connection with your activity or our business activities. Processing of such data is then governed by this policy or any rules set out for this particular purpose.
How do we use the data (purpose of the data processing)?
Providing your personal data is voluntary, yet for some activities (e.g. product supplies, loyalty programmes or competitions) your data are indispensable. We process the data that you provide us, primarily for the purposes of provision of our services and products or for any other legitimate interests we may have, for our internal needs or for our marketing and business purposes.
We process your data based on your consent or based on our legitimate interests. In case of processing based on our legitimate interests, our interests must objectively override your right of privacy, and at the same time, and the purpose of the processing cannot be achieved in any other way, and we shall take any and all necessary measures to minimise the interference with your privacy. In cases where your data are processed based on your consent, you may withdraw the consent at any time. In cases where your data are processed based on our legitimate interests of the data controller, you may raise an object to such processing at any time.
Processing based on legitimate interests of the data controller
Provision of products and services, involving billing and delivery
Description: To provide products and services based on contract, these services include also ancillary services (e.g. loyalty programme) and counselling/advisory services, including billing of such services, customer management and sending of any related messages/notifications/ confirmations/complaint handling/contract modifications and customer care while using our services, etc.
- Categories of the processed data: identification data, contact details, invoicing and payment details, information on the services/products provided, communications, special data, cookies (in case of using our website)
- Legal basis: contract
- Processing period: during the term of the contract and during the period for which parties are entitled to make any claims based on the contract
- Right to withdraw your consent/raise an objection: NO
Compliance with statutory duties
Description: Any duties arising out of any applicable legal regulations that require that the personal data be processed as part of the records (e.g. tax documents). This part only lists examples of personal data processing, please be aware that the scope of the processing will always depend on the provisions of the applicable legislation, in other words, the list is not exhaustive.
- Category of personal data: as required by the legislation
- Legal basis of processing: legislation or any other binding legal regulation
- Period of processing: set out by provisions of the respective legislation
- Right to withdraw consent/raise an objection: NO
Processing based on your consent
In accordance with the applicable laws, you have the right to decide whether you will give us the consent to the processing or not. When entering into the contract for the first time (or when entering into any other contracts) or when registering (e.g. with our loyalty programme or into a competition), we will ask you whether you consent to the processing. Usually, you will give us consent by means of tick-off of a relevant box.
Marketing and business purposes (including sending marketing and promotional communications)
Description: This type of processing of personal data and other information (e.g. information on how you use our services or products, and the like) includes profiling or segmenting for the purposes of understanding your needs and preferences and their use in order to offer you the relevant products and services. In relation to this processing you also give us your consent to be sent marketing communications.
- Categories of the personal data processed: identification data, contact details, invoicing and payment details, information on the services/products used, socio-demographic data
Communications with us, special data, cookies (in the case of use of our website)
- Right to withdraw consent/raise an objection “: YES
Period of personal data processing
In the case of consenting to the processing, your personal data will be processed for a period for which the consent has been given or until it is withdrawn, however, no longer than for three years from the end of the relevant contractual relationship.
In the case of processing based on our legitimate interest of the data controller, the data will be processed for the necessary period or until you raise an objection, which may lead to the termination of the processing, as the case may be.
Rights of the data subjects
You can exercise your rights through the contacts specified above in this document in the part DPO Contacts. If you withdraw your consent to certain data processing, we will stop the processing in a reasonable time proportionately to our technical and administrative capacities.
Right of access to the data and right of access to their copies
You have the right to ask for the overview of your data that we process and to ask for their copy. At the same time, you have the right to information on the source of the data where we have not obtained the data directly from you, and on whether we use automated decision-making and, on any information, related thereto. The right to access can only be exercised by a person who is identifiable and whose identity has been verified.
Right of rectification
If you think that the data we process on you are incorrect or incomplete, you have the right to ask to have your data updated and complemented.
Right of erasure (right to be forgotten)
You have the right to have your data erased if they are not necessary for the purpose for which they have been processed. Please be aware that as a result of the erasure of some of the data the functionality of some of the services may be restricted or disabled (e.g. membership in the loyalty programme).
Right of restriction of the personal data processing
You have the right to request that the processing be restricted if you claim your personal data are incorrect or the processing is unlawful, and you refuse to have such personal data erased or your data are necessary for establishment, exercise or defence of your legal claims, or if you object to the processing carried out on the basis of our legitimate interests of the data controller and it should be demonstrated that our legitimate interests of the data controller override your legitimate interests.
We may, at your request, process your data even after the legal basis ceases to exist, e.g. for the purposes of making a claim before court, where you will need the personal data that we process.
Right of data portability
If you have provided your data to us, their processing is based on your consent and it is carried out by means of automation, you have the right to request this data concerning you in a structured, commonly used and machine-readable format and the right to provide this data to another controller. If it is technically feasible the data may be transmitted directly to the controller you designate. If exercising your right has an adverse effect on the rights and freedoms of third persons, such request may not be granted.
Right to object to the personal data processing
You may raise the objection to the personal data processing at any time. In such a case your personal data will not be processed for the relevant purpose anymore. Please be aware that as a result of the erasure of some of the data, the functionality of some of the services may be restricted or disabled (e.g. membership in the loyalty programme).
Withdrawal of the consent
Consent to the processing given to us may be withdrawn at any time. Withdrawing your consent does not affect the lawfulness of the processing based on the consent before its withdrawal. Please be aware that as a result of the erasure of some of the data the functionality of some of the services may be restricted or disabled (e.g. membership in the loyalty programme).
Automated individualised decision-making, including profiling
You have the right not to be subject to any decision made exclusively based on automated processing, including profiling, that may produce legal effects concerning you or similarly significantly affect you. This will not apply if the decision is necessary for the entering into a contract with us or for the performance of such contract, or it is authorised under the relevant laws or based on your explicit consent.
Right to lodge a complaint with the supervisory authority/legal remedies
You have the right to lodge a complaint with the Personal Data Protection Office. To find out more about the Office, please go to www.uoou.cz.
To whom may your personal data be disclosed?
The data you have provided to us may be disclosed only to the data controller (including its employees and persons in similar relationship) and to the data processors in the extent necessary for their activities. They will not be disclosed to any other persons. This applies subject to our possible duty to hand your data over to entities that may request such data in line with the applicable legal regulations.
Personal data processing is carried out only by those processors always based on a contract on personal data processing that we have entered into. We carefully select all processors to ensure protection of the data provided from the technological and organisational point of view.
Provision of data to third parties
Provision of our products and services does not involve transfer of the data for processing outside the EU.
We label our marketing communications or marketing communications of third parties as “Marketing Communication”, or “MC” or designate them in any other suitable manner to make you aware that the communication constitutes a marketing communication in the meaning of the valid legal regulations and that the communication has been sent by us.
We send our marketing communications based on our customer-provider relationship or based on your consent. Any marketing communications of any third parties are sent to you only with your consent.
If you do not wish to receive the marketing communications, please contact us by email or at the telephone specified herein, in the part DPO Contacts.
Security of the processing
We have taken all necessary measures to protect sensitive information (including personal data) against any unauthorised access. For this purpose, we apply appropriate internal measures and we comply with any regulation or legal requirements. We also abide by security policy that includes, without limitation, security management of all persons, platforms/systems and devices that are used for accessing such data. Our services make use of state-of-the-art security technologies.
When considering the best suitable level of security, we always take into account the risks that the processing may entail, including without limitation any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
We have implemented suitable technical and organisational measures to ensure the appropriate level of security corresponding to the given risk, including without limitation, ongoing confidentiality, integrity, availability and resilience of processing systems and services;
We have implemented a system of management and documentation of accesses and permits, which helps us prevent any unauthorised access to the information. The relevant piece of information can only be accessed by a person who needs the relevant information to perform his/her activities.
Our employees (and persons in a similar relationship) are familiarised with the information protection policy at the start of their employment (and also during the employer-employee relationship). The same obligation also applies to our contractors and suppliers. Our employees and persons acting on behalf of the suppliers are obliged not to disclose any information.
The premises where the personal data are located are secured by constructional adjustments of the premises.
Cookies are processed mainly by server operators or other relevant website operators and by operations of marketing systems used on the given websites. The cookies are processed for a period of time that is necessary for their use, however not longer than 1 year from the date of generation of the relevant cookie.
None of our cookies collects or contains information that constitutes personal data and does not enable identification of persons.
We reserve the right to modify and amend this policy.
In Prague on 2 May 2018