1/ You hereby grant your consent to Estheticon, s.r.o., Business ID No.: 25044567, with its registered office at: Dr. Milady Horákové 513/23a, Liberec IV-Perštýn, 46, (the “Controller”), to process the following personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”):
- name or nickname (you do not have to provide your real name)
- IP address
2/ Consent must be given in a clear positive act that reflects a specific, informed and unambiguous declaration of the party’s will to accept the processing of their personal data, e.g. a written declaration, including by electronic means, or an oral statement. This could entail ticking a box on a website, choosing technical parameters for using information society services, or any other statement or action clearly showing that the party consents to the proposed handling of their personal data.
Therefore silence, pre-checked boxes or inaction should not be considered consent. Consent must be granted for all processing activities performed with the same purpose(s). If the processing has several purposes, consent must be granted for all of them. If the party’s consent is granted as a result of an electronic request, the request must be clear, brief and not overly disruptive to the use of the service for which it was provided.
3/ In order to complete your registration, you will need to confirm your email address (double opt-in) by clicking on the link on the email you receive after sending in the form. After email confirmation, you will have the option of adding other personal data to your user profile other than that mentioned in point 1. If you choose to add personal data, you also grant your consent that the Controller can process it according to the GDPR:
- Profile picture (avatar)
- Phone number
4/ The Controller processes this personal data in the following manner:
- Your name and profile picture will be published with your posts in the discussion forum or your reviews about a doctor or procedure.
- Your email also serves as your username for signing in. Your email address will not be published anywhere. After email confirmation, we will not send you anything else unless you participate in the community on the website. If you post in the discussion forum or publish a review about a doctor/procedure, we will send you any replies to your posts. If you indicate that you would like to receive news about a particular procedure or doctor, we will also send you news on that procedure / doctor.
- We log your IP address in order to identify and prevent spam by blocking the relevant IP addresses. Based on your IP address, we pre-fill the country and region for your user registration. Your IP address is not published anywhere.
- The voluntary data full name and phone number are used only in case of a query to a doctor/clinic in the form of a pre-filled query form.
- We use the country and region to target users with relevant content.
5/ The Controller will process this data for a period of one year after your last sign-in and then delete it.
6/ Besides the above-stated personal data associated with user registration for publishing forum posts, the Controller’s website also processes cookies. Manage cookies consent settings here.
7/ You expressly agree to the processing mentioned above. Providing your personal data is voluntary.
8/ Your consent can be withdrawn at any time:
- Your entire profile, including all published and non-published personal data, can be deleted on your user profile.
- You can also withdraw your consent by sending an email to firstname.lastname@example.org.
- Withdrawing your consent will result in deleting your user interface and all communication, including your posts, provided that the Controller’s interests in maintaining copies of said communication do not outweigh your right to personal data protection.
9/ The personal data is processed by the Controller, but the following processors may also process personal data for the Controller:
1. Software/IT providers
- Amazon Web Services (webhosting)
2. Any other providers of processing software, services and applications the Controller is not currently using.
10/ The Controller has appointed a data controller. The data controller’s contact information is:
101 00 Praha
11/ Personal data protection - all personal data is processed and stored in a database that meets the technical data protection required under relevant law. In order to protect the rights of individuals, the service provider can disclose non-public personal data to state authorities in compliance with valid legal regulations. In case of a judicial dispute or other proceedings before public authorities, the service provider is authorized to disclose all information provided to it, including personal data.
12/ Personal data will not be transferred to countries outside the EU.
13/ Please be aware that under the GDPR you have the right:
- to withdraw your consent at any time,
- to ask us about what personal data of yours we are processing,
- to receive a copy of the personal data being processed,
- to require us to grant you access to the personal data and to update, correct and or restrict the processing of the personal data,
- to require us to delete the personal data,
- to data transferability,
- in case of doubt over the legal personal data processing, to file a complaint with the Personal Data Protection Office.