Personal data processing policy

The purpose of this document is to provide youwith a comprehensive and comprehensible summary of information about the processing of this personal data, in particular how, to what extent, for what purpose and for how long we will process the personal data, and to inform you of all your individual rights that you can exercise in connection with the processing of personal data.

If you do not understand anything in this document, please do not hesitate to contact us using the contact details below and we will be happy to explain everything in more detail.

At the same time, we refer in particular to Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as the Czech Adaptation Act to this Regulation No. 110/2019 Coll., on the processing of personal data, according to which our relationship in connection with the processing of personal data is primarily governed.

Please note that the information below applies in its full extent only to data subjects covered by the GDPR. If you are a data subject with a registered office or resident in another region (such as America, Asia, Africa, etc.), you acknowledge that the rules and information set out below apply proportionately. Data from US, North America, and South America data subjects are stored in our USA office (for more details please check our website) as per USA privacy laws. Data from the rest of the world are stored in our India office (for more details please check our website)as per India privacy laws.

I. Who is the controller of your personal data?

The controller is generally a person who, alone or together with others, determines the purposes and decides how personal data will be processed. 

For the purposes of this personal data processing policy, the personal data controller is Veeprho Pharmaceuticals s.r.o, identification number: 02614774, with registered office at Radiová 1122/1, Hostivař, 102 00 Prague 10, registered in the Commercial Register maintained by the Municipal Court in Prague under file number C 221520.

You can contact him via e-mail [email protected].

II. Data protection officer

No Data Protection Officer has been appointed.

III. Our main principles

When processing your personal data, we honour and respect the highest standards of data protection and in particular adhere to the following principles:

– We process your personal data for the stated purpose, by the stated means and in the stated manner, and only for as long as is strictly necessary in relation to the purposes for which it is processed;

– We protect and process your personal data with the highest level of security to prevent any unauthorised or accidental access to, alteration, destruction or loss of your personal data, unauthorised transfer or other unauthorised processing;

– we comply with appropriate technical and organisational measures to ensure a level of security appropriate to all possible risks; all persons who come into contact with personal data are obliged to maintain the confidentiality of information obtained in connection with the processing of such data.

IV. What personal data do we process?

The nature of the personal data we collect and subsequently process from you depends primarily on the relationship you have with us (contractor, supplier, customer, website visitor, etc.) and the purpose for which the personal data is collected.

Typically, we will primarily collect the following information from you:

Identification data

Your name, surname, title, sex, date of birth, birth number, residential address, nationality, identification number (if you are an entrepreneur), address of your registered office or place of business (if you are an entrepreneur), signature.

Contact information

Your home address, mailing address, e-mail address, telephone number, or any other information you provide for contact purposes.

Records of our mutual communications

In particular, records of our email or written communications between us. We do not use a telephone call recording system.

Billing information

Data from issued invoices or payments made.

Other data

For example, data we obtain from your browser or by storing cookies.

V. How do we collect personal data?

You provide us with personal data primarily on a voluntary basis by placing an order or in the context of information and data provided for the purpose of concluding a cooperation or other similar contract. We also obtain personal data from our own activities. We may also obtain personal data from third parties with whom we work or have some other relationship and who are authorised to process and share your personal data.

VI. For what purposes do we collect personal data?

We use your personal data for purposes arising from our business, and for most of such processing we do not need to obtain your consent as we are permitted to process it directly by law. We are also entitled (where applicable) to process personal data or categories of personal data for different purposes.

Where it is necessary to obtain your consent for any of the purposes, you may withdraw that consent at any time during the period for which it is given. Please note only that withdrawal of consent is prospective and does not affect the lawfulness (and lawfulness) of the processing of personal data up to the time of withdrawal.

The specific main purposes of the processing of personal data are then as follows:

  • the operation of the business (processing and managing orders, arranging the transport of goods, customer records) – the legal basis for this processing is the conclusion and performance of a contract and the protection of our legitimate interests;
  • the conclusion and performance of cooperation or other contracts with us, our partners, suppliers or carriers – the legal basis for this processing is the conclusion and performance of a contract;
  • communicating with you and others in the course of our business and to improve our services – the legal basis for this processing is the conclusion and performance of a contract and the protection of our legitimate interests;
  • direct marketing (sending newsletters or other marketing emails, text messages or other similar activities) – the legal basis for this processing is to protect our legitimate interests;
  • enabling you to participate in and administer our competitions, loyalty programmes and other similar promotions – the primary legal basis for this processing is the conclusion and performance of a contract, however, we may require your consent in a particular case;
  • providing assistance to public authorities – the legal basis for this processing is to comply with our legal obligations;
  • establishing and protecting legal rights, protecting our privacy, our security or our property and/or the rights, you or others and seeking to avail of available remedies or limit our damage – the legal basis for this processing is to protect our legitimate interests and to comply with legal obligations to which we are subject.

VII. How long will we keep your personal data?

We take all steps to ensure that the personal data we collect and process is securely relevant and serves its intended purpose. We will therefore only retain personal data for as long as is strictly necessary in accordance with the principle of data minimization. We continually assess whether there is a continuing need to process certain personal data necessary for the purpose. If we determine that it is no longer necessary for any of the purposes for which it was processed, we will destroy the data.

Below is an example of some of the times we follow in this regard:

  • we retain personal data in connection with the performance of our contract for a period corresponding to the relevant limitation periods;
  • if we obtain some personal data from you prior to entering into a contract and this does not ultimately happen, we will retain the personal data for a maximum of 1 year after obtaining it;
  • for the purpose of so-called direct marketing, we retain personal data for the duration of our contractual relationship and for a maximum of 1 year after its termination;
  • if you consent to the processing of personal data for purposes other than direct marketing, we will retain the personal data for the period specified in such consent or until you withdraw such consent;
  • accounting and tax records that we use to support our accounting and tax obligations (and which may include, in particular, billing personal data) are retained for the period of time specified by specific legislation from the end of the relevant accounting or tax period.

VIII. Who do we share your personal data with?

In principle, we process your personal data internally and primarily disclose it to our employees or persons with whom we work on a daily basis. However, if necessary to achieve any of the purposes above, we may also share your personal data with third parties, both as processors and as separate or joint controllers. However, in this case, we undertake to transfer personal data only to those entities where a sufficient level of data protection is guaranteed in accordance with data protection regulations. At the same time, we are also obliged to transfer your personal data to public authorities in some cases, if this is provided for by law. Finally, we share certain personal data with third parties on the basis of your prior consent.

Specifically, we may disclose your personal data to the following entities, subject to the following conditions:

  • our contractors and suppliers of our services – we also share personal data with other entities such as postal and shipping service providers, IT service providers, debt collectors, law firms, accountants and tax advisors, and providers of printing, advertising and marketing services in order to provide our services;
  • public authorities and third parties involved in legal or similar proceedings – subject to compliance with our other legal obligations, we are also required to transfer your personal data to the relevant public authorities such as law enforcement authorities. In the context of any litigation proceedings, your personal data will also be shared with third parties as parties to such proceedings;
  • other third parties – we are also entitled to share personal data with, for example, payment recipients, emergency service providers (fire, police and medical emergency services), etc.

IX. What rights do you have in relation to the processing of personal data?

You have a number of rights in relation to the processing of personal data which you can exercise against us through our contacts listed above.

Your request to exercise some of the rights below will be processed within one month (or three months in justified cases, where we will inform you in advance of any extension of this period) at the latest and we will not require you to pay any fee. However, it is also the case that if we receive a manifestly unfounded or unreasonable request (e.g. if there is a repeated request within a short period of time), we are entitled to charge a reasonable administrative fee to cover our costs of dealing with that request.

  • Right of access to your personal data – you have the right to request information about whether we process your personal data and, if so, to provide an extract of that data, as well as information about the purposes for which we process it and for how long we plan to keep it. We will provide you with the first copy of the extract of processed data free of charge, and may charge an administrative fee for each additional copy to cover our costs.
  • Right to rectification and completion of your personal data – if you find that the personal data we process about you is inaccurate, outdated or incomplete, you can ask us to rectify or complete it.
  • Right to erasure – you can also ask us to delete the personal data we process about you without undue delay. However, we are only obliged to comply with this request if:
  1. the processing of the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; or
  2. you have withdrawn your consent on the basis of which we processed the personal data (and there is no other legal basis for the processing); or
  3. you have successfully objected to processing and there are no overriding legitimate grounds for processing; or
  4. the personal data has been unlawfully processed; or
  5. the personal data must be erased to comply with our legal obligation.

In particular, we will then not comply with your request to erase the personal data if the processing is still necessary for compliance with our legal obligation or for the establishment, exercise or defence of legal claims.

  • Right to restriction of processing – you can request that we restrict the processing of your personal data (i.e. that we do not use it but do not destroy it completely), but only in the following cases:
  1. you have questioned the accuracy of the personal data (processing will then be limited to the time necessary for us to verify its accuracy); or
  2. the processing of the personal data is unlawful and you do not wish to have it erased; or
  3. we no longer need the personal data for the purposes of the processing for which it was collected, but you require it for the establishment, exercise or defence of your legal claims; or
  4. you have objected to the processing and we are in the process of verifying whether or not our legitimate grounds for processing outweigh your objection

Please note that even if processing is restricted, we may still process personal data if:

  1. we have your consent to do so; or
  2. it is necessary for the establishment, exercise or defence of our legal claims; or
  3. it is necessary to protect the rights of other natural or legal persons.
  • The right to data portability – if the processing is based on your consent or for the purpose of concluding or performing a contract, you have the right to have us provide you with personal data concerning you in a structured, commonly used and machine-readable format at your request, or to have this data transferred to another controller.
  • Right to object – You have the right to object to the processing of personal data that is carried out for the purposes of our legitimate interests. If we are subsequently unable to demonstrate to you that we have compelling reasons for such processing which override your interests or rights and freedoms, or which are necessary for the establishment, exercise or defence of legal claims, the processing of your personal data will cease.

You also have the right to object to the processing of your personal data for direct marketing purposes at any time. In the event of such objection, the personal data will no longer be processed for these purposes.

  • Right to withdraw your consent to the processing of your personal data – if we use your consent to process your data, you are entitled to withdraw this consent at any time. Withdrawal of consent will only have future effects, therefore the lawfulness of the previous processing will not be affected in any way. Withdrawal of consent must include information about who is withdrawing consent (i.e. attach your name, surname, home address, date of birth, or other identifying data) and what specific consent you are withdrawing and to what extent.
  • You have the right to lodge a complaint with the Office for Personal Data Protection – if for any reason you feel that the processing of your data is not going well, you can contact the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, email: [email protected], telephone: +420 234 665 111.

X. Do we use automated individual decisions?

We do not automatically process any personal data in the course of our business, nor do we use automated decision-making.

XI. Personal data of other persons

If you provide us with the personal information of others, you agree (i) to inform those individuals of the contents of this document and (ii) to secure all legally required consents to collect, use, disclose and transfer (including international transfers) the personal information of those individuals in accordance with this document.

XII. Do we transfer personal information to a third country or international organization?

We will not transfer personal data to countries outside the European Union or the European Economic Area, or to any international organization, unless we are required to do so to comply with our legal obligations.

XIII. Do we use any data analytics services?

In order to be able to personalize the content of our website, we use services that enable data analysis, in particular Google Analytics and cookies.

However, in order to use or store your cookies, we always require your prior consent each time you visit our website.

XIII. Security

In an effort to keep your personal data as secure as possible, we take appropriate technical, physical, legal and organizational measures in accordance with applicable privacy and data security laws. If you have reason to believe that your communications with us are no longer secure (e.g. if you become aware that the security of any personal data you have entrusted to us has been compromised), please notify us immediately using the contact details set out above.

This policy is valid and effective as of 02.02.2023.