Altoa logo

Personal data processing policies

Rules for the protection of natural persons in connection with the processing of their personal data and rules for the movement of their personal data.

Personal data controller

Altoa s.r.o., with registered office at: Maiselova 38/15, 110 00 Prague 1 – Josefov, ID No.: 02620995 (hereinafter the “Controller”).
The legal basis for processing personal data is the contract; provision of personal data is an obligation of the Data Subject arising from the relevant contract. Another legal basis for processing personal data is the legitimate interest of the Controller or the consent of the data subject.

Purpose of processing

The purpose of processing personal data is performance of the contract, fulfilment of the Controller’s statutory obligations under Act No. 563/1991 Coll., on accounting, as amended (hereinafter the “Accounting Act”) – for the purposes of bookkeeping, and further, for example, for the purposes of criminal proceedings, measures against the legalisation of proceeds of crime, administrative proceedings, civil court proceedings, tax proceedings, etc. The purpose of processing personal data also includes the legitimate interests of the Controller, e.g. enforcement of receivables, direct marketing, etc. Processing of personal data concerning health is carried out for the purpose of transferring such data to contractual healthcare service providers.

Recipients of personal data

  • public authorities (in particular administrative authorities);
  • information system maintenance providers;
  • other recipients according to the needs and instructions of the Data Subject, in particular healthcare service providers;
  • suppliers of the Controller through whom personal data are processed.

Personal data concerned

The personal data processed are in particular:

  • contact and identification data, in particular first name, surname, date of birth, personal identification number, residence, place of birth, telephone number and IP address,
  • descriptive data, e.g. bank account number,
  • other data arising from a specific contract or from law, data provided beyond the relevant laws processed within the consent granted by the data subject (processing of photographs, use of personal data for the purposes of HR procedures, cookies, etc.),
  • sensitive data – in particular data on health condition, including data on the provision of healthcare services.

Period of personal data processing

Personal data will be processed for the duration of the contract or for the period stated in the granted consent to the processing of personal data, and after its termination they will be handled in accordance with applicable legal regulations, in particular Act No. 499/2004 Coll., on archiving and records management and on amendments to certain acts, as amended, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) /hereinafter the “Regulation”/, and Act No. 110/2019 Coll., on the processing of personal data.

Technology

Personal data are protected by the most modern and currently valid technological procedures, based on recommended standards for securing data against theft, misuse or other undesirable handling of them. Altoa s.r.o. places great emphasis on the protection of its clients’ personal data and regularly updates its technology. 

The Controller hereby informs the Data Subject, in accordance with Article 13 of the Regulation, that:

  • the personal data of the Data Subject will be processed on the basis of his/her free consent, or even without his/her consent pursuant to Article 6(1)(b), (c) of the Regulation, under the conditions stated above,
  • the reason for providing the Data Subject’s personal data is the purpose of processing stated above,
  • when processing the Data Subject’s personal data, no automated decision-making or profiling will take place,
  • the controller will not transfer the Data Subject’s personal data to a third country, an international organisation, or to recipients or third parties other than those listed above,

The Data Subject has the right:

  • to withdraw his/her consent to the processing of personal data at any time,
  • to request from the Controller access to his/her personal data, their rectification or erasure, or restriction of processing,
  • to object to the processing,
  • to data portability to another controller, as well as to lodge a complaint with the Office for Personal Data Protection if he/she believes that the Controller, when processing personal data, acts in breach of the Regulation,
  • the provision of personal data is a contractual requirement, and in the event that they are not provided, it will not be possible to provide the data subject with performance under the contract.

Contact details regarding the processing and protection of personal data

  • In the case of any questions regarding the processing of his/her personal data or in the case of exercising the rights stated above, the User is entitled to contact the Controller using the contact details stated on the website www.altoa.cz or the special email address dpo@altoa.cz set up for these purposes.
Back to Legal terms