Privacy Policy

issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (hereinafter referred to as “GDPR” ):

The user of the operator’s services, as a subject of personal data, by his free decision (by ticking a box, pressing a button) indicates that he is aware of all the facts listed below and agrees to the further processing of his personal data for the purposes of the business activities of the website operator and the interactive online platform www.mykardi. com (or consent to the processing of personal data for the purpose of sending newsletters, if he has granted special consent).

Personal data is processed by the administrator to the extent that the user has provided it to the administrator, for the reason, scope and for the following purposes:

1.For the purpose of establishing and maintaining a user account on the interactive online platform kardi.ai and for the purpose of improving the provider’s services and evaluating the services, the administrator processes only the data that the user himself provides in the registration form.

 

The personal data manager mainly processes the following personal data:

 

• identification data (name and surname, title, residential address, date of birth),
• contact details (phone number and e-mail),
• financial data (especially bank account number),
• height, weight, gender and age,
• data on the use of the operator’s equipment and physical condition, as well as measured values ​​and other information on the use of the operator’s equipment,
• health data including data relating to physical or mental health or condition. Personal health data also includes data that can be used to draw conclusions about or ascertain a person’s state of health,
• possibly other data that the user himself provides in the registration form or that will be requested by the administrator to enable registration, as well as data that the user himself provides within the application
  

The processing of this personal data is necessary for the fulfillment of the contract between the user and the operator and for the fulfillment of legal obligations that apply to the operator. The user is not obliged to provide the above data that is required of the user. In the event of not providing or withdrawing consent to the use of this data, the user will not be able to be provided with the operator’s products or services, or the operator will not be able to respond to any requests.

At the same time, this data is also processed for purposes in which the provider has a legitimate interest, namely for the purpose of improving the provider’s services, namely: i) for internal use by the administrator, for the development of products and the administrator’s portal; ii) for processing and publishing (including forwarding to contractual partners of the controller) in aggregated or in an anonymous form (e.g. for the purposes of various studies, statistical reports, infographics, case studies, etc.).

The processing of personal data according to this purpose will take place for the duration of the user account, but no longer than for another 5 years from the deactivation of the user account, unless the relevant legal regulations stipulate otherwise. After this period, the user’s personal data will be deleted by the administrator. The user is hereby informed that the measured values ​​about the user through the services of the operator cannot be provided to the user after deactivation of the user account.

2. For the purposes of sending newsletters and other commercial communications, the administrator processes personal data based on consent to the extent of:

• e-mail, 
• telephone. 

This personal data is also processed for the purpose of presenting customized product offers of the administrator and contractual partners of the administrator. By granting consent, the user also agrees to the download, processing, storage and use of data by the administrator for the following purposes: i) for internal use by the administrator, for the development of the administrator’s products and presenting the administrator’s customized product offer to users; ii) for processing and publishing (including forwarding to contractual partners of the controller) in aggregated or in an anonymous form (e.g. for the purposes of various studies, statistical reports, infographics, case studies, etc.).

The data subject has the right to object at any time to the controller processing personal data for this purpose.

The processing of personal data for this purpose will take place for the duration of the consent granted, at most for the duration of the contractual relationship with the operator. Consent can be revoked at the e-mail address podpora@kardi.ai. In case of revocation of consent, the user’s personal data will be deleted by the administrator.

The processing of personal data is carried out directly by the administrator. The administrator is entitled to transfer personal data to other entities (processors) with whom he has concluded a contract for the processing of personal data, in particular to external specialists (accountant, lawyer, doctor) and persons participating in the provision of the administrator’s services.

The administrator declares that all entities to which personal data may be made available respect the data subjects’ right to privacy protection and are obliged to proceed in accordance with applicable legal regulations regarding the protection of personal data.

Personal data are not transferred to countries outside the European Union.

The administrator applies appropriate technical and organizational measures for the protection of personal data that correspond to the nature and type of relevant personal data or categories and the risks associated with their processing.

As a subject of personal data, the user has the following rights in accordance with the GDPR:

• Right to withdraw consent. Where the user’s consent is required for the purposes of processing personal data, the user is entitled to withdraw consent at any time, in particular by sending an email from the user’s email address or by clicking on the unsubscribe link in the newsletter.
• Right of access. The user has the right to access the personal data that is processed about him, and at the same time the right to information about what personal data is processed about him, for how long, what are the purposes of its processing, to whom it is made available and whether it is used for automated decision-making (or how this automated decision-making works).
• Right to rectification. If the user discovers that incomplete or incorrect personal data are being processed about him, he has the right to correct personal data or, if the purpose of processing such personal data requires it, to supplement them.
• Right to erasure. The right of the user is also the right to delete personal data that is stored and processed about him.
• Right to portability. Another right that the user can exercise is the so-called right to portability. On the basis of this right, the user can request the provision of personal data that was provided to the administrator based on the user’s consent and that is processed automatically by the administrator. Upon request, the administrator will provide user personal data that meet these conditions in a commonly used, structured and machine-readable format, or based on the user’s request, it will be transferred to another administrator as determined, if it is technically feasible.
• Right to restriction of processing. In cases where the user feels that his personal data processed by the administrator are incorrect, he has the right to request that the administrator limit the processing of personal data to the time necessary to verify the accuracy of the user’s personal data and correct them if necessary.
• The right to object to the processing of personal data for the purpose of direct marketing, if such consent has been granted by the data subject. The user has the right to object to the administrator processing personal data for the purpose of direct marketing (e.g. for the purpose of sending commercial messages). In such a case, the controller will immediately stop processing personal data for this purpose.
• Right to complain. In the event that all the above-mentioned rights are insufficient from the user’s point of view, or in the opinion that the administrator violates the above-mentioned rights in any way, the user has the option of filing a complaint with the supervisory authority. The complaint can be made by contacting the Office for the Protection of Personal Data, which is available on the website: https://www.uoou.cz/podatelna-uradu/os-1006.

The administrator processes data with consent, with the exception of cases provided by law, when the processing of personal data does not require the consent of data subjects. The administrator points out that it is not possible to demand the deletion of personal data that the administrator is obliged to collect, based on a legal obligation (obligation imposed by law). 

The administrator informs the data subjects that in the case of anonymization of personal data by the administrator, the personal data is permanently deleted, and thus ceases to be available to the administrator of personal data, which precludes assigning it to a specific natural person at any time in the future. If the user wishes to correct personal data that the operator is processing about it, or to use another right mentioned above, you can contact it at the email address support@kardi.ai