How will personal data
be handled?
The personal data of whistleblowers and possibly other persons who may be affected by individual notifications or whose data was obtained during the screening of notifications are processed in accordance with legal regulations in the field of personal data protection, in particular Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data ("GDPR"). The administrator of personal data is PRO.MED.CS Praha a.s.
We keep records of received notifications to the extent of:
- the date of receipt of the notification;
- the name, surname, date of birth and contact address of the notifier, if these details are known;
- a summary of the content of the notification and the identification of the person against whom the notification was directed, if the identity is known;
- the date of completion of the assessment of the reasonableness of the notification or the assessment of the notification by the relevant person and the result of the assessment.
Notices received and documents related to the notice, including all personal data, are kept for 5 years from receipt of the notice.
In the case of reports submitted through the internal reporting system, only the appropriate person (external natural person) who is the only one who knows the identity of the reporter has access to the records.
The legal basis for the processing of personal data for the purpose of operating the ethics line is the fulfilment of a legal obligation that applies to our company according to the Legal Regulations, and in order to take appropriate measures to correct or prevent an illegal situation following the notification submitted, the legal basis for the processing of personal data is also the protection of the legitimate interests of our company.
In connection with the processing of personal data, the natural persons concerned have the rights to the extent and under the conditions set out in Articles 15 to 22 of the GDPR, namely:
- The right to access personal data;
- The right to correct inaccurate personal data or supplement them;
- The right to erasure of personal data;
- The right to object to the processing of personal data based on legitimate interest;
- The right to lodge a complaint with the competent supervisory authority in the Member State of your habitual residence, place of employment or place where the GDPR has been breached. The competent supervisory authority for the Czech Republic is the Office for the Protection of Personal Data (www.uoou.cz).
The aforementioned rights can be exercised in writing at the address of the administrator's seat, including by email sent to the address: privacy@promedcs.com. In the same way, you can contact the administrator with any other questions or comments about the conditions of personal data processing.