Terms of personal data protection

Basic information

The controller of personal data is the company Hilbi Health s.r.o., with registered office at k Baťáku 2780/25, Skalica 909 01, Bussines ID: 51031060, TAX ID: 2120580033, VAT: SK2120580033, registered in the Commercial Register of the Trnava District Court, insert no. 40665/T (hereinafter referred to as "Provider"). The Provider processes personal data in accordance with Act. no. 18/2018 Coll. of the protection of personal data and on the amendment and supplementation of certain laws, as amended and in accordance with the Regulation of the EUROPEAN PARLIAMENT AND COUNCIL (EU) 2016/679 of April 27, 2016 of the protection of natural persons in the processing of personal data and on the free movement of such data , which repeals Directive 95/46/EC.

The Provider processes the personal data of the natural persons concerned, which the natural persons provide within the Hilbi application/platform (the " Hilbi "), and which are necessary for the actual use of Hilbi or for the proper provision of services within Hilbi.

For the purposes of using Hilbi, the Client must provide data such as name, surname, email address, address, phone number. For the purposes of proper provision of services, in some cases additional personal data is required from the Clients, namely social security number, health insurance company, age and place of residence.

For the purposes of using Hilbi, the Service Provider must provide the name, surname, title, Doctor's assigned number, seat, address, email address, Doctor's code, telephone number and provider's code.

For the purposes of performance, Hilbi also processes financial information about the Client's payment and purchase history, which is collected and stored for the purposes of proper performance of services within Hilbi.

In the framework of using the services provided by the Service Providers through Hilbi, the Client will, for the purpose of the full and proper performance of the service by the Service Provider, enter data related to health, personal data related to the physical health or mental health of a natural person, including data on the provision of health care or services related to the provision of health care, which reveal information about the health status of the person concerned. These data are provided through Hilbi exclusively by the Service Provider, while the Client gives consent to the processing of such personal data directly to the Service Provider through separate steps in Hilbi conditioned by an SMS key. The service providers process this data in accordance with the law and the legal and moral obligations of the service providers. Therefore, the Provider does not process such data related to the health of the affected person, the Provider has no access to this data, the Provider only enables mutual provision of the above Client data between the Service Providers and possibly their employees and the Client through Hilbi, under strict security conditions of encryption of the health data of the affected person.

As part of using Hilbi or using services within Hilbi, natural persons are also entitled to provide optional data that helps to provide services more efficiently.

When paying with a payment card and paying through a payment service provider, communication with the payment gateway server takes place via the payment gateway interface directly in the application, but outside Hilbi's reach. Data on the payment card of a natural person are therefore not sent to the Provider, but are sent directly to the payment gateway provider as part of a secure transfer. The payment gateway then transfers the data to the relevant banking institution to make the payment, again within the framework of secure data transfer.

The Provider does not sell personal data outside the European Union. In the event that the Provider wants to provide the personal data of the affected natural person to a third party, we will inform about this in advance, including indicating to whom the personal data is sold.

Automatically processed personal data

When visiting Hilbi, the Provider may collect certain information, such as IP address, date and time of access to our website, information about the internet browser, operating system or language settings of the natural person concerned. In the case of access from a mobile phone via the Hilbi application, the Provider can also process information about the mobile device of the person concerned, such as mobile device data, application failure records, etc.. The Provider is also authorized to process information about the behavior of affected natural persons on websites, or the Hilbi application (e.g. which links within Hilbi are visited, etc.). However, information about the behavior of affected natural persons within Hilbi is anonymized for the sake of your maximum privacy, and therefore the Provider cannot assign it to a specific affected natural person.

Cookies

The Provider uses technical, functional, and analytical cookies.

Technical cookies are used to enable Hilbi to function properly, especially in the scope of registration, login, use of services, etc. Functional cookies mainly serve so that the user, the registered user, does not have to log in repeatedly and does not have to repeatedly set preferences for using Hilbi. In this case, the password of the person concerned is always encrypted. Analytical cookies help the Provider to improve Hilbi in order to make the services and use of Hilbi more efficient. Analytical cookies are collected by a script and subsequently this data is anonymized, and after this anonymization, it is no longer personal data subject to the regulation of the law, as it cannot be attributed to a specific person concerned.

Knowledge from these cookies is also used for advertising purposes, when based on this data, advertising can also be displayed on foreign websites, which the Provider considers relevant in relation to the person concerned.

By using the Hilbi website, the affected individual agrees to the use of Hilbi cookies. The person concerned has the right to express his disapproval of the use of some or all cookies, however, if he does not agree to the processing of functional cookies, the functioning of some Hilbi functions may be disabled.

Purposes and scope of personal data processing

The Provider processes the personal data of the affected person primarily for the purpose of properly providing services. The Provider also processes personal data in connection with the care of service users (inquiries, comments, complaints, processing of personal data, etc.). In this context, for the purposes of providing services through providers within Hilbi, personal data provided directly by the service provider is necessary, without which it would not be possible to provide certain services. The Provider processes the personal data of the affected persons also in connection with the registration and creation of a user account, without which it is not possible to use Hilbi due to the nature of the provided functionalities. The personal data of the affected persons are also processed for the purposes of marketing activities, such as e-mail marketing, i.e. e-mail commercial notices sent based on the consent of the person concerned, from which it is possible to unsubscribe using the procedure specified in these terms and conditions, or via a direct link contained in an e-mail message containing a commercial notice. Also telemarketing, i.e. marketing calls made for the purpose of offering services and related marketing communication, on the basis of prior consent to this processing of the telephone number.

Last but not least, the Provider processes personal data in connection with the evaluation of the services provided to the affected person by the service provider after the affected person purchases or will use services within Hilbi. The evaluation can be provided based on the request of the Provider as well as on the individual's own initiative.

Legal basis for personal data processing

The legal basis for the processing of personal data is mainly the conclusion of a contract with the person concerned and the services or performance provided on the basis thereof. For the proper provision of the service, it is necessary to process the personal data of the person concerned to varying extents depending on the nature of the service provided.

At the same time, the Provider processes personal data in connection with the legitimate interests of the person concerned, especially in connection with the provision of relevant content for the person concerned, namely data processed automatically and cookies.

Transfer of personal data to third parties

In these cases, we transfer your personal data to third parties:

The Client is provided with services through Hilbi, which are also provided by third parties different from the Provider, namely Service Providers, experts and their teams. For these services, the data provided by the persons concerned with their consent, including first name, last name, social security number, and telephone number, are stored with us and the aforementioned.

The Provider does not have data on the payment cards with which the affected persons pay for services (unless it is stored), the data is available only to the secure payment gateway, the payment service provider and the relevant banking institutions. The data on the used payment card are therefore not sent to the Provider, but are sent directly to the payment gateway provider and the payment service provider as part of a secure transmission . The payment gateway and payment service provider then transmits the data to the relevant banking institution to make the payment, again within the framework of secure data transfer.

The provider of the payment gateway is:

Stripe, Inc.

354 Oyster Point Boulevard

South San Francisco, California, 94080, USA

The authentication provider is:

Sum and Substance Ltd.

30 St. Mary Axe, EC3A 8BF

London, England

ID: 09688671

In the case of sending business announcements ́ (e.g. by e-mail or via SMS message) or telemarketing, a third party may be used for the distribution or telephone calls. This entity is bound by the obligation of confidentiality and may not use your personal data for any other purpose.

In cases required by law, the legal order or a state authority (e.g. PZ SR) imposes or may impose an obligation for the Provider to hand over the personal data of the person concerned, the Provider will do so within the legal period.

Time of personal data processing

Personal data is processed at least for the duration of the contractual relationship between us.

In the case of the processing of personal data for which consent has been granted, the personal data will generally be processed for a period of 7 years, or until such consent is revoked.

The above also applies in the case of the collection of business reports, when the personal data of the person concerned is also processed for a period of 7 years, or until the time of expressing disagreement with their further sending and processing.

Personal data that are necessary for the proper provision of services, or for the fulfillment of all our obligations, whether these obligations result from the contract or from generally binding legal regulations, they may be processed regardless of the consent of the person concerned for the period established by the relevant legal regulations or in accordance with them (e.g. for tax documents, this period is at least 10 years).

Data obtained through a user account or in another similar way are processed for the duration of the use of services through Hilbi and usually for 5 years after their cancellation. Subsequently, only basic identification data and information on the reason for which the user account was canceled or data forming part of operational backups are usually stored for a reasonable period.

Cookies covering user behavior are stored for 30 days, with older data available in an anonymized form in Google Analytics.

Security of personal data

The personal data of the affected natural persons are stored in accordance with the applicable legislation, and with the use of appropriate technologies to prevent unauthorized access and misuse of processed personal data.

The Provider regularly checks the degree of their security and continuously improves the protection in accordance with the protection needs. All communication within Hilbi is encrypted. Login data is encrypted and all data is stored only on servers in secure data centers with limited, carefully controlled and audited access.

The Provider makes the effort that can be fairly required of him in order to adopt such security measures that, taking into account the current state of technology, provide sufficient security. The security measures taken are regularly updated.

Rights and obligations of the person concerned

In relation to personal data, the affected person has the right to withdraw his consent to the processing of personal data at any time, the right to correct or supplement his personal data, the right to request the restriction of their processing, the right to raise an objection or complaint against the processing of your personal data, the right to access your personal data , the right to request the transfer of your personal data, the right to be informed about a breach of personal data security and, under certain conditions, the right to delete some personal data that the Provider processes in connection with the person concerned (the so-called right to be "forgotten").

The person concerned has the right to modify and supplement the personal data provided, he can perform the mentioned actions within the user account or through the contact form or email at the address [email protected] or through Hilbi.

The person concerned has the right to correct personal data if they are incorrect, through the contact form or email at [email protected] or through Hilbi.

The person concerned has the right to have the Provider send him an overview of his personal data, by means of a request to send an overview of personal data, either via the contact form or email at the address [email protected] or via Hilbi.

Please note that information about your payment card is not stored with the Provider, but with the payment gateway provider (third party). Therefore, this data cannot be deleted from our side and it is necessary to contact the payment gateway through which the payment was made.

With the exception of the cases specified in these conditions, the data subject has the right to delete personal data in the following cases:

- personal data are no longer necessary for the purposes for which they were processed,

- the consent on the basis of which the data was processed has been revoked and there is no other legal reason for their processing,

- the person concerned has raised an objection to the processing of personal data, and when the objection is assessed, it will become clear that in a specific situation the interest of the person concerned prevails over the interest of the Provider in the processing. of these axes. data,

- personal data is processed illegally,

- if this obligation is imposed by a special legal regulation, - if it concerns personal data of children under 16 years of age.

In the case of a request for deletion, the affected person requests the deletion of his account and related data for the Hilbi account at: https://hilbi.com/support/delet-account . The person concerned, who requests the erasure of his personal data, then sends a written request for erasure, either through the contact form or email at the address [email protected] or through Hilbi.

At the same time, the affected person has the right to raise objections if he has specific reasons against the processing of personal data provided or obtained by the affected person, either through the contact form or email at [email protected] or through Hilbi .

The affected person has the right for the Provider to limit the processing of the affected person's personal data in the event that the affected person denied the accuracy of the personal data, the personal data was processed illegally, the Provider does not need the personal data for the fulfillment of contractual obligations, or if the affected person raised an objection.

At the same time, the affected person has the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, in the event that personal data is processed in violation of the law. Of course, the Provider prefers that any discrepancies with the processing of the personal data of the affected person be dealt with primarily by the affected person with the Provider, either through the contact form or email at the address [email protected] or through Hilbi.

These Terms of Personal Data Protection, including their parts, are valid and effective from 13/03/2023, while they are available electronically on the Hilbi portal/applicati