Privacy and personal data protection policy
In view of the fulfillment of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – “GDPR”) and the Law of Ukraine “On Personal Data Protection” dated 01.06.2010 No. 2297-VI (hereinafter – “the Law”), hereby we inform you of the rules for personal data processing when using the Site as well as related rights.
Checkeye Limited Liability Company (hereinafter – the “Controller”) is the owner and administrator (controller) of users’ personal data of the Site.
Contact details of the Personal Data Controller
St. Rybalska, building 13, office 4
Kyiv, Ukraine, 01011
When placing an order for medical services on the Site, user data is processed, in particular:
– data provided by the user both when filling out registration forms and in the process of using the Site;
– video and photo shooting/ photo processing of the user’s eyeball;
– results of laboratory studies;
– cookie files;
– IP addresses;
– parameters and settings of Internet browsers (User-agent).
The controller collects only personal data (e.g. your name, patronymic and surname, e-mail address, contact phone number, date of birth, gender, etc. ) that are knowingly and voluntarily provided by you, as the data subject, for the purposes of providing you with the medical services and carrying out related operations, carrying out economic activities in the field of medical practice, fulfilling the requirements of the legislation in the field of health protection (hereinafter – “Purpose of processing”), which, according to the requirements of the legislation, is the consent of data subject to process their personal data in accordance with the Purposes of their processing outlined in this Policy.
Other traffic information of the user is not processed or stored.
We do not collect or process any information for the processing of which certain requirements are established by law, such as information about racial or ethnic affiliation, political beliefs, religious or philosophical beliefs, or membership in political parties and trade unions, criminal convictions punishment for committing a crime, as well as data related to health, sexual life, biometric or genetic data, with the exception of information that is knowingly and voluntarily provided by you, as data subject, which will be considered as your explicit (unequivocal) consent for the processing of such personal data (in accordance with Articles 9 and 10 of the GDPR and Article 7 of the Law).
Personal data processing
Data centers, locating equipment that ensure the functioning of the Site services, carry out the processing and storage of the provided personal data. The provided personal data is processed and may be stored in the Personal Data Database or a separate table of the Site Database and (or) in the medical documentation.
Terms of storage of personal data
Personal data are stored for no longer than it is necessary in accordance with the Purpose of their processing, with the exception of the following cases:
– Compliance with legal obligations – we are required to retain certain types of data to comply with our obligations under applicable law. For example, health information for medical records, etc. We may also retain certain types of personal data if we are required to do so by a mandatory request from government authorities or a court order. In addition, we may store certain personal data (such as a telephone number) for the transmission of messages and calls.
– Disputes, Claims and Litigation – should we involve into dispute with you, we may retain certain types of personal data as necessary for your claims, including legal proceedings between you and us, until such dispute is resolved and then, if we deem it necessary in accordance with the statute of limitations.
The right to access, correct and delete personal data
Each person whose data is processed has the right to request access to personal data from the Data Controller in accordance with Art. 15 GDPR, Art. 8 of the Law, in particular the right to a free first copy of data in accordance with Art. 15 clause 3 GDPR.
Each person whose data is processed has the right to correct inaccurate personal data related to such a person that is processed by the Site. If the correction concerned medical data, the person has the right to request immediate correction or addition of his personal data contained in the medical documentation, only to the extent that this does not violate the professional autonomy of the person practicing the medical profession who made the entry in the medical documentation.
You can restrict the processing of your data or object to its processing.
Each person whose data is processed has the right to limit their processing in accordance with Art. 18 GDPR. Each person whose data is processed has the right to transfer data within the limits provided for in Art. 20 GDPR.
Every person whose data is processed has the right to object to their processing in accordance with Art. 21 GDPR.
Every person whose data is processed has the right to file a complaint with the supervisory authority.
The right to erasure of personal data (“the right to be forgotten”)
You have the right to submit a request to the Data controller to erase your personal data in accordance with Art. 17 GDPR (for example, when the Personal Data are no longer needed in connection with the purposes for which they were collected or otherwise processed; when you withdraw your consent or do not want the processing and there are no compelling reasons for the processing, etc.).
The paragraph above does not apply to personal data that is necessary for processing to comply with a legal obligation that applies to the Controller, or is necessary for the formation, exercise or defense of legal claims.
Transfer of personal data
We may provide your personal data to the following categories of subjects:
(1) To franchisees (partners of the Controller), employees of the Controller, other third parties in accordance with the Purpose of processing;
(2) Providing data to public authorities, such as law enforcement and judicial bodies, is possible only upon presentation of a preliminary judicial or administrative decision or administrative and/or in accordance with current legislation, if there is such an obligation.
International data transfer
We do not transfer your data outside Ukraine and the EU / European Economic Area.
We may change or supplement this Privacy and Personal Data Protection Policy from time to time.
Changes and additions to the Privacy and Personal Data Protection Policy are made by issuing their new version in electronic form, which are published on the Site ( www.check-eye.com ).
The date of entry into force of the new version of the Privacy and Personal Data Protection Policy is the date of its publication on the Site.