Privacy Policy

Privacy Policy

This Privacy Policy is designed to inform data subjects about what personal data we collect, process, use, and how we protect

1. Who is the data controller, and what categories of data subjects are processed?

Data Controller:

AUMED Pharma a.s.

Registered office: Janáčkovo nábřeží 475/47, Smíchov, 150 00 Prague 5

ID: 17619068

Registered under file no. B 27658/MSPH.

Categories of data subjects:

a)    Contractual parties in business relations.

b)    Employees of the Controller.

c)    Service providers and persons engaged under contractual agreements.

2.    What personal data is processed?

Identification data: name, surname, date of birth, permanent address; for suppliers/customers (sole traders): tax ID and registered office. Contact data: contact address, email, phone number, bank account details.

Other data: contractual/legal data or consent-based data (photos, cookies). Such consents are requested only in specific situations

3.    Sources of personal data

We collect data directly from the data subject in business/employment relations and from third parties (e.g., public registers)

4.    How and for how long do we process personal data?

Data is processed electronically and physically without automated decision-making or profiling. Data is protected from unauthorized We retain personal data as long as necessary for rights and obligations from contracts, legal requirements, or claims enforcement. If no contract is concluded, pre-contractual data is deleted immediately.

5.    Legal basis and purposes of processing

-    Contractual purposes (Art. 6(1)(b) GDPR).

-    Legitimate interests (Art. 6(1)(f) GDPR) such as rights enforcement.

-    Legal obligations (Art. 6(1)(c) GDPR) for authorities, tax offices, courts, etc.

-    Direct marketing with consent.

6.    Right to withdraw consent

If processing is based on consent (Art. 6(1)(a) GDPR), it may be withdrawn anytime, partially or fully, without affecting prior

7.    Data subject rights

-    Access: confirmation and access to personal data (Art. 15 GDPR).

-    Rectification/Erasure/Restriction: correction, deletion, or limitation in certain cases.

-    Objection: to legitimate interest-based processing.

-    Data portability: receive and transfer data to another controller.

-    Complaint: to the Office for Personal Data Protection.

8. Recipients of personal data Data may be shared with:

-    State authorities and institutions (courts, tax offices).

-    Service providers (notaries, web hosts).

-    Other parties with consent or request.

9.    Transfers to third countries

We do not transfer personal data to third countries or international organizations.

10.    Glossary

-    Personal data: information identifying a person.

-    Data subject: the individual identified by data.

-    Controller: entity determining processing purposes and methods.

-    Processor: entity processing on behalf of controller.

-    Recipient: entity receiving personal data.

-    Processing: any systematic operations on personal data (collection, storage, use, transfer, deletion).