Privacy policy - Czech Medical Insurance
Get insurance
Česky
Česky

Terms & Conditions of the Processing of Personal Data

 

Terms & Conditions of the Processing of Personal Data in Chytrý Honza a.s. Company for the Website https://www.czech-medical-insurance.cz/

Information memorandum

 

Dear customers,

 

the Chytrý Honza a.s. company with its registered head office at Jungmannova 745/24, 110 00 Prague 1 – Nové Město, ID No.: 290 48 770 and registered in the Commercial Register maintained by the Municipal Court in Prague, file. No. B. 20978 (referred to as “ChytryHonza.cz” or “we”), is a company which provides a wide range of financial services; namely it specializes in insurance, investment, savings, pensions, credit, deposits, and other financial products (for the purposes of this Information Memorandum, these services are referred to as “insurance services” –pojistné produkty).

 

These services are provided to customers of ChytryHonza.cz by financial institutions, particularly banks, insurance companies, investment and pension companies, building savings companies, non-bank credit providers, and other financial institutions with which ChytryHonza.cz collaborates on the basis of concluded agreements (“financial institutions”).

 

When providing insurance services, your personal data are processed. ChytryHonza.cz pays great emphasis to the protection of your personal data and has therefore prepared the following document to provide you with information on how we at ChytryHonza.cz approach the processing of personal data. In this document you will find answers to the following questions in particular:

 

  1. Which of your personal data do we process?
  2. Why do we process your personal data, and what allows us to do so?
  3. Who is responsible for processing your data, and to whom do we transfer it?
  4. What are the sources we use to obtain your personal data?
  5. Where do we process your personal data, and do we transfer it outside the EU?
  6. What are your rights in the processing your personal data?
  7. How can you exercise your rights?

 

We would appreciate it if you could read through our Information Memorandum. If any provisions are unclear, please do not hesitate to contact us.

 

You can send us an e-mail to gdpr@chytryhonza.cz or a letter marked ‘GDPR’ to the ChytryHonza.cz office address.

 

Your ChytryHonza.cz team

 

 

Which of your personal data do we process?

 

Identification data; including your name, surname, and your age;

 

Contact data, which enables us to reach you, particularly your e-mail address and telephone number ;

 

The data necessary for arranging the insurance service, specifically information regarding the type of insurance (i.e. whether the insurance service is for a woman, a man, or a pregnant woman), the type of stay, the duration of the stay, and the territorial scope of the insurance service;

 

The data about your behavior on the website, including the services you access, the links you click on, the content you fill in the forms, the way you browse our website and your scrolling activity. We also collect data about your device, such as the device’s IP address, location, identification, and technical specifications such as the operating system, version, screen resolution, the used browser and its version, as well as data obtained from cookies and similar technologies used for device identification;

 

The data about your behavior in relation to the messages we send you, including times of receiving and opening the messages, whether you click on the provided link, and details about the device on which you read the messages, e.g. the device’s IP address, location, identification, technical specifications such as the operating system, version, screen resolution, the used browser and its version, as well as the data obtained from cookies etc.

 

Derived data, including personal information obtained from your settings, data about the services we have provided to you, data about your behavior on the website, and data about your behavior in relation to the messages we send you. This includes information about your biological gender, age, financial situation, and your relationship with various services.

 

Why do we process your personal data, and what allows us to do so?

In the scope of our business activities, we process the personal data of our customers for various purposes and to varying extents, as follows:

 

  1. Without your consent when the processing of personal data is necessary to fulfill a contract concluded with you
  2. Without your consent when the processing of personal data is required for our legitimate interests
  3. Without your consent when the processing of personal data is necessary for the fulfilment of a legal obligation that applies to us

 

or

 

  1. With your consent

 

The extent of our authority to process your personal data without your consent depends on the purpose for which we are processing the data. It also depends on your role in relation to us. Our authorization to process your personal data varies depending on whether you are:

 

  • Only a visitor to our website;
  • A user of our device that enables insurance services comparison;
  • A person who has granted us consent to process personal data;
  • A person included in a request for cooperation from a public authority.

 

You can find more information about the individual purposes and methods of the processing of your personal data in the following sections B.1 – B.4

 

If you only visit our website

 

If you simply visit our website without using our comparison tool or any of our insurance services, we will store and subsequently read cookies on your device. Cookies are small files consisting of letters and numbers that we store in your internet browser and on your computer's hard drive. Specifically, cookies enable us to track your browsing activities on our website from the moment you open your web browser window until you close it. These cookies remain on your device for a predetermined period of time or until you delete them in your browser. Cookies are activated each time you visit the website that created the cookie. Not only do we store cookies on your device, but we also read the cookies that our website has placed on your device. For simplicity, we will only refer to this as 'storage' in the rest of this document.

 

Functional cookies

 

Functional cookies are necessary for the proper functioning of our website, and as a result, our site does not allow you to disable them. You can, of course, disable the storage of all cookies in your browser at any time. However, blocking these cookies in your browser may cause our website not to work properly and we may not be able to provide you with our services. In particular, the use of cookies enables us to:

 

  • identify you when you switch between pages of our website or when you revisit our website, allowing us to save which version of our website to show you if the website offers multiple versions at any given time;
  • record information about you, for example that you do not wish to store third party cookies in your browser or whether you have volunteered to participate in a particular survey;
  • ensure the security of your communications, such as verifying that no one has misused your connection to our website and is acting instead of you;
  • record, investigate and fix defects and non-functioning parts of our website;
  • display different versions of our website when testing new functions;

 

Cookies for social media and advertising

 

These are cookies that allow third parties to display personalized advertising to you or to link to social media (e.g., Facebook). These third parties are:

 

  • Facebook Ireland Limited, with its registered office at 4 Grand Canal Square, D2 Dublin, Ireland;
  • Google Ireland Limited, with its registered office at Gordon House, Barrow Street, D4 Dublin, Ireland;
  • Seznam.cz, a.s., with its registered office at Radlická 3294/10, 150 00 Prague 5.

 

These third parties may use cookies primarily for the following purposes:

 

  • to collect data about your behavior on our website and on other websites;
  • to display customized offers and targeted advertising within advertising networks on websites other than our own;
  • to connect with social networking sites such as Facebook, including automatic login, providing features such as the ‘Like’ button, and displaying customized offers and targeted advertising on these social networking sites and websites other than our own.

 

We do not collect data about your behavior on the site solely from cookies. We also supplement this data with:

 

  • IP address (the address of your device that you use to communicate with other devices on the internet);
  • The operating system of your device, including its version and language settings;
  • the browser you use on your device, its version and language settings;
  • the address of the website (URL) from which you are visiting our website.

 

We process data about your behavior on our website for the following purposes:

 

  • To obtain information that enables us to improve the website for you in the future.
    • Our legitimate interest here is to enhance our service to you.
  • Creating statistics and reports, specifically tracking the number of visitors to our website, its individual pages and measuring the effectiveness of advertisements.
    • Our legitimate interest here is to measure the effectiveness of our website and advertising expenses. For this purpose, we may collect additional derived data from your behavior on the website and use it.
  • Testing new functions and applications before their implementation.
    • The purpose is mainly to prevent problems with the functionality of these new features in actual use, which could degrade your experience when using our services. Our legitimate interest here is the smooth functionality of our services for you.
  • Preventing attacks on our website and safeguarding its functionality and the security of your data
    • Our legitimate interest here is to maintain the functionality of our services for you and protect your data.

 

For these purposes, we process personal data for a period of 38 months from the date of collection. This is also the same duration of the cookies we store.

 

If you use our insurance service comparator

 

To use our comparator service, you need to visit our website. Therefore, the processing rules described in section B.1 above also apply to you in this case. Additionally, we also process your personal data in connection with your use of our comparison site as outlined below:

 

Processing based on the contract fulfillment:

 

If you use our comparator service, we will process your identification and contact data, as well as other personal data submitted via the comparator form, for the purpose of providing the comparison and mediation of insurance services, as described in our terms and conditions.

 

This service includes evaluating the data you have submitted, providing the results of the comparison and any subsequent no-charge contact initiated by our call center to fulfill the service. The reason for the processing is to fulfil the contract. The contract is formed between you and ChytryHonza.cz when you agree to our terms and conditions by clicking on the ‘Calculate’ button. Its content is then the comparison and mediation service described above. Personal data is used for this purpose and retained for a period of 60 months from the date of the last service provided.

 

Processing based on legitimate interest:

 

If you use our insurance comparison service, we will also process your identification and contact data for the purpose of creating and sending commercial offers via e-mail, text message, social networks, telephone, or other electronic means. These offers may relate to any products provided by ChytryHonza.cz within the scope of its business activities. Your product history (i.e., your order history and your comparisons), if known to us, may be considered when preparing these offers.

 

In this case, we will only conduct processing based on legitimate interests if you have not provided consent for further processing for marketing purposes. Within the scope of our legitimate interests, we also process your personal data for internal statistical purposes. For this purpose, we use personal data for a period of 60 months from the date of collection. In addition to the above, we may also process your personal data to protect ChytryHonza.cz's legal claims and maintain our internal records and controls, for the standard limitation period (three years) and one year after its expiration, with respect to claims made at the end of the limitation period. In case of the initiation of judicial, administrative, or other proceedings, we will process your personal data to the extent necessary for the duration of such proceedings and the remaining part of the limitation period after their conclusion.

 

Our legitimate interests here include protecting the legal claims and ensuring the proper provision of our services. You have the right to object to this processing.

 

Processing based on your consent:

 

Unless another legal right for processing your personal data is met, we can only process it with your consent. Consent may be obtained in various situations, such as when you browse our website, contact our call center, or through our business partners. We obtain consent for various purposes as well. Depending on when we obtain consent from you and, especially, on the purpose for which it is given, the extent of the processing we can undertake based on that consent varies. Any consent we obtain is entirely optional and you are under no obligation to provide it. You can manage your consents by following the process described in section G regarding your rights. The withdrawal of consent does not affect the legality of processing before withdrawal. In the course of our business, we will collect the following consents from you, in particular:

 

Consent to the processing of personal data for the purpose of service improvement

 

Calls made to our call center are always recorded. These recordings are then stored by Chytrý Honza for the purposes of protecting our legal claims and our internal records and controls. Your consent is not required for this processing as it falls under our legitimate interest, as described in section B.2 above and section B.4 below, which you can defend against by objection. Listening to and evaluating calls with our call center operators is crucial for us to continue improving our service, and for this purpose we require your consent. Our call center operators will ask for your consent during the call. If you choose not to provide consent, the recordings will be stored solely for our legitimate interest as described in section B.2 above and section B.4 below. If you later withdraw your consent, the recordings of your calls will no longer be used to improve our services and will only be stored by us for our legitimate interest as described in section B.2 above and section B.4 below. For the purpose of service improvement, this personal data will be used for a period of one year after the recording was made.

 

Consent to the processing of personal data for the purpose of sending commercial communications

 

If you provide us with your contact details and give us your consent to receive commercial offers, or if you grant this consent later, we may use your contact details to send you commercial offers via email, text message, social media, telephone or other electronic means, or by post. These offers may relate to our products and services as well as those of third parties.

 

We will request your consent for marketing purposes when a legitimate interest in marketing activities to you is not applicable. We will process your personal data based on your consent until you withdraw it, with a maximum period of 38 months from the date of consent. However, even after your consent is withdrawn, we will retain and process your personal data used for marketing purposes if we have any of the other legal grounds described in section B. above.

 

If you contact us through different channels

 

Our customers contact us via various channels, primarily through our call center, customer service line, email, chat tools and social media. In this context, we will process your identification and contact data and records of communications, including call recordings, based on our legitimate interest (i.e., without your consent) in order to:

 

  • to deal with your requests;
  • keeping a record of your requests;
  • record our compliance with our legal obligations;
  • demonstrating that we have received and dealt with your request or how the request was dealt with.

 

For these purposes, we retain personal data for the duration of the normal limitation period (three years) and for one year thereafter, with respect to claims made at the end of the limitation period. In case of initiation of judicial, administrative, or other proceedings, we process your personal data to the extent necessary for the duration of such proceedings and the remaining part of the limitation period after the end of the proceedings. You have the right to object to processing based on our legitimate interest.

 

If we receive a request for cooperation with a government authority

 

If we receive a request for cooperation from a public authority, we are obligated to provide the requested information. Such information may include your personal data. If this is the case, we are permitted to share your personal data with the public authority due to the legal obligation, and therefore, your consent is not required, and there is no option to object to this processing.

 

Requests for cooperation with public authorities are mostly received from the Czech National Bank, law enforcement authorities or tax authorities.

 

The processing of your personal data, based on request from a government authority, can only occur during the period for which we are legally obliged to keep your personal data. These statutory periods are based on the relevant legislation.

 

Who is responsible for processing your data, and to whom do we transfer it?

 

All the mentioned personal data are processed by us as the data controller. This means that we determine the predefined purposes for which we collect your personal data, specify the means of processing, and are responsible for its proper processing.

 

We may also share your personal data with other entities, both as data controllers and data processors, including financial institutions for the purpose of entering into and fulfilling an insurance service contract with you. You can find an updated list of financial institutions we cooperate with on our website:

 

https://www.chytryhonza.cz/partneri

 

For the processing of personal data, we also use the services of other processors who process personal data based on a contract with ChytryHonza.cz, according to our instructions, and for the purposes described in section B above. These processors include:

 

  • Our consultants, i.e., individuals and legal entities who cooperate with us in the arrangement of insurance services based on an agreement and registration with the Czech National Bank. You can find a full list of these persons in the Czech National Bank's registry on the website www.cnb.cz, specifically in the section ‘Supervision and Regulation’  ‘Lists and Records’  ‘Lists of Regulated and Registered Entities,’ see the following link:

 

https://apl.cnb.cz/apljerrsdad/JERRS.WEB07.INTRO_PAGE?p_lang=cz

 

(In certain circumstances, the consultant may also act as the data controller for personal data, particularly in situations where the business relationship between you and ChytryHonza.cz was initiated by the consultants' activities. If the consultant is your data controller, the information provided in this Information Memorandum also applies to him/her);

 

  • other individuals and legal entities that cooperate with us within the scope of our business activities, especially suppliers of IT, marketing, legal, accounting and other services;
  • cloud service providers and other technology and support providers;
  • operators of marketing tools;
  • providers of communication tools when they process personal data to facilitate our communications with you.

 

The most important personal data processors that cooperate with ChytryHonza.cz include the following companies:

 

  • Cebia, spol. s r.o., with registered office Vyskočilova 1461/2a, Michle, 140 00 Prague 4, ID No.: 186 28 443, which is the provider of the tool used for comparing and arranging non-life insurance;
  • DataDog Inc., 620 8th Avenue, 45th floor, New York, NY 10018, United States, which processes audit logs and provides monitoring of systems operation;
  • IFA Services Ltd, the provider of the tool used to compare mortgage loan offers provided by individual banks;
  • Message Systems, Inc. (SparkPost), 9160 Guilford Road, Columbia, MD 21046, United States; their services are used for sending transactional e-mails;
  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, Washington, United States; their services are used for e-mailing and document management;
  • Salesforce UK Limited, Company No. 05094083, registered in England, Floor 26 Salesforce Tower, 110 Bishopsgate, London, EC2N 4AY; they provide a system for recording data about customers and the insurance products they purchase;
  • T-Mobile Czech Republic a.s., with registered office at Tomíčkova 2144/1, 148 00 Praha 4 - Chodov, ID No.: 649 49 681, which is the operator of the software used for call management in the call center;
  • Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105 United States; they provide PBX and call recording software.

 

What are the sources we use to obtain your personal data?

 

ChytryHonza.cz processes personal data provided by you as a customer. You mainly provide us with this personal data through the website and individuals cooperating with ChytryHonza.cz (consultants). This includes personal data that you provide especially when using the insurance service comparator or when communicating with us, for example, via e-mail or the call center. We also collect personal data directly from you by monitoring your behavior on our website and when reading messages, and recording calls at the call center.

 

We also obtain your identification and contact information as potential customers from our suppliers who obtain this data as part of their own business activities and are therefore in a position of a controller in relation to this personal data. This data is only provided by ChytryHonza.cz based on your explicit consent as a potential customer.

 

Among the most important suppliers of ChytryHonza.cz in this respect is ALDANITY INTERNATIONAL NETWORK LTD., with its registered office at FIRST FLOOR, 113 MONNOW STREET, NP25 3EG - MONMOUTH, UK, company registration number 06785315, and its cooperating persons (consultants), who assess the general interest of individuals in financial services and products.

 

When you use ChytryHonza.cz’s services, we may receive additional information about you related to insurance service mediation or fulfilling a concluded contract, particularly from our cooperating individuals (consultants), financial institutions we cooperate with, or from our partners who operate payment systems.

 

Where do we process your personal data, and do we transfer it outside the EU?

 

In the context of transferring data to the recipients listed in section C., which include the following companies:

 

  • Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105 United States
  • Message Systems, Inc. (SparkPost), 9160 Guilford Road, Columbia, MD 21046, United States
  • Salesforce UK Limited, Company No. 05094083, registered in England, Floor 26 Salesforce Tower, 110 Bishopsgate, London, EC2N 4AY
  • DataDog Inc., 620 8th Avenue, 45th floor, New York, NY 10018, United States
  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, Washington, United States

 

We may also transfer your data to third countries outside the European Economic Area (where applicable, including the United Kingdom and the United States of America). Such transfers will be made in accordance with the requirements of the GDPR and related legislation.

 

What are your rights in the processing your personal data?

 

Just as we have rights and obligations in processing your personal data, you also have specific rights in this process. These rights include:

 

Right of access

 

In simple term, you have the right to know what data we process about you, for what purpose, for how long, where we obtain your personal data, to whom we transfer it, who processes it besides us, and your additional rights related to the data processing. You can learn all of this in this Information Memorandum. However, if you are uncertain about the specific personal data we process regarding you, you can request confirmation of whether and what personal data we process about you, and you have the right to access this data. With your right of access, you can request a copy of the personal data we process. The first copy will be provided free of charge, and subsequent copies will incur a fee.

 

Right to revision

 

If you find that the personal data we process about you is inaccurate or incomplete, you have the right to request its correction or completion without any delay. In connection with the provision of our services, it is also in your interest to notify us of any changes to your personal data so that we can make the correction and maintain the quality of the services provided.

 

Right to erasure

 

In certain situations, you have the right to request the deletion of your personal data. We will promptly delete your personal data if one of the following conditions is met:

 

  • we no longer need your personal data for the purposes for which we processed it;
  • you cancel your consent to the processing of personal data, where it concerns data for which your consent is necessary, and we also do not have another reason to continue processing these data;
  • you exercise your right to object to the processing (see ‘Right to object to processing’ below) concerning personal data processed on the basis of our legitimate interests, and we no longer have such legitimate interests to justify the processing;
  • you believe that the processing of personal data no longer complies with applicable regulations.

 

Right to restriction of processing

 

In certain cases, in addition to the right to erasure, you can use your right to restrict the processing of personal data. This right allows you to request that your personal data is marked and not subjected to any further processing. Unlike the right to erasure, we will continue to store this personal data but we will not process it for a limited period. However, similar to the right to erasure, we must still process personal data if it is required by law. The processing of personal data must be restricted when:

 

  • you dispute the accuracy of personal data before we agree on which data is correct;
  • we process your personal data without a legal basis (e.g., beyond what we need to process), but you prefer the restriction of such data before deletion (e.g., if you expect to provide such data to us again in the future);
  • we no longer need your personal data for the purposes mentioned above, but you require it for the establishment, exercise, or defense of legal claims; or
  • you object to the processing. (The right to object is described in more detail below in the section ‘Right to object to processing’). During the period in which we are determining the validity of your objection, we are obliged to restrict the processing of your personal data.

 

Right to portability

 

You have the right to receive from us all your personal data that you have provided and that we process based on your consent (as described in section B.3 above). We will provide your personal data in a structured, commonly used, and machine-readable format, which may include only data that we process automatically in electronic databases.

 

Right to object to processing

You have the right to object to the processing of personal data based on our legitimate interest (as described in section B. above). In the case of marketing activities, we will stop processing your personal data without any further delay. In other cases, we will do so if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

 

Right to complain

 

Exercising your rights as mentioned above does not in any way diminish your right to file a complaint with the relevant supervisory authority. You can exercise this right, especially if you believe that we are processing your personal data unlawfully or in violation of applicable legal regulations. To file a complaint against our processing of personal data, you can contact the Office for Personal Data Protection, which is located at Pplk. Sochora 27, 170 00 Prague 7 (https://www.uoou.cz/).

 

How can you exercise your rights?

 

For all matters related to the processing of your personal data, whether it is an enquiry, exercising a right, making a complaint or any other request, you can contact us by:

 

  • The web form for exercising rights, available at www.chytryhonza.cz/gdpr;
  • E-mail address: gdpr@chytryhonza.cz
  • Our company's call center if you choose to exercise a right during a call with the call center;

 

We will address your request promptly, but no later than one month after receiving it. In exceptional cases, especially due to the complexity of your request, we are entitled to extend this period by additional two months. We will, of course, inform you of any such extension and provide reasons for it. After receiving your request, our staff responsible for handling rights claims may contact you to clarify your request or verify your identity.

 

You can also contact our Data Protection Officer (DPO) directly at dpo@chytryhonza.cz.