top of page

Personal Data Processing Policy


1. Introductory provisions

At Porta Medica s.r.o., with registered office at Opletalova 1525/39, Nové Město, 110 00 Prague 1 (hereinafter referred to as "Porta Medica"), we fully respect your privacy. We are aware that many people care about the personal information they provide to us and how it is treated. Protecting personal information is a top priority for us.

The purpose of this document is to provide you with information about how we will handle your personal data that you have provided to us. This document also tells you what rights you have in relation to the processing of your personal data.


2. Responsibilities of the controller and contact details

The responsibility for the processing of personal data lies entirely with our company Porta Medica as the controller of your personal data. We will process the personal data you provide in accordance with the relevant legal provisions, in particular the General Data Protection Regulation ("GDPR"). We would like to assure you that the protection of personal data in our company already met the standards of the GDPR before the GDPR came into force and will continue to do so.

If you have any questions regarding the protection of your personal data, you can contact us at the above-mentioned registered office address, by e-mail at or by phone at +420724979494.


3. Personal data provided, purposes of processing and categories of recipients of personal data

Porta Medica processes personal data primarily for the purposes of fulfilling contractual and legal obligations, and for marketing purposes (in particular, sending invitations to seminars, courses, conferences).


Your personal data may reach us through a number of channels, which are set out below:


a) in the context of normal business relations, consulting and educational activities

Our company provides educational and consulting services in the healthcare industry, particularly in the area of medical device regulation. In the course of our activities, we meet with a number of representatives of the professional public, i.e. representatives of companies or self-employed persons doing business in the field of healthcare, employees of healthcare facilities or representatives of state administration authorities. In formal or informal meetings, you often provide us with your personal data so that we can contact you. We will usually obtain a business card from you, which includes your name, your organisation's address, your work e-mail and telephone number.

We will always use this data for the purpose for which you have provided it, i.e. most often to send you an offer of our services, invitations to events organised by us or to answer your enquiry.

We may only use them for other purposes if we have a legal basis to do so under the GDPR.


b) in the framework of contractual relations

If you are an employee of our supplier or customer or a self-employed person, we may obtain your personal data (such as name, surname, address, e-mail, telephone, bank account) before, during or after the conclusion of the contract. The processing of this personal data is necessary for the performance of the contract. If you do not consent to the provision of your data for this purpose, the contract cannot be concluded or the performance of the contract cannot be provided.

In the event that the contract is not fulfilled by our contractual partner in a proper and timely manner, we may also use the personal data provided to protect our rights and beneficiaries.


c) when visiting the website (cookies)

Our company operates and owns the website You can visit our site anonymously without having to give us any information about yourself. Like many other companies, we use cookies on our website. These cookies are stored on your computer by your browser. When you access our website, the cookie tells us whether you are a new visitor or whether you have visited our website in the past. However, the cookie does not contain any personal information about you, nor does it give us the ability to contact you or obtain any information from your computer. We use cookies on our site to identify the services you are most interested in. Cookies allow us to provide the information you really want on our website. If you wish to remove cookies from your computer, please refer to your internet browser's help documents, usually located in the toolbar at the top of your screen. More information can be found in the Cookies Policy document available on our website.


d) when buying our products

Our company offers electronic publications for sale on its website. When ordering them, you fill in your personal data (name, surname, e-mail address, telephone number, permanent address, ev. ID number, VAT number) in order to process your order. The personal data provided by you for this purpose is necessary for the conclusion of the purchase contract in which you act as one of the contracting parties. These personal data are therefore necessary for the performance of the contract and are therefore not processed on the basis of your consent.

When you place an order for our products, we will ask you whether we can also use your personal data provided for the purpose of placing the order for marketing purposes. For this purpose, the legal basis for processing your personal data is your explicit consent, which you can subsequently withdraw at any time.


4. Legal grounds for processing
(What entitles us to process your personal data?)

In accordance with the GDPR, we only process your personal data if we have a legitimate legal reason to do so under Article 6 or 9 of the GDPR. This is most often your consent, but may also be for the performance of a contract, our legitimate interest, compliance with a legal obligation or to ensure strict quality and safety standards for medical devices.


a) Consent

If you have given us consent to process your personal data for marketing purposes (i.e. to send you offers of our training and consultancy services), we may use your personal data for these purposes. Your consent may have been given to us in writing, verbally or implied. For example, if you have provided us with a business card at an educational event or as part of a pre-contractual meeting, your implied consent to receive a specific offer or general information about our services can be inferred.

Your consent is voluntary and you can withdraw it at any time. In this case, we will no longer use your personal data for marketing purposes. However, we may still contact you after you have withdrawn your consent if we have another legal reason to do so (e.g. to fulfil a legal obligation or to perform a contract). Withdrawal of consent will not affect the lawfulness of the processing operations of your personal data prior to withdrawal.

If you contact us by email, telephone or post, we will only use your personal data to respond to that email, telephone call or letter. In this case, your consent to the processing of the personal data provided in the email, letter or telephone call is implicit from the fact that you have contacted us yourself and therefore expect a response from us. We may only use the personal data provided in this way for other purposes if we have a legitimate legal reason to do so under the GDPR.


b) Performance of the contract and the legitimate interests of the controller

If you are an employee of our supplier or customer or a self-employed person, the identification data specified in the contract or otherwise provided contact data, as well as information relating to the subject of the contract (e.g. identification of the goods, the method of payment, including payment information such as the bank account number from which the payment was made, etc.) will be processed to the extent necessary. In the course of the contractual relationship, we may also use your personal data for marketing purposes, unless you tell us that you do not wish to receive commercial communications. Pursuant to Section 7(3) of the Act on Certain Information Society Services, we are entitled to use your e-mail and telephone number for the purpose of disseminating commercial communications relating to our own services similar to those we have already provided to you. You may refuse the sending of commercial communications at any time by contacting our registered office, by e-mail at or by telephone at + 420 724 979 494.

We are also entitled to process the aforementioned range of personal data in order to protect our rights in the event of a dispute. For example, if you fail to pay an invoice to us, we may use your personal data to recover our debt when it is due.


c) Fulfilling legal obligations

Like other companies, we are required to keep records of accounting and tax documents that may contain your personal data. In the context of accounting, this is processing of personal data under a specific law, which is the Accounting Act, and its maintenance is necessary to comply with a legal obligation to which we are subject within the meaning of Article 6(1)(c) of the GDPR.


5. Your rights

You have a number of rights in relation to the processing of your personal data, which we will be happy to allow you to exercise.

In particular, you have the right to be informed about the processing of your personal data for all of the above purposes (Articles 13 and 14 GDPR). All relevant information can be found in this document. If you have any questions about the processing of your personal data or how to exercise your rights, you can contact us using the contact details provided in section 2.

You also have the right to access your personal data (Article 15 GDPR) and the right to rectification of inaccurate personal data (Article 16 GDPR).

In some cases, you also have the right to erasure ("right to be forgotten"). The cases where you have the right to erasure are specified in Article 17 of the GDPR. You have this right, for example, if you withdraw your consent to the processing of your personal data and there is no longer any other legal ground to justify the processing of your personal data.

Under the conditions set out in Article 18 of the GDPR, you also have the right to request that the processing of your personal data be restricted.

In accordance with Article 20 GDPR, you may also have the right to the portability of your personal data to another data controller.

You may object to processing if the conditions of Article 21 GDPR are met. If this objection proves to be justified, we will no longer process your personal data.

If you exercise any of the rights under Articles 15 to 21 of the GDPR, we will provide you with information about the measures taken without undue delay, at the latest within one month of receiving your request (we may extend this period by a further two months if necessary and in view of the complexity and number of requests).

If you believe that your personal data is being processed unlawfully, you can file a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection.


6. Transmission of personal data

Your personal data will be processed by our authorised personnel in accordance with the law and this policy. The processing is carried out automatically by means of computer technology (electronic database) or manually in the form of a paper file.

As part of our business activities, we may commission collaborators to provide services on our behalf, such as software support, e-marketing campaigns, etc. In addition to these persons, the processed personal data may only be disclosed to authorised government authorities and institutions or other entities if the conditions set out in the GDPR or other relevant legislation are met. We do not transfer your personal data to third countries or international organisations.

Where your personal data is transferred, we will always take all necessary steps to ensure an adequate level of protection for your personal data.


7. Retention period of personal data

The period of retention of your personal data depends on the legal basis and purpose of its processing. We always retain personal data for the time necessary to fulfil the purpose, or for the time period specified by the relevant legal regulation. We will then promptly delete your personal data or arrange for its physical destruction.

We normally retain personal data collected on the basis of your consent for a period of 5 years from the date of consent or from the last time you contacted us or responded to our message, or until you withdraw your consent. We may ask you to provide new consent before this period expires.

In the case of the execution of a contract, we store your personal data for the duration of the contract, as long as the contractual obligations of either party continue and for the period of time required by the Accounting Act. In addition, we keep the personal data on accounting and tax documents for the period of time required by law.


8. Security of personal data

The security of your personal data is extremely important to us. Therefore, we have put in place procedures and security mechanisms to minimize the possibility of any misuse of your personal data. We have taken appropriate technical and organisational measures to prevent unauthorised or accidental access to, alteration, destruction or loss of your personal data, unauthorised transfers or other unauthorised processing, whether we store your personal data online or offline.   For security reasons, we cannot disclose details of the measures taken. We will not trade your personal data in any way. If you would like further information about how we keep your personal data secure, you can contact us using the contact details set out in section 2 of this policy.

Last update: 25 Mar 2024

bottom of page