Privacy Policy

Personal data processing and protection policy

This personal data processing a protection policy (the „Policy“) contains basic principles by which company EXBIO Praha, a.s. with the registered office at Nad Safinou II 341, 252 50 Vestec, Company ID 255 48 611 (the "Company") is responsible for the processing of personal data. This Policy implement the Company's obligations arising from the following generally binding legal regulations:

  1. Regulation (EU) 2016/679 of the European parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) („GDPR“);

  2. Act No. 480/2004 Coll., about information society services;

  3. Act No. 127/2005 Col., about electronic communication.

This Policy applies to all persons whose personal data the Company processes, regardless of whether they are in a contractual relationship with the Company or not. The company acts as a personal data controller.

What is personal data

Personal data according to GDPR means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data.

Processing of personal data

Processing means any operation which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The Company collects following personal data:

Personal data that you provide to the Company

Personal data that you provide to the Company in person, via e-mail, telephone, fax, or another similar device. This is primarily a name, surname, mailing address, e-mail address, phone number, bank account details etc.
hese Personal Data will be processed by the Company in the purpose of:

  1.  Providing the service, product or information you have been interested in;

  2. Negotiating and fulfilling the agreement you have concluded with us;

  3. If you are a current customer, to provide information about other services or products like those that were the subject of your prior purchase;

  4. If you are a new customer, the Company will send you business communications and offers of products and services only if you have given explicit consent;

  5. Assessing and evaluating your job application;

  6. Fulfilling the Company's legal obligations;

  7. The protection of the rights and the legitimate interests of the Company.

Personal data that the Company collects automatically
When you visit our Website, the Company may collect some information necessary to ensure the proper and convenient operation of the Website. Such information is the Internet Protocol (IP) data used to connect your computer to the Internet, your registration information, browser type and version, time zone settings, browser plug-ins, information about your visit, including a valid Uniform Resource Locator (URL) , the path to and from the Web site (including date and time), the products you viewed or searched for, response times, download errors, the length of visits of certain pages, site visit interaction information (such as scrolling, clicks, and mouse locations); way of leaving the page.
These personal data are used by the Company to administer and improve Web sites and to provide internal operations, including problem solving, data analysis, testing, research, statistical purposes, and indexing of thumbnails. These Personal Data can also be used to measure ad performance and provide relevant advertising.

Special categories of personal data

The company processes special categories of personal data with your explicit written consent only - Informed consent of the donor, in which the donor voluntarily agrees to provide a blood sample. The company takes samples of whole blood for laboratory testing. The test results have no clinical relevance. They are obtained only for developing new diagnostic products. Collected blood samples are used only for development projects and research activities of the Company.
The processing of these data is carried out only with your consent and in accordance with the principles and security rules set out in this document.

Provision of personal data

Personal data that the Company will acquire about you will not be provided to other entities without your consent. Your personal data may only be provided to third parties (the "Processor") who assist the Company in performing its contractual obligations through the provision of certain services (such as delivery service). The Company only passes Personal Data to those Processors who provide guarantees an adequate level of security for your Personal Data and process these Personal Data on the basis of a Personal Data Processing Agreement. The Company may transmit Personal Data to these Processors:

  1. External workers and suppliers in order to meet the Company's contractual obligations;

  2. Payment service providers and payment processors in order to secure and provide the payment transactions;

  3. Providers of postal and delivery services for the purpose of delivering products or services offered by the Company;

  4. Website administrators.

Under certain circumstances, the Company may be required to provide your Personal Information to third parties (e.g., law enforcement agencies) in accordance with generally binding legal regulations.

Protection of personal data

To protect and minimize the risk of unauthorized access to Personal Data, the Company has adopted organizational and technical measures.
These include:

  1. Organizational measures restricting the range of persons authorized to access Personal Data;

  2. Technical security of the servers and the Company's Websites against unauthorized manipulation.

Persons with access to Personal Data are schooled about privacy policies. These persons maintain confidentiality.

Legal basis for the processing of personal data

The company process your personal data with your consent but also without it. Without your consent, the Company processes personal data only in lawful situations, where your consent is not necessary - for the purpose of fulfilling the lawful obligations, the contractual relationship, the legitimate interests of the Company or other legitimate purpose of processing.

1) Processing your personal data with your consent

Giving the consent to the processing of your personal data is entirely voluntary. You can give consent to processing of your personal data for the advertising and marketing purposes specified above.

2) Processing your personal data without your consent

The Company is required (in the case of the conclusion and the duration of the contractual relationship) to identify and process personal data of the customers. To process personal data for the purpose of providing services to customer, the Company is not obliged to obtain their consent. If you refuse to provide your personal data to the Company, the Company's services cannot be provided to you.

Storage periods of Personal Data

The Company keeps personal data for as long as is strictly necessary for the fulfil contractual and lawful obligations. Personal data that are processed by your consent are retained by the Company only for the duration of the purpose for which the consent was given. When the legal reason for processing of your Personal Data expire (for example, by the expiration of the archiving period), the Company will erase these Personal Data and any existing copies thereof.


The Company uses cookies. Cookies are sent from the Company's server to your browser when you visit the Website. Cookies allow the Company to recognize your browser, to remember information about your previous activity on the Website, and to customize the content of the Website to suit your needs.
The company uses these following types of Cookies:

  1. Cookies of the first part, that allow the basic operation and functionality of the Website and without which the content of the Web site could not be displayed correctly;

  2. Technical cookies, that analyze the use of the Web site, ensure secure login, remember the progress of filling your order, storing registration details and the content of the shopping cart;

  3. Advertising cookies, that allow to display a targeted advert, share Social Network sites, or post comments on products.

Cookies can be removed using your browser settings. It is also possible to disable cookies in your browser. However, if you block, disable or otherwise reject certain Cookies, the Website may not display properly, or you may not be able to use certain Web Services or features.

Rights of data subjects

In connection with the processing of your Personal Data by Company, you are entitled to the following rights guaranteed by the Personal Data Protection Regulations:

  1. The right to withdraw consent to the processing of Personal Data - upon withdrawal of your consent, the Company will stop processing your personal data for purposes for which the consent was granted. However, the Company is obliged to continue to process your personal data to fulfill the lawful obligations, such as Act No. 563/1991 Coll., Accounting, etc., in order to fulfill the contractual obligations, as well as for the purpose of enforcement or defense of any legal claims. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

  2. Right of access - the right to obtain from the controller confirmation as to whether or not personal data are being processed, and, where that is the case, access to the personal data.

  3. Right to rectification- the right to request from the Company the rectification of inaccurate personal data.

  4. Right to erasure- the right to request the erasure of your personal data, if the personal data are no longer necessary in relation to the purposes for which they were collected, if the personal data have been unlawfully processed, if the personal data have to be erased for compliance with a legal obligation, if you object to the processing and there are no overriding legitimate grounds for the processing. The Company will erase your Personal Data if you withdraw your previously granted consent and at the same time there is no other legal reason to process it.

  5. Right to restriction of processing- the right to require the Company to restrict the processing of your personal data, if you deny the accuracy of personal data, if the processing is unlawful, if the Company no longer needs the personal data for the purposes of the processing if you have objected to the processing of your personal data.

  6. Right to data portability- the right to receive your personal data, which you have provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, but only if the processing is based on consent or contract, and if the processing is carried out by automated means.

  7. Right to be informed about a personal data breach - The company will promptly inform you of any breach of security and leakage of your personal data.

  8. Right to object - the right to object, on grounds relating to particular situation, at any time to processing of personal data.

  9. Right to file a complaint to the Supervisory Authority - the Office for Personal Data Protection, at Pplk. Sochora 27, 170 00 Praha 7, or by a data box to qkbaa2n. These rights can be claimed in writing form at the address below.

    EXBIO Praha, a.s.
    Nad Safinou II 341, 252 50 Vestec
These Principles are valid and effective from May 25, 2018.