Privacy Policy

Personal data processing and protection policy

This personal data processing a protection policy (the „Policy“) contains basic principles by which company EXBIO Praha, a.s. with the registered office at Nad Safinou II 341, 252 50 Vestec, Company ID 255 48 611 (the "Company") is responsible for the processing of personal data. This Policy implement the Company's obligations arising from the following generally binding legal regulations:

  1. Regulation (EU) 2016/679 of the European parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) („GDPR“);

  2. Act No. 480/2004 Coll., about information society services;

  3. Act No. 127/2005 Col., about electronic communication.

This Policy applies to all persons whose personal data the Company processes, regardless of whether they are in a contractual relationship with the Company or not. The company acts as a personal data controller.

What is personal data

Personal data according to GDPR means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data.

Processing of personal data

Processing means any operation which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The Company collects following personal data:

Personal data that you provide to the Company

Personal data that you provide to the Company in person, via e-mail, telephone, fax, or another similar device. This is primarily a name, surname, mailing address, e-mail address, phone number, bank account details etc.
hese Personal Data will be processed by the Company in the purpose of:

  1.  Providing the service, product or information you have been interested in;

  2. Negotiating and fulfilling the agreement you have concluded with us;

  3. If you are a current customer, to provide information about other services or products like those that were the subject of your prior purchase;

  4. If you are a new customer, the Company will send you business communications and offers of products and services only if you have given explicit consent;

  5. Assessing and evaluating your job application;

  6. Fulfilling the Company's legal obligations;

  7. The protection of the rights and the legitimate interests of the Company.

Personal data that the Company collects automatically
When you visit our Website, the Company may collect some information necessary to ensure the proper and convenient operation of the Website. Such information is the Internet Protocol (IP) data used to connect your computer to the Internet, your registration information, browser type and version, time zone settings, browser plug-ins, information about your visit, including a valid Uniform Resource Locator (URL) , the path to and from the Web site (including date and time), the products you viewed or searched for, response times, download errors, the length of visits of certain pages, site visit interaction information (such as scrolling, clicks, and mouse locations); way of leaving the page.
These personal data are used by the Company to administer and improve Web sites and to provide internal operations, including problem solving, data analysis, testing, research, statistical purposes, and indexing of thumbnails. These Personal Data can also be used to measure ad performance and provide relevant advertising.

Special categories of personal data

The company processes special categories of personal data with your explicit written consent only - Informed consent of the donor, in which the donor voluntarily agrees to provide a blood sample. The company takes samples of whole blood for laboratory testing. The test results have no clinical relevance. They are obtained only for developing new diagnostic products. Collected blood samples are used only for development projects and research activities of the Company.
The processing of these data is carried out only with your consent and in accordance with the principles and security rules set out in this document.

Provision of personal data

Personal data that the Company will acquire about you will not be provided to other entities without your consent. Your personal data may only be provided to third parties (the "Processor") who assist the Company in performing its contractual obligations through the provision of certain services (such as delivery service). The Company only passes Personal Data to those Processors who provide guarantees an adequate level of security for your Personal Data and process these Personal Data on the basis of a Personal Data Processing Agreement. The Company may transmit Personal Data to these Processors:

  1. External workers and suppliers in order to meet the Company's contractual obligations;

  2. Payment service providers and payment processors in order to secure and provide the payment transactions;

  3. Providers of postal and delivery services for the purpose of delivering products or services offered by the Company;

  4. Website administrators.

Under certain circumstances, the Company may be required to provide your Personal Information to third parties (e.g., law enforcement agencies) in accordance with generally binding legal regulations.

Protection of personal data

To protect and minimize the risk of unauthorized access to Personal Data, the Company has adopted organizational and technical measures.
These include:

  1. Organizational measures restricting the range of persons authorized to access Personal Data;

  2. Technical security of the servers and the Company's Websites against unauthorized manipulation.

Persons with access to Personal Data are schooled about privacy policies. These persons maintain confidentiality.

Legal basis for the processing of personal data

The company process your personal data with your consent but also without it. Without your consent, the Company processes personal data only in lawful situations, where your consent is not necessary - for the purpose of fulfilling the lawful obligations, the contractual relationship, the legitimate interests of the Company or other legitimate purpose of processing.

1) Processing your personal data with your consent

Giving the consent to the processing of your personal data is entirely voluntary. You can give consent to processing of your personal data for the advertising and marketing purposes specified above.

2) Processing your personal data without your consent

The Company is required (in the case of the conclusion and the duration of the contractual relationship) to identify and process personal data of the customers. To process personal data for the purpose of providing services to customer, the Company is not obliged to obtain their consent. If you refuse to provide your personal data to the Company, the Company's services cannot be provided to you.

Storage periods of Personal Data

The Company keeps personal data for as long as is strictly necessary for the fulfil contractual and lawful obligations. Personal data that are processed by your consent are retained by the Company only for the duration of the purpose for which the consent was given. When the legal reason for processing of your Personal Data expire (for example, by the expiration of the archiving period), the Company will erase these Personal Data and any existing copies thereof.


What can you find here?

This website (& ldquo; Website & ldquo;) uses cookies and similar cookie technologies.

In this document you will learn what cookies are and how we, [fill in company], with our registered office in [insert registered office], ID number: [insert number], use them.

What are cookies?

Cookies are short text files that a visited website sends to your browser. Thanks to cookies, the administrator can differentiate you from other users of the Website and more efficiently record information about your visit and behavior on the website. Cookies are not harmful to your device or its software. As a user, you can disable or limit the use of cookies in your browser.

Cookies can be used for many purposes, such as:

  • Make the basic functions of the site work
  • Save preferred language
  • Traffic analysis to improve your site and
  • Marketing purposes, especially displaying ads on the site

What types of cookies do we use?

Here you will find out what types of cookies we can use on the website. You can find the specific cookies we currently use in your browser settings.

Basic (required) cookies

Basic cookies, which are necessary for the Website to fulfill its basic functions and to enable us to operate this Website. These cookies are automatically placed on your computer or other device when you access the Website or perform any of the possible activities on the Website. You cannot disable basic cookies. Without them, the Web would not work properly.

Preferential cookies

Preferential cookies allow the Site to remember information that affects the appearance and behavior of the Site. For example, the region you are in or your preferred language.

We will only store these cookies on your device if you allow us to do so either using the cookie bar or on your browser.

Analytical cookies

Analytics cookies are used primarily by Google Analytics to find out how you use the Website.

Google Analytics uses cookies to analyze how the website is used in order to improve the operation of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google, Inc. All data obtained in this way will be processed anonymously. This data is intended solely to evaluate the use of the website. Anonymity is guaranteed that Google, Inc. will not associate your IP address with any other data held by Google. Google, Inc. no other personal information (such as email, name or phone number) will be sent.

Learn more about how Google, Inc. uses analytical cookies, you can find them here:

We will only store these cookies on your device if you allow us to do so either using the cookie bar or on your browser.

Marketing cookies

Marketing cookies are used to map visitors across websites. These cookies are used to display advertisements relevant to individual users and to pass them on to the operators of the advertisement. It is therefore especially valuable to third-party advertisers. We mainly use Facebook and Google services for this purpose.

We will only store these cookies on your device if you allow us to do so either using the cookie bar or on your browser.

Do you want to change your cookie settings?

If you do not want us to store preference, analytics or marketing cookies in your browser, you can adjust these preferences in your browser. This will prevent you from collecting data about you. For information on setting up a specific browser, visit:

If you want to change your cookie settings and don't know what to do, you can also send us an e-mail [fill in].

Rights of data subjects

In connection with the processing of your Personal Data by Company, you are entitled to the following rights guaranteed by the Personal Data Protection Regulations:

  1. The right to withdraw consent to the processing of Personal Data - upon withdrawal of your consent, the Company will stop processing your personal data for purposes for which the consent was granted. However, the Company is obliged to continue to process your personal data to fulfill the lawful obligations, such as Act No. 563/1991 Coll., Accounting, etc., in order to fulfill the contractual obligations, as well as for the purpose of enforcement or defense of any legal claims. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

  2. Right of access - the right to obtain from the controller confirmation as to whether or not personal data are being processed, and, where that is the case, access to the personal data.

  3. Right to rectification- the right to request from the Company the rectification of inaccurate personal data.

  4. Right to erasure- the right to request the erasure of your personal data, if the personal data are no longer necessary in relation to the purposes for which they were collected, if the personal data have been unlawfully processed, if the personal data have to be erased for compliance with a legal obligation, if you object to the processing and there are no overriding legitimate grounds for the processing. The Company will erase your Personal Data if you withdraw your previously granted consent and at the same time there is no other legal reason to process it.

  5. Right to restriction of processing- the right to require the Company to restrict the processing of your personal data, if you deny the accuracy of personal data, if the processing is unlawful, if the Company no longer needs the personal data for the purposes of the processing if you have objected to the processing of your personal data.

  6. Right to data portability- the right to receive your personal data, which you have provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, but only if the processing is based on consent or contract, and if the processing is carried out by automated means.

  7. Right to be informed about a personal data breach - The company will promptly inform you of any breach of security and leakage of your personal data.

  8. Right to object - the right to object, on grounds relating to particular situation, at any time to processing of personal data.

  9. Right to file a complaint to the Supervisory Authority - the Office for Personal Data Protection, at Pplk. Sochora 27, 170 00 Praha 7, or by a data box to qkbaa2n. These rights can be claimed in writing form at the address below.

    EXBIO Praha, a.s.
    Nad Safinou II 341, 252 50 Vestec
These Principles are valid and effective from May 25, 2018.