PUBLIC TRADING CONDITIONS APP EMMY (PART OF PZS)

1 Introductory provisions

1.1Emmy Medical s.r.o., company ID: 06785247, TIN: CZ06785247, with registered office in Levohradecké nam. 1066, 252 63 Roztoky, conducted at the Municipal Court in Prague pod sp. zn. C 288901 (hereinafter referred to as C ”Emmy“), operates the Emmy web application (the “App”), which facilitates healthcare providers (hereinafter referred to as the App “PZS“) communication with their patients. The section Application for PZS, which is available at https://dr.sestraemmy.cz/, is a cloud-based tool for the efficient organization of the provision of health services.

1.2These public terms and conditions (hereinafter referred to as “public terms and conditions ”VOP“) regulate the rights and obligations of the parties arising from the contract with respect to the use of the Application, whether in a trial or normal mode, which may be concluded between PZS and Emmy as the operator of the Application (hereinafter referred to as the ”Contract“). The provisions of these GTC form an integral part of the Agreement. PZS, which has entered into a Contract with Emmy on the basis of these GTC, is referred to as a customer for the purposes of these GTC (hereinafter referred to as ”Customer“).

Emmy is only the provider of a technical solution in the form of the Application, with the Customer remaining solely responsible for the provision of health services. The Customer acknowledges that the Application serves to facilitate and increase the security of remote communication with patients, and its use does not replace the maintenance of medical records.1.3.

2. Conclusion of the Contract

2.1. The customer can only be a PZS, that is, a person who is authorized to provide health care according to Act No. 576/2004 Coll. on health care, services related to the provision of health care and on the amendment of certain laws (hereinafter referred to as the “Law on the provision of health care”) Emmy is not obliged to verify this authorization in any way.

2.2.In the event of an interest in concluding a Contract, the person authorized for the relevant PZS must first act (hereinafter referred to as ”Authorized person') to register at https://dr.emmy.sk/. The selected login data will, after the conclusion of the Contract and activation, be used to log in to the Customer's interface in the section of Applications designated by the PZS, through which it is possible to manage the medical facility (hereinafter referred to as ”

2.3. In order to start the process of concluding the Contract on the basis of these GTC or its amendment (changes to the contractual regime), it is necessary that the PZS, respectively. The authorised person has completed the relevant part of the enquiry form (hereinafter referred to as ““). Within the Inquiry Form, PZS can choose whether it is interested in first concluding a contract for a free trial mode of using the application or directly for a paid regular mode. The completed Inquiry Form, also containing the text of these GTC, then the Authorized Person in the relevant part (related to the trial or normal regime) will sign for the PZS with his qualified electronic signature and send it on behalf of the PZS to podpora@emmy.skfor processing. If the information proving the authorisation of the Authorised Person to act for the relevant PPS is not available from the public registers, the Authorised Person shall attach to the signed Inquiry Form documents proving his/her authority (e.g. employment contract, power of attorney), if he/she has not already done so. The data entered during registration, as well as in the Enquiry Form, must be true and accurate.

2.4.If PZS operates more than one medical institution, it is necessary to fill in the Inquiry Form for each of them and thus conclude a separate Contract. However, the same login details can be used to manage medical facilities in the Application and there is no need to make a new registration.

2.5.The contract between Emmy and PZS is concluded only upon delivery of Emmy's confirmation of acceptance of the Inquiry Form to the provided contact e-mail address of PZS (contractual). The contract consists of these GTC and the accepted Inquiry Form. Emmy reserves the right to refuse to enter into the PZS Agreement for any reason. In the event of a change in the Contract (contractual regime), the change also takes place only upon delivery of Emma's confirmation of acceptance of the new Inquiry Form to the Customer's contact e-mail address (contractual).

2.6.The subject of the Agreement is not the provision of any intermediary services by Emma, and the Customer acknowledges that the Application is not intended to offer health services in order to facilitate the admission of new patients to the Customer, but primarily serves to facilitate communication with his existing patients.


3. Emma's Rights and Duties

3.1.
Under the Agreement, Emmy undertakes to maintain for the Customer a Customer account enabling the use of the Application, which in the basic tariff includes:

- management and management of the Customer's patient directory;

- management and management of the Customer's office time and calendar;

- creation of own templates of patient requests, reception (from users of the patient account of the Application) and establishment of patient requests, their registration and management, as well as the implementation of related communication (with users of the patient account of the Application);

- sending comments and other alerts related to the patient's order for a visit to a medical institution;

- monitoring of access to selected patient data and their changes by other users of the Customer Account;

- anonymous aggregate statistics on the use of the Application by the Customer and the Customer's patients, with Emmy reserving the right to use the collected anonymous data also for its own purposes; these statistics do not in any way allow the identification of individual patients.

3.2. If other than the basic tariff of the Application is negotiated, then Emmy undertakes to provide the Customer with the relevant additional functionalities in accordance with the applicable price list available hereand forms part of these GTC (hereinafter referred to as ”Price list“). The choice of the Application tariff is made by the Customer in the Inquiry Form, while this choice is possible only when arranging the usual paid mode of the Application. When arranging a trial mode, the highest tariff of the Application is always provided. Changing the tariff The application to a lower tariff variant is possible only after the end of the already paid payment period, by agreement between Emma and the Customer.

3.3.As part of some tariffs, Emmy offers the Customer the opportunity to collect payments from their patients through Emmy. This service is intended only for Customers who are not VAT payers. In this case, Emmy may, at the Customer's request, issue receipts with a QR code for direct payment of the patient to the Customer's bank account at Fio Banka, a.s. At the same time, through a passive authorization at the Customer's choice, Emmy verifies the delivery of the payment and, after crediting the payment to the Customer's account, informs the Customer of the receipt of payment.

3.4. The Customer may also be offered additional functions of the Application consisting in sending SMS messages and, where appropriate, processing their replies; and in the case of the Emma Voice service also automatic processing of telephone calls (hereinafter referred to as the ”“). These SMS and voice functions can be ordered by the Customer in the manner and under the conditions specified in their offer published in the Price List. The use of SMS and voice functions is also governed by these GTC.

3.5. Emmy further undertakes to provide the Customer, if necessary, with the User Support Services of the Application, with the Customer's requests being dealt with within the time limits appropriate to their nature.

3.6.Emmy makes reasonable efforts to keep the App available, secure and error-free at all times. However, it is a complex IT system that, among other things, also depends on third-party infrastructure. The Application is therefore provided to Emmy without any guarantees and obligations regarding the suitability and level of services provided, unless these GTC expressly provide otherwise, in particular, Emmy does not guarantee to the Customer that the Application and its individual functionalities will always function flawlessly (for example, that there will be no loss of data or failure to deliver messages), will be continuously available and their security will not be compromised., especially due to force majeure, cyber attack, technical failure or regular maintenance.
3.8. The Customer declares that he has thoroughly familiarized himself with the features of the Application, assessing the suitability of the Application for his needs. Emmy is liable to the Customer only for damage caused to him intentionally or through gross negligence by Emma. If Emmy's obligation to compensate Customer for damages arises, then the extent of the damages shall not exceed the total amount of the performance paid by Emma to Customer under the Agreement.

3.9.Emmy reserves the right to modify the Application at any time (including the cancellation of SMS and voice functions) or to terminate its operation at any time. Thus, Emmy is not liable for any damage that may arise to the Customer as a result of the foregoing.

3.10. In case of violation of these GTC by the Customer, Emmy reserves the right, without prior notice and any compensation, to temporarily restrict the Customer's access to the Application, or immediately withdraw from the Agreement and terminate the Customer's account at its discretion.

3.11. Emmy is entitled to disclose and indicate outside the Application the fact that the Customer, as a PZS, uses the Application.


4. Rights and obligations of the Customer

4.1.
The customer declares that he has thoroughly familiarized himself with these GTC, agrees with them and undertakes to comply with them unreservedly.

4.2. The Customer guarantees that he is entitled to provide health services under the Act on the Provision of Health Care and undertakes to use the Application only in connection with the provision of health services specified in his authorization.

4.3.Emmy does not interfere in any way in the legal relationship between the Customer and the patients. Health Services are provided by Customer to patients on its own behalf and completely independently of Emmy, and it also independently manages its Customer Account, including all settings and information provided through it. For this reason, the Customer bears all responsibility for the provision of health care and the use of the Application in connection with it, in particular for dealing with patient requests through the Application (e.g. cancellation of an agreed term, provision of false information, etc.) or verification of the authorization of the patient's representative, and undertakes to fully indemnify Emmy for any liability of her to compensate a third party or sanction imposed on it by public authorities, insofar as they arise in connection with said use of the Application by the Customer.
4.5. Without prejudice to Customer's independence in providing health care, Customer undertakes to use the Application only in accordance with its purpose and in such a way as not to harm Emma's good name and legitimate interests. Therefore, the Customer also undertakes, when using and in connection with the Application, especially in relation to receiving and solving patient requests through the Application, to comply with all legal and state regulations to which he is bound, as well as to always act in accordance with good morals, with due professional care and de lege artis. For the avoidance of doubt, it is stated that a breach of obligations under this provision would be considered, inter alia, if the Customer:

- created a patient request template, the solution of which through the Application is inappropriate and undesirable (e.g. regarding life-threatening conditions);

- created a patient request template that would automatically evaluate the data entered by the patient, and thus be subject to the regulation of medical equipment;- solved the patient's request exclusively through the Application, i.e. without arranging a personal visit to the medical facility by the patient or a background in previous care (e.g. prescription of certain types of drugs);

- repeatedly failed to respond to patient requests entered through the Application without undue delay;

- repeatedly cancelled in-person patient visits arranged through the App without good cause or sufficient advance notice.

4.5.The Customer undertakes to comply with all its legal information obligations and obligations of instruction in relation to the provision of health care, as well as the use of the Application in relation to it, in particular towards patients (also as consumers and subjects of personal data). In the event that Customer is provided by Emma with any model legal document relating to the use of the Application, such model shall not be a substitute for qualified legal assistance and Emmy shall not be liable to Customer for any damages incurred by the Customer in connection with its use.

4.6.The Customer undertakes that all information provided by him in the patient section of the Application or otherwise communicated to patients through the Application will be in accordance with the law, correct, true, complete, not misleading and current, and also undertakes to maintain these characteristics on an ongoing basis.

4.7.In the event that the Customer uploads any content (e.g. information, personal data, personality attributes of third parties, structured questionnaires or works of authorship, etc.) to the Application (hereinafter referred to as”Customer Content“), undertakes that it is entitled to do so (in particular, that it has the appropriate licenses, permissions or consents) and warrants to Emmy that the provision or use of such content on the Application will not infringe the rights of third parties or otherwise violate the law. To the extent necessary to provide the Services of the Application, the Customer then grants Emmy a royalty-free, non-exclusive, territorially and indefinite (for the duration of the legal protection of proprietary rights) license to use any of the Customer Content that is copyrighted, or also permission to use personal attributes (if applicable). The license also includes the express consent to sublicense the use of Customer Content, both for a fee and free of charge. Emmy is not required to use the license granted. Emmy does not supervise the compliance of Customer Content with the law. In the event that Emmy becomes aware of the illegal nature of Customer Content, Emmy is entitled to disable or remove it.

4.8. The Customer undertakes not to use the Application to disseminate unsolicited commercial communications, and that all such commercial communications will be in full compliance with applicable law, in particular Law No. 18/2018 Coll. on Personal Data Protection and on Amendments to Certain Acts, with Regulation (EU) 2016/679 of the European Parliament and of the Council, General Data Protection Regulation (“GDPR”).

4.9.In no event shall Emmy be liable for any actions taken by users of the Application's patient account towards the Customer (e.g. failure to attend an agreed in-person visit to a medical facility). Emmy implements measures to verify the identity of users of the patient account of the Application, but does not guarantee to the Customer that the person using the patient account of the Application is indeed the person they impersonate. If necessary, the Customer is obliged to obtain a record in the medical documentation with the patient's statement that the data on the state of health can be communicated to him through a specific patient account in the Application.

4.10. To the extent that any services, tools or content provided by third parties (“Third Parties”) can be accessed through the Application, the Third-Party Terms apply, and by using the Application you agree to these Terms. Emmy has no control over, and assumes no responsibility for, the content or practices of any Third Party. Customer hereby acknowledges that Emmy shall not be liable, directly or indirectly, for any damage or loss caused to Customer by the use of or in connection with the use of Third Party Services, including any loss of Emma functionality as a result of a change to the Service provided by a Third Party.

4.11. The Customer is entitled to allow access to his Customer Account to the necessary number of natural persons who are authorized to act on it and are bound by the obligation of confidentiality, with the fact that each person must have his own user established under the Customer Account (it is forbidden to share access data). For the avoidance of doubt, it is stated that the use of the Application by the User under the Customer's account is considered to be use by the Customer, and the Customer is responsible for all possible violations of these GTC that occur through such use. The Customer undertakes to ensure the protection of the access data to the Customer Account so that they are not made available to third parties. The Customer is also solely responsible for the use of the Application by third parties through his Customer Account.

4.12.The Customer undertakes not to abuse the Application and not to use in relation to it any procedures, software tools or scripts that could adversely affect its operation, disrupt its functionality or cause an unreasonable load on it, and undertakes not to perform any other activity that could constitute an unauthorized interference with the Application with respect to its purpose and functioning.

4.13. The application and its content may be protected by intellectual property rights. On the basis of these GTC, the Customer is entitled to use the Application exclusively in a standard way, which is considered to be use through the Customer's account via the web interface, and only for the purposes resulting from these GTC. In addition to this right, the Customer has no right to the Application and its content (does not include Customer Content). Thus, without prior permission from Emma or the relevant rights holders, the Application, any components or content, including source codes, logos and other graphic elements, may not be used other than as described above and for the purposes set out above. In particular, these elements may not be modified, included in collective works, or otherwise interfered with, reproduced, disseminated or communicated to the public.

4.14.Customer may not use the Application, any of its components or content, including source codes, logos and other graphic elements, for the purpose of developing and marketing any other computer program that could compete with the Application in any way, or for any other purpose affecting the rights or legitimate interests of Emma, in particular, is not entitled to perform any analysis functionality or back analysis of the Application and its components.


5. Price and payment

5.1.
Emmy offers the Customer the opportunity to enter into a Contract for testing the Application in a free trial mode, for an indefinite period of time. In this case, the provisions of these GTC regarding the payment of the Prize (as defined in Article 5.2) shall not apply to the relationship between Emma and the Customer. GTC) in Article 5.2. - 5.4. GTC, which apply only to the Contract with the agreed normal paid regime. The other provisions of the GTC are not affected by the arrangement of the trial regime and are thus part of the relevant Agreement. If, at the Customer's request, a Trial Agreement is concluded, Emmy shall have the right to terminate such Agreement at any time without giving any reason, by termination with a 15-day notice period commencing on the day following the sending of the notice to the Customer's contact email address (Contract). During this time, the Customer has the opportunity to request through the Inquiry Form to change the contractual regime to the usual paid mode (in accordance with the Price List), so as not to disable the Customer's account and delete the Customer data. The contract with the agreed trial mode can also be canceled by the Customer, immediately without notice period, while notice is sufficient by sending a notice to podpora@sestraemmy.cz. For the avoidance of doubt, it is stated that it is not possible to change the contractual regime from the normal to the trial one.

5.2.The price list for using the application in normal paid mode is published on https://info.emmy.sk/cennik. For the maintenance of the Customer's account in the current mode, the Customer undertakes to pay Emmy the price with VAT determined on the basis of the applicable Price List a) according to the selected tariff of the Application and b) according to the type of the Customer's medical facility, the number of its patients and/or the number of doctors converted on a full-time basis, with Emmy being able to provide customers with preferential offers (hereinafter referred to as “Price”)). If it is necessary to increase the capacity of the Customer Account, the Price is increased according to the valid Price List, or according to the agreement of the contracting parties, with effect from the date of change of capacity, while the Customer is obliged to pay a proportional part for the respective payment period.

5.3.The Price is normally paid for a calendar month, monthly in advance, with the Customer being able to pay the Price in advance even for a longer period of time (on the basis of the Price List or under the conditions of the preferential offer), but in this case he does not have the right to refund any part of the Price paid, if the Contract is terminated for reasons on his part before the end of the prepaid period. The Customer pays the Prize by non-cash transfer on the basis of an invoice (tax document) with a maturity of 14 days, which is issued by Emma and sent in electronic form to the Customer's contact e-mail address (contractual) each time before the start of the respective payment period. The customer agrees to issue an invoice (tax document) in electronic form.

5.4.In the event of Customer's delay in payment of the Prize, Emmy has the right to withdraw from the Contract.

5.5.SMS and voice functions are not included in the Price and are charged according to the number of sent SMS messages and processed responses to them (within the scope of use by the Customer), or based on the number of processed minutes of telephone calls, while the unit prices are indicated in the valid Price List. Emma's billing shall always be made at the end of the calendar month, with the billing invoice being issued by the 15th day of the following calendar month. The Customer agrees to issue invoices (tax documents) in electronic form with the fact that they will be sent to the Customer's contact e-mail address (contractual). Before activating the SMS functions, the Customer is obliged to make a security in the amount according to the valid Price List, which is refundable in case of cancellation of these functions. If the Customer becomes late with the payment for the use of SMS functions, Emmy is entitled to suspend the SMS function and use the security to pay the amount owed.


6. Protection of personal data

6.1.
Since the Application is a cloud-based tool designed, among other things, to work with personal data, Emmy processes, in the performance of the Contract for the Customer, as a processor, the personal data that the Customer has entered into the Application or collected through it (hereinafter referred to as”“). This processing is governed by the agreement on the processing of personal data, the content of which is Annex No. 1 to these GTC, and thus becomes an integral part of each Contract (hereinafter referred to as”

6.3. Emmy is bound by the obligation of confidentiality in relation to Customer Data and undertakes to implement technical and organizational measures in accordance with the Agreement. The processing of Customer Data takes place automatically, and therefore Emmy's authorized employees will only have access to Customer Data on an exceptional basis and in accordance with the Agreement.

6.4. Information on the processing of personal data Authorized persons and other users of the Customer Account are contained in a separate document available herewhich forms an integral part of these GTC.

6.5. In operation, the Emmy App also uses cookies to a limited extent. Our policy on the use of cookies is contained in a separate document available herewhich forms an integral part of these GTC.


7. Final provisions

7.1.
The contract on the basis of these GTC is concluded for an indefinite period. Both the Customer and Emmy have the right to terminate the Agreement without giving any reason, by notice of termination with a monthly notice period commencing on the first day of the calendar month following the delivery of written notice to the other Contracting Party. SMS and voice functions are also negotiated for an indefinite period, and the Customer and Emmy have the right to cancel their provision also without giving any reason, by means of termination with a monthly notice period, which begins on the first day of the calendar month following the delivery of the written notice to the other contracting party. In this case, the unused security will be returned to the customer.

7.2. In connection with the termination of the Agreement, the Customer Account will be terminated and all Customer Content, including Customer Data, will be deleted.

7.3. The Customer is not entitled to assign or transfer its rights and obligations under the Contract to a third party. Conversely, the Customer agrees that all of Emma's rights and obligations under the Contract may be assigned by Emma to a third party without further notice.

7.4. Due to the nature of the Application and its planned development, it may be necessary to change these T&C. Emmy may unilaterally change these T&C to a reasonable extent, whereby reasonable changes include, but are not limited to, corrections of inaccuracies, changes related to changes in the functionality of the Application or its fees, changes to the Price List, changes to the Privacy Policy, the Cookie Policy and the Personal Data Processing Agreement, as well as changes necessitated by a change in law. Emmy will notify you of a change to the GTC at least 30 days prior to their effective date by publishing the new version of the GTC on the website emmy.sk or in the interface of the Application, and in the case of more substantial changes, also by a message sent to the Customer's contact (contractual) e-mail address. The Customer has the right to reject the changes made to the GTC and to terminate the Contract for this reason no later than 15 days after the notification of the changes by Emmy. The termination period is 15 days and starts on the day on which it is delivered to Emma. If the Customer does not terminate the Contract within the said period, it shall be deemed to accept the changes to the GTC, with the understanding that the new version of the GTC shall thus become part of the Contract instead of the original one. The effective version of the GTC is always published on the website emmy.sk and within the Application, and you are obliged to keep up to date with it.

7.5. All legal relations between the Customer and Emmy arising out of or in connection with the Contract shall be governed by the laws of the Slovak Republic. Any disputes arising out of or in connection with the Contract shall be resolved by the competent courts of the Slovak Republic, the courts of the Slovak Republic, exclusively according to the law of the Slovak Republic.

7.6. The invalidity of any provision of these GTC shall not affect the validity of their other provisions.

7.7. You can contact Emmy with any questions, requests or complaints at podpora@emmy.sk.


Annex No. 1 of the GTC

PERSONAL DATA PROCESSING ARRANGEMENTS

1. Introductory provisions

1.1.
This Arrangement pursuant to Article 28(3) of the GDPR is entered into as part of the Contract between Emmy and PZS under the T&C (the "Arrangement"). All terms used in the GTC shall have the same meaning for the purposes of this Arrangement. The Arrangement relates to the processing of Customer Data (as further specified in Section A. of the Arrangement) ("Processing") in respect of which the Customer acts as data controller and Emmy processes it for it as processor.


2. Liabilities

2.1.
The Customer, as the controller of the Customer Data, undertakes that it will have a valid legal basis for the processing of the Customer Data in the Application at all times and that it will comply with all of its legal obligations towards data subjects, in particular the information obligation. The Customer further undertakes to immediately remove from the Application Customer Data for the processing of which it does not have a valid legal basis in the Application.

2.2. Emmy undertakes to process Customer Data only on the basis of the Customer's instructions arising from this Agreement or given by the Customer through their Customer Account or Customer Support Services, as applicable. Instructions are limited to the extent of Emmy's obligations under the Agreement. Emmy will notify the Customer if it believes that the Customer's instructions violate the law.

2.3. Customer data will not be transferred to countries outside the EU, i.e. third countries, with the exception of processing involving the sending and receiving of SMS (use of an additional processor Twilio, Inc.), where data may be transferred to the USA.

2.4. Emmy undertakes to maintain confidentiality with respect to all Customer Data and will ensure that all persons authorised to process Personal Data on Emmy's side are bound by a contractual or statutory obligation of confidentiality, including other processors engaged by Emmy in the Processing. The obligations of confidentiality shall survive the termination of the Contract.

2.5. The following persons are involved in the processing of Customer Data as additional processors on the basis of a contract:

- Amazon Web Services EMEA SARL, Czech Branch, ID No.: 09049266, with registered office at Sokolovská 689/115, 186 00 Praha

- SimpleCloud s.r.o., ID No.: 07772882, with registered office at Spojů 835/2, Poruba, 708 00 Ostrava

- depeche.io s.r.o., ID No.: 09620133, with registered office at Slavíkova 1757/34, Poruba, 708 00 Ostrava

- Twilio, Inc., 375 Beale St Suite 300, San Francisco, CA 94105, USA;

- Vocalls Inc s.r.o., registration number 06413421, with registered office at Rostovská 314/14, Vršovice, 101 00 Praha 10.

2.6. The Customer, as administrator, grants Emma general permission to make changes to the Processors' involvement. Emmy shall notify the Customer at least 30 days before making changes of the engagement of additional processors or their replacement. The Customer has the possibility to object to changes regarding the processors involved in the processing by rejecting the changes to the GTC pursuant to Article 7.4 of the GTC.

2.7. Any other processor involved in Processing by Emma shall be contractually bound to the same obligations as under this Arrangement.

2.8. Emmy agrees to implement the technical and organizational measures described in Section B. of this Stipulation.

2.9. Emmy will reasonably assist the Customer in fulfilling its obligation to respond to requests to exercise the rights of the Data Subject, through the Customer Support Services, if the Customer's requests cannot be addressed directly in the Customer Account. If Emmy receives a request addressed to a Customer, Emmy will forward the request to the Customer without undue delay.

2.10. Emmy will assist the Customer to the extent reasonably practicable in complying with its obligations regarding the security of Customer Data, reporting and notifying security breaches, assessing the impact of the Processing on the protection of Personal Data, and consulting with the Supervisory Authority, taking into account the nature of the Processing and the information available to it. Emmy shall report any Customer Data Breach of which it becomes aware to the Customer without undue delay.

2.11.Upon termination of the Contract, Emmy will delete the Customer Data and copies thereof, unless required by law to be retained. As the Customer Data is processed only in electronic form and the Customer has access to it, Emmy is not obliged to return the Customer Data to the Customer on a data carrier.

2.12. Emmy will provide the Customer with all information necessary to demonstrate that the obligations set out in Article 28 of the GDPR have been complied with and will facilitate and contribute to audits, including inspections, carried out directly by the Customer or by an auditor commissioned by the Customer, within reasonable timeframes.


3. Section A - Systematic description of Processing

3.1.
Emmy will perform the Customer Data Processing specified below for PZS as a processor (only in the aspect of providing the technical solution in the form of the Application):

3.1.1. Subjects and type of data:

- Users of the patient account of the Application (identification and contact details);

- Patients of PZS (identification and contact details, details relating to the Requirements, including health and appointment details, insurance details and registration details with PZS);

- Application Customer Account Users (identification and contact details, job roles and permissions, work locations, details of use of the Application).

3.1.2. Processing operations: in particular collection, organisation, storage, retrieval, sorting, disclosure, use, alteration, erasure;

3.1.3. Purpose of processing: organisation of healthcare provision (Operation of the Application);

- Customer Account user management and authorization;

- Logging of accesses/changes made by Customer Account users;

- Maintaining and managing the patient directory;

- Receipt, recording and management of Patient Requests, including calendar management and appointment management;

- Implementation of patient communication in the Application, including the transmission of Emma notifications;

- Sending reminders to patient contacts;

- Sending newsletters and other notifications, including gauging interest in procedures.

3.1.4. Nature of processing: predominantly automated, partly manual (support and maintenance services);

3.1.5. Duration of processing: for the duration of the Contract between Emmy and PZS, unless the Customer Data is removed earlier by PZS as controller.


4. Section B - Technical and organisational measures

4.1.
Emmy undertakes to implement and maintain technical and organisational measures in relation to the Processing, at least to the following extent:

- An ISO 27001 certified secure data centre located in the EU with both logical (firewall, passwords, roles and permissions) and physical access control measures in place (doors, locks, reception/guarding, electronic security, CCTV);

- Encryption of Customer data in transit;

- Strong password policy in the Application and encryption of passwords;

- Non-disclosure undertaking by all Emma employees with the ability to access Customer Data;

- Entering into Article 28 GDPR personal data processing agreements with all processors;

- Internal data protection guidelines, including a system for managing access to Customer Data;

- Regular automatic backups;

- Regular review of the security concept.


Version 1.1

Effective from 1 January 2023

Download the document here.

Back to main page