Privacy policy

Zásady ochrany osobních údajů

The purpose of this Privacy Policy is to provide you with information about the processing of your personal data through the seniorguard.ai web interface (hereinafter the "Website") and your rights associated with it. This policy is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter "GDPR").

We always process your personal data:

  • Transparently and fairly
  • In accordance with the law
  • To the necessary extent and for the necessary time

We store data securely for the period stipulated by legal regulations, or, if permitted by law, for a period determined based on our legitimate interest.

We recommend that you also familiarize yourself with the cookie settings.

You can easily check your data or request a summary directly in the application in the Settings > Personal Data section. There you will also find options on how to exercise your rights.

1. Data Controller

The controller of your personal data is SeniorGuard, s.r.o. (hereinafter the "Controller").Správce“).

Contact details of the Controller:

SeniorGuard, s.r.o., Company ID (IČ): 19422148

Petýrkova 26, 148 00 Prague 4, Czech Republic

Email: info@seniorguard.cz

Contact details of the Data Protection Officer (DPO):

Šafář & Partners, s.r.o.

Company ID (IČ): 24202517

Na Příkopě 22, 110 00 Prague 1, Czech Republic

E-mail: prague@safar-partners.com

2. Data Processed by the Controller

a) Personal Data

Identification data:

  • First and last name (encrypted)
  • Username / nickname (encrypted)
  • User ID / account number
  • Password (encrypted)
  • Date of birth
  • Place of birth
  • Gender
  • Nationality
  • Permanent or other residence
  • Type, number, and validity of identity document
  • Copy of ID card or passport

 

Contact data:

  • Email address
  • Residential / mailing address

 

Device and connection data:

  • Language preference

 

Preference data:

  • Past choices and personalization (e.g., gluten-free, vegetarian)

 

In-app activity data:

  • Information obtained via cookies and similar technologies

 

Cookies and online identifiers:

  • Necessary cookies
  • Functional cookies

 

Data for fulfilling legal obligations:

  • Records of consent or withdrawal of consent (demonstrating compliance with GDPR)

 

The Controller declares that the Website does not process sensitive data according to Article 4 (13), (14) and (15) and Article 9 of the GDPR.

We never share any data with third parties without your explicit consent.

3. Legal Grounds and Purpose of Personal Data Processing

The Controller processes your personal data only if there is an appropriate legal basis in accordance with the GDPR (Art. 6 and 9). This means that processing occurs only if at least one of the following conditions is met:

a) Fulfillment of the Controller's legal obligations

Processing of personal data may be necessary to fulfill the legal obligations of the Controller. These typically include the following purposes:

  • User account registration
  • Providing customer support
  • Communication in connection with the services you use

b) Legitimate interests of the Controller

  • Ensuring Website security and preventing misuse
  • Protecting legal claims and defense in case of a dispute
  • Direct marketing – sending information about news and services that might interest you (non-personalized)
  • Operational testing of system changes
  • Statistical and operational overviews
  • Ensuring the technical functionality of the Website, including the use of cookies necessary for their normal operation

 

You have the right to object to data processing based on legitimate interest. If you do so in the case of direct marketing, the Controller will always comply and immediately terminate processing for this purpose.

c) Consent of the data subject

If you grant consent to the Controller, your personal data will be processed for specific purposes, for example:

  • Personalizing recipe offers and content according to your preferences
  • Sending marketing communications and recommendations tailored to your interests
  • Using cookies and similar technologies in categories: preference, statistical, and marketing
  • Participating in surveys, user interface testing, or service improvement

Consent is voluntary and you can withdraw it at any time via settings in the application or by contacting the Controller. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Failure to provide or withdrawal of consent has no effect on the use of the core functions of the Website.

4. Retention Period of Personal Data

The Controller processes and stores personal data only for the time strictly necessary to fulfill the purposes for which the data were collected, or for the period stipulated by relevant legal regulations and in accordance with the principle of minimization under Art. 5 (1) (c) and (e) GDPR.

All processing takes place exclusively within the European Union, or within states ensuring an adequate level of protection according to Art. 45 GDPR.

The retention period varies depending on the legal title for processing your personal data:

i) Fulfillment of legal obligations

If the Controller has a legal obligation to retain personal data (e.g., for accounting, tax, or archiving purposes), they are retained for the period stipulated by relevant regulations. Typically, this is a period of 5 to 10 years, depending on specific legislation (e.g., Accounting Act, tax laws).

ii) Performance of a contract

Data processed by the Controller for the purpose of providing services via the Website (e.g., user registration) are retained for the duration of the contractual relationship.

iii) Consent of the data subject

If the Controller processes personal data based on your consent (e.g., for sending personalized offers or using marketing cookies), processing occurs for the duration of this consent's validity or until its withdrawal. After the withdrawal of consent, data are securely deleted or anonymized unless they are further needed for another lawful purpose.

iv) Concurrence of multiple purposes

In specific cases, personal data may be processed concurrently based on multiple legal titles. In such a case, the data are always retained according to the longest relevant period.

After the respective periods expire, personal data are securely deleted or anonymized, in accordance with the principles of minimization and storage limitation under Art. 5 GDPR.

Backup (optional)

In the event that a user creates a personal account and actively selects the data backup option, the Controller backs up all personal and health data in encrypted form on secure servers located in the European Union.

Backed-up data are protected using modern cryptographic methods that meet the requirements of "bank-level security" and are accessible exclusively to authorized persons of the Controller who are bound by confidentiality.

Data transfer between the user device and the server occurs exclusively via an encrypted connection. The user has the right to cancel the backup at any time, whereby the Controller will ensure the immediate deletion of all data from backup systems unless their further retention is necessary for a legal reason.

Security of personal data

The Controller has adopted appropriate technical and organizational measures under Art. 32 GDPR to ensure the protection of personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

These measures include in particular:

  • End-to-end encryption of all health and other sensitive data
  • User authentication via password, biometric data, or another security mechanism
  • Separate storage of identification and health data,
  • Regular security audits and penetration tests
  • Access rights management according to the "need-to-know" principle
  • System monitoring aimed at detecting and preventing unauthorized access

In the event of any incident that could lead to a breach of personal data security, the Controller is obliged to evaluate the risk without undue delay and, if necessary, inform the supervisory authority and affected data subjects in accordance with Articles 33 and 34 GDPR.

The Controller hereby confirms that the highest level of technical and legal protection of personal data is adopted, especially considering the nature of the sensitive data processed within the Website.

Data sharing

You can share data with a specific person only by the user's active decision. All sharing is fully under your control and you can cancel it at any time.

4. Your Rights in Connection with Personal Data Processing

When your personal data are processed, you as a data subject have the following rights under the GDPR. You can exercise these rights against the Controller.

Right of access to personal data

You have the right to request confirmation as to whether the Controller is processing your personal data. If so, you have the right to gain access to these data, including information about their purpose, category, retention period, and potential recipients.

 

Right to data portability

You have the right to receive the personal data you have provided to the Controller in a commonly used and machine-readable format, and potentially transmit them to another controller. This right applies only to data processed automatically by the Controller based on your consent or a contract.

 

Right to erasure of personal data

You have the right to request that the Controller erase your personal data without undue delay if:

  • They are no longer necessary for the purposes for which they were collected
  • You withdraw your consent and there is no other legal ground for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data have been unlawfully processed

 

Right to rectification of personal data

You have the right to request the rectification of inaccurate or the completion of incomplete personal data that the Controller holds about you.

 

Right to restriction of processing

You have the right to request the restriction of processing of your personal data if:

  • You contest their accuracy (for the period of verification)
  • The processing is unlawful
  • The Controller no longer needs the data, but you require them for the establishment, exercise, or defense of legal claims
  • You have objected to processing (for the period of verifying whether our legitimate grounds override yours)

 

Right to object

If the Controller processes your personal data based on legitimate interest, you have the right to object to such processing. If you object to processing for direct marketing purposes, the processing will always be terminated immediately.

 

Right to lodge a complaint with a supervisory authority

If you believe your right to personal data protection has been violated, you have the right to lodge a complaint with the Office for Personal Data Protection:

  • Address: Pplk. Sochora 27, 170 00 Prague 7
  • Web: www.uoou.cz

How to exercise your rights

You can exercise your rights:

  • Via email at: info@seniorguard.cz
  • In writing to the address of the Website operator (see website footer)

 

Before processing your request, we may request identity verification to ensure the protection of your personal data.

The Website's Privacy Policy is effective from the date of its publication. This Privacy Policy was published on February 20, 2026.

Contacts

Zpráva byla odeslána!

Vaše zpráva byla úspěšně odeslána, děkujeme! Odpovíme Vám v nejkratším možném čase.