Welcome to our website!
We are Loono, a team of doctors, medical students and other professionals. From the perspective of law, we are, Loono is, to be precise, the controller of personal data that you share with us when visiting our website at www.loono.cz. Our website will be hereinafter referred to as the “Website” to make it easier.
Why should you even care to continue to read this text? As mentioned above, by entering our Website, sending us a message or providing support, you transfer certain personal data to us. To give you an idea of why this is the case, what we need them for, how we handle them, with whom we share them and which personal data protection related options and rights you have, we have put together a list of our basic personal data processing and protection rules.
Although this text focuses primarily on types of personal data affected by GDPR (you have surely heard of this regulation of the European Council and of the Parliament, its exact title is: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - General Data Protection Regulation); here, in Loono, we approach the controlling of all data (including those to which GDPR does not apply) responsibly and personal data protection is our top priority.
No worries, we are not asking you to sign anything - below, we will give you a roundup of all important information, and by using our Website, sending us a message or supporting us as a donor, you acknowledge our policy.
Let’s get started – who did we say we were?
We are Loono, z.s. (z.s. stands for a ‘registered association’), a non-profit organisation, we are based at nám. Winstona Churchilla 1800/2, 130 00 Prague 3, and our IČO (Company ID Number) is 029 05 639.
You can contact us, as the controller, using several methods:
- in writing at Loono, z.s., Dům Radost, nám. Winstona Churchilla 1800/2, Prague 3, 130 00,
- electronically via email at: email@example.com.
What are ‘personal data’ processed by Loono and how are such data collected?
Contact: Another category comprises personal data that you share with us when visiting our Website or sending a message via our contact form. Whenever you use our contact form, we will ask for your name and surname, email address, phone number and your message and/or additional related information. This also applies if you contact us via our social media (in which case the relevant social media privacy policies apply), email or by phone.
Sensitive personal data may also reach us from time to time.
Your message may contain sensitive personal data. In addition to the “ordinary” data category, GDPR also defines sensitive data that are eligible for stricter protection. Such data include but are not limited to health data, personal stories, requests for help, photos etc. To be able to process such sensitive information, we need your consent which you can give us by entering information in the form, e-mail, phone or our social media and submitting a message. Without your knowing consent, we unfortunately cannot process your message because it would never even make it to us.
No need to worry! If you change your mind, you can withdraw your consent to the processing of (sensitive) data any time and the data you provided will be erased – this right and other rights you may have are described in more detail below.
Which other information reaches us?
In addition to the personal data mentioned above, we collect and process some other data and information whenever you visit our Website. Such data and information include demographic data (the language, in which you visit our Website, city, country, gender and age), data concerning the interests you, as a user of our Website, may have (i.e. information about your online visit to the Website), and we also collect information concerning your IP address, browser type, operating system on and information about devices, from which you access our Website (phone, tablet, computer), respectively.
However, such data are anonymised. That means that we are not able to identify you using them. At the same time, such data are not subject to GDPR. However, we believe it is fair to inform you that we process them (albeit anonymously).
What gives Loono the right to process personal data? What are its legal grounds for such processing?
Once again, we base things on GDPR. We will not bother you with references to the specific clauses, and we will explain everything instead. We can split the grounds for processing into three categories:
The first legal basis is the performance of a donation or another agreement that we conclude, and consequently the fulfilment of the contractual relationship between Loono and you. In this context, we will process your personal data primarily for the purposes of issuing a donation confirmation, entering the donation in accounting and tax records, sending out information about how the donation was used etc.
Furthermore, we have a legitimate interest in providing services associated with the Website traffic. What does it mean? To do our jobs as best we can and to keep moving forward, we utilise feedback from our visitors, shared both directly and indirectly, for example, by processing information concerning the traffic on our Website. We analyse such data as part of statistics, reflecting them in our marketing strategy. Based on such data, we are capable of better understanding the behaviour and needs of visitors to our Website, and of tailoring our projects to them. In addition, we have a legitimate interest in handling messages from donors and other contractual partners. We also have a legitimate interest in targeting donors and other contractual partners via direct marketing (such as newsletters containing calls for donations or requests and calls for support related to a contract, donation thank-you messages etc.).
The last item on the list of grounds, based on which we can process personal data, is your consent. You grant us your consent, for example, by sending a message via our contact form, by sending an email or by sharing data via phone. Based on your request, we can contact you and process your messages. You grant your consent to receiving our newsletter separately when subscribing to it.
Why does Loono process personal data? For what purpose?
We process your data to be able to honour our part of the deal that we made and confirmed by signing a contract. If we did not have your personal data, we would not be, first of all, able to conclude it, and, by extension, fulfil it. We also keep a list of donors and contractual partners. Not only for tax and accounting purposes but also to be able to meet other related statutory obligations.
We also process data to be able to process your message, suggestion or question that reaches us via our contact form, email or phone. Without personal data, we would have no way of contacting you and responding! We also keep a list of persons interested in joining us as lecturers or volunteers, and we work with the database, for example, for hiring purposes.
Another purpose of processing personal data is to improve the security of our Website as well as the quality of our services and projects. We want to keep improving and being able to process personal data is a certain kind of feedback for us.
Cookies. They are everywhere. We have them, too.
Cookies are small text files generated when you visit our Website. They are used as tools for storing information about how our Website is used. This information helps us, among other things, improve the range of our products and services (in addition to being used for analytical purposes, collecting anonymous data etc.). We cannot use them to identify customers. We can only distinguish them from others, and then adjust our Website appropriately, i.e. tailor it to the visitors’ preferences.
Which cookies do we use on our Website?
- Functional cookies: They provide the basic web functionalities and cannot be disabled. Our Website would not work the way it should without them.
- Analytical cookies: Thanks to these cookies, we can see the traffic on our Website which helps us improve its services and functionality. As mentioned above, we only work with anonymised cookies and are not capable of identifying the behaviour of a specific Website visitor. If you do not agree with the storing of these cookies, you can disable them.
- Marketing cookies: Based on these cookies we can tailor ads to your preferences or personalise our services in another manner. Again, we cannot identify you based on such data. And these cookies can be also disabled.
We use all findings reached based on cookies to improve and streamline your user experience on our Website. Furthermore, we use our findings for marketing and advertising purposes to ensure that ads shown to you are as personalised as possible.
You can accept and reject new cookies and clear cookie history in your browser settings. However, please be aware that blocking some or all cookies may impact the functionality of the Website.
For how long will we retain your data?
If you provide your data to us in connection with a contract, we will retain your data for as long as necessary to fulfil the contract, also taking in account the obligations imposed on us by the relevant legislation (including but not limited to the Accounting Act, tax regulations etc.). We retain personal data processed on the basis of our legitimate interest for a period of five years starting from the moment we receive them. If you grant us your consent to data processing, we process your data until you revoke your consent which can be done any time.
Who else will receive your personal data?
From time to time, we may need to disclose certain personal data to other persons who are not members of the Loono team. We do so to achieve our mission, fulfil a contract or meet obligations arising from legislation. However, we only share data that are absolutely necessary and essential to our colleagues.
Who are we referring to?
Persons involved in the contract processing procedure. This includes but is not limited to Nadace Via and darujme.cz in accordance with their terms, Salesforce, financial, accounting, tax or legal consultants, payment and banking services providers... All the above persons follow personal data protection regulations and – as mentioned above – we only disclose data to them on a need-to-know-basis in relation to their cooperation with us.
Furthermore, these are persons who run our Website and other services, including the Preventivka app. This includes but is not limited to Breezy s.r.o., Solidpixels.
This also includes persons that assist us with marketing, marketing services set-up and optimisation and our cloud services providers. This includes SmartSelling - SmartEmailing, Google - Google Ads, Analytics, Google Tag Manager, meta, Seznam.cz - Sklik, Smartlook.
Some data may be also accessible to postal and delivery service providers (for example, whenever we send a letter to your address), as well as government authorities, courts, investigative, prosecuting and adjudicating bodies unless the law stipulates that we make your data accessible.
Finally, at the close of this section, we would like to notify you that we can transfer data to third countries, i.e. outside the European Union, in connection with our marketing activities. However, this is not happening at the moment. If this changes, you will find out in this document.
Which rights do you have in connection with the relevant GDPR clauses?
First of all, you have the right of access to personal data. If you wish to find out which of your personal data Loono has, send us an email. If you feel like your personal data, which is available to us, is not correct, you have a right to their correction. Contact us and we will update them.
If permitted by our obligations, we may also grant your request for erasure of personal data. Under the Regulation, you can request the transfer of your personal data to another controller or object to the processing of personal data.
If you consented to the processing of personal data, you can revoke your consent any time.
If you do not succeed when claiming your personal data protection related rights with us, you can file a complaint with the Office for Personal Data Protection or make your claims in court. However, we always prefer an amicable resolution of all disputes. Prevention is our top priority, after all. That is why you should not be afraid to contact us with any issues or problems.
How do we keep your personal data secure?
We would like to assure you that we have taken all technical and organisational measures necessary to secure personal and other data, including but not limited to those taken via our Website operator which is Breezy s.r.o. - Solidpixels.
Furthermore, we have taken all measures necessary to secure our data storage and paper form data storage. Electronic data storages are protected by passwords and antivirus software, physical data storages are locked and can be accessed only by authorised persons - our employees or persons with whom we have entered into a corresponding personal data processing agreement. Communication between us takes place via the Website in encrypted form which also protects your personal data.
And that’s it, we are almost done.
Please remember that by visiting our Website and/or communicating with us, you acknowledge this policy and confirm that you are fully familiar with it. Thank you for reading all the way down here.
This version shall come into effect on April 11, 2023.