Public Terms and Conditions
Emmy application (part of PZS)

1 Preliminary provisions

1.1 Company Emmy Medical s.r.o., ID: 06785247, Tax ID: CZ06785247, with its registered office in Levohradecká nas. 1066, 252 63 Roztoky, registered at the Municipal Court in Prague under sp. zn. C 288901 (hereinafter referred to as'Emmys“), operates the Emmy web app (hereinafter referred to as”Applications“), which simplifies to health care providers (hereinafter referred to as”PZS“) communication with their patients. The Application section designated by PZS, which is available at https://dr.sestraemmy.cz/, represents a cloud-based tool for the effective organization of the provision of health services.

1.2 These General Terms and Conditions (hereinafter referred to as “VOP“) regulate the rights and obligations of the parties arising from the contract regarding the use of the Application, whether in trial or normal mode, which may be concluded between PZS and Emmy as the operator of the Application (hereinafter referred to as ”Covenant“). The provisions of these GTC form an integral part of the Agreement. PZS, which has entered into an Agreement with Emmy on the basis of these GTC, is referred to as a customer for the purposes of these GTC (hereinafter referred to as ”Customer“).

1.3 Emmy is only a provider of technical solutions in the form of an Application, provided that the Customer remains solely responsible for the provision of health services. The Customer acknowledges that the Application serves to facilitate and increase the security of remote communication with patients and to simplify the processing of patient data, and its use does not replace the maintenance of medical documentation. Any outputs from the Application must be checked by the Customer.

2. Conclusion of the contract

2.1. The customer can only be a PZS, i.e. a person who is authorized to provide health services according to Act No. 372/2011 Coll. Emmy is under no obligation to verify this permission in any way.

2.2. In the event of an interest in concluding a Contract, the person authorised to act on behalf of the relevant PSC must first act (hereinafter referred to as “Authorised person“) make the registration at https://dr.sestraemmy.cz/. The selected login data will, after the conclusion of the Contract and activation, be used to log in to the Customer interface in the Application section designated by the PZS, through which the health facility can be managed (hereinafter referred to as ”Customer Account“).

2.3. In order to start the process of concluding a Contract on the basis of these GTC or its amendment (changes to the contractual regime), it is necessary that the PZS, respectively. Eligible person, filled in the appropriate section enquiry form (hereinafter referred to as “Enquiry Form“). Within the Enquiry Form, PZS can choose whether it is interested in concluding a Contract which first provides for a free trial mode of use of the Application or a direct paid regular mode. The completed Enquiry Form, including the text of these GTC, is subsequently signed by the Authorised Person in the relevant part (relating to the trial or normal regime) with his qualified electronic signature for the PSC and sends it on behalf of the PSC to podpora@sestraemmy.cz for processing. If the information proving the Authorised Person's right to act for the relevant PSC is not available from the public registers, the Authorised Person shall attach to the signed Request Form documents proving its authorisation (e.g. employment contract, power of attorney) if it has not already done so. The data entered during registration, as well as in the Request Form, must be true and accurate.

2.4. If the PZS operates more than one medical facility, it is necessary for each of them to fill out an Enquiry Form to conclude a separate Contract. However, the same login information can be used to manage medical facilities in the App and there is no need to re-register.

2.5. The contract between Emmy and PZS is concluded only upon delivery of Emma's confirmation of acceptance of the Inquiry Form to the contact e-mail address provided by PZS (contractual). The contract is made up of these GTC and the accepted Request Form. Emmy reserves the right to refuse to conclude the Agreement with PZS for any reason. In the event of a change in the Agreement (contractual regime), the change is also made only by delivery of Emma's confirmation of acceptance of the new Request Form to the Customer's contact e-mail address (contractual).

2.6. The subject of the Agreement is not the provision of any intermediary services by Emma, and the Customer acknowledges that the Application is not intended to offer health services in order to facilitate the Customer's reception of new patients, but primarily serves to facilitate communication with its existing patients.


3. Rights and obligations of Emmy

3.1.
Based on the Agreement, Emmy undertakes to maintain for the Customer a Customer Account enabling the use of the Application, which in the basic tariff includes:

- maintaining and managing the Customer's patient directory;

- maintaining and managing the Customer's office hours and calendar;

- creating custom templates of patient requests, receiving (from users of the patient account Application) and establishing patient requests, recording and managing them, as well as conducting related communication (with users of the patient account Application);

- sending comments and other notifications about ordering a patient to visit a medical institution;

- monitoring of access to selected patient data and their changes by other users of the Customer Account;

- anonymous aggregate statistics on the use of the Application by the Customer and the Customer's patients, with the fact that Emmy reserves the right to use the collected anonymous data also for its own needs; these statistics in no way allow the identification of individual patients.

3.2. If different from the basic plan of the Application is agreed, then Emmy undertakes to provide the Customer with the relevant additional functionalities in accordance with the valid price list available hereunder and forms part of these GTC (hereinafter referred to as ”Pricelist“). The choice of the Application tariff is made by the Customer in the Request Form, and this choice is only possible when agreeing on the normal charging mode of the Application. When arranging a trial mode, the highest tariff of the Application is always provided. Changing the App's tariff to a lower tariff option is possible only after the end of the already paid payment period, by agreement of Emma and the Customer.

3.3. Under some tariffs, Emmy offers the Customer the opportunity to collect payments from their patients through Emma. This service is intended only for Customers who are not VAT payers. In this case, at the Customer's request, Emmy may issue income documents with QR code for direct payment of the patient to the Customer's bank account at Fio Banka, a.s. At the same time, Emmy, through passive authorization at the Customer's choice, verifies the delivery of the payment and, after crediting the payment to the Customer's account, informs the Customer about the receipt of payment.

3.4. At the Customer's request, Emmy may activate the Application extension to facilitate the processing of documentation using optical text recognition (hereinafter referred to as ”OCR”) or generative artificial intelligence (hereinafter referred to as ”GenAI“). This processing is then carried out on the basis of previous and precise instructions from the Customer (OCR and GenAI together also ”Emmy AI“). The AI Emmy Award is governed by the Price List.

- The Emmy AI service is provided using sub-processors exclusively in the EU and GenAI is provided in full compliance with the GDPR, e.g. without the possibility of using the Customer's data to modify the GenAI model itself (more information can be found here).

- Activation is possible only after the conclusion of the Personal Data Processing Agreement between the Customer and Emmy (DPA).

- In accordance with the GDPR, the Customer is obliged to inform all its patients (not only those who communicate with the Customer via the App) that they use the services of Emmy, including the Emmy AI service. Emmy provides additional brief information in this sense also on the public profile of the Customer in the Application.

- EMMY WARNS THAT EMMY AI OUTPUTS ARE NOT CONTROLLED, EMMY DOES NOT GUARANTEE THEIR CORRECTNESS DUE TO THE NATURE OF GENAI/OCR AND THE CUSTOMER IS OBLIGED TO CHECK THESE OUTPUTS CAREFULLY, ESPECIALLY ANY OUTPUTS WITH DIAGNOSTIC OR CLINICAL CHARACTER OR SUB-CHARACTER.

3.5. The Customer may also be offered additional functions of the Application, consisting in sending SMS messages and, where appropriate, also processing responses to them; and in the case of Voice of Emma service, also automatic processing of telephone calls (hereinafter referred to as “SMS and voice functions“). These SMS and voice functions can be ordered by the Customer in the manner and under the conditions specified in their offer published in the Price List. The use of SMS and voice functions is also governed by these GTC.

3.6. Emmy further undertakes to provide the Customer, if necessary, the services of user support of the Application, provided that the Customer's requests will be processed within time limits reasonable to their nature.

3.7. Emmy makes reasonable efforts to keep the App available, secure and error-free at all times. However, it is a complex IT system that depends, among other things, on the infrastructure of third parties. Therefore, the Application is provided to Emmy without any guarantees and obligations regarding the suitability and level of the services provided, unless these GTC expressly stipulate otherwise, in particular, Emmy does not guarantee to the Customer that the Application and its individual functionalities will always function flawlessly (e.g. that messages will not be delivered), will be available continuously and their security will not be compromised, especially due to force majeure, cyber attack, technical problems or regular maintenance.

3.8. The Customer declares that he has thoroughly familiarized himself with the features of the Application, assessing the suitability of the Application for his needs. Emmy is liable to the Customer only for damage caused to him by Emmy intentionally or through gross negligence. Otherwise, to the extent permitted by law, Emma's liability for damage caused to the Customer by the use of the Application or in connection with it (e.g. the use of sample documents) is excluded, and the Customer waives the right to its compensation. If an obligation arises for Emmy to compensate the Customer for damage, then the amount of compensation for the damage shall not exceed the total amount of performance paid by Emmy by the Customer under the Contract.

3.9. Emmy reserves the right to modify the Application at any time (including canceling SMS and voice functions, and Emmy AI) or terminate its operation at any time. Thus, Emmy shall not be liable for any damage that may arise to the Customer as a result of this.

3:10 a.m. In case of violation of these GTC by the Customer, Emmy reserves the right, without prior notice and any compensation, to temporarily restrict the Customer's access to the Application, or immediately withdraw from the Agreement and cancel the Customer's account, at its discretion.

3:11 a.m. Emmy is entitled to disclose and state outside the Application the fact that the Customer as PZS uses the Application.

3:12 a.m. For the avoidance of doubt, the App is not a medical device according to Regulation (EU) 2017/745 of the European Parliament and of the Council, on medical devices.


4. Rights and Obligations of the Customer

4.1.
The Customer declares that he has thoroughly familiarized himself with these GTC, agrees with them and undertakes to comply with them unreservedly.

4.2. The Customer guarantees that he is entitled to provide health services according to Act No. 372/2011 Coll. and undertakes to use the Application only in connection with the provision of health services specified in his authorization.

4.3. Emmy does not interfere in any way with the legal relations between the Customer and the patients. The Customer provides healthcare services to patients on its own behalf and completely independently of Emma, while also independently managing its Customer Account, including all settings and information provided through it. For this reason, the Customer bears all responsibility for the provision of health services and the use of the Application in connection with it, in particular for solving patient requests through the Application (e.g. cancellation of an agreed deadline, providing false information, etc.), appropriate processing of patient data using Emma AI or verifying the authorization of the patient representative, and undertakes to fully indemnify Emma for any obligation to compensate for harm to a third party or sanction imposed on it by a public authority, if they arose in connection with the said use of the Application By the customer.

4.4. The Customer acknowledges that the outputs of the Emmy AI are not edited or controlled by Emmy. Further, outputs from GenAI are generated based on commands for the AI (called. “prompt”), which is managed by the Customer. Therefore, the customer is responsible for the appropriateness of these orders. Furthermore, the customer must always check and verify the outputs against the original documents (by his qualified personnel) before using them for further processing or decision. Emmy assumes no responsibility for these outputs, and their final interpretation and decision making are solely within the competence of the Customer. Emmy is not involved in decision-making processes regarding health care, is not responsible for the results of such decisions and the Customer remains solely responsible for the provision of health services.

4.5. Without prejudice to the independence of the Customer in the provision of health services, the Customer undertakes to use the Application only in accordance with its purpose and in such a way as not to harm Emmy's good name and its legitimate interests. Therefore, when using the Application and in connection with it, the Customer undertakes to comply with all legal and state regulations to which it is bound, especially in relation to the acceptance and resolution of patient requests through the Application, as well as to always proceed in accordance with good manners, with due professional care and so-called de lege artis. For the avoidance of doubt, it is stated that a breach of obligations under this provision would be considered, inter alia, if the Customer:

- created a patient request template, the resolution of which through the App is inappropriate and undesirable (e.g. regarding life-threatening conditions);

- inappropriately resolved the patient's request exclusively through the Application, i.e. without arranging a personal visit to the medical facility by the patient or background in previous care (e.g. prescription of certain types of medicines);

- did not check or check the outputs of the Emmy AI service, especially before using them for any clinical or medical purposes;

- placed inappropriate or risky orders for the processing of patient data using GenAI, in particular with the aim of completely replacing or inappropriately minimising the role of qualified professional staff in the provision of health services;

- repeatedly failed to respond to patient requests entered through the Application without undue delay;

- repeatedly interrupted without due reason or sufficiently in advance personal visits to patients arranged through the App.

4.6. The Customer undertakes to fulfill all its statutory information and educational obligations in connection with the provision of health services, as well as the use of the Application in connection with it, in particular towards patients (also as consumers and subjects of personal data). In the event that the Customer is provided by Emmy with any model of a legal document related to the use of the Application, such a sample is not a substitute for qualified legal assistance and Emmy is not liable to the Customer for any damage caused to it in connection with its use.

4.7. The Customer undertakes that all information provided by him in the patient section of the Application or otherwise communicated to patients through the Application will be correct, truthful, complete, not misleading and current in accordance with the law, and undertakes to maintain these characteristics on an ongoing basis.

4.8. In the event that the Customer uploads any content to the Application (e.g. information, personal data, personal attributes of third parties, structured questionnaires or author's works, etc.) (hereinafter referred to as'Customer Content“), undertakes that it is authorized to do so (in particular, that it has the appropriate licenses, permissions or consents) and guarantees Emmy that by making such content available or using such content within the App, the rights of third parties will not be infringed or otherwise violated by law. To the extent necessary to provide the services of the Application, the Customer grants Emmy a gratuitous, non-exclusive, territorial and indefinite (for the duration of the legal protection of property rights) license permission to use the Customer Content in any way that is protected by copyright, or permission to use personality attributes (if applicable). Licensing rights also include express consent to grant a sub-license to use the Customer Content, both for payment and free of charge. Emmy is not obliged to use the licensed license. Emmy does not supervise the compliance of Customer Content with legal regulations. In the event that Emmy becomes aware of the unlawful nature of the Customer Content, it is entitled to disable or remove it.

4.9. The Customer undertakes not to use the Application to disseminate unsolicited commercial communications, and that all such commercial communications will be fully in accordance with the applicable legislation, in particular with the Act No. 109/2019 Coll. on the Processing of Personal Data, as amended, with Regulation (EU) 2016/679 of the European Parliament and of the Council, General Data Protection Regulation (“GDPR”).

4:10 a.m. Emmy is in no way responsible for any actions of the users of the App's patient account towards the Customer (e.g. failure to attend an agreed personal visit to a medical facility). Emmy implements measures to verify the identity of the users of the patient account of the Application, but does not guarantee to the Customer that the person using the patient account of the Application is actually the person they impersonate. If necessary, the Customer is obliged to provide a record in the medical documentation with the patient's statement that the health data can be communicated to him through a specific patient account in the Application.

4:11 a.m. To the extent that any services, tools or content provided by third parties can be accessed through the Application (hereinafter referred to as “Third parties“), Third Party Terms and Conditions apply, and by using the App you agree to these terms. Emmy has no control over, and assumes no responsibility for, the content or practices of any Third Parties. Customer hereby acknowledges that Emmy is not directly or indirectly liable for any damage or loss caused to Customer by using or in connection with the use of Third Party Services, including in the event of loss of functionality of Emmy as a result of a change in the service provided by a Third Party.

4:12 a.m. The Customer is entitled to allow access to his Customer Account to the necessary number of natural persons who are authorized to act on his behalf and are bound by the obligation of confidentiality, but each person must have their own user established under the Customer Account (it is forbidden to share access data). For the avoidance of doubt, it is stated that the use of the Application by the User under the Customer's account is considered to be use by the Customer, and the Customer is responsible for any possible violations of these GTC that occur through such use. The Customer undertakes to ensure the protection of the access data to the Customer Account so that they are not disclosed to third parties. The Customer is also solely responsible for the use of the Application by third parties through its Customer Account.

4:13 a.m. The Customer undertakes not to abuse the Application and not to use in relation to it any procedures, software tools or scripts that could adversely affect its operation, impair its functionality or cause an unreasonable burden on it, and undertakes not to perform any other activity that could constitute unauthorized interference with the Application due to its purpose and functioning.

4:14 a.m. The application and its content may be protected by intellectual property rights. On the basis of these GTC, the Customer is entitled to use the Application exclusively in a standard manner, which is considered to be the use through the Customer Account via the web interface, and only for the purposes arising from these GTC. In addition to this right, the Customer does not acquire any rights to the Application and its content (excluding Customer Content). Without prior authorization obtained from Emma or the respective rights holders, the Application, any of its components or content, including source codes, logos and other graphic elements, may not be used other than in the above manner and for the stated purposes. In particular, it is not possible to modify these elements, include them in comprehensive works, or otherwise interfere with them, reproduce them, disseminate them or communicate them to the public.

4:15 a.m. The Customer is not entitled to use the Application, any of its components or content, including source codes, logos and other graphic elements, for the purpose of developing any computer program, however competing with the Application, and its marketing, as well as for any other purpose that interferes with the rights or legitimate interests of Emma, in particular he is not entitled to perform any functional analysis or reverse analysis of the Application and its components.


5. Price and payment

5.1.
Emmy offers the Customer the possibility to conclude an Agreement to test the Application in a free trial mode, for an indefinite period. In such a case, the provisions of these GTC regarding the payment of the Price (as defined in Article 5.2) shall not apply to the relationship between Emma and the Customer. GTC) in Article 5.2. - 5.4. GTC, which apply only to the Contract with the agreed normal charging regime. The other provisions of the GTC have no effect on the arrangement of the trial regime and are therefore part of the relevant Agreement. If, on the basis of the Customer's request, a Trial Agreement is concluded, then Emmy has the right to terminate such Agreement at any time without giving a reason, namely by termination with a 15-day notice period, which begins the day following the sending of the notice to the Customer's contact e-mail address (contractual). During this period, the Customer has the opportunity to request through the Request Form to change the contractual regime to the normal fee regime (in accordance with the Price List), so as not to disable the Customer Account and delete the Customer Data. The contract with the agreed trial regime may also be cancelled by the Customer, immediately without notice period, and a notice sent to podpora@sestraemmy.cz suffices. For the avoidance of doubt, it is stated that changing the contractual regime from normal to trial is not possible.

5.2. The price list for the use of the Application in the normal paid mode is published on https://www.sestraemmy.cz/en/cenik. For the maintenance of the Customer Account in the normal mode, the Customer undertakes to pay Emmy the price with VAT determined on the basis of the valid Price List a) according to the selected tariff of the Application and b) according to the type of medical facility of the Customer, the number of its patients and/or the number of doctors in full-time conversion, provided that Emmy may provide the Customers with preferential offers (hereinafter referred to as “Price“). If it is necessary to increase the capacity of the Customer Account, the Price shall be increased according to the valid Price List, or according to the agreement of the Contracting Parties, effective on the date of the change of capacity, and the Customer is obliged to pay the proportional part for the relevant payment period.

5.3. The price is normally paid per calendar month, monthly in advance, with the fact that the Customer may pay the Price in advance even for a longer period of time (based on the Price List or under the terms of the preferential offer), but in this case he has no right to refund any part of the paid Price if the Contract expires before the end of the prepaid period for reasons on his part. The Customer shall pay the Price by non-cash transfer on the basis of an invoice (tax document) with a maturity period of 14 days, which is issued by Emma and sent in electronic form to the Customer's contact e-mail address (contractual) always before the start of the relevant payment period. The customer agrees to issue an invoice (tax document) in electronic form.

5.4. In the event of the Customer's delay in payment of the Prize, Emmy has the right to withdraw from the Agreement.

5.5. SMS and voice functions are not included in the Price and are charged according to the number of SMS messages sent and processed responses to them (within the scope of use by the Customer), or based on the number of minutes of telephone calls processed. Unit prices are indicated in the valid Price List. Emma will always make billing at the end of the calendar month, with the billing invoice issued by the 15th day of the following calendar month. The Customer agrees to issue invoices (tax documents) in electronic form, provided that they will be sent to the Customer's contact e-mail address (contractual). Before activating SMS functions, the Customer is obliged to deposit a security in the amount according to the valid Price List, which is refundable in case of cancellation of these functions. If the Customer becomes late with payment for the use of SMS functions, Emmy is entitled to suspend the SMS function and use the security to pay the amount owed.


6. Protection of personal data

6.1. Since the Application is a cloud-based tool designed, among other things, to work with personal data, Emmy, in the performance of the Contract for the Customer, as a processor, processes the personal data that the Customer or his patients have entered into or collected through the Application (hereinafter referred to as ”Customer Data“). This processing is governed by the Personal Data Processing Agreement, the content of which is Annex No. 1 to these GTC, and thus becomes an integral part of each Agreement (hereinafter referred to as ”Arrangements“). In the case of using the Emma AI extension, a special separate personal data processing agreement will be concluded (hereinafter referred to as “DPA“), which shall fully supersede the Arrangement and shall be an integral part of any Agreement.

6.2. The Customer acknowledges that in relation to the personal data in accordance with Article 3 of the Privacy Policy (see 6.4) of patients processed through the Application, Emmy is only the data processor and the Customer is the data controller, and Emmy and the Customer in no case act as joint data controllers. Emma's role is limited to providing technical solutions in the form of Application and processing of Customer Data solely for the purposes specified by the Customer and in accordance with its instructions. Emmy does not decide on what data, in what way and for what purpose will be processed through the Application.

6.2. Emmy is bound by a duty of confidentiality in relation to Customer Data and undertakes to implement technical and organizational measures in accordance with the Arrangement/DPA to prevent its leakage or unauthorized manipulation. The processing of Customer Data is automated and therefore authorized employees of Emma will only access Customer Data in a very exceptional manner and in accordance with the Agreement.

6.3. Information about the processing of personal data Authorized persons and other users of the Customer Account is contained in a separate document available hereunder which forms an integral part of these GTC.

6.4. During the operation of the Emmy App, cookies are also used to a limited extent. Our cookie policy is contained in a separate document available hereunder which forms an integral part of these GTC.


7. Final provisions

7.1.
The contract on the basis of these GTC is concluded for an indefinite period. Both the Customer and Emmy have the right to terminate the Agreement without giving a reason, namely by termination with a one-month notice period, which begins on the first day of the calendar month following the delivery of the written notice to the other Contracting Party. SMS and voice functions are also negotiated for an indefinite period, and the Customer and Emmy have the right to cancel their provision without giving a reason, namely by termination with a monthly notice period, which begins on the first day of the calendar month following the delivery of the written notice to the other party. In this case, the unused security will be refunded to the customer.

7.2. In connection with the termination of the Agreement, the Customer Account will be cancelled and all Customer Content, including Customer Data, will be deleted.

7.3. The Customer is not entitled to assign or transfer its rights and obligations under the Agreement to a third party. On the contrary, the Customer agrees that all rights and obligations of Emma under the Agreement may be transferred by Emma without further ado to a third party.

7.4. Due to the nature of the Application and the planned development, there may be a need to amend these GTC. Emmy may unilaterally amend these GTC to a reasonable extent, including, in particular, corrections of inaccuracies, changes related to changes in the functionalities of the Application or their charging, changes to the Price List, changes to the Privacy Policy, Cookies Policy and Personal Data Processing Agreement, as well as changes enforced by a change in legislation. Emmy will notify you of changes to the GTC at least 30 days prior to their effective date by posting a new version of the GTC on the website https://www.sestraemmy.cz/ or in the interface of the Application, in case of major changes, also by a message sent to the Customer's contact e-mail address (contractual). The Customer has the right to reject the changes made to the GTC and therefore terminate the Agreement no later than 15 days after the notification of the changes by Emma. The notice period will be 15 days and begins to run on the day the Emmy was served. If the Customer does not terminate the Agreement within the specified period, it is deemed that the amendments to the GTC are accepted, with the new version of the GTC thus becoming part of the Contract instead of the original one. The effective version of the GTC is always published on the website https://www.sestraemmy.cz/ and within the Application, while you are required to familiarize yourself with it on an ongoing basis.

7.5. All legal relations between the Customer and Emmy arising from or in connection with the Agreement shall be governed by the legal order of the Czech Republic. Any disputes arising out of or in connection with the Treaty shall be resolved by the competent courts of the Czech Republic, exclusively in accordance with the law of the Czech Republic.

7.6. The invalidity of any provision of these GTC shall not affect the validity of its other provisions.

7.7. You can contact Emmy with any questions, requests or complaints at podpora@sestraemmy.cz.


Annex 1 of the GTC

PERSONAL DATA PROCESSING ARRANGEMENTS


1. Introductory Provisions

1.1.
This arrangement within the meaning of Art. 28 (3) GDPR is concluded as part of the Agreement between Emmy and PZS on the basis of the GTC (hereinafter referred to as Arrangements“). All terms used in the GTC have the same meaning for the purposes of this Agreement. The Agreement relates to the processing of Customer Data (further specified in Section A. of the Agreement) (hereinafter referred to as ”Processing“), to which the Customer acts as controller of personal data and Emma processes them for him as processor.


2. Payables

2.1.
As the controller of Customer Data, the Customer undertakes to have a valid legal basis for the relevant processing throughout the processing of Customer Data in the Application, and that it will fulfill all its legal obligations towards data subjects, in particular the information obligation. Furthermore, the Customer undertakes to promptly delete from the Application Customer Data, the processing of which in the Application will not have a valid legal basis.

2.2. Emmy undertakes to process Customer Data only on the basis of the Customer's instructions resulting from this Agreement or which he/she provides through his/her Customer Account or through customer support services. The Guidelines are limited by the scope of Emma's obligations under the Agreement. Emmy will notify the Customer if it believes that its instructions violate the law.

2.3. Customer data will not be transferred to countries outside the EU, i.e. third countries, except for processing involving the sending and receiving of SMS (use of another processor Twilio, Inc.), in which the data may be transferred to the USA.

2.4. Emmy undertakes to maintain confidentiality regarding all Customer Data and ensures that all persons authorized to process personal data on the part of Emmy are bound by a contractual or legal obligation of confidentiality, including other processors involved in the Processing. Confidentiality obligations continue after the termination of the Agreement.

2.5. As other processors on the basis of the contract, the following are involved in the Processing of Customer Data:

- Amazon Web Services EMEA SARL, Czech Branch, ID: 09049266, registered office at Sokolovská 689/115, 186 00 Prague
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA
- Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
- Zendesk Inc., 989 Market Street, San Francisco, CA 94103, United States
- Formagrid Inc. (AirTable), 799 Market Street Fl 8, San Francisco, CA 94103, United States
- Pipedrive Inc., 530 5th Ave Ste 802, New York, NY 10036, United States
- Solitea, a.s. (service operator iDoklad), ID 01572377, with its registered office at Drobný 555/49, Ponava, 60200 Brno
- Twilio, Inc., 375 Beale St Suite 300, San Francisco, CA 94105, United States
- TopEfekt s.r.o., ID 29444268, registered office B. Němcové 767/13, 787 01 Šumperk
- Bank Identity, a.s., ID 09513817, registered office Smrčkova 2485/4, Libeň, 180 00 Prague 8
- Vocalls Inc s.r.o., ID 06413421, with registered office Rostovská 314/14, Vršovice, 101 00 Praha 10
- ROBOTEER AUTOMATION LIMITED, 15 Bridge Road, Wellington, Telford, TF1 1EB, United Kingdom
- SENDINBLUE — 106 boulevard Haussmann, 75008 Paris, France.

2.6. The customer, as administrator, grants Emmy general permission to make changes to the involvement of processors. The Customer shall be notified of the acceptance of other processors or their replacement by Emma at least 30 days before the changes are made. The Customer has the opportunity to object to changes regarding processors involved in the processing by rejecting changes to the GTC in accordance with Article 7.4. VOP.

2.7. Any other processor involved in Processing by Emma shall be subject to the same obligations as under this Agreement.

2.8. Emmy undertakes to implement the technical and organizational measures described in Section B. of this Agreement.

2.9. Emmy will assist the Customer to a reasonable extent in fulfilling its obligation to respond to requests for the exercise of the rights of the data subject, through customer support services, if the entity's requests cannot be addressed directly in the Customer Account. If Emmy receives a request addressed to the Customer, it will forward it to the Customer without undue delay.

2:10 a.m. Emmy will assist the Customer to a reasonable extent in ensuring compliance with obligations regarding the security of Customer Data, reporting and reporting security breaches, assessing the impact of the Processing on the protection of personal data, as well as consulting with the supervisory authority, taking into account the nature of the Processing and the information available to it. Any breach of the security of Customer Data that Emmy becomes aware of shall be reported to the Customer without undue delay.

2:11 a.m. Upon termination of the Agreement, Emma will delete Customer Data and copies thereof, unless required by law to retain them. Since the Customer Data is processed only in electronic form and the Customer has access to it, Emmy is not obliged to return the Customer Data to the Customer on the data carrier.

2:12 a.m. Emmy shall provide the Customer with all the information necessary to demonstrate that the obligations set out in Art. 28 GDPR have been fulfilled and shall allow, within reasonable time, audits, including inspections, to be carried out directly by the Customer or by an auditor appointed by the Customer and contribute to such audits.


3. Section A — Systematic description of Processing

3.1.
Emmy will perform the following Customer Data Processing for PZS as a processor (only at the level of securing a technical solution in the form of an Application):

3.1.1. Subjects and data type:

- Users of the patient account Application (identification and contact details);

- PZS patients (identification and contact details, data relating to Requirements, including health and order data, insurance data and registration data with PZS);

- Users of the App Customer Account (identification and contact details, job positions and permissions, workplace, data on the use of the Application).

3.1.2. Processing operations: In particular, collecting, organizing, storing, searching, sorting, making available, using, modifying, deleting;

3.1.3. Purpose of processing: Organization of the provision of health services (Operation of the Application);

- Management of users of the Customer Account and their permissions;

- Logging of accesss/changes made by users of the Customer Account;

- Maintaining and managing the patient directory;

- Receiving, recording and managing patient requests, including calendar keeping and ordering management;

- Implementation of communication with patients in the App, including sending Emma notifications;

- Sending comments on patient contacts;

- Sending news and other communications, including identifying interest in performances.

3.1.4. Nature of processing: Mostly automated, partly manual (support and maintenance services);

3.1.5. Duration of processing: For the duration of the Agreement between Emmy and PZS, unless there is an earlier deletion of Customer Data by PZS as administrator.


4. Section B — Technical and organisational measures

4.1.
Emmy undertakes to implement and maintain technical and organizational measures in relation to the Processing, at least to the following extent:

- Secure data center with ISO 27001 certification, which is located in the EU and has in place logical measures (firewall, passwords, roles and permissions) as well as physical access control (doors, locks, reception/security, electronic security, CCTV);

- Encryption of Customer Data during transmission and storage (“at rest”);

- The policy of strong passwords in the App and their encryption;

- Commitment to confidentiality of all Emmy employees with access to Customer Data;

- Conclusion of personal data processing contracts according to Art. 28 GDPR with all processors;

- Internal Data Protection Directive, including the Access Control System to Customer Data;

- Regular automatic backup;

- Regular revision of the security concept.


Version 1.3

Effective August 6, 2024

Downloadable document
hereunder.

(Previous version of the document for download
hereunder.)

Back to main page