Terms & conditions
Privacy policy

Privacy policy

Last Updated: April 15, 2025.

This Privacy Policy describes how WDF s.r.o. ("we", "us", or "our") collects, uses, discloses, and protects your personal data when you visit and interact with our website www.wdfhealth.com (the "Website"). We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. By using this Website, you agree to the practices described in this Privacy Policy.

1. Data Controller and Contact Information

Data Controller:
WDF s.r.o.
Registered Office: Lazarska 13/8
Prague, 120 00 Czech Republic
Company ID (IČO): 24836974
VAT ID (DIČ): CZ24836974

Contact Details:
For any questions regarding this Privacy Policy or the processing of your personal data, please contact us at:

If you wish to exercise your rights under the GDPR or have any inquiries about how your data is processed, please contact our Data Protection Officer (if applicable) at [Insert DPO Email or Contact Details].

2. Definitions

To ensure clarity and transparency, this section explains the meaning of key terms used throughout this Privacy Policy:

  • Personal Data:
    Any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or other factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Processing:
    Any operation or set of operations performed on personal data or on sets of personal data, whether automated or manual. Examples include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Controller (or Data Controller):
    The natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing of personal data.
  • Processor (or Data Processor):
    A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
  • Consent:
    Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, through a statement or clear affirmative action, signify agreement to the processing of personal data relating to them.
  • Cookies:
    Small text files that are stored by your web browser on your device when you visit a website. Cookies are used to enable websites to function correctly or more efficiently, as well as to provide information to website owners for analytical or marketing purposes.
  • Third Party:
    A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons who, under the direct authority of the controller or processor, are authorized to process personal data.

3. Types of Personal Data Collected

In connection with your use of our website and services, we may collect, store, and process the following categories of personal data:

3.1 Personal Identification Data

This includes data you provide voluntarily when filling out contact forms or communicating with us:

  • Full name
  • Email address
  • Telephone number
  • Company/Organization name (if applicable)
  • Any other personal data explicitly provided by you in the content of your message or communications

3.2 Technical Data

Automatically collected when you visit and interact with our website:

  • Internet Protocol (IP) address
  • Browser type and version
  • Operating system and device information
  • Device type (desktop, mobile, tablet)
  • Date and time of your visit
  • Referrer URL (the previous website you visited)
  • Time zone and language settings

3.3 Usage Data

Information automatically collected on how you use our website, including:

  • Pages visited and navigation paths
  • Time spent on specific pages
  • Interactions with website elements (e.g., forms, buttons, links)
  • Frequency of your visits to our website

3.4 Marketing and Communication Preferences

Information relating to your marketing and communication choices:

  • Your preferences for receiving marketing communications
  • Your communication preferences and responses to communications from us

4. Methods of Data Collection

We use various methods to collect your personal data, including:

4.1 Direct Interactions

You may voluntarily provide us with your personal data when interacting directly with us through our website, primarily through:

  • Filling out contact forms:
    We have contact forms placed on various pages of our website. When using these forms, you provide us with your personal identification data, such as your full name, email address, telephone number, company name (if applicable), and any additional information you choose to include.
  • Communicating with us via email, phone, or other channels:
    If you contact us through email, telephone, postal mail, or other direct means, we will collect and process any personal data that you provide in your communication.

4.2 Automated Technologies or Interactions

When you visit our website, certain types of data are collected automatically. We gather this information through cookies, server logs, and other similar tracking technologies. The automated collection includes:

  • Cookies:
    We use cookies to enhance your user experience, analyze website performance, and personalize content and advertising. For more information, please refer to our detailed Cookie Policy (Section 13).
  • Analytics and tracking tools:
    We use analytics tools (e.g., Google Analytics) to measure and analyze user interactions with our website. These tools collect technical and usage data, such as IP address, browser type, pages visited, and duration of visits.

4.3 Third-Party Sources

We may receive personal data about you from various third-party sources, particularly through the use of integrated third-party services and tools, such as:

  • Google Analytics and Google Ads:
    These services provide statistical and marketing insights about visitors’ interactions with our website, allowing us to improve our content and deliver targeted marketing campaigns.
  • Cloudflare, Cloudfront.net, and JSDelivr:
    These providers assist us in delivering optimized content, security, and enhanced website performance. They may collect technical information such as IP addresses and usage data to fulfill their functions.
  • Google Fonts and Google AJAX:
    Google Fonts and AJAX libraries are used to optimize the design and functionality of our website. Google may collect limited technical information when serving these resources.
  • Webflow:
    Our website uses Webflow, which may process technical data to ensure correct website operation, content delivery, and user experience.

4.4 Consent Management (Usercentrics Consent Management Platform)

We use the Usercentrics Consent Management Platform to manage user consents and preferences regarding cookies and similar technologies. This platform automatically records your consent status and preferences, enabling you to manage your privacy settings directly on our website.

5. Purposes and Legal Bases for Processing Personal Data

We process your personal data strictly in accordance with applicable data protection laws, specifically the General Data Protection Regulation (GDPR). Below we outline the detailed purposes for which we process your data, alongside the corresponding legal bases.

5.1 To Respond to Your Inquiries and Communication

  • Purpose:
    When you contact us via our contact forms, email, telephone, or other communication channels, we use your personal data (such as your name, email address, phone number, and any other information you provide) to respond appropriately to your queries or to provide information and support you requested.
  • Legal Basis:
    Processing is necessary for the performance of pre-contractual measures at your request (Article 6(1)(b) GDPR) or our legitimate interests to communicate effectively with website visitors, prospective clients, and customers (Article 6(1)(f) GDPR).

5.2 To Manage Our Relationship with You

  • Purpose:
    We process your personal data to manage our ongoing relationship, including providing updates on our products, services, policies, or terms, as well as maintaining accurate and updated records of your preferences.
  • Legal Basis:
    Processing is based on our legitimate interest in managing customer relations and ensuring our records are accurate and updated (Article 6(1)(f) GDPR). If we send you direct marketing messages, we rely on your explicit consent (Article 6(1)(a) GDPR).

5.3 To Maintain and Improve Our Website

  • Purpose:
    We use technical and usage data collected via cookies and analytical tools (such as Google Analytics, Cloudflare, Cloudfront.net, and Webflow) to administer our website effectively, optimize its performance, analyze visitor trends, enhance user experience, and ensure robust website security.
  • Legal Basis:
    Our legitimate interests in operating, maintaining, optimizing, and securing our website (Article 6(1)(f) GDPR). Where legally required, we rely on your consent to the placement of non-essential cookies (Article 6(1)(a) GDPR).

5.4 To Provide Relevant Content and Advertising

  • Purpose:
    We utilize marketing and analytics tools (such as Google Ads and Google Analytics) to better understand your interests, deliver relevant advertising, and measure or understand the effectiveness of our marketing campaigns.
  • Legal Basis:
    Processing is based on your explicit consent provided through our consent management platform for marketing cookies (Article 6(1)(a) GDPR). We also rely on legitimate interests to measure effectiveness and improve the relevance of our advertising strategies (Article 6(1)(f) GDPR).

5.5 To Fulfill Legal and Regulatory Obligations

  • Purpose:
    We may process your personal data to comply with applicable legal obligations, respond to lawful requests from public and governmental authorities, enforce our terms and policies, and protect our rights or the rights of third parties.
  • Legal Basis:
    Processing is necessary for compliance with legal obligations to which we are subject (Article 6(1)(c) GDPR).

5.6 Consent Management

  • Purpose:
    We utilize the Usercentrics Consent Management Platform to manage and record user consents and preferences regarding the use of cookies and other tracking technologies.
  • Legal Basis:
    Processing is necessary for compliance with our legal obligations under GDPR and ePrivacy laws requiring clear and documented user consent for certain types of data processing (Article 6(1)(c) GDPR).

5.7 Prevention and Detection of Security Incidents

  • Purpose:
    We process certain technical data to ensure the security of our website and IT infrastructure, preventing and detecting fraud, unauthorized access, and other potentially harmful or illegal activities.
  • Legal Basis:
    Processing is based on our legitimate interest to protect our business, website, and users from security threats and illegal activities (Article 6(1)(f) GDPR).

6. Disclosure of Personal Data

We may share your personal data with carefully selected third parties under the following circumstances:

6.1 Service Providers

We engage trusted third-party service providers and data processors who assist us in operating our website, conducting our business, or servicing you, provided they agree to keep your personal data strictly confidential and compliant with applicable data protection regulations. These include, but are not limited to:

  • IT and Web Hosting Providers:
    Companies providing technical infrastructure and support for our website, including Webflow and Cloudflare, who process personal data to deliver a secure and functional website environment.
  • Analytics and Marketing Providers:
    Services such as Google Analytics and Google Ads, which enable us to analyze web traffic, user interactions, and manage advertising effectiveness.
  • Consent Management Platforms:
    Usercentrics GmbH, to manage and record user consents concerning cookies and similar technologies.

6.2 Professional Advisors

We may disclose your personal data to our professional advisors if necessary, including lawyers, auditors, accountants, and insurers, who provide consultancy, legal advice, auditing, or insurance-related services.

6.3 Regulatory and Government Authorities

We may disclose your personal data to regulatory authorities, law enforcement agencies, or governmental bodies if required to do so by law or if we believe disclosure is necessary to comply with legal obligations, protect our rights, ensure public safety, or respond to legal processes or regulatory inquiries.

6.4 Corporate Transactions

In the event of a corporate transaction such as a merger, acquisition, reorganization, or sale of assets, we may transfer your personal data to the parties involved in the transaction, subject to confidentiality arrangements and compliance with applicable laws and regulations.

7. International Data Transfers

Due to the international nature of some of our third-party service providers, your personal data may be transferred to, stored, and processed in countries outside the European Economic Area (EEA). Specifically, data transfers may involve countries where data protection regulations differ from those within the EEA.

When transferring your personal data outside the EEA, we ensure an adequate level of protection through the following safeguards:

7.1 Adequacy Decisions

We may transfer your personal data to countries that the European Commission has recognized as providing an adequate level of protection for personal data, ensuring your data is processed according to standards comparable to the GDPR.

7.2 Standard Contractual Clauses (SCCs)

Where no adequacy decision is in place, we rely on European Commission-approved Standard Contractual Clauses, which require data importers to provide personal data protection equivalent to GDPR standards.

7.3 Additional Safeguards

Where necessary, we implement additional safeguards, such as technical and organizational measures, to protect your personal data transferred internationally, ensuring compliance with the principles of GDPR.

For further details or copies of safeguards in place, such as Standard Contractual Clauses, please contact us directly using the contact details provided in Section 16 of this Privacy Policy.

8. Data Retention

We retain your personal data only as long as necessary for the specific purposes outlined in this Privacy Policy, or to fulfill legal obligations, accounting or reporting requirements, or for other essential business purposes.

Specifically, our retention periods are determined based on:

  • Nature of Data:
    For example, personal data related to inquiries or contact forms is typically retained for up to two years after your last interaction with us, unless a longer retention period is necessary or legally required.
  • Legal and Regulatory Requirements:
    Data required for compliance with legal obligations (such as accounting or tax records) may be retained for periods prescribed by applicable laws (typically 5–10 years).
  • Legitimate Business Purposes:
    Data processed for security, fraud prevention, or dispute resolution purposes may be retained for a longer period as necessary for protecting our interests.

Once the retention period expires, we securely delete or anonymize your personal data to ensure it no longer identifies you.

If you require more detailed information on retention periods applicable to your data, please contact us directly (see Section 16).

9. Security Measures

We are committed to ensuring the security of your personal data and have implemented robust technical and organizational measures to protect your data against accidental loss, unauthorized access, disclosure, alteration, or destruction. These measures include but are not limited to:

  • Access Controls:
    Restricting access to personal data strictly to authorized personnel who require it for legitimate business purposes.
  • Encryption:
    Employing encryption protocols (e.g., SSL/TLS) to secure data transmission between your browser and our servers.
  • Data Minimization:
    Ensuring that only personal data necessary for the stated processing purposes is collected, processed, and stored.
  • Regular Monitoring and Testing:
    Regularly testing and assessing our security measures, systems, and infrastructure to identify and mitigate potential vulnerabilities.
  • Employee Training:
    Providing regular training to employees on data protection obligations, confidentiality, and security procedures.

Despite our commitment to data security, please note that no transmission over the internet or electronic storage system is completely secure. However, we continuously strive to maintain the highest level of security and promptly respond to any security incidents.

10. User Rights under GDPR

Under the General Data Protection Regulation (GDPR), you have specific rights regarding your personal data. These rights include:

10.1 Right of Access

You have the right to request access to your personal data held by us, including obtaining confirmation as to whether or not your data is being processed, and receiving a copy of the personal data processed.

10.2 Right to Rectification

You have the right to request correction or completion of inaccurate or incomplete personal data about you that we hold.

10.3 Right to Erasure ("Right to be Forgotten")

You have the right to request the deletion of your personal data when:

  • The data is no longer necessary for the purpose it was collected or processed.
  • You withdraw your consent (if the processing was consent-based).
  • You object to processing, and there is no overriding legitimate interest to continue processing.
  • Your data was processed unlawfully.

10.4 Right to Restrict Processing

You have the right to request that we temporarily or permanently restrict the processing of your personal data under certain circumstances, such as:

  • If you contest the accuracy of your data.
  • If processing is unlawful, but you oppose deletion and request restriction instead.
  • If we no longer need your data, but you require it for legal claims.
  • If you have objected to processing pending verification of legitimate grounds.

10.5 Right to Data Portability

You have the right to receive your personal data provided to us in a structured, commonly used, and machine-readable format, and the right to transfer your data to another controller without hindrance from us, where processing is based on consent or contract and carried out by automated means.

10.6 Right to Object

You have the right to object at any time to the processing of your personal data for direct marketing purposes or for processing based on legitimate interests, including profiling.

10.7 Right to Withdraw Consent

Where processing is based on your explicit consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority responsible for data protection if you believe your rights under the GDPR have been infringed.

For any requests relating to your GDPR rights, please contact us directly using the details provided in Section 16 of this Privacy Policy.

11. How to Exercise Your Rights

If you wish to exercise any of your rights outlined in Section 10 ("User Rights under GDPR"), or if you have questions or concerns regarding the processing of your personal data, you can contact us directly using the following contact information:

Data Controller:
WDF s.r.o.

Address:
Lazarska 13/8
Prague, 120 00Czech Republic

Email:
info@wdfhealth.com

11.1 Making a Request

To help us promptly respond to your request, please clearly specify:

  • Your full name and contact details.
  • A detailed description of your request.
  • Relevant supporting information or documentation, if applicable.

We may need to request additional information to verify your identity and ensure the security of your data. This is necessary to prevent unauthorized disclosures and to comply with data protection regulations.

11.2 Response Time

We strive to respond to all valid requests promptly and no later than one calendar month from receipt of your request. In exceptional cases—such as requests that are particularly complex or numerous—this period may be extended by an additional two months. If this happens, we will inform you of the reason for the delay and provide regular updates.

11.3 Fees

Exercising your data protection rights is generally free of charge. However, if your request is manifestly unfounded, excessive, or repetitive, we may:

  • Charge a reasonable administrative fee, or
  • Refuse to act on the request, providing justification for our decision.

11.4 Right to Lodge a Complaint

If you feel that our response to your request or the handling of your personal data is unsatisfactory, you have the right to lodge a complaint with the relevant supervisory authority responsible for data protection in your country or jurisdiction.

12. Cookies Policy

12.1 What Are Cookies?

Cookies are small text files stored on your device (computer, smartphone, tablet) by your browser when you visit a website. They enable the website to remember your actions, preferences, and visits, enhancing functionality and providing analytics data that helps us improve your browsing experience.

12.2 Types of Cookies We Use

Our website uses several types of cookies categorized as follows:

Essential Cookies

These cookies are crucial for the basic functionality and security of our website. They ensure the website operates correctly and cannot be disabled through our consent management platform:

  • Usercentrics Consent Management Platform: Manages your cookie preferences and consents.
  • Cloudfront.net: Ensures secure and efficient content delivery.
  • JSDelivr: Facilitates efficient script delivery and enhances website performance.

Functional Cookies

Functional cookies enhance the user experience by remembering preferences, optimizing the display of content, and ensuring seamless functionality:

  • Webflow: Powers our website structure and manages content delivery and presentation.
  • Google AJAX and Google Fonts: Optimize website loading speed, enhance visual appearance, and ensure smooth website interactions.
  • Cloudflare: Provides security features, content delivery optimization, and technical enhancements.

Analytics Cookies

Analytics cookies help us understand how visitors interact with our website, allowing us to continuously improve its functionality and user experience:

  • Google Analytics: Collects anonymized statistical data on website usage, visitor interactions, page visits, and browsing behavior.

Marketing Cookies

Marketing cookies enable targeted advertising based on your browsing habits and interests:

  • Google Ads: Tracks website interactions to measure ad campaign effectiveness and deliver personalized advertising content.

12.3 Purpose and Legal Basis for Using Cookies

We use cookies for the following purposes:

  • Essential and Functional Cookies: Our legitimate interests to operate and deliver a secure, functional website (Article 6(1)(f) GDPR).
  • Analytics and Marketing Cookies: Based on your explicit consent provided via our consent management platform (Article 6(1)(a) GDPR).

12.4 Managing Your Cookie Preferences

You can control or change your cookie preferences at any time via our consent management tool (Usercentrics) available on our website. Additionally, you can control or delete cookies through your web browser settings. Please note, disabling cookies may limit website functionality or your user experience.

13. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses cookies to help analyze how users interact with the website.

13.1 Information Collected by Google Analytics

Google Analytics collects information such as your IP address (anonymized via IP anonymization), browser type, operating system, referring URL, and details about your interactions with our website (pages viewed, duration of visit, clickstream analysis).

13.2 Purpose of Google Analytics

We use Google Analytics to:

  • Understand how visitors engage with our website.
  • Improve our website’s content and user experience.
  • Analyze website performance and marketing effectiveness.

13.3 IP Anonymization

We have activated IP anonymization on our website. Your IP address will be truncated by Google within the EEA prior to transmission to servers in the USA. Only in exceptional cases will the full IP address be transferred and shortened afterward.

13.4 Opting-Out of Google Analytics

You can opt-out of Google Analytics tracking by downloading and installing the browser add-on available here:
https://tools.google.com/dlpage/gaoptout

13.5 Google’s Privacy Policy

Further details about Google's data processing and privacy policies can be found at:

13. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses cookies to help analyze how users interact with the website.

13.1 Information Collected by Google Analytics

Google Analytics collects information such as your IP address (anonymized via IP anonymization), browser type, operating system, referring URL, and details about your interactions with our website (pages viewed, duration of visit, clickstream analysis).

13.2 Purpose of Google Analytics

We use Google Analytics to:

  • Understand how visitors engage with our website.
  • Improve our website’s content and user experience.
  • Analyze website performance and marketing effectiveness.

13.3 IP Anonymization

We have activated IP anonymization on our website. Your IP address will be truncated by Google within the EEA prior to transmission to servers in the USA. Only in exceptional cases will the full IP address be transferred and shortened afterward.

13.4 Opting-Out of Google Analytics

You can opt-out of Google Analytics tracking by downloading and installing the browser add-on available here:
https://tools.google.com/dlpage/gaoptout

13.5 Google’s Privacy Policy

Further details about Google's data processing and privacy policies can be found at:

14. Changes to This Privacy Policy

We may periodically update this Privacy Policy to reflect changes in our practices, legal requirements, technologies, or the functionality of our website. Whenever we make significant updates, we will inform you by prominently posting a notice on our website, clearly indicating the date of the last update at the top of this page, and, where appropriate, notifying you via email or through other direct communication channels.

We encourage you to regularly review this Privacy Policy to stay informed about how we process your personal data. Your continued use of our website after any updates constitutes acknowledgment of these changes.

Privacy Settings