Time remaining before logout

Personal Data

PERSONAL DATA (Processing of Personal Data)

Summary

  • You enter data into your profile voluntarily and can edit or delete it at any time.
  • Medical data (e.g. allergies, medications) is processed only so it can be displayed in emergency situations — and only if you provide it yourself.
  • The profile may be accessed via a unique code/QR — please treat it as sensitive information.
  • You can cancel your account and request data deletion at any time.
  • For paid plans, we also process subscription and accounting data; payment card details are processed by the payment gateway (not by us).

Last updated: 03/02/2026

1) Data controller

The data controller is: Mgr. et Mgr. Tomáš Obr

Přecechtělova 2500/36, 155 00 Prague, Czech Republic

Company ID: 68291132, VAT ID: CZ7710032944

E-mail: info@bodyid.com, Tel.: +420 775 677 103

Applications/websites: medicalprofile.eu and zdravotniprofil.czData protection contact: info@bodyid.com

2) What personal data we process

Depending on how you use the application, we may process in particular:

Account data

  • email, first and last name (if provided), phone number (if provided)
  • login and security data (password stored securely)

Profile data

  • personal and contact information you enter into your profile
  • emergency-related information (e.g. emergency contacts, notes)

Medical data (sensitive data)

  • e.g. allergies, diagnoses, medications, limitations, etc.

These data are entered voluntarily and can be edited or removed at any time.

Subscriptions and payments (if using a paid plan)

  • selected plan, subscription status, payment history
  • billing and tax documents (Payment card details are not processed directly by us — this is handled by the payment gateway.)

Technical data

  • operational and security logs, IP address, device/browser information
  • cookies and similar technologies (depending on settings)

3) Purposes of processing

We process your data for the purpose of:

  1. creating and managing your user account
  2. providing the service (free and paid versions)
  3. enabling access to selected profile data in emergencies via QR/access code
  4. handling subscriptions, payments, accounting and tax obligations
  5. customer support and communication
  6. ensuring security and preventing misuse

4) Legal basis for processing

Processing is based on:

  • contract performance (service provision, account management, support)
  • legal obligations (accounting and taxes)
  • legitimate interest (security, fraud prevention)
  • consent (e.g. marketing, some cookies)

Health data is processed based on your explicit consent, as you voluntarily enter it for use in emergency situations. You may withdraw consent at any time.

5) Who may access the data

Personal data may be disclosed only to the extent necessary to:

  • contractually bound collaborators (system administration, support)
  • technical service providers (hosting, email services)
  • payment gateway providers
  • public authorities, if required by law

6) QR / unique code access and PIN (important notice)

The profile may be accessed via a unique QR code/link (e.g. on a BodyID product). After scanning the QR code, the profile page is displayed in the configured access mode.For security reasons, access may be:

  • direct (without additional verification), or
  • PIN-protected (profile is shown only after entering a PIN)

We recommend:

  • protecting the QR code/link like sensitive data
  • not sharing your PIN unless you want others to access your profile
  • adjusting the visibility of data to a level you consider safe

Loss of the device / suspected misuse

If the device is lost or misuse is suspected, you can immediately block access to the profile in your account. Access can later be restored. You should also change your PIN and adjust visibility settings if needed, or contact support.

7) Data retention

  • Account and profile: for the duration of the active account. After deletion, data is removed/anonymised without undue delay, no later than 30 days unless legal obligations require otherwise.
  • Accounting documents: according to legal retention periods.
  • Security logs: typically 6 months.

Note: After deletion, data may temporarily remain in backups until they are overwritten in normal backup cycles.

8) Your rights

You have the right to:

  • access your data and request correction or completion
  • request deletion (where legally possible)
  • restrict processing
  • object to processing based on legitimate interest (especially marketing)
  • data portability (within legal limits)
  • withdraw consent at any time
  • file a complaint with the Data Protection Authority

9) Contact

You may exercise your rights via email: info@bodyid.com

In justified cases, we may ask you to verify your identity.

10) Security recommendations

  • We will never ask for your password via email or suspicious links.
  • Always log in only via the correct domain and use a strong password.
  • Protect your device (PIN/biometrics) and access codes.

11) Changes to this policy

We may update this policy. The current version will always be available on the website.