Privacy Notice for MphaR corporate sites

MphaR » Privacy Notice for MphaR corporate sites

Effective Date: 17.09.2025

1. Introduction

This Privacy Notice explains how we collect, use, process, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) of the EU and other applicable laws. Our goal is to be transparent about our data practices and inform you of your rights regarding your personal data. This policy applies to all corporate sites (https://m-phar.com, https://getvirtualadvisory.com) as well as any services or features provided through our platform (collectively, “Services”).

2. Data Controller and Contact Information

Data Controller: Head of Compliance is the data controller responsible for processing your personal data.

Data Protection Officer (DPO): Head of IT.

For any questions or complaints about this Privacy Notice or our data practices, please contact us at privacy@m-phar.com.

3. Types of Personal Data We Collect

We collect and process the following categories of personal data, depending on how you interact with our Services:

Contact Information: Name, email address, phone number, postal address.

Technical Data: IP address, device ID, browser type, operating system, and usage data (e.g., pages visited, time spent on the platform).

Cookies and Tracking Data: Data collected via cookies or similar technologies (see our Cookies Policy for details).

Other Data: Any additional data you voluntarily provide, such as survey responses or customer support inquiries.

We may also collect data indirectly from third parties (e.g., analytics providers, social media platforms) or public sources, as detailed in Section 7.

4. Purposes of Data Processing

We process your personal data for the following purposes:

To Provide and Improve Our Services: To create and manage your account, process transactions, deliver content, and enhance user experience.

To Communicate with You: To respond to inquiries, send service-related notifications, or provide updates about our Services.

For Marketing and Personalization: To send promotional offers or tailored content (only with your consent or where permitted by law).

For Analytics and Research: To analyze platform usage, monitor performance, and improve functionality.

To Comply with Legal Obligations: To meet regulatory requirements or respond to legal requests.

5. Legal Basis for Processing

We process your personal data based on one or more of the following GDPR legal bases (Article 6):

Consent: Where you have given explicit consent (e.g., for marketing emails or cookies).

Legal Obligation: Where required to comply with applicable laws.

Legitimate Interests: Where processing is necessary for our legitimate interests, such as improving our Services or ensuring platform security, provided these interests do not override your rights.

Vital Interests: In rare cases, to protect your or someone else’s life.

Public Task: If processing is necessary for a task carried out in the public interest (if applicable).

If we rely on legitimate interests, we ensure they are balanced against your rights. For example, we may use technical data to optimize our platform but allow you to opt out of non-essential data collection.

6. Data Retention and Disposal

We store personal data only for as long as necessary to achieve the purposes outlined in this policy or as required by law. Retention periods vary based on data type and purpose:

Server logs (such as IP address, browser type, date and time of access) are stored for security and maintenance purposes for up to 30 days, after which they are automatically deleted.

Cookies and similar technologies are stored on your device in accordance with their defined lifespan, as described in our Cookie Policy. You can manage or delete cookies at any time through your browser settings.

Contact form submissions or email correspondence are retained only for the time needed to respond to your inquiry and are then securely deleted, unless further retention is required by legal or regulatory obligations.

Once the retention periods expire, personal data is securely deleted, anonymized, or aggregated in a way that no longer allows identification of individuals.

7. Sources of Personal Data

We collect personal data from the following sources:

Directly from via submit forms.

Automatically: Through cookies, analytics tools, or server logs (e.g., IP addresses, device information).

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption of sensitive data (e.g., payment information). Secure servers and access controls to prevent unauthorized access. Regular security audits and updates to our systems.

While we strive to protect your data, no system is 100% secure. If you suspect a data breach, please contact us immediately at privacy@m-phar.com.

9. Recipients of Personal Data

We may share your personal data with:

Service Providers: Third-party processors (e.g., hosting providers, payment processors, analytics tools) who act on our behalf and are bound by GDPR-compliant contracts.

Business Partners: For marketing or promotional purposes, only with your consent.

Legal Authorities: If required by law or to protect our rights, safety, or property.

Other Entities: In the case of a merger, acquisition, or sale of assets (with appropriate safeguards).

We ensure all recipients comply with GDPR requirements. A list of specific recipients is available upon request.

10. International Data Transfers

If we transfer your personal data outside the EU/EEA (e.g., to servers or third parties in other countries), we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs): Approved by the European Commission to ensure data protection.

Adequacy Decisions: Transfers to countries recognized by the EU as having adequate data protection laws.

Binding Corporate Rules: For intra-group transfers, where applicable.

We will inform you of the specific safeguards used for any international transfers.

11. Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Be Informed: To know how your data is collected and processed.

Right of Access: To request a copy of your personal data.

Right to Rectification: To correct inaccurate or incomplete data.

Right to Erasure (“Right to Be Forgotten”): To request deletion of your data, where applicable.

Right to Restrict Processing: To limit how your data is used.

Right to Data Portability: To receive your data in a structured, machine-readable format.

Right to Object: To object to processing based on legitimate interests or for marketing purposes.

Right to Avoid Automated Decision-Making: To not be subject to decisions based solely on automated processing (e.g., profiling) with significant effects.

To exercise these rights, contact us at privacy@m-phar.com. We will respond within one month, as required by GDPR. You also have the right to lodge a complaint with a supervisory authority Office for Personal Data Protection (email: posta@uoou.gov.cz). If processing is based on consent, you may withdraw consent at any time by contacting us or using the opt-out mechanisms provided.

12. Cookies and Tracking Technologies

Our platform uses cookies and similar technologies to enhance user experience, analyze performance, and deliver personalized content. For details, see our Cookies Policy. You can manage cookie preferences via our cookie banner or browser settings.

13. Use by Children

Our Services are not intended for users under 18 years.

We do not knowingly collect personal data from children without parental consent. If you believe we have collected such data, please contact us at privacy@m-phar.com.

14. Changes to This Privacy Notice

We may update this Privacy Notice and indicate the date of the last change to reflect changes in our practices or legal requirements.