Processing of Personal Data

Read how we process and protect your personal data in compliance with GDPR

Last update: October 16, 2025

1. Data Controller

The controller of your personal data is the operator of the Zuboklik system:

WorkVector s.r.o.
Reg. No.: 17238986
Registered office: Chelčického 686, 53351 Pardubice - Rosice, Czech Republic
E-mail: info@zuboklik.cz
Phone: +420 737 061 069

2. What Personal Data We Process and for What Purpose

2.1 Patients

Name and Surname
- Purpose: patient identification in the booking system, display in dental practice calendars
- Legal basis: performance of contract (provision of booking system)

Czech National Identification Number (PIN)
- Purpose: precise patient identification, age determination for automatic appointment duration calculations, gender detection
- Legal basis: performance of contract and legitimate interest (prevention of patient confusion)
- Note: the national identification number is encrypted in the system

Phone Number
- Purpose: sending SMS notifications about appointments, reminders, communication from the dental practice
- Legal basis: performance of contract (provision of service including notifications)

Information about Symptoms and Health Condition
- Purpose: determination of treatment type, automatic calculation of visit duration, finding suitable appointment
- Legal basis: performance of contract and legitimate interest (efficient planning of practice hours)
- Note: we process health condition data within the booking system for dental practices

Information about Family Relationships
- Purpose: enable parents to book appointments for children, manage family member bookings
- Legal basis: performance of contract and consent

2.2 Medical Staff (Doctors, Nurses)

Name, Surname
- Purpose: access to the system, identification, calendar display
- Legal basis: performance of contract with the dental practice

E-mail Address
- Purpose: login to the system, password recovery, communication about the system
- Legal basis: performance of contract with the dental practice

Role and Permissions
- Purpose: determination of access level to the system (doctor, nurse)
- Legal basis: performance of contract

2.3 Dental Practice Information

Practice Name, Address, Contact Information
- Purpose: practice identification, display to patients
- Legal basis: performance of contract

3. Password Security

We do not store your passwords in the database in readable form and we do not know them! The application works only with the so-called hash of the password, which is generated using the bcrypt function with parameter cost = 12. This ensures a high level of security for your login credentials.

4. Transfer of Personal Data to Third Parties

We transfer your personal data only to the necessary extent to the following processors:

BulkGate (BulkGate s.r.o.)
- Purpose: sending SMS notifications about appointments and reminders
- Scope of data: phone number, SMS message text (containing name, date and time of appointment)
- Location: Czech Republic
- Documentation: https://help.bulkgate.com/docs/en/gdpr.html

Hosting Provider
- Purpose: operation of application and database
- Scope of data: all data in the system
- Security: server located in the EU, encrypted connection

We do not sell personal data to third parties and do not transfer it outside the European Union.

5. Data Retention Period

  • Patient data: we retain for the period of service use and 3 years after the last appointment (due to possible complaints and legal claims)
  • Medical staff data: for the duration of the contract with the dental practice
  • Backup copies: personal data in backup copies are automatically deleted within 90 days
  • Logs and audit: security logs are retained for 1 year

6. Your Rights in Personal Data Processing

According to GDPR you have the following rights:

Right of access - you have the right to obtain information whether we process your personal data, and if so, you have the right to access it

Right to rectification - you can request correction of inaccurate or incomplete personal data

Right to erasure ("right to be forgotten") - you can request erasure of your personal data if:
- they are no longer necessary for the purposes for which they were collected
- you withdraw consent and there is no other legal basis
- you object to the processing
- they were processed unlawfully

Right to restriction of processing - you can request restriction of processing in certain cases

Right to data portability - you have the right to obtain personal data in a structured, commonly used and machine-readable format

Right to object - you can object to processing based on legitimate interest

Right to withdraw consent - if processing is based on consent, you can withdraw it at any time

Right to lodge a complaint - you have the right to lodge a complaint with the Office for Personal Data Protection (www.uoou.cz)

To exercise your rights, contact us at the e-mail address stated above.

7. Data Erasure

At your request, we will delete all personal data and their copies from the current database within 30 days. From backup copies they are automatically deleted within 90 days.

We may be required to retain some data for the legal period (e.g. for tax records or dispute resolution purposes).

8. Security Breach (Data Breach)

If there is a breach of personal data security that may present a risk to your rights and freedoms, we will notify you within 72 hours from the moment we became aware of the incident, by e-mail or SMS. We will also report the incident to the Office for Personal Data Protection.

9. Automated Decision-Making and Profiling

The Zuboklik system uses automated calculations for:
- Appointment duration calculation - based on selected symptoms and patient age, the system automatically suggests optimal visit length
- Free appointment search - based on requested day, time and treatment duration

These automated processes do not have legal effects nor significantly affect you. You always have the option to decline or change the appointment, or contact the practice for manual booking.

10. Confidentiality

We commit to confidentiality regarding all personal data we process. All persons authorized to work with personal data are bound to confidentiality based on employment contracts or data processing agreements.

11. Security Measures

To protect your personal data, we use the following security measures:
- Encryption of sensitive data (national identification number)
- Password encryption using bcrypt
- HTTPS communication encryption
- Regular security updates
- Data backup with automatic deletion of older versions
- Access to data only by authorized persons
- Access audit and monitoring

12. Changes to Processing Policy

We reserve the right to update these policies. We will inform you of changes by publishing the new version on this page. The date of the last update is stated in the header of this document.

13. Contact

In case of any questions regarding personal data processing, contact us:
- E-mail: info@zuboklik.cz
- Phone: +420 777 849 212
- Postal address: WorkVector s.r.o., Chelčického 686, 53351 Pardubice - Rosice, Czech Republic