Data Privacy Policy
Data Privacy Policy
Last updated: April 2026
This policy explains what personal data MDR Academy collects, why we collect it, who we share it with, and what rights you have. We keep it plain — no legal jargon where plain language works just as well.
This policy is originally written in Czech, which constitutes the sole legally binding version. This English version is a translation provided for informational purposes. In the event of any discrepancy, the Czech version shall prevail.
1. Data Controller
The data controller responsible for all personal data processed through this platform is:
Bc. Karel Boháč Příkop 838/6, 602 00 Brno – Zábrdovice Czech Republic IČO: 17752515 Email: mrdacademy.eu@gmail.com Phone: +420 774 908 782 Data box: cb8yjh4
Sole trader (fyzická osoba podnikající dle živnostenského zákona) registered in the Czech Trade Licensing Register administered by the Magistrát města Brna. Not registered for VAT.
If you have any question about how your data is handled, or want to exercise any of your rights under GDPR, this is the right person to contact.
2. What Data We Collect
2.1 Access request data
When you request access to forms or the MCP server, we ask for your name and email address. That is the minimum we need to identify you, communicate with you, and manage your access manually.
We do not collect any other personal data at this stage. No payment information, no address, no phone number.
2.2 Analytics data
We use Google Analytics to understand how visitors use the platform — which pages are visited most, how long people spend reading resources, and where users typically enter and leave. This involves the collection of:
- Your IP address (partially anonymised before storage)
- Browser type and version
- Device type and operating system
- Pages visited and time spent on each
- Referring website (the site you came from)
- Geographic location at city or region level (derived from IP address)
Google Analytics uses cookies to track sessions across visits — see Section 7 for details.
2.3 AI chat query data
If you use the application AI chat (available on request), the content of your queries is sent to our AI service provider for processing. MDR Academy does not store your queries beyond what is visible in your chat session. See Section 6 for details on the AI processor.
2.4 Email correspondence
When you contact us by email, we receive and retain your email address and the content of your message. We use this only to respond to your enquiry.
2.5 Form submission data
When you complete an evaluation form on MDR Academy, the inputs you provide — such as your device class, manufacturer status, and answers to knowledge-validation questions — are processed to calculate a personalised output (assessment and conformity route summary). Both your inputs and the generated outputs are stored in the platform database.
The stored data serves two purposes: delivering your form result, and pre-filling shared fields if you complete additional forms on the platform. No other use is made of this data.
Form submission data is linked to your access identity (the name and email address you provided when requesting form access). The transformation logic is entirely rule-based and does not involve any third-party AI service.
3. Legal Basis for Processing
Under GDPR Article 6, we process personal data on the following legal bases:
| Type of data | Legal basis |
|---|---|
| Access request data (name, email) | Art. 6(1)(b) — steps necessary prior to providing you access to the requested services |
| Analytics data | Art. 6(1)(a) — your consent, given via cookie acceptance when you first visit the platform |
| AI chat query content | Art. 6(1)(b) — necessary to deliver the AI service you have requested |
| Form submission data (inputs + outputs) | Art. 6(1)(b) — necessary to deliver the evaluation service and enable cross-form pre-filling |
| Email correspondence | Art. 6(1)(f) — legitimate interest in handling enquiries and communications directed to us |
Where we rely on consent (analytics cookies), you can withdraw it at any time — see Section 8.
4. How We Use Your Data
We process your data only for the purposes it was collected for:
- Access management — your name and email are used to grant, manage, and if necessary revoke your access to forms and MCP services
- Platform improvement — analytics data helps us understand which content is useful and identify pages that may need updating
- Service delivery — AI chat query content is used solely to generate your response
- Communication — email correspondence is used to reply to your message
We do not use your data for advertising, profiling, automated decision-making, or any purpose beyond what is listed above.
5. Data Retention
| Data | Retention period |
|---|---|
| Access request data (name, email) | Retained while your access is active, plus a reasonable period after access is withdrawn or the platform ceases to offer access-controlled features |
| Analytics data | Retained in Google Analytics for 14 months (Google's default retention setting). Aggregated, anonymised reports may be retained indefinitely. |
| AI chat query content | Not stored by MDR Academy. Retention by the AI provider is governed by their own data processing terms — see Section 6. |
| Form submission data (inputs + outputs) | Retained for the duration of your active form access. Deleted within a reasonable period after access is withdrawn or the form service is discontinued. |
| Email correspondence | Retained for as long as the correspondence is reasonably relevant, typically no more than 3 years |
6. Data Sharing and Third-Party Processors
We do not sell, rent, or trade your personal data. We share data only with the service providers necessary to operate the platform. Each is a data processor acting on our behalf and is bound by a data processing agreement or equivalent legal safeguard.
| Processor | Role | Data shared | Location |
|---|---|---|---|
| hukot.cz | Web hosting — virtual server | All data stored on and transmitted through the platform (server logs, access request data) | Czech Republic (EU) |
| Google LLC | Analytics — Google Analytics | Usage data, anonymised IP address, session behaviour | USA |
| Google LLC | Email communications — Gmail | Email correspondence content, sender address | USA |
| Google LLC | AI service — Gemini API | Content of AI chat queries | USA |
Form submission data (inputs and outputs) is processed and stored exclusively on the hukot.cz server. The form transformation logic is entirely rule-based — no third-party AI service is involved in processing form submissions.
International data transfers
hukot.cz is a Czech provider and processes data within the European Union. No international transfer concerns apply.
Google LLC is based in the United States. Data processed by Google for analytics, email, and AI services is transferred to the USA. These transfers are covered by Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c), incorporated into Google's data processing agreements. Google LLC also participates in the EU–US Data Privacy Framework (DPF).
You can review Google's data processing terms at: https://business.safety.google/privacy/
7. Cookies
MDR Academy uses cookies for one purpose: analytics via Google Analytics.
What cookies are set
Google Analytics sets cookies under the names _ga, _ga_[ID], and related identifiers. These cookies:
- Distinguish unique visitors from repeat visitors
- Track session behaviour (pages visited, time spent)
- Enable aggregate traffic reporting
No other cookies are set by MDR Academy.
How to manage cookies
When you first visit MDR Academy, you will be asked for your consent before analytics cookies are set. You can:
- Accept or decline analytics cookies at that point
- Change your preference at any time via the cookie settings on the platform
- Block or delete cookies at any time via your browser settings
If you decline analytics cookies, your visit will not be tracked and no analytics data about you will be collected. The platform will continue to function normally in all respects.
8. Your Rights Under GDPR
Under Regulation (EU) 2016/679, you have the following rights regarding your personal data:
Right of access (Art. 15) — You can ask us what data we hold about you and receive a copy of it.
Right to rectification (Art. 16) — If the data we hold about you is inaccurate or incomplete, you can ask us to correct it.
Right to erasure (Art. 17) — You can ask us to delete your personal data. We will comply unless we have a legal obligation to retain it.
Right to restriction of processing (Art. 18) — You can ask us to pause processing of your data in certain circumstances — for example while a dispute about accuracy is resolved.
Right to data portability (Art. 20) — Where processing is based on your consent or a contract and is carried out by automated means, you can ask to receive your data in a structured, machine-readable format.
Right to object (Art. 21) — You can object to processing carried out on the basis of legitimate interest. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to withdraw consent (Art. 7(3)) — Where processing is based on your consent (such as analytics cookies), you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing that took place before withdrawal.
To exercise any of these rights, contact us at mrdacademy.eu@gmail.com. We will respond within 30 days.
9. Supervisory Authority
If you believe that our processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for MDR Academy is:
Úřad pro ochranu osobních údajů (ÚOOÚ) Pplk. Sochora 27, 170 00 Praha 7 Czech Republic Website: https://www.uoou.cz Email: posta@uoou.cz
You may also contact the supervisory authority in the EU member state where you reside or work.
10. Changes to This Policy
We will update this policy when there are material changes to how we process data — for example if we add or replace a third-party service. The "last updated" date at the top of this page reflects the most recent revision. Where changes are significant, we will communicate them directly if we have your contact details.
11. Contact
For any privacy-related question or to exercise your rights:
Bc. Karel Boháč mrdacademy.eu@gmail.com Příkop 838/6, 602 00 Brno – Zábrdovice, Czech Republic
AI Participation & Regulatory Notice
The content on this page may be partially assisted by Artificial Intelligence (AI) to improve readability and ensure clarity.
While our team audits this content, please be aware:
- Accuracy: AI-assisted interpretations may contain nuances that differ from official MDCG guidance.
- Timeliness: Medical Device Regulations (MDR) are subject to updates. Always verify critical information against the official EUR-Lex database.
- Liability: MDR Academy provides these resources for educational purposes only. They do not constitute legal advice.