Privacy Policy
INFORMATION FOR PATIENTS ON THE PROCESSING OF PERSONAL DATA
pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
I. Personal data controller:
VEPARODENT s.r.o., IČO: 06150268 with registered office Velehradská 1665/19, Vinohrady, 130 00 Praha 3
E-mail: [email protected]
Phone number: +420 777 117 172
II. Purpose(s) of processing personal data
We process your personal data for the following purposes
- provision of health services
- reporting of reimbursed health services
- accounting for non-covered health services
- disclosing health information to you and other authorised persons
- organising the provision of health services (patient appointments)
- keeping records of our income and expenditure, payments received and management as required by tax and accounting regulations
- compulsory archiving
- marketing purposes
- ensuring internal controls to improve the quality of care
III. Legal basis for processing personal data
The legal basis for the processing of your personal data referred to in point II. is
- compliance with our legal obligations (in particular Act No. 372/2011 Coll., on health services and conditions of their provision, Act No. 48/1997 Coll., on public health insurance, Act No. 563/1991 Coll., on accounting, Act No. 586/1992 Coll., on income taxes, Act No. 634/1992, on consumer protection)
- fulfilment of obligations under a health care contract under which we provide you with health care services (this contract does not have to be in writing)
IV. Recipients of personal data
The recipients of your personal data may be, in accordance with the provisions of the legislation, in specific cases, in addition to you: the provider of health services, public authorities and persons authorised to inspect medical records pursuant to Sections 31, 32, 33 and 65 of Act No 372/2011 Coll., on health services and conditions of their provision. In addition to the controller, personal data may also be processed by processors for the purposes described above on the basis of personal data processing contracts concluded in accordance with the General Data Protection Regulation.
V. Period of processing of personal data
The personal data contained in the medical records are processed for the period specified by Decree No. 98/2012 Coll., on medical records. Personal data processed for other purposes referred to in point III are processed for the period specified by law or for as long as you are our patient and then for one year after you cease to be our patient.
VI. Rights of the data subject
When processing personal data, you have the following rights regarding the protection of your personal data:
- the right to request access to your personal data from us;
- the right to rectification of your personal data that we process;
- the right to restrict processing. Restriction of processing means that we must mark your personal data for which processing has been restricted and we must not continue to process it for the duration of the restriction except to store it.
You have the right to restrict processing if
- you deny the accuracy of the personal data for the time necessary for us to verify the accuracy of the personal data;
- the processing is unlawful and you refuse the erasure of the personal data and request instead a restriction on its use;
- if we no longer need your personal data for the purposes of processing but you require it for the establishment, exercise or defence of legal claims;
- if you have objected to the processing set out in section VII below, until it is verified that our legitimate grounds for processing outweigh your interests or rights and freedoms;
Right to erasure of personal data.
- The right to erasure of personal data applies only to personal data that we process for purposes other than the provision of health services. We may not erase data we hold about you for the purpose of providing health services (e.g. in medical records);
- the right to data portability. You may request that we provide your personal data to you for the purpose of transferring it to another data controller, or that we transfer it to another data controller ourselves. However, you only have this right in respect of data that we process automatically on the basis of your consent or a contract with you. However, we may only disclose the data we hold about you for the purpose of providing health services (e.g. in medical records) to you and, under lawful conditions, to another health service provider or public authority.
- The right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is in breach of data protection law. You can lodge a complaint with the supervisory authority at your usual place of residence, place of employment or place where the alleged breach occurred. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz.
VII. Right to object to processing
If we process your personal data for the purposes of our or someone else’s legitimate interests (the legal grounds for processing are set out in section III), you have the right to object to such processing at any time. You can object to this at our address set out in section I. If you raise such an objection, we will only be entitled to continue such processing if we can demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms and if the processing is necessary for the establishment, exercise or defence of legal claims.
VIII. Mandatory processing and obligation to provide personal data
The processing of your personal data for the purposes of providing health services is a legal requirement. Failure to provide your personal data may mean that we will not be able to provide you with health services, which may result in damage to your health or a direct threat to your life (Section 41(1)(d) of Act No 372/2011 Coll., on health services and conditions of their provision). The obligation to provide the patient’s personal data also applies to the patient’s legal representative or guardian (Section 41(2) of Act No. 372/2011 Coll., on health services and conditions of their provision).