GDPR
INFORMATION FOR PATIENTS ON THE PROCESSING OF PERSONAL DATA
in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)
I. Data Controller
Controller: RENZMED s.r.o.
Company ID: 23619252
Address: Kaprova 42/14, Staré Město, 110 00 Prague 1
Email: gyn@renzmedgyn.cz
The Controller is a provider of healthcare services in accordance with Act No. 372/2011 Coll., on Health Services and the Conditions for Their Provision, as amended.
II. Purpose(s) of Personal Data Processing
Your personal data are processed for the following purposes:
provision of healthcare services
reporting of reimbursed healthcare services to health insurance companies
billing of non-reimbursed healthcare services
communication of information about your health condition to you and other authorised persons
organisation of healthcare services (patient appointment scheduling)
keeping records of our income and expenses, received payments and financial management as required by regulations governing taxation and accounting
III. Legal Basis for the Processing of Personal Data
The legal basis for processing your personal data specified in Section II is:
compliance with our legal obligations (in particular Act No. 372/2011 Coll., on Health Services and the Conditions for Their Provision; Act No. 48/1997 Coll., on Public Health Insurance; Act No. 563/1991 Coll., on Accounting; Act No. 586/1992 Coll., on Income Taxes; and Act No. 634/1992 Coll., on Consumer Protection)
fulfilment of obligations arising from the healthcare provision contract under which we provide healthcare services to you (this contract does not have to be concluded in written form)
IV. Recipients of Personal Data
In accordance with legal regulations and depending on the specific case, recipients of your personal data may include, in addition to yourself:
healthcare service providers
public authorities
persons authorised to access medical documentation pursuant to Sections 31, 32, 33 and 65 of Act No. 372/2011 Coll., on Health Services and the Conditions for Their Provision
For the purposes described above, personal data may also be processed by data processors on behalf of the Controller on the basis of data processing agreements concluded in accordance with the General Data Protection Regulation.
Your personal data are not transferred to foreign countries.
V. Period of Personal Data Processing
Personal data contained in medical documentation are processed for the period specified by Decree No. 98/2012 Coll., on Medical Documentation.
Personal data processed for other purposes listed in Section III are processed for the period stipulated by law or for the duration during which you remain our patient and subsequently for one year after you cease to be our patient.
VI. Rights of the Data Subject
When processing personal data, you have the following rights concerning the protection of your personal data:
Right of access
You have the right to request access to your personal data.
Right to rectification
You have the right to request correction of inaccurate personal data we process about you.
Right to restriction of processing
Restriction of processing means that we must mark the personal data whose processing has been restricted and may not process them further, except for storage, for the duration of the restriction.
You have the right to restriction of processing if:
you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the data
the processing is unlawful and you oppose the erasure of the personal data and request restriction of their use instead
we no longer need the personal data for processing purposes but you require them for the establishment, exercise or defence of legal claims
you have objected to processing pursuant to Section VII below, pending verification whether our legitimate grounds override your interests or rights and freedoms
Right to erasure (right to be forgotten)
This right applies only to personal data processed for purposes other than the provision of healthcare services.
Data processed for healthcare provision (e.g., contained in medical documentation) cannot be erased.
Right to data portability
You may request that we provide your personal data to you so that they can be transferred to another data controller, or that we transfer them directly to another controller.
This right applies only to data processed automatically on the basis of your consent or a contract with you.
However, data contained in medical documentation may only be provided to you and, under legal conditions, also to another healthcare provider or public authority.
Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates applicable data protection legislation, you have the right to lodge a complaint with the supervisory authority at your habitual residence, place of work, or the place where the alleged infringement occurred.
In the Czech Republic, the supervisory authority is:
Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
www.uoou.cz
VII. Right to Object to Processing
If your personal data are processed for the purposes of legitimate interests of the Controller or a third party (legal bases for processing are listed in Section III), you have the right to object to such processing at any time.
You may submit your objection to the address specified in Section I.
If you raise such an objection, we may continue processing your personal data only if we demonstrate compelling legitimate grounds for processing which override your interests or rights and freedoms, or if the processing is necessary for the establishment, exercise or defence of legal claims.
VIII. Mandatory Processing and Obligation to Provide Personal Data
Processing your personal data for the purpose of providing healthcare services is a legal requirement.
Failure to provide your personal data may result in our inability to provide healthcare services to you, which may lead to damage to your health or direct threat to life (Section 41(1)(d) of Act No. 372/2011 Coll., on Health Services and the Conditions for Their Provision).
The obligation to provide a patient’s personal data also applies to their legal representative or guardian (Section 41(2) of Act No. 372/2011 Coll.).