A Andělová Dentistry · Prague
Book a visit
Documents

Personal data processing.

Information for patients on the processing of personal data under the General Data Protection Regulation (GDPR).

This is a translation provided for the convenience of patients. The Czech version of this document is the legally binding one.

Information for patients on the processing of personal data under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ES (the General Data Protection Regulation).

I. Controller of personal data

MDDr. Veronika Andělová
IČ: 04226496
Ohradní 1368/4
140 00 Prague 4 – Michle

The controller is a provider of healthcare services in accordance with Act No. 372/2011 Coll., on Health Services and the Conditions of Their Provision, as amended.

II. Purposes of the processing of personal data

We process your personal data for the purpose of:

  • providing healthcare services;
  • reporting reimbursed healthcare services;
  • invoicing non-reimbursed healthcare services;
  • communicating information about your health condition to you and other authorised persons;
  • organising the provision of healthcare services (booking patients);
  • keeping records of our income and expenditure, payments received and our finances, as arising from the regulations governing taxes and accounting.

III. Legal basis for the processing of personal data

The legal basis for the processing of your personal data referred to in point II. is:

  • the fulfilment of our legal obligation (in particular Act No. 372/2011 Coll., on Health Services and the Conditions of Their Provision, Act No. 48/1997 Coll., on Public Health Insurance, Act No. 563/1991 Coll., on Accounting, Act No. 586/1992 Coll., on Income Taxes, Act No. 634/1992 Coll., on Consumer Protection);
  • the fulfilment of the obligations under the contract on the care of health, on the basis of which we provide healthcare services to you (this contract need not be concluded in writing).

IV. Recipients of personal data

In accordance with the provisions of legal regulations, in specific cases the recipients of your personal data may, besides you, be: the provider of healthcare services, public authorities and persons authorised to inspect medical records under § 31, § 32, § 33 and § 65 of Act No. 372/2011 Coll., on Health Services and the Conditions of Their Provision. In order to ensure the purposes described above, the personal data may, besides the controller, also be processed by processors, on the basis of personal data processing agreements concluded in accordance with the General Data Protection Regulation.

We do not transfer your personal data abroad.

V. Period of the processing of personal data

The personal data contained in the medical records are processed for the period specified by Decree No. 98/2012 Coll., on Medical Records. The personal data processed for the other purposes referred to in point II. are processed for the period specified by law or for the period during which you are our patient, and subsequently for a period of one year after you cease to be our patient.

VI. Rights of the data subject

During the processing of personal data you have the following rights relating to the protection of your personal data:

  • the right to request access to your personal data from us;
  • the right to the rectification of your personal data that we process;
  • the right to the restriction of processing. The restriction of processing means that we must mark your personal data whose processing has been restricted and, for the duration of the restriction, we may not process them further except for storing them. You have the right to the restriction of processing where:
    • you contest the accuracy of the personal data, for the period needed to enable us to verify the accuracy of the personal data;
    • the processing is unlawful and you refuse the erasure of the personal data and instead request the restriction of their use;
    • we no longer need your personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims;
    • you have raised an objection to the processing referred to below in point VII., until it has been verified whether our legitimate grounds for processing override your interests or rights and freedoms.
  • the right to the erasure of personal data. The right to the erasure of personal data applies only to personal data that we process for purposes other than the provision of healthcare services. The data we keep about you for the purpose of providing healthcare services (e.g. in the medical records) we may not erase;
  • the right to data portability. You may request that we provide you with your personal data for the purpose of transferring it to another personal data controller, or that we ourselves transfer it to another personal data controller. However, you have this right only with regard to the data that we process by automated means on the basis of your consent or a contract with you. The data we keep about you for the purpose of providing healthcare services (e.g. in the medical records), however, we may provide only to you and, under statutory conditions, also to another provider of healthcare services or a public authority;
  • the right to lodge a complaint with the supervisory authority in the event that you believe that the processing of personal data infringes the legal regulations on the protection of personal data. You may lodge the complaint with the supervisory authority in the place of your habitual residence, place of work or in the place where the alleged infringement occurred. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz.

VII. The right to object to processing

In the event that we process your personal data for the purposes of the legitimate interests of ourselves or someone else (the legal bases of processing are set out in point III.), you have the right to object to such processing at any time. You may raise the objection at our address set out in point I. If you raise such an objection, we will be entitled to continue such processing only if we demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms, and further where it concerns processing necessary for the establishment, exercise or defence of legal claims.

VIII. Mandatory processing and the obligation to provide personal data

The processing of your personal data for the purposes of providing healthcare services is a legal requirement. Failure to provide your personal data may mean that we will not be able to provide healthcare services to you, which may result in harm to your health or a direct threat to life (§ 41(1)(d) of Act No. 372/2011 Coll., on Health Services and the Conditions of Their Provision). The obligation to provide the patient's personal data also applies to their legal representative or guardian (§ 41(2) of Act No. 372/2011 Coll., on Health Services and the Conditions of Their Provision).