INFORMATION FOR PATIENTS ON THE PROCESSING OF PERSONAL DATA
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
I. THE CONTROLLER OF THE PERSONAL DATA
Rehab Liberec s.r.o.
Zákopnická 360
46014, Liberec 14
ID: 05016282
The administrator is a provider of health services in accordance with Act No. 372/2011 Coll., on health services and conditions of their provision, as amended.
II. PURPOSES OF PROCESSING PERSONAL DATA
We process your personal data for the following purposes
providing health services
reporting on covered health services
billing for non-covered health services
communicating health information to you and other authorised persons
organising the provision of health services (patient appointments)
keeping records of our income and expenditure, payments received and management as required by tax and accounting regulations
III. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
The legal basis for the processing of your personal data referred to in point II. is
the fulfilment of our legal obligations (in particular Act No 372/2011 Coll., on health services and conditions of their provision, Act No 48/1997 Coll., on public health insurance, Act No 563/1991 Coll., on accounting, Act No 586/1992 Coll., on income taxes, Act No 634/1992, on consumer protection)
fulfilment of obligations under a health care contract under which we provide you with health care services (this contract does not have to be in writing)
IV. RECIPIENTS OF PERSONAL DATA
The recipients of your personal data may, in accordance with the provisions of the legislation, in specific cases, in addition to you, be: the provider of health services, public authorities and persons authorised to inspect medical records pursuant to § 31, § 32, § 33 and § 65 of Act No. 372/2011 Coll., on health services and conditions of their provision. In addition to the controller, personal data may also be processed by processors for the purposes described above on the basis of personal data processing contracts concluded in accordance with the General Data Protection Regulation. We do not transfer your personal data abroad.
V. PERIOD OF PROCESSING OF PERSONAL DATA
The personal data contained in the medical records are processed for the period specified by Decree No. 98/2012 Coll., on medical records. Personal data processed for other purposes referred to in point III are processed for the period specified by law or for as long as you are our patient and then for one year after you cease to be our patient.
VI. RIGHTS OF THE DATA SUBJECT
You have the following rights regarding the protection of your personal data when we process your personal data:
The right to request access to your personal data from us;
the right to have your personal data processed by us rectified;
the right to restrict processing. Restriction of processing means that we must mark your personal data for which processing has been restricted and we must not continue to process it for the duration of the restriction, except to store it. You have the right to restrict processing if
you contest the accuracy of the personal data for the time necessary for us to verify the accuracy of the personal data;
the processing is unlawful and you object to the erasure of the personal data and instead request a restriction on its use;
if we no longer need your personal data for the purposes of processing but you require it for the establishment, exercise or defence of legal claims;
if you have objected to the processing set out in section VII below, until it is verified that our legitimate grounds for processing outweigh your interests or rights and freedoms;
the right to erasure of personal data. The right to erasure of personal data applies only to personal data that we process for purposes other than the provision of health services. We may not erase data that we hold about you for the purpose of providing health services (e.g. in medical records);
the right to data portability. You may request that we provide your personal data to you for the purpose of transferring it to another data controller, or that we transfer it to another data controller ourselves. However, you only have this right in respect of data that we process automatically on the basis of your consent or a contract with you. However, we may only disclose the data we hold about you for the purpose of providing health services (e.g. in medical records) to you and, under lawful conditions, to another health service provider or public authority.
The right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is in breach of data protection law. You can lodge a complaint with the supervisory authority at your usual place of residence, place of employment or place where the alleged breach occurred. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection, Pplk. Sochor 27, 170 00 Prague 7, www.uoou.cz.
VII. RIGHT TO OBJECT TO PROCESSING
If we process your personal data for the purposes of our or someone else's legitimate interests (the legal grounds for processing are set out in section III), you have the right to object to such processing at any time. You can object to this at our address set out in section I. If you raise such an objection, we will only be entitled to continue such processing if we can demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms and if the processing is necessary for the establishment, exercise or defence of legal claims.
VIII. MANDATORY PROCESSING AND OBLIGATION TO PROVIDE PERSONAL DATA
The processing of your personal data for the purposes of providing health services is a legal requirement. Failure to provide your personal data may mean that we are unable to provide you with health services, which may result in damage to your health or a direct threat to your life (Section 41(1)(d) of Act No. 372/2011 Coll., on health services and conditions of their provision). The obligation to provide the patient's personal data also applies to the patient's legal representative or guardian (Section 41(2) of Act No. 372/2011 Coll., on health services and conditions of their provision).