INFORMATION FOR PATIENTS AND CUSTOMERS ABOUT THE PROCESSING OF PERSONAL DATA

in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation)

I. Administrator of personal data

DEVIDENT s.r.o.
CRN: 02540991
Vinohradská 3216/165, Strašnice, 100 00 Praha 10
E-mail: devident@devident.cz

The administrator is a provider of health services in accordance with Act No. 372/2011 Coll., on Health Services and Conditions of Their Provision, as amended.

II. Purpose/s of personal data processing
We process your personal data for the purpose of:
-providing health services
-reporting paid health services
-billing for unpaid health services
-communicating information about your health status to you and other authorized persons
-organizing the provision of health services (ordering patients)
-providing information in case you have contacted us by phone, e-mail, website or social media
-keeping records of our income and expenses, management and payments received, as they result from tax and accounting regulations

III. Legal basis for personal data processing
The legal basis for the processing of your personal data listed in point II. is:
-fulfilment of our legal obligation (in particular Act No. 372/2011 Coll., on Health Services and Conditions of Their Provision, Act No. 48/1997 Coll., on Public Health Insurance, Act No. 563/1991 Coll., on Accounting, Act No. 586/1992 Coll., on Income Taxes, Act No. 634/1992, on Consumer Protection)
-fulfilment of obligations from the health care contract, on the basis of which we provide you with health services (this contract does not have to be concluded in writing)

IV. Recipients of personal data
The recipients of your personal data may, in accordance with the provisions of legal regulations, in specific cases, in addition to you, be: providers of health services, public authorities and persons authorized to inspect medical records pursuant to § 31, § 32, § 33 and § 65 of Act No. 372/2011 Coll., on Health Services and Conditions of Their Provision. In order to ensure the purposes described above, personal data may be processed by processors in addition to the administrator, based on the contracts for the processing of personal data concluded in accordance with the General Data Protection Regulation.
We do not transfer your personal data abroad.

V. Time of processing of personal data
Personal data contained in medical records are processed for the period specified by Decree No. 98/2012 Coll., on Medical Records. Personal data processed for other purposes listed in point II. are processed for the time necessary to fulfil archiving obligations according to applicable legal regulations.

VI. Rights of the data subject
When processing personal data, you have the following rights regarding the protection of your personal data:
-the right to request access to your personal data from us;
-the right to correct your personal data that we process;
-the right to restrict processing. Restriction of processing means that we have to mark your personal data for which processing has been restricted and for the duration of the restriction we must not process it further, except for storing it. You have the right to restrict processing if
-you deny the accuracy of the personal data, for the time required for us to verify the accuracy of the personal data;
-the processing is illegal and you refuse to delete your personal data and instead request a restriction of their use;
-we no longer need your personal data for the purposes of processing, but you require it for the determination, exercise or defence of legal claims;
-you have raised an objection to the processing mentioned below in point VII., until it has been verified whether our legitimate reasons for the processing outweigh your interests or rights and freedoms;
-the right to erasure of personal data. The right to erasure of personal data applies only to personal data that we process for purposes other than the provision of health services. We may not delete the data we keep about you for the purpose of providing health services (e.g. in medical records);
-the right to data portability. You can request that we provide you with your personal data for the purpose of transferring them to another personal data administrator, or that we ourselves transfer them on to another personal data administrator. However, you only have this right regarding data that we process automatically based on your consent or a contract with you. However, we may provide the data we keep about you for the purpose of providing health services (e.g. in medical records) only to you and, under legal conditions, to another provider of health services or a public authority.
-the right to file a complaint with the supervisory authority, in the event that you believe that the processing of personal data violates legal regulations on the protection of personal data. You can file a complaint with the supervisory authority at the place of your habitual residence, place of employment or at the place where the alleged violation occurred. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz.

VII. The right to object to processing
In the event that we process your personal data for the purposes of our or someone else’s legitimate interests (the legal bases of processing are listed in point III.), you have the right to object to such processing at any time. You can raise an objection at our address listed in point I. If you raise such an objection, we will only be entitled to continue such processing if we demonstrate serious legitimate reasons for the processing that outweigh your interests or rights and freedoms, and further if it is processing necessary for the determination, exercise or defence of legal claims.

VIII. Mandatory processing and obligation to provide personal data
The processing of your personal data for the purpose of providing health services is a legal requirement. Failure to provide your personal data may mean that we will not be able to provide you with health services, which may result in damage to your health or a direct threat to your life (§ 41 par. 1 letter d) of Act No. 372/2011 Coll., on Health Services and Conditions of Their Provision). The obligation to provide the patient’s personal data also applies to the patient’s legal representative or guardian (§ 41, paragraph 2 of Act No. 372/2011 Coll., on Health Services and Conditions of Their Provision).