INFORMATION ON GDPR
WHAT IS GDPR (GENERAL DATA PROTECTION REGULATION)?
The official name is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
This information will serve to ensure that you are fully and transparently informed about the processing of your personal data (in particular about your health). We will describe what personal data we collect, what we use it for and where you can get information about your personal data that we process.
WHAT PERSONAL DATA DOES AMBULANCE PENTA PROCESS ABOUT YOU AND FOR HOW LONG?
We process your personal data and sensitive information solely in connection with the provision of healthcare to you in accordance with the law and applicable legislation. The data kept about you in the medical records contain, in particular, the facts necessary for unambiguous and unmistakable identification of your person, personal data enabling contact with you, data on the examinations performed, diagnosis, treatment, prescribed medicines, medical devices, results of complete physical and follow-up examinations, etc. We collect your personal data for the period of time specified by law. Depending on the type of medical documentation, this is 5 to 100 years, or up to 20 years from the death of the patient (see Decree No. 98/2012 Coll., on medical documentation, as amended).
If we record your personal data in excess of the obligations imposed on us by law or legitimate interest, we will always ask for your prior written consent. You may withdraw your consent to such processing at any time.
After the end of the period of legitimate processing, Ambulance Penta will stop processing your personal data and will ensure its disposal in accordance with the relevant legal regulations.
PURPOSE OF PROCESSING PERSONAL DATA
We collect and use your personal information solely in connection with the provision of healthcare to you.
TO WHOM CAN OR MUST PENTA AMBULANCE PROVIDE YOUR PERSONAL DATA?
Healthcare institutions that provide you with healthcare, health insurance companies when reporting on covered healthcare, and when fulfilling other legal obligations, such as tax and accounting obligations and reporting to registers of certain diseases as provided for by law. We only disclose your personal data to authorised entities and institutions where we are obliged to do so by law. Persons who have access to your personal data are legally obliged to protect your personal data and to observe the obligation of confidentiality.
We will also provide the data to the patient’s legal representative, to a person expressly designated by the patient, and in the event of the patient’s death, to a person close to the patient and to other persons listed in Act No 372/2011 Coll., on Health Services, as amended.
DATA PROTECTION
Your personal data is protected in accordance with the applicable legislation, organizational measures, technical means, professional confidentiality of health care professionals and mandatory confidentiality of employees who come into contact with it in the course of their work.
WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PROCESSING OF PERSONAL DATA?
As a patient, you have the right to access your personal data. If you find that your personal data is incorrect or inaccurate, you have the right to request the correction of your personal data. You also have the right to have your personal data erased to the extent that you have voluntarily provided your personal data, i.e. where you have given your consent to its processing. Conversely, it is not possible to request the deletion of personal data that a health service provider is obliged to collect on the basis of a legal obligation (an obligation imposed by law), i.e. in connection with the provision of health services.
WHERE CAN YOU LODGE A COMPLAINT ABOUT THE PROCESSING OF PERSONAL DATA?
As a patient, you can lodge a complaint with the supervisory authority if you believe that the processing of your personal data is in breach of data protection legislation. You can file a complaint with the supervisory authority, which for the territory of the Czech Republic is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7 (www.uoou.cz, https://www.uoou.cz/gdpr-obecne-narizeni/ds-3938/p1=3938).
CONTACT DETAILS FOR THE DATA PROTECTION OFFICER OF AMBULANCE PENTA
Mgr. Renata Macková
Phone: 608 049 170
E-mail: renata.mackova@kplusm.cz
INFORMATION ON THE PROCESSING OF PATIENTS’ PERSONAL DATA
The company Ambulance Penta s.r.o., with registered office at Na Florenci 2116/15, 110 00 Prague 1, Company ID: 24717304, registered in the Commercial Register kept by the Municipal Court in Prague, under the reg. number: C 168446, (the “Controller”) hereby provides information on the manner and extent of the processing of patients’ personal data, including the rights related to the processing of personal data.
Respecting individual rights and protecting your privacy is a core value we hold dear. Through this document, we would like to inform you about what personal data we may process and why we do so. If you have any questions or comments, you can contact us at Ambulance Penta s.r.o., Železniční 887/1, 365 05 Karlovy Vary or contact our responsible person jana.sperlova@ambulancephcz.cz or our data protection officer renata.mackova@kplusm.cz.
PURPOSE AND LEGAL BASIS OF PROCESSING
We process your personal data for the purpose of providing health services in accordance with Act No. 372/2011 Coll., on Health Services and Conditions of their Provision (Health Services Act), as amended, and in accordance with Decree No. 98/2012 Coll., on Medical Documentation, as amended. The data kept about you in the medical records contain, in particular, the facts necessary for unambiguous and unmistakable identification of your person, personal data enabling contact with you, data on the examinations performed, diagnosis, treatment, prescribed medicines, medical devices, results of complete physical and follow-up examinations. The processing of your personal data (including data about your health) is necessary for the purposes of preventive or occupational medicine, for the assessment of an employee’s ability to work, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services under applicable law. The legal basis for the processing of your personal data is also the performance of a contract, the legitimate interest of the data controller, or processing based on your consent and the performance of a legal obligation of the controller.
RECIPIENTS OF PERSONAL DATA
We transfer your personal data to other recipients only if this is necessary to ensure the continuity of the health services provided or if we are required to do so by law. The recipients are therefore mainly other providers of health services (for example, the laboratory to which we send samples for analysis) and authorities such as the Institute of Health Information and Statistics (ÚZIS), the State Institute for Drug Control (SÚKL), possibly courts, the Police of the Czech Republic, other public authorities, insurance companies when reporting on the care provided and reimbursed, public health protection authorities and other persons to whom we are obliged to transfer the patient’s personal data under the conditions set out in the legislation (e.g. under Act No. 187/2006 Coll., on Sickness Insurance, as amended). Personal data may also be accessed by processors who may process your personal data for us. An up-to-date list of all processors is available on request from the responsible person.
TRANSFER OF PERSONAL DATA ABROAD (OUTSIDE THE EU)
We do not transfer your personal data abroad (outside the EU) as a matter of principle. An exception may be if we provide healthcare to a person who is not covered by the public health insurance system of an EU country and it is necessary to arrange for reimbursement of the healthcare provided.
STORAGE PERIOD
We retain your personal data only for the period of time specified by applicable legislation, in particular Decree No. 98/2012 Coll., on Medical Documentation, as amended, depending on the type of individual records and parts of medical documentation for which different retention periods are specified. The medical records are then shredded and a record of the shredding is made, including the deletion of data from the information system that serves as an auxiliary record for keeping medical records. In the case of a procedure that is not covered by public health insurance, we keep the issued accounting documents for the period of time specified by the relevant legislation, together with the information for which the document was paid.
YOUR RIGHTS
- You have the right to request from the Controller access to personal data concerning you as a data subject and the right to have it corrected.
- In the following cases, you have the right to restrict the processing of personal data:
o if you contest their accuracy, in which case processing will be limited to the time necessary for the controller to verify their accuracy;
o the processing of personal data is unlawful and you also refuse to delete the data because you request instead a restriction on its use;
o the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of your legal claims;
o if you have objected to the processing of your personal data where the processing is in the legitimate interests of the Controller or third parties (Article 3(b) below); in this case, processing will be restricted until it is verified that the legitimate interests of the controller outweigh your legitimate interests. - You have the right to object to processing if:
o the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority; or
o where the processing is carried out in the legitimate interest of the controller or a third party, as well as the right to data portability. - You have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochora 2, Prague 7, postcode: 170 00 (www.uoou.cz).
- The following rights regarding the protection of your personal data are limited by law: the right to erasure of personal data
- The following rights regarding the protection of your personal data do not apply to you:
o the right to data portability, given that the provision of your personal data is not based on consent or contract and is not solely automated
Providing your personal data is a legal requirement and as a patient you are obliged to provide it, just as the data controller has the right to request it from you. Failure to provide your personal data will mean that the controller will not be able to provide you with health services and this may result in damage to your health or a direct threat to your life.