Personal data | Category | Purpose of processing | Time of storing | Categories of entities authorised to view the data | Processing title |
Name and surname: | Personal data | Statutory obligations, identification | for the time of storing medical documents** | employees in charge and partners within the provision of medical services* | legal obligation, necessity for the performance of services |
Date and place of birth | Personal data | Statutory obligations, identification | for the time of storing medical documents | employees in charge and partners within the provision of medical services | legal obligation, necessity for the performance of services |
Address and permanent address | Personal data | Statutory obligation, identification, delivery of documents | for the time of storing medical documents | employees in charge and partners within the provision of medical services | legal obligation, necessity for the performance of services |
sex | personal data | legal obligations, identification | for the time of storing medical documents | employees in charge and partners within the provision of medical services | legal obligation, necessity for the performance of services |
birth identification number | personal data | legal obligations, identification | for the time of storing medical documents | employees in charge and partners within the provision of medical services | legal obligation, necessity for the performance of services |
citizenship | personal data | legal obligations, identification | for the time of storing medical documents | employees in charge and partners within the provision of medical services | legal obligation, necessity for the performance of services |
number of proof of identity | personal data | statutory obligations, identification | for the time of storing medical documents | employees in charge and partners within the provision of medical services | legal obligation, necessity for the performance of services |
email address | personal data | communication | for the time of storing email (up to 10 years) | employees in charge and partners within the provision of medical services | if an email is received, the reply is also sent by email |
telephone number | personal data | communication | not stored | employees in charge and partners within the provision of medical services | If contact is made by telephone, the request is dealt with by telephone. |
images recorded during the provision of medical services | special categories of personal data pursuant to Article 9 of the GDPR*** | provision of medical services | for the time of storing medical documents | employees in charge and partners within the provision of medical services | necessity for the performance of services |
signature | special categories of personal data pursuant to Article 9 of the GDPR | legal obligations, communication, provision of medical services | for the time of storing medical documents | employees in charge and partners within the provision of medical services | legal obligation, necessity for the performance of services |
genetic data | special categories of personal data pursuant to Article 9 of the GDPR | provision of medical services | for the time of storing medical documents | employees in charge and partners within the provision of medical services | necessity for the performance of services |
biometric data | special categories of personal data pursuant to Article 9 of the GDPR | provision of medical services | for the time of storing medical documents | employees in charge and partners within the provision of medical services | necessity for the performance of services |
information about the state of health | special categories of personal data pursuant to Article 9 of the GDPR | provision of medical services | for the time of storing medical documents | employees in charge and partners within the provision of medical services | necessity for the performance of services |
information about sexual life | special categories of personal data pursuant to Article 9 of the GDPR | provision of medical services | for the time of storing medical documents | employees in charge and partners within the provision of medical services | necessity for the performance of services |
Camera recordings | special categories of personal data pursuant to Article 9 of the GDPR | Protection of life, health and property | 3 days | employee in charge or a partner in the area of security | protection of interests |
sampled tissue / bodily fluid | special categories of personal data pursuant to Article 9 of the GDPR | provision of medical services | for the time of storing medical documents / duration of consent | employees in charge and partners within the provision of medical services | necessity for the performance of services / consent (judged according to the situation) |
bank account number | personal data | legal obligations, payments | up to 15 years | employee in charge or business partner | legal obligation, contract performance |
bank card number | personal data | legal obligations, payments | up to 10 days (tax document, accounting records) | employee in charge or business partner | legal obligation, contract performance |
information about the insurance company, insured person’s number | personal data | legal obligations, provision of medical services | for the time of storing medical documents | employees in charge and partners within the provision of medical services | legal obligation, contract performance |
We hereby inform you that under the conditions provided for by legislation you have the right to:
Contact information of the person authorised by the Controller in the area of personal data protection: osobni-udaje@cimex.cz
We hereby inform you that you have the right:
- to ask for confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data.
- to have inaccurate data concerning you rectified.
- to have inaccurate data concerning you deleted.
- to the restriction of processing of the personal data concerning you.
- to receive the personal data concerning you in a structured (electronic or printed) format and to transmit those data to another controller.
- to withdraw your consent to personal data processing at any time.
We also inform you that you have the right to object to the processing of the personal data concerning you and lodge a complaint with the Office for Personal Data Protection at any time.
Contact forms for exercising the data subject’s rights: http://kontakt.cimex.cz/ Personal data may be processed manually or in an automated way. The personal data shall not be transferred outside the Czech Republic.
Where the reason for processing is not marked as “consent,” the aforementioned data must be processed by the data controller in order to achieve the objective of the relevant legal transaction, and therefore, if such personal data are not provided, the legal transaction cannot be performed.
Where the reason for processing is marked as “consent,” you have the right not to provide the aforementioned data without affecting the possibility of performance based on the legal transaction for which you have been asked to give consent to personal data processing.
If you have given and/or give the Controller consent to processing your personal data for marketing purposes, you may be sent commercial communication or other marketing materials at the Controller’s discretion.
Personal data belonging to a special category under Article 9 of the GDPR are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under EU or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies.
This notice applies to the provision of medical services. Notice of the processing of personal data by the Controller within the provision of accommodation and other services is available at reception.
* Especially health insurance companies and other medical services providers (if necessary as part of providing the patient with medical services, e.g. for subsequent treatment)
** According to the Ministry of Health Regulation no. 98/2012, on medical documents, or according to legislation replacing this Regulation. “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).