Personal data protection

Information on the processing of personal data 


of 27 April 2016 on the protection of natural persons (hereinafter “GDPR”) with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

The objective of this document:

The present document is intended to provide full and transparent information about the processing of patient/client personal data, including special categories of personal data (in particular data concerning health) by the controller of such data.

1) Controller´s contact details:

Klinika GHC Praha, Krakovská 8/581, Praha 1, 110 00

Joint controllers have determined their respective responsibilities for compliance with the obligations under the GDPR in a transparent manner and duly reflected the respective roles and relationships of the joint controllers vis-à-vis the data subjects.

2) Data Protection Officer contact details:

Email: gdpr@ghc.cz
Phone: +420 311 234 188

3) The purposes of the processing and the legal basis for the processing:

The personal data are processed for the purpose of providing health care services, registration of clients, ensuring adequate quality of services, billing, monitoring of the premises and sharing information about the latest offers. The legal basis for the processing is provided by the following reasons:

4) Legitimate interests of the controller or a third party in the event that the processing is necessary for the purposes of the legitimate interests of the relevant controller or third party:

Our legitimate interest is the processing of your personal data for the purpose of drawing up lists, surveys and schedules, keeping records of customer programmes, checking payments of receivables, receiving visits, monitoring our premises, acknowledgment of debt, sending newsletters and sending SMS notifications (appointment reminders).

 5) Recipients or categories of recipients of the personal data:

In accordance with the generally binding legislation, we shall disclose your personal data to public authorities or to persons authorised to see your medical records under the Health Care Services Act.

If necessary for the protection of our rights, legitimate interests or property, we may disclose your personal information to e.g. judicial or administrative authorities.

We will further disclose your personal information to our processors, with whom we have signed written personal data processing agreements (e.g. accountants, tax and legal advisors, IT system providers). 

Your personal information shall always be disclosed in so far as necessary in order to protect your right to personal data and privacy protection.

6) Personal data retention period:

We shall process your personal data only for the time necessary for the purpose of their processing. If personal data are used for several different purposes of processing at the same time, we will continue to process them until the purpose with a longer processing time ceases to exist.

7) Furthermore, you have the following rights concerning the protection of your personal data.

(a) if you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;

(b) if the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(d) if you have already objected to processing in the event of legitimate grounds for the processing of the controller or third parties, pending the verification whether the legitimate grounds of the controller override those of the data subject.

(a) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or

(b) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party as well as the right to data portability.

(a) in the place of your habitual residence,

(b) place of work or

(c) place of the alleged infringement.

The following rights regarding the protection of your personal data are restricted by law:

If you wish to exercise data subject´s rights, please send your specific request to the mailing address of one of the joint controllers.

8) You have the right to exercise your rights under the GDPR in respect of and against each of the joint controllers.

9) The provision of your personal data is a statutory requirement and you as a patient have an obligation to provide them, just as the controller has the right to request them from you. A failure to provide your personal data will mean that the controller will not be able to provide health care services which may result in a harm to your health or an immediate threat to your life.