INFORMATION ABOUT PERSONAL DATA PROCESSING UPON USE OF MOBILE APPLICATION
The mobile app has been created by Program Health Plus exclusively for its clients as a means of secure online access to their electronic health documentation as well as further information and services of Program Health Plus via a mobile telephone. The mobile app is operated by Program Health Plus and is provided to clients free of charge.
Acquisition and use of personal data
The mobile app itself does not gather any personal data, it merely displays data from the Client Zone. Within the mobile app, personal data is displayed in the following fields:
- APPOINTMENTS FOR EXAMINATIONS
- MEDICAL REPORTS
- CLIENT’S PERSONAL DATA CARD
Login to the app takes place with the use of a login name and password for the purpose of authentication and authorisation. No further information is required.
Purpose and legal title for personal data processing
The mobile app displays personal data processed by Program Health Plus as the provider of healthcare services in relation to its patients, in which the purpose and legal title for personal data processing within the framework of health documentation is given by this relationship. Use of the Client Zone and therefore also the mobile app is voluntary, and the client confirms his/her decision to use these services by signing an informed consent form according to the law on health services (by signing the client expresses consent to the keeping of health documentation in electronic form, and at the same time to its placing on a secure web server with SSL certificate administered by Program Health Plus, enabling remote access to electronic health documentation, conditioned by the entry of the assigned security data).
Forwarding of personal data to third parties
Upon operating the mobile app, Program Health Plus co-operates with an external IT service provider. This provider has access to the basic personal data essential for it to fulfil the tasks assigned by Program Health Plus. A regular processing contract is concluded with this provider according to GDPR, and the provider is bound by an obligation of confidentiality and a prohibition to share this information or use it for other purposes.
Personal data is not forwarded to foreign countries.
Automated decision making
In the processing of personal data there is no automated decision making on the basis of which any functions are performed, and no decision making whose content would involve intervention with the rights or justified interests of clients.
Time of personal data processing
Should the client cease to be interested in using the mobile app, all the personal data it displayed is erased upon uninstalling the app from the mobile telephone.
The time of processing of health documentation is determined by the Czech legislation, specifically Decree no. 98/2012 Coll., on health documentation. The individual processing periods differ according to the content of the documentation. After the elapse of the period, the documentation and therefore all the personal data contained therein are liquidated in accordance with the Shredding Regulations.
Errors and defects may appear during the use of the mobile app. In order to ensure that these defects can be rectified, it is essential to gather data and information (via products of the third party), known as “logs”. Logs may contain information such as IP tools, the name of the tool, version of operating system, configuration of app upon use of the app, date and time of use of app and other statistics.
The mobile app is secured by access data identical to that for access to the Client Zone – login name and password. The login data is issued to the client only in person following an identity document check. The password is composed of random letters and numbers, for security reasons it cannot be altered. As soon as the access password is generated and stored, it can no longer be displayed, and in the case of loss of the password it is always necessary to generate a new one. In such a case it is not possible to issue login data via telephone or by e-mail, but only in person at the reception of Program Health Plus. It is possible to use entry of a four-digit PIN code in the mobile app.
Program Health Plus has taken the necessary technical and organisational measures for the purpose of protecting the personal data displayed in the mobile app. These measures are regularly reviewed and updated according to the limits of the latest available technological options.
It is nevertheless necessary to keep in mind that no form of data sharing via the internet is 100% secure and reliable, and that Program Health Plus cannot guarantee absolute security.
Links to other services
The mobile app may contain links to recommended websites or other apps. By clicking on the link of the third party, the client will be redirected to this site. Although Program Health Plus carefully selects the recommended applications, it is not the operator thereof. We therefore recommend that clients study the Principles of Personal Data Protection of these third parties. Program Health Plus has no influence over the content, principles of protection of privacy or practices of the websites or applications of third parties and does not bear any liability for this.
Privacy of children
The services of the mobile app do not gather any information from children younger than 13 years.
Changes to information
Information about personal data processing upon use of the mobile app may be continuously updated, in which case changes shall always be published on this site. We recommend you regularly check this information. Changes are valid from the moment of their publication.
Rights of data subject
In connection with the use of the mobile app, clients have the following rights according to GDPR:
- right to access to personal data;
- right to amendment thereof;
- right to erasure thereof;
- right to restriction of processing.
It is possible to address applications of rights and requests to the entrusted party for personal data protection at the e-mail address firstname.lastname@example.org. Requests will always be regularly assessed and settled in accordance with the relevant provisions of the general regulation of the GDPR. In the case that clients dispute the settlement of requests or suggestions, they have the right to complain to the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, ID data box qkbaa2n.