Upravit stránku

Information on personal data processing

  • MOBILE APPLICATION

    INFORMATION ABOUT PERSONAL DATA PROCESSING UPON USE OF MOBILE APPLICATION

    (updated 13.11.2019)

    The mobile app has been created by Program Health Plus exclusively for its clients as a means of secure online access to their electronic health documentation as well as further information and services of Program Health Plus via a mobile telephone. The mobile app is operated by Program Health Plus and is provided to clients free of charge. 

    Acquisition and use of personal data
    The mobile app itself does not gather any personal data, it merely displays data from the Client Zone. Within the mobile app, personal data is displayed in the following fields:

    • APPOINTMENTS FOR EXAMINATIONS
    • MEDICAL REPORTS
    • MEDICATIONS
    • CLIENT’S PERSONAL DATA CARD

    Login to the app takes place with the use of a login name and password for the purpose of authentication and authorisation. No further information is required. 

    Purpose and legal title for personal data processing 
    The mobile app displays personal data processed by Program Health Plus as the provider of healthcare services in relation to its patients, in which the purpose and legal title for personal data processing within the framework of health documentation is given by this relationship. Use of the Client Zone and therefore also the mobile app is voluntary, and the client confirms his/her decision to use these services by signing an informed consent form according to the law on health services (by signing the client expresses consent to the keeping of health documentation in electronic form, and at the same time to its placing on a secure web server with SSL certificate administered by Program Health Plus, enabling remote access to electronic health documentation, conditioned by the entry of the assigned security data). 

    Forwarding of personal data to third parties
    Upon operating the mobile app, Program Health Plus co-operates with an external IT service provider. This provider has access to the basic personal data essential for it to fulfil the tasks assigned by Program Health Plus. A regular processing contract is concluded with this provider according to GDPR, and the provider is bound by an obligation of confidentiality and a prohibition to share this information or use it for other purposes. 

    Personal data is not forwarded to foreign countries. 

    Automated decision making
    In the processing of personal data there is no automated decision making on the basis of which any functions are performed, and no decision making whose content would involve intervention with the rights or justified interests of clients.

    Time of personal data processing
    Should the client cease to be interested in using the mobile app, all the personal data it displayed is erased upon uninstalling the app from the mobile telephone.
    The time of processing of health documentation is determined by the Czech legislation, specifically Decree no. 98/2012 Coll., on health documentation. The individual processing periods differ according to the content of the documentation. After the elapse of the period, the documentation and therefore all the personal data contained therein are liquidated in accordance with the Shredding Regulations. 

    App logs
    Errors and defects may appear during the use of the mobile app. In order to ensure that these defects can be rectified, it is essential to gather data and information (via products of the third party), known as “logs”. Logs may contain information such as IP tools, the name of the tool, version of operating system, configuration of app upon use of the app, date and time of use of app and other statistics. 

    Cookies
    The mobile app does not use cookies. 

    Security
    The mobile app is secured by access data identical to that for access to the Client Zone – login name and password. The login data is issued to the client only in person following an identity document check. The password is composed of random letters and numbers, for security reasons it cannot be altered. As soon as the access password is generated and stored, it can no longer be displayed, and in the case of loss of the password it is always necessary to generate a new one. In such a case it is not possible to issue login data via telephone or by e-mail, but only in person at the reception of Program Health Plus. It is possible to use entry of a four-digit PIN code in the mobile app.

    Program Health Plus has taken the necessary technical and organisational measures for the purpose of protecting the personal data displayed in the mobile app. These measures are regularly reviewed and updated according to the limits of the latest available technological options. 

    It is nevertheless necessary to keep in mind that no form of data sharing via the internet is 100% secure and reliable, and that Program Health Plus cannot guarantee absolute security. 

    Links to other services
    The mobile app may contain links to recommended websites or other apps. By clicking on the link of the third party, the client will be redirected to this site. Although Program Health Plus carefully selects the recommended applications, it is not the operator thereof. We therefore recommend that clients study the Principles of Personal Data Protection of these third parties. Program Health Plus has no influence over the content, principles of protection of privacy or practices of the websites or applications of third parties and does not bear any liability for this. 

    Privacy of children
    The services of the mobile app do not gather any information from children younger than 13 years. 

    Changes to information
    Information about personal data processing upon use of the mobile app may be continuously updated, in which case changes shall always be published on this site. We recommend you regularly check this information. Changes are valid from the moment of their publication. 

    Rights of data subject 
    In connection with the use of the mobile app, clients have the following rights according to GDPR:

    • right to access to personal data;
    • right to amendment thereof;
    • right to erasure thereof;
    • right to restriction of processing.

    It is possible to address applications of rights and requests to the entrusted party for personal data protection at the e-mail address gdpr@programhplus.cz. Requests will always be regularly assessed and settled in accordance with the relevant provisions of the general regulation of the GDPR. In the case that clients dispute the settlement of requests or suggestions, they have the right to complain to the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, ID data box qkbaa2n.

  • CLIENT ZONE
    INFORMATION ABOUT PERSONAL DATA PROCESSING UPON USE OF THE CLIENT ZONE

    (updated 13.11.2019)

    The Client Zone has been created by Program Health Plus exclusively for its clients as a means of secure online access to their electronic health documentation as well as further information and services. The Client Zone is operated by Program Health Plus, accessible via the website klient.programhplus.cz, and is provided to clients free of charge. 

    Acquisition and use of personal data
    The Client Zone is connected directly with information and the ordering system of the clinic, from where it obtains personal data. 

    Within the Client Zone, personal data is displayed in the following fields:
     
    • APPOINTMENTS FOR EXAMINATIONS
    • MEDICAL REPORTS
    • MEDICATIONS
    • CLIENT’S PERSONAL DATA CARD
    Login to the Client Zone takes place with the use of a login name and password for the purpose of authentication and authorisation. No further information is required. 

    Purpose and legal title for personal data processing 
    The Client Zone displays personal data processed by Program Health Plus as the provider of healthcare services in relation to its patients, in which the purpose and legal title for personal data processing within the framework of health documentation is given by this relationship. Use of the Client Zone is voluntary, and the client confirms his/her decision to use these services by signing an informed consent form according to the law on health services (by signing the client expresses consent to the keeping of health documentation in electronic form, and at the same time to its placing on a secure web server with SSL certificate administered by Program Health Plus, enabling remote access to electronic health documentation, conditioned by the entry of the assigned security data).

    Forwarding of personal data to third parties
    Upon operating the Client Zone, Program Health Plus co-operates with an external IT service provider. The Client Zone is stored on the server of this provider. The provider directly processes only the basic personal data essential for it to fulfil the tasks assigned by Program Health Plus. A regular processing contract is concluded with this provider according to GDPR, and the provider is bound by an obligation of confidentiality and a prohibition to share this information or use it for other purposes. 

    Personal data is not forwarded to foreign countries. 

    Automated decision making
    In the processing of personal data there is no automated decision making on the basis of which any functions are performed, and no decision making whose content would involve intervention with the rights or justified interests of clients.

    Time of personal data processing
    Should the client cease to be interested in using the Client Zone, he/she can withdraw consent and the Client Zone with all the stored personal data is erased.

    The time of processing of health documentation is determined by the Czech legislation, specifically Decree no. 98/2012 Coll., on health documentation. The individual processing periods differ according to the content of the documentation. After the elapse of the period, the documentation and therefore all the personal data contained therein are liquidated in accordance with the Shredding Regulations. 

    App logs
    Errors and defects may appear during the use of the Client Zone. In order to ensure that these defects can be rectified, it is essential to gather data and information (via products of the third party), known as “logs”. Logs may contain information such as IP tools, the name of the tool, version of operating system, configuration of app upon use of the app, date and time of use of app and other statistics. 

    Cookies
    The Client Zone does not use cookies. 

    Security
    The Client Zone is secured by an SSL certificate and access data – login name and password. The login data is issued to the client only in person following an identity document check. The password is composed of random letters and numbers, for security reasons it cannot be altered. As soon as the access password is generated and stored, it can no longer be displayed, and in the case of loss of the password it is always necessary to generate a new one. In such a case it is not possible to issue login data via telephone or by e-mail, but only in person at the reception of Program Health Plus. 

    Program Health Plus has taken the necessary technical and organisational measures for the purpose of protecting the personal data upon provision of the Client Zone service. These measures are regularly reviewed and updated according to the limits of the latest available technological options. 

    It is nevertheless necessary to keep in mind that no form of data sharing via the internet is 100% secure and reliable, and that Program Health Plus cannot guarantee absolute security. 

    Changes to information
    Information about personal data processing upon use of the mobile app may be continuously updated, in which case changes shall always be published on this site. We recommend you regularly check this information. Changes are valid from the moment of their publication. 

    Rights of data subject 
    In connection with the use of the mobile app, clients have the following rights according to GDPR:
     
    • right to access to personal data;
    • right to amendment thereof;
    • right to erasure thereof;
    • right to restriction of processing.
    It is possible to address applications of rights and requests to the entrusted party for personal data protection at the e-mail address gdpr@programhplus.cz. Requests will always be regularly assessed and settled in accordance with the relevant provisions of the general regulation of the GDPR. In the case that clients dispute the settlement of requests or suggestions, they have the right to complain to the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, ID data box qkbaa2n.
     

Program H plus, s.r.o. processes personal data in line with the requirements of Regulation of the European Parliament and of the Council (EU) No 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or GDPR).

Program H plus, s.r.o. is a controller (in some cases also a processor) of your personal data.

Identification and contact data of the controller:
Program H plus, s.r.o., company ID: 27587908, based at Kartouzská 3274/10, 150 00 Praha 5, incorporated in the Commercial Register maintained by the Municipal Court in Prague, file C 117265, telephone +420 227 071 111, e-mail recepce@programhplus.cz, data box ID: jntu4sq.

Based on a duty imposed by the GDPR, Program H plus, s.r.o. has appointed a data protection officer who performs tasks pursuant to Article 39 of GDPR and for you it is the contact person for answering your questions, requests or any other inputs.

Contact address of the data protection officer:
Data protection officer, Program H plus, s.r.o., Kartouzská 3274/10, 150 00 Praha 5, telephone +420 227 071 186, e mail: gdpr@programhplus.cz, data box ID: jntu4sq.

Purposes of the personal data processing
Program H plus, s.r.o. as a controller of personal data processes personal data in particular for the purposes of:


            a) providing services to its clients in the areas of:
                    a. health,
                    b. occupational medicine,
                    c. individual organisation of health services,
                    d. and other services,
            b) cooperation and communication with health insurance companies,
            c) promotion, gaining new clients and caring for the existing ones,
            d) ensuring the operation of the outpatient clinic.


Legal basis for the processing
Your personal data are collected and processed mainly in order to fulfil the contracting obligations of the company towards its clients and to comply with legal obligations which apply to the company, in particular the meeting of duties pursuant to Act No 372/2011 Coll. on health services, Act No 373/2011 Coll. on specific health services and Act No 48/1997 Coll. on public health insurance and amending and complementing some related acts.

The company also processes personal data because of its legitimate interests as part of its promotion and obtaining new clients, in the interest of caring for the existing clients and in order to ensure some internal processes connected with the operation of the outpatient clinic.

With your consent, we process data to ensure security of the operation.

Provision of data is voluntary

The provision of personal data is voluntary. However, without some data, the company cannot provide its services or cannot provide services at the extent and quality specified in the contracts or by legislation.

Recipients of personal data
To provide healthcare and other contractual services, the personal data of clients are transferred to cooperating providers of health services. In order to meet the statutory obligations in providing occupational medicine services, selected personal data of clients (employees) are transferred to their employers. Personal data are transferred to other persons (bodies, authorities or institutions) only in cases where the obligation of their transfer is imposed on the company by a special regulation or the data subject has granted consent with it.

The company may entrust the processing of personal data to a third person, so-called processor. Personal data processing by a processor is possible only based on a contract on processing personal data, in which the processor undertakes to protect personal data at the extent at which the personal data are protected by the company.

Automated decision-making
In processing personal data by the company, no automated decision-making takes place whereby acts or decisions would be made that would contain an interference with the rights or legitimate interests of the data subjects.

Period for which personal data are processed
Personal data are processed only for a period that is necessary for the individual purposes of processing (for the duration of the contractual relationships and 2 years thereafter), unless a regulation imposes the duty to archive personal data for a longer period. After the expiration of that period, the personal data are destroyed.

Rights of the data subject
In connection with processing your personal data by the company you have the following rights:
 

  • right of access to your personal data that we process and to information on their processing;
  • right to their rectification or erasure, unless it is necessary to keep processing them in order to fulfil legal obligations or to provide agreed services;
  • right to restriction of processing;
  • right to object to processing;
  • right to portability of selected data;
  • other rights pursuant to GDPR.

Please contact the data protection officer to exercise your rights and requirements.

Your requirements will always be duly assessed and settled in line with the relevant provisions of GDPR. If you disagree with the settlement of your requirements or comments, you are entitled to file a complaint to the Office for Personal Data Protection.