Program H plus, s.r.o. processes personal data in line with the requirements of Regulation of the European Parliament and of the Council (EU) No 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or GDPR).
Program H plus, s.r.o. is a controller (in some cases also a processor) of your personal data.
Identification and contact data of the controller:
Program H plus, s.r.o., company ID: 27587908, based at Kartouzská 3274/10, 150 00 Praha 5, incorporated in the Commercial Register maintained by the Municipal Court in Prague, file C 117265, telephone +420 227 071 111, e-mail firstname.lastname@example.org, data box ID: jntu4sq.
Based on a duty imposed by the GDPR, Program H plus, s.r.o. has appointed a data protection officer who performs tasks pursuant to Article 39 of DGPR and for you it is the contact person for answering your questions, requests or any other inputs.
Contact address of the data protection officer:
Data protection officer, Program H plus, s.r.o., Kartouzská 3274/10, 150 00 Praha 5, telephone +420 227 071 186, e mail: email@example.com, data box ID: jntu4sq.
Purposes of the personal data processing
Program H plus, s.r.o. as a controller of personal data processes personal data in particular for the purposes of:
a) providing services to its clients in the areas of:
b. occupational medicine,
c. individual organisation of health services,
d. and other services,
b) cooperation and communication with health insurance companies,
c) promotion, gaining new clients and caring for the existing ones,
d) ensuring the operation of the outpatient clinic.
Legal basis for the processing
Your personal data are collected and processed mainly in order to fulfil the contracting obligations of the company towards its clients and to comply with legal obligations which apply to the company, in particular the meeting of duties pursuant to Act No 372/2011 Coll. on health services, Act No 373/2011 Coll. on specific health services and Act No 48/1997 Coll. on public health insurance and amending and complementing some related acts.
The company also processes personal data because of its legitimate interests as part of its promotion and obtaining new clients, in the interest of caring for the existing clients and in order to ensure some internal processes connected with the operation of the outpatient clinic.
With your consent, we process data to ensure security of the operation.
Provision of data is voluntary
The provision of personal data is voluntary. However, without some data, the company cannot provide its services or cannot provide services at the extent and quality specified in the contracts or by legislation.
Recipients of personal data
To provide healthcare and other contractual services, the personal data of clients are transferred to cooperating providers of health services. In order to meet the statutory obligations in providing occupational medicine services, selected personal data of clients (employees) are transferred to their employers. Personal data are transferred to other persons (bodies, authorities or institutions) only in cases where the obligation of their transfer is imposed on the company by a special regulation or the data subject has granted consent with it.
The company may entrust the processing of personal data to a third person, so-called processor. Personal data processing by a processor is possible only based on a contract on processing personal data, in which the processor undertakes to protect personal data at the extent at which the personal data are protected by the company.
In processing personal data by the company, no automated decision-making takes place whereby acts or decisions would be made that would contain an interference with the rights or legitimate interests of the data subjects.
Period for which personal data are processed
Personal data are processed only for a period that is necessary for the individual purposes of processing (for the duration of the contractual relationships and 2 years thereafter), unless a regulation imposes the duty to archive personal data for a longer period. After the expiration of that period, the personal data are destroyed.
Rights of the data subject
In connection with processing your personal data by the company you have the following rights:
- right of access to your personal data that we process and to information on their processing;
- right to their rectification or erasure, unless it is necessary to keep processing them in order to fulfil legal obligations or to provide agreed services;
- right to restriction of processing;
- right to object to processing;
- right to portability of selected data;
- other rights pursuant to GDPR.
Please contact the data protection officer to exercise your rights and requirements.
Your requirements will always be duly assessed and settled in line with the relevant provisions of GDPR. If you disagree with the settlement of your requirements or comments, you are entitled to file a complaint to the Office for Personal Data Protection.