Information on personal data processing
Poliklinika IPP s.r.o.
What important concepts are associated with the processing of personal data?
- Personal data – any information regarding an identified or identifiable natural person, such as first name, surname, date of birth, birth registration number, telephone number, e-mail address, IP address, etc.
- Data subject – person to whom the personal data relate
- Processing of personal data – activity carried out with personal data by the data controller or processor
- Controller – the person who determines the purpose and means of personal data processing
- Processor – a natural or legal person, public authority, agency or other body processing personal data for the controller based on the controller’s authorization
- Purpose – the controller’s reason for processing personal data
- Special categories of personal data – sensitive data of special nature, such as data concerning health
- Legitimate interest – the interest of the controller or of another entity, interests of the controller as provided for in the legislation, e.g. protecting property using a CCTV system
- Recipient – person to whom personal data is transferred
Who is the personal data controller?
Poliklinika IPP s.r.o. (hereinafter referred to as the “Controller”)
Company registration number: 250 57 065
Registered office at: Legerova 389/56, Praha 2, postal code 12000
The Controller has appointed a Data Protection Officer to supervise the proper processing of personal data. They could be contacted electronically by e-mail to: email@example.com, or by mail to: V jámě 699/5, 110 00 Praha – Nové Město.
What personal data do we process?
- Basic identification data
- Contact details
- Personal data pertaining to a special category of personal data, acquired for the purpose of providing health services
For what purposes and how long do we process personal data?
Processing to comply with a legal duty
The provision of your personal data for the purpose of providing health services by the Controller is a legal requirement arising from Act No. 372/2011 Coll., on health services and conditions for their provision and other legislation. The processing of personal data for this purpose is essential for the fulfilment of legal duties of the Controller. Failure to provide your personal data may mean that the Controller would not be able to provide health services to you. Such personal data are stored pursuant to applicable legislation, in particular Regulation No. 98/2012 Coll. on medical records, as amended.
Processing based on contract
In the case of a contractual relationship, we process personal data for purposes of your contract, handling them in particular when negotiating the conclusion, amendment, or administration of your contract. In such case, personal data are processed only to the extent necessary for the conclusion and performance of the contract in question. For this purpose, the provision of your personal data is entirely voluntary, but it is necessary for the conclusion of the contract and its subsequent management. Without such data we would not be able to enter into the contract with you or to fulfil the obligations and rights resulting therefrom. We retain the personal data for the period necessary to secure the mutual rights and obligations arising from the contract.
Processing based on legitimate interest
We also process some data for our internal purposes, which may be the protection of our rights and legitimate interests. This is, for example, reception area CCTV surveillance (see below), or using contact information of our clients and patients for purposes related to providing our services. We retain these personal data, as well as all others, only for the period necessary for the purpose of processing.
Processing based on the data subject’s consent
In certain cases, such as the processing of personal data for the purpose of posting photos on our website or Facebook, we have requested your consent to such processing. Specific purposes, as well as your rights and obligations, are always listed in the appropriate form. We process these personal data for the period, for which the consent has been granted or until such consent is withdrawn.
Who are the potential personal data recipients or categories of recipients?
- The patient, guardian or guardian of the patient, a person designated by the patient, legal guardian or guardian of the patient, foster parent or another carer;
- Other health service providers or social service providers to ensure the continuity of other health and social services provided to the patient;
- Persons authorized to inspect medical records within the meaning of s. 65 of Act no 372/2011 Coll.;
- Government authorities (in particular law enforcement agencies, Police of the Czech Republic, prosecutor’s office, courts) and other bodies on the basis of other legislation;
- Entities providing services to the Controller, with whom the Controller makes a relevant contract for the processing of personal data, such as our IT providers.
What are your rights in respect of your personal data?
- You have the right to request information about what personal data relating to you the Controller processes.
- You have the right to request the Controller to provide access to personal data relating to you as the data subject.
- You have the right to have them rectified or erased (if erasure is permitted by the law).
- You have the right to restrict the processing.
- You have the right to object to the processing (only for the purpose of legitimate interests of the Controller – see point 4).
- You have the right to address the Data Protection Officer of the Controller in all matters related to the processing of your personal data and to exercise your rights according to applicable legal regulations.
- In the event that you have provided your personal data to the Controller based on consent, you have the right to:
- Obtain personal data concerning you in a structured, commonly used and machine-readable format, and the right to transfer the data to another controller;
- Have your personal data transferred directly by one controller to another where technically feasible.
- You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes your rights or violates obligations of the Personal Data Controller. You can lodge a complaint with the competent supervisory authority, which is the Office for Personal Data Protection.
- If you have any questions about the processing of your personal data or if you wish to exercise the above rights, please feel free to contact us by e-mail to: firstname.lastname@example.org.
Information on personal data processing via the CCTV system
CCTV system description
The CCTV system is an automatically operated fixed technical system enabling to capture and preserve video recordings from monitored locations. The source of personal data will be a video recording stored for a certain period of time (recording from the CCTV system). Cameras have a fixed mounting and the night vision capability. They capture colour image, and the recording quality is sufficient to identify persons and to recognize their activities. The CCTV system is operated continuously 24/7, all camera outputs are recorded continuously without the sound track. The camera recordings are stored continuously to a data storage located in the Controller’s building. Both data transfer and storage are properly secured.
Record storage period
The record storage period is set to 14 days. Then the record is automatically overwritten.
Location of individual cameras
- Outside the building to capture the stairs in front of the building entrance.
- Outside the building to capture the entrance to the building.
- On the ceiling in the right corner of the main corridor next to the ground floor reception to capture the stairs and the corridor.
- On the ceiling in the right corner of the ground floor reception to capture the reception area.
- On the ceiling in the right corner of the gynaecology waiting room to capture the waiting room and the entrance door.
- On the ceiling of the ENT waiting room and the eye ambulance, in the left corner of the room to capture the waiting room and the entrance door.
- On the ceiling of the waiting room of the cardiology, internal medicine, and orthopaedics ambulances, in the left corner of the room to capture the waiting room and the entrance door.
- On the ceiling of the waiting room of the endocrinology, diabetology, internal medicine, and psychiatry ambulances, in the left corner of the room to capture the waiting room and the entrance door.
- On the ceiling of the waiting room of the neurology and dermatology ambulances, in the right corner of the room to capture the waiting room and the entrance door.
- In the left corner of the staircase ceiling to capture the staircase and the entrance door.
- On the ceiling of the hallway leading to the elevator, in the upper left corner to capture the corridor leading to the elevator and the elevator door.
Purpose of processing
The purpose of processing is the protection of property of the Controller and the protection of property of persons present on the Controller’s premises, as well as protection of those persons.
Legal basis for processing
Personal data are processed based on legitimate interests of the Controller pursuant to Article 6(1)(f) of the Regulation without consent of the data subjects. The legitimate interest here is the protection of property and persons.
Personal data subjects and categories of personal data
The data subjects whose personal data are processed by the Controller are mainly patients and employees of the Controller, as well as other persons entering the premises for any other reason. The CCTV system’s data to be processed consist of recordings of the footage taken by the system, which can be used to identify natural persons in connection with the purpose of processing. The scope of the data processed will consist only of recording individuals in certain precisely specified locations. The Controller will not process any data relating to address and identification data, nor any sensitive or descriptive data.
Transfers of records to entities other than the Controller
Under certain circumstances, in addition to the Controller and the Processor, recipients of records may also be law enforcement agencies (the Police of the Czech Republic, the prosecutor’s office), a court or other state administration bodies, or self-government bodies trying infractions and acting on the basis of statutory rules.
Rights of the data subject
- You have the right to request information on what personal data the Controller processes about you.
- You have the right to request the Controller to provide access to personal data relating to you as the data subject.
- You have the right of rectification, restriction or erasure (if erasure is permitted by the law).
- You have the right to object to the processing.
- You have the right to address the Controller’s Data Protection Officer in all matters related to the processing of your personal data and to exercise your rights according to the relevant legal regulations.
- You have the right to lodge a complaint with the supervisory authority if you believe that the personal data processing is violating your rights or violating the obligations of the Personal Data Controller. You can lodge a complaint with the competent supervisory authority, which is the Office for Personal Data Protection.
What are cookies?
What cookies do we use and why?
Cookies on our website could be categorized according to their purpose or validity.
Depending on validity, cookies could be divided to short- and long-term ones:
- Short-term cookies – valid for the duration of your visit to the website and deleted from your computer a few minutes after you leave the site.
- Long-term cookies – they are retained after you close the browser; they are only deleted after a very long period (which depends on your browser and cookie settings). You can also delete them manually.
Depending on purpose, cookies could be divided to essential, analytical, re-marketing, and conversion cookies:
- Essential (functionality) cookies – short-term cookies ensuring the basic technical functioning of the website, i.e. login, use of services, etc.
- Analytical cookies – long-term cookies used to generate anonymous statistics on web usage (Google Analytics, Google Tag Manager).
- Re-marketing cookies – long-term cookies helping us to reach patients in advertising spaces on other websites.
- Conversion cookies – long-term cookies used to evaluate how advertising works and different ways of how users access the website of the Poliklinika I. P.Pavlova.
Sensitive or personal data are never placed in cookies.
The settings of common internet browsers allow you to disable cookies. Cookies that are already stored in your computer can be deleted at any time. Please refer to your browser help and follow the instructions provided. Please note that with cookies disabled, the functionality of this site may be significantly reduced.
To disable cookies, please see the website of the particular browser provider:
For more information about cookies and their use, please see AboutCookies.org.
If you have any questions about personal data processing or if you wish to exercise any of the above rights, please contact us by e-mail to email@example.com.