Esthé,a.s., the Personal Data Controller (hereinafter referred to as the ”Data Controller”), has prepared this document for the purpose of discharge of an obligation to inform patients being the so called Personal Data Subjects about circumstances in which their Personal Data are processed. Esthé is obliged to inform patients under the Article 13 of the Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such Data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR“). The term “Patient” means in this document any person entering the hospital area or, as the case may be, communicating with relevant staff of the hospital in relation to providing health services.
Personal Data processing:
You hereby give consent to the company Esthé,a.s. , having its registered office at Na Příkopě 1047/17, Prague 1, Company registration number: 28425626, registered in the Public Register maintained by the Municipal Court in Prague, Section B, Insert 14429 (hereinafter referred to as the “Data Controller”), to process Personal Data.
Purposes for which your Personal Data shall be processed by Esthé
The Data Controller shall process your Personal Data for the purpose of:
Providing outpatient care
Providing inpatient care (hospitalization)
Ensuring follow-up care for hospitalized patients
Preparing and dispensing medications and other preparations
Laboratory processing for provision of health care
Making surgical interventions – Contract for a Surgery Procedure, invoicing
Operating camera system
Legal basis for processing your Personal Data
We process your Personal Data because it is necessary to discharge legal obligations of Esthé which is the so called Controller of your Personal Data (in accordance with the Article 9(2)(h) of the Regulation, or as the case may be in accordance with the Article 6(1)(c) of the Regulation).
Categories of Personal Data concerned
Where Esthé acquires Personal Data not only from patients themselves but also from any other persons (in particular within the frame of medical documentation received from other health service providers, within the frame of request forms for examinations, etc.), Esthé shall process the following categories of Personal Data:
Identification data (i.e. name, last name, date and place of birth, personal number, citizenship)
Contact details (residence address, telephone number, E-mail) for mutual communication and awareness
Data concerning the state of health
Recipients or categories of recipients of Personal Data:
The recipients of Personal Data are the subjects authorized by special Act (in particular persons listed in Section 65 of the Act No. 372/2011 Coll., on health services, providers of follow-up health care, regional hygienic stations, State Institute for Drug Control / SÚKL, etc.).
Period of Personal Data storage:
Personal Data form a part of medical documentation. Treatment of such documentation is governed by Sections 53 – 69 of the Act No. 372/2011 Coll., on Health Services, and the Decree No. 98/2012 Coll., on Medical Documentation. Or more precisely, the period of your Personal Data storage in relation to maintenance of particular medical documentation shall be 40 years from the last hospitalization.
Your rights with respect to protection of your Personal Data
As a patient, you shall have the following rights with respect to the protection of your Personal Data which you can exercise as follows:
You shall have the right to request from Esthé the access to Personal Data concerning you as a Data Subject and you shall have the right to request rectification of Personal Data.
You shall have the right to request restriction of Personal Data processing.
You shall have the right to object to processing of Personal Data concerning you. You shall have the right to lodge a complaint with a supervisory authority if you believe that GDPR has been breached by processing Personal Data. The complaint may be lodged by you with the supervisory authority which is:
The Office for Personal Data Protection / Úřad pro ochranu osobních údajů (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz
The following right with respect to protection of your Personal Data is restricted by law:
Right to erasure of Personal Data
This right is restricted by the Act No. 372/2011 Coll., on Health Services and Conditions of Their Provision (Healthcare Service Act). Therefore, your Personal Data may not be erased or they may only be erased in part, even though you shall exercise the right to their erasure.
The following right with respect to protection of your Personal Data does not apply to you:
Right to Data portability
This is because your Personal Data are neither processed by the hospital under your consent to their processing nor under the contract; moreover, this processing is not carried out only by automated means.
Esthé is entitled to know your Personal Data under legal provisions regulating provision of health services. As a patient, you are obliged to provide your Personal Data, as well as the hospital is entitled to request them from you. Any failure to provide your Personal Data shall mean that Esthé shall not be allowed to provide you with health services.
How to exercise your rights with respect to protection of your Personal Data
Your rights to protection of Personal Data may be exercised in writing or electronically, using the contact details as follows:
electronically by e-mail sent to the address firstname.lastname@example.org
through the data box ID DS: mm4vpvg
in writing by a letter with a certified signature sent to the address: Esthé,a.s. Na Příkopě 1047/17, 110 00 Prague 1
Your identity must be officially verified. In case that the request is delivered in person, the claimant identity shall be verified by a reception employee or Data Protection Officer under an identity card presented.
Contents of request or objection
In your request, objection or any other submission with respect to your rights to the protection of your Personal Data, please indicate the following:
Specify the right exercised
Free provision of information and clearance of requests, submissions or objections with respect to treatment of Personal Data
As a health-care facility, we are obliged to inform you about a manner of processing your Personal Data free of charge. We are also obliged to clear your requests, submissions and objections free of charge. However, it shall not apply if your request is not clearly justified or reasonable, in particular in case of recurring requests. In the above mentioned cases, Esthé is entitled to deny granting a request.
You give your express consent to the company Esthé to the above mentioned processing. I give my consent of my own free will and its giving is unconditional.