General data protection regulation - GDPR

 Esthé,a.s., the Personal Data Controller (hereinafter referred to as the ”Data Controller”), has prepared this document for the purpose of discharge of an obligation to inform patients being the so called Personal Data Subjects about circumstances in which their Personal Data are processed. Esthé is obliged to inform patients under the Article 13 of the Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such Data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR“). The term “Patient” means in this document any person entering the hospital area or, as the case may be, communicating with relevant staff of the hospital in relation to providing health services.

personal data processing:

  1. You hereby give consent to the company Esthé,a.s., having its registered office at Na Příkopě 1047/17, Prague 1, Company registration number: 28425626, registered in the Public Register maintained by the Municipal Court in Prague, Section B, Insert 14429 (hereinafter referred to as the “Data Controller”),  to process Personal Data.

purposes for which your personal data shall be processed by esthé:

The Data Controller shall process your Personal Data for the purpose of:

Legal basis for processing your personal Data:

We process your Personal Data because it is necessary to discharge legal obligations of Esthé which is the so called Controller of your Personal Data (in accordance with the Article 9(2)(h) of the Regulation, or as the case may be in accordance with the Article 6(1)(c) of the Regulation).

Categories of personal data concerned:

Where Esthé acquires Personal Data not only from patients themselves but also from any other persons (in particular within the frame of medical documentation received from other health service providers, within the frame of request forms for examinations, etc.), Esthé shall process the following categories of Personal Data:

Recipients or categories of recipients of personal data:

The recipients of Personal Data are the subjects authorized by special Act (in particular persons listed in Section 65 of the Act No. 372/2011 Coll., on health services, providers of follow-up health care, regional hygienic stations, State Institute for Drug Control / SÚKL, etc.). 

Period of personal data storage:

Personal Data form a part of medical documentation. Treatment of such documentation is governed by Sections 53 – 69 of the Act No. 372/2011 Coll., on Health Services, and the Decree No. 98/2012 Coll., on Medical Documentation. Or more precisely, the period of your Personal Data storage in relation to maintenance of particular medical documentation shall be 40 years from the last hospitalization.

Your rights with respect to protection of your personal data:

As a patient, you shall have the following rights with respect to the protection of your Personal Data which you can exercise as follows:

The following right with respect to protection of your Personal Data is restricted by law:

Right to erasure of Personal Data

This right is restricted by the Act No. 372/2011 Coll., on Health Services and Conditions of Their Provision (Healthcare Service Act). Therefore, your Personal Data may not be erased or they may only be erased in part, even though you shall exercise the right to their erasure.

The following right with respect to protection of your Personal Data does not apply to you:

Right to Data portability

This is because your Personal Data are neither processed by the hospital under your consent to their processing nor under the contract; moreover, this processing is not carried out only by automated means.

Notice
Esthé is entitled to know your Personal Data under legal provisions regulating provision of health services. As a patient, you are obliged to provide your Personal Data, as well as the hospital is entitled to request them from you. Any failure to provide your Personal Data shall mean that Esthé shall not be allowed to provide you with health services.

How to exercise your rights with respect to protection of your Personal Data:

Contact details

Your rights to protection of Personal Data may be exercised in writing or electronically, using the contact details as follows:

Your identity must be officially verified. In case that the request is delivered in person, the claimant identity shall be verified by a reception employee or Data Protection Officer under an identity card presented.

Contents of request or objection:

In your request, objection or any other submission with respect to your rights to the protection of your Personal Data, please indicate the following:

Free provision of information and clearance of requests, submissions or objections with respect to treatment of Personal Data:

As a health-care facility, we are obliged to inform you about a manner of processing your Personal Data free of charge. We are also obliged to clear your requests, submissions and objections free of charge. However, it shall not apply if your request is not clearly justified or reasonable, in particular in case of recurring requests. In the above mentioned cases, Esthé is entitled to deny granting a request.

You give your express consent to the company Esthé to the above mentioned processing. I give my consent of my own free will and its giving is unconditional.