Esthé,a.s., the Personal Data Controller (hereinafter referred to as the ”Data Controller”), has prepared this document for the purpose of discharge of an obligation to inform patients being the so called Personal Data Subjects about circumstances in which their Personal Data are processed. Esthé is obliged to inform patients under the Article 13 of the Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such Data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR“). The term “Patient” means in this document any person entering the hospital area or, as the case may be, communicating with relevant staff of the hospital in relation to providing health services.
The Data Controller shall process your Personal Data for the purpose of:
We process your Personal Data because it is necessary to discharge legal obligations of Esthé which is the so called Controller of your Personal Data (in accordance with the Article 9(2)(h) of the Regulation, or as the case may be in accordance with the Article 6(1)(c) of the Regulation).
Where Esthé acquires Personal Data not only from patients themselves but also from any other persons (in particular within the frame of medical documentation received from other health service providers, within the frame of request forms for examinations, etc.), Esthé shall process the following categories of Personal Data:
The recipients of Personal Data are the subjects authorized by special Act (in particular persons listed in Section 65 of the Act No. 372/2011 Coll., on health services, providers of follow-up health care, regional hygienic stations, State Institute for Drug Control / SÚKL, etc.).
Personal Data form a part of medical documentation. Treatment of such documentation is governed by Sections 53 – 69 of the Act No. 372/2011 Coll., on Health Services, and the Decree No. 98/2012 Coll., on Medical Documentation. Or more precisely, the period of your Personal Data storage in relation to maintenance of particular medical documentation shall be 40 years from the last hospitalization.
As a patient, you shall have the following rights with respect to the protection of your Personal Data which you can exercise as follows:
Right to erasure of Personal Data
This right is restricted by the Act No. 372/2011 Coll., on Health Services and Conditions of Their Provision (Healthcare Service Act). Therefore, your Personal Data may not be erased or they may only be erased in part, even though you shall exercise the right to their erasure.
Right to Data portability
This is because your Personal Data are neither processed by the hospital under your consent to their processing nor under the contract; moreover, this processing is not carried out only by automated means.
Esthé is entitled to know your Personal Data under legal provisions regulating provision of health services. As a patient, you are obliged to provide your Personal Data, as well as the hospital is entitled to request them from you. Any failure to provide your Personal Data shall mean that Esthé shall not be allowed to provide you with health services.
Your rights to protection of Personal Data may be exercised in writing or electronically, using the contact details as follows:
Your identity must be officially verified. In case that the request is delivered in person, the claimant identity shall be verified by a reception employee or Data Protection Officer under an identity card presented.
In your request, objection or any other submission with respect to your rights to the protection of your Personal Data, please indicate the following:
As a health-care facility, we are obliged to inform you about a manner of processing your Personal Data free of charge. We are also obliged to clear your requests, submissions and objections free of charge. However, it shall not apply if your request is not clearly justified or reasonable, in particular in case of recurring requests. In the above mentioned cases, Esthé is entitled to deny granting a request.
You give your express consent to the company Esthé to the above mentioned processing. I give my consent of my own free will and its giving is unconditional.