Logo
  • Infertility
  • Genetics
  • Gyneacology
  • Price list
  • Back

  • Infertility

  • What is infertility?
  • Infertility treatment
  • Special laboratory methods
  • Further care
Clinics
Success of therapy FAQ News
Contact us
Logo

Information about the processing of personal data

For patients by healthcare facilities

Dear Clients,

In accordance with Act No. 110/2019 Coll. on the Processing of Personal Data, we would like to inform you how our healthcare facility Reprofit International s.r.o., with its registered office at Hlinky 48/122, Brno 60300, Company ID: 27677851, registered in the Commercial Register maintained by the Regional Court in Brno, Section C, Insert 51239, as the controller of personal data (hereinafter referred to as the "controller"), processes your personal data and about the rights and obligations related thereto.

Personal data refers to any information relating to an identified or identifiable natural person (also referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a specific identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

1. Scope and Purposes of Personal Data Processing

The controller processes personal data to the extent in which it has been provided by the data subject in connection with the conclusion of a health care contract with the controller, or in connection with the provision of health services in accordance with Act No. 372/2011 Coll., on Health Services and the Conditions of Their Provision (the Health Services Act), its implementing regulations, and other legislation governing the provision of health care.

The controller also processes personal data that was not provided directly by the data subject but was obtained during the provision of health services—for example, data resulting from specific medical examinations.

Personal data is processed by the controller in accordance with the applicable and generally binding legal regulations of the Czech Republic and for the purpose of fulfilling its legal obligations.

Your personal data is processed for the following purposes:

  • Provision of health care services (fulfillment of the controller’s legal obligations);
  • Purpose arising from negotiations related to a potential contractual relationship (for the purpose of concluding a health care agreement);
  • Purpose arising from the performance of the health care agreement between you and the controller;
  • Establishment, exercise, or defense of legal claims;
  • Provision of data to legal, financial, and tax advisors and auditors to the extent strictly necessary, for the purpose of providing advisory services to the controller.

2.  Sources of Personal Data 

The controller processes personal data that it obtains from:

  • from the data subjects themselves; such data may be obtained directly or through a personal data processor,
  • from other healthcare providers, for example in connection with the provision of follow-up care or the request for laboratory tests,
  • from other entities involved in the healthcare system, especially health insurance companies,
  • from public authorities, including professional chambers.

3. Categories of Personal Data and Categories of Data Subjects

The categories of personal data processed are as follows:

  • Address and identification data used for the clear and unambiguous identification of data subjects, such as first name, last name, date of birth, permanent address, and others;
  • Contact information such as contact address, phone number, email address, and others;
  • Payment data, such as bank account details, payment card information;
  • Other data necessary for the performance of the health care contract, especially data concerning the health status of the data subject.

The data subjects whose personal data the data controller processes and to whom this information is addressed are:

  • client/patient;
  • potential client/patient;

4. Method of Processing and Protection of Personal Data

Personal data are processed primarily in medical records in full compliance with applicable legal regulations. Their security and protection are ensured in accordance with these regulations as well as the General Data Protection Regulation (GDPR).

Processing takes place manually in both paper and electronic form, or automatically through information technology, while adhering to all security principles for the management and processing of personal data. For this purpose, the controller has implemented technical and organizational measures, particularly those ensuring that unauthorized or accidental access to personal data, their alteration, destruction, or loss, unauthorized transfer, unauthorized processing, and other misuse of personal data cannot occur.

All entities to whom personal data may be disclosed respect the data subjects’ right to privacy and are obliged to comply with the applicable personal data protection laws.

5. Duration of Personal Data Processing

The controller processes personal data for the period necessary to fulfill the given purpose and in accordance with the retention and archiving periods specified in the applicable generally binding legal regulations of the Czech Republic, or for as long as needed to establish, exercise, or defend legal claims.

6. Categories of Recipients of Personal Data

The recipients of the data subjects’ personal data are:

  • Other healthcare providers within the scope of extended or follow-up medical care and providers of selected health services, especially external laboratories;
  • Public institutions, particularly health insurance companies;
  • Processors under a contract with the controller to the extent of data necessary for the processing purpose, such as companies managing electronic medical records systems, entities providing data storage or archiving, entities handling electronic payments, and others;
  • Persons providing legal advice;
  • State authorities in connection with fulfilling legal obligations established by applicable laws.

7. Information on the Rights of the Data Subject

You have the right, with regard to our company as the personal data controller, to:

a) request access to the personal data processed by the controller, which means the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and if so, the right to access those personal data and the other information specified in Article 15 of the General Data Protection Regulation (GDPR);

b) request correction of personal data concerning you that are inaccurate. Taking into account the purposes of processing, you also have the right, in some cases, to request the completion of incomplete personal data;

c) request the deletion of personal data in cases specified in Article 17 of the GDPR;

d) request restriction of data processing in cases specified in Article 18 of the GDPR;

e) receive personal data concerning you that we process automatically for the fulfillment of a contract concluded with you, in a structured, commonly used, and machine-readable format, and you have the right to request that the controller transfers these data to another controller; under the conditions and restrictions set out in Article 20 of the GDPR; and

f) you have the right to object to the processing pursuant to Article 21 of the GDPR for reasons related to your particular situation.

If we receive your request, we will inform you about the measures taken without undue delay and, in any event, within one month of receipt of the request. This period may be extended by an additional two months where necessary, taking into account the complexity and number of requests. In certain cases defined by the GDPR, our company is not obliged to fully or partially comply with the request. This will be the case, in particular, if the request is manifestly unfounded or excessive, especially because it is repetitive. In such cases, we may (i) charge a reasonable fee taking into account administrative costs related to providing the requested information or communication or taking the requested actions, or (ii) refuse to act on the request.

If we receive the above request but have reasonable doubts concerning the identity of the requester, we may request additional information necessary to confirm their identity.

Furthermore, you have the right to directly contact the Office for Personal Data Protection if you believe that personal data are not processed in accordance with legal regulations, at your usual place of residence, place of employment, or place where the alleged breach occurred. If you suffer non-material damage as a result of personal data processing, the claim is handled under a special law.

We also inform you that our company has appointed a Data Protection Officer. Contact details of the Data Protection Officer: Ing. Anna Mityashina Rita Novoseletska, email: dpo@akdap.cz

Providing personal data by patients is a legal requirement, and the patient is obliged to provide them, just as healthcare personnel have the right to request them. Failure to provide the data may result in the controller being unable to provide health services to the patient, which could lead to harm to the patient’s health or direct threat to their life.

Effective from 01.12.2022