Prague Center for Travel Medicine

+420 777 763 155 | ccm@prophylaxis.cz | Quick booking

Home » GDPR

Personal data processing principles

General provisions

PROPHYLAXIS s.r.o. – Centrum cestovní medicíny processes and stores all personal data obtained in connection with the provision of health services and other services in a lawful manner, in particular Act No. 372/2011 Coll., on Health Services, as amended (hereinafter also referred to as the “Health Services Act”), Act No. 373/2011 Coll., on Specific Health Services, as amended (hereinafter also referred to as the “Specific Health Services Act”), Act No. 48/1997 Coll, 110/2019 Coll., on the processing of personal data, as amended (hereinafter referred to as the “Act on the processing of personal data”) and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”), which is effective as of 25 May 2018.

Personal data is any information relating to an identified or identifiable natural person that PROPHYLAXIS s.r.o. – Centrum cestovní medicíny processes in the contextofproviding medical and other services.

Personal data controller

The administrator of personal data is PROPHYLAXIS s.r.o. – Centrum cestovní medicíny, with registered office at Stránského 3140/39, Žabovřesky, Brno, ZIP code: 616 00, registered in the Commercial Register maintained by the Regional Court in Brno, Section C, Insert 83321, ID number: 02748754.

Data Protection Officer

The Data Controller has appointed a Data Protection Officer. Contact information for the Data Protection Officer:

Provision of health services

PROPHYLAXIS s.r.o. – Centrum cestovní medicíny processes personal data of patients when, on the basis of a statutory obligation, it maintains medical documentation containing identification data, contact data and data relating to health status (so-called special categories of personal data), data related to patient insurance and other data related to the provision of health services. This obligation is imposed on PROPHYLAXIS s.r.o. – Centrum cestovní medicíny a.s. by the Health Services Act. The provision of incomplete or incorrect personal data will mean that PROPHYLAXIS s.r.o. – Centrum cestovní medicíny a.s. will not be able to competently provide health services to patients. The retention period of medical documentation is governed by the file and shredding rules of PROPHYLAXIS s.r.o. – Centrum cestovní medicíny according to the provisions of Act No. 98/2012 Coll., on medical documentation, as amended, and also Act No. 499/2004 Coll., on archives and file service and on amendments to certain acts, as amended.

PROPHYLAXIS s.r.o. – Centre for Travel Medicine also processes identification data, contact data and data concerning the health status (special categories of personal data) of legal representatives on the basis of the Health Services Act. In the case of the provision of health services to children and adolescents (or persons withlimitedlegal capacity), the personal data of their legal representatives and guardians are also processed for the purpose of fulfilling legal obligations.

In thecontextofthe provision ofhealth services, identification and contact data of close persons may also be processed if patients provide such data. This data is processed solely for the purpose of communication and for the provision of information about the patient’s health condition, if applicable.

Personal data of patients processed in theframeworkof the provision of health services are also processed by PROPHYLAXIS s.r.o. – Centrum cestovní medicíny for the purpose of reporting the scope of health services provided and their subsequent reimbursement by health insurance companies.

Legal title for data processing

In order for us to provide you with top-quality healthcare services or to fulfil our contractual obligations, we need to find out and record some important information about you. Since any such discovery, storage or recording (hereinafter also referred to as “processing”) of data about you may only take place if it is permitted by the GDPR and Act No. 110/2019 Coll., on the processing of personal data, the following are the grounds, so-called legal titles, on the basis of which we may process your data.

  • Processing of personal data on the basis of fulfilling legal obligations – Processing of personal data is carried out for the purpose of providing health services, keeping medical records, billing health care to health insurance companies, tax obligations and accounting. This processing is mainly based on:
    • Act No. 372/2011 Coll., on Health Services and Decree No. 98/2012 Coll., on Medical Documentation.
    • Act No. 373/2011 Coll., on specific health services.
    • Act No. 48/1997 Coll., on public health insurance.
    • Act No. 378/2007 Coll., on pharmaceuticals.
    • Act No. 375/2022 Coll., on medical devices.
    • Act No. 258/2000 Coll., on the protection of public health.
    • Act No. 592/1992 Coll., on public health insurance premiums.
  • Processing of personal data on the basis of a contract.
  • Processing of special categories of personal data on the basis of public interest in the field of public health.
  • Processing of personal data with the consent of the data subject – this includes, for example, processing of personal data for sending marketing messages.

Personal data processed

We process data that we need to fulfil our legal obligations under the Health Services Act or other laws that regulate our activities (e.g. the Accounting Act, the Tax Code, etc.). This will therefore include any personal data that is contained in your medical records, in the consents you have given or data that is contained in various auxiliary systems. Where necessary for the performance of our duties, the processing may also involve other persons (e.g. family members when keeping family history). We will most often process your identification, descriptive, contact, socio-economic and health data.

Categories of data processed:

  • identification data used to uniquely and unmistakably identify the data subject (e.g. name, surname, title, birth number, date of birth, permanent address);
  • contact details (e.g. permanent address, mailing address, telephone number, email address, mailbox ID and other similar information);
  • descriptive and socio-demographic data (age, sex, marital status, number of children, nationality, occupation, education, income and expenditure, etc.);
  • health data (special category data) or other sensitive data that you disclose to us and that are necessary for the maintenance of a complete medical record (e.g. sexual orientation, genetic data, biometric data);
  • transaction data (all payments, disbursements of benefits, including relevant payment information);
  • data relating to the use of the website or app.

The processing of personal data takes place both manually and automatically in electronic information systems, both in electronic and paper form. This is always done with a high level of technical, organisational and personnel security in accordance with the law. Processing does not involve automated decision-making.

Data security

PROPHYLAXIS s.r.o. – Centre for Travel Medicine maintains the necessary appropriate technical and organisational measures, internal controls and information security processes in accordance with best practice corresponding to the potential risk to the data subject. We also take into account the state of technological development in order to protect the personal data of data subjects from accidental loss, destruction, alteration, unauthorized disclosure or access. These measures may include, but are not limited to, taking reasonable steps to ensure accountability of employees who have access to personal data of data subjects, employee training, regular backups, data recovery and incident management procedures, software protection of devices on which personal data is stored, etc.

All persons who cooperate with us and who come into contact with personal data in the course of their work or contractual obligations are bound by confidentiality and maintain sufficient standards for the security of your data, even after the cooperation has ended.

Sharing and transfer of personal data

Personal data that PROPHYLAXIS s.r.o. – Centrum cestovní medicíny collects and further processes inconnectionwith theprovision ofhealth services may be shared with third parties only in cases provided for by law.

Retention period of personal data

The period of retention and archiving of personal data depends on several factors, which apply according to the specific situation in which the personal data are processed. Most often, personal data is processed in the form of the duration and performance of legal obligations (e.g. under the Accounting Act, the Tax Code, etc.), for the duration of a contract or for the duration of our legitimate interests.

The details of the duration of the processing period are regulated in the shredding regulations and are based on the Act on the Provision of Health Services or the implementing Decree No. 98/2012 Coll., on medical documentation.

In the case of consent, the processing continues until the consent is withdrawn, unless otherwise stated directly in the consent. You can withdraw your consent at any time and thus terminate the processing.

Rights of data subjects

In accordance with applicable law, data subjects have the following rights:

  • Right of access

You have the right to obtain personal data relating to you and the personal data you have provided to us. The right of access also includes the right to obtain a copy of the personal data we process about you. This is without prejudice to your right to request an extract or copy of your medical records, which you may exercise by requesting a record to obtain an extract or copy of your medical records.

  • Right to rectification (completion)

According to the applicable legislation, you have the right to have your personal data corrected. If you find that your personal data (especially contact details) are inaccurate or incomplete, you can ask PROPHYLAXIS s.r.o. – Centrum cestovní medicíny to correct these personal data.

  • Right to erasure (“to be forgotten”)

The data subject is also entitled to request the erasure of some of his or her personal data. The extent to which PROPHYLAXIS s.r.o. – Centrum cestovní medicíny can comply with such a request may be limited by legal obligations to retain certain personal data (protection of our legitimate interests and rights), in particular on the basis of the Health Services Act or other related regulations.

  • Right to object

In some cases, the data subject has the possibility to object to the processing of personal data. This is, for example, the case of data processed for the performance of a task carried out in the public interest or in the exercise of official authority, including direct marketing, or on the basis of a legitimate interest. Unless PROPHYLAXIS s.r.o. – Centrum cestovní medicíny a.s. can demonstrate compelling reasons for the processing which override your interests or rights and freedoms, and unless the processing is necessary for the establishment, exercise or defence of legal claims, PROPHYLAXIS s.r.o. – Centrum cestovní medicíny a.s. will no longer process the personal data.

  • Right to restriction of processing

In connection with the exercise of the aforementioned rights, the data subject is also entitled to request a temporary restriction of the processing of his or her personal data if:

    • you deny the accuracy of the data until we verify the accuracy;
    • the data is not necessary for the purposes of the processing, but you require the processing for the establishment, exercise or defence of legal claims;
    • you have objected to the processing until it is verified that our legitimate grounds outweigh your legitimate interests;
    • the processing of the data was unlawful and you request a restriction of the processing of the data instead of erasure.
  • Portability

You have the right to receive data that we process on the basis of consent or on the basis of the conclusion or performance of a contract and that you have provided to us yourself or that directly result from your activity. We will provide you with this data in a machine-readable format. However, the right of portability only applies to personal data processed by automated means.

  • Right to withdraw consent

In the case of processing based on your consent, you can withdraw your consent at any time. You can then deliver your request in one of the ways listed below:

    • in person
      PROPHYLAXIS s.r.o. – Centre for Travel Medicine
      Havelská 517/14
      110 00 Prague 1
    • by post
      PROPHYLAXIS s.r.o. – Centre for Travel Medicine
      Stránského 3140/39, Žabovřesky, 616 00 Brno
    • by e-mail
      broucek@prophylaxis.cz
    • via mailbox
      f39etum

Complaint to the data protection supervisory authority

If you find out that PROPHYLAXIS s.r.o. – Centrum cestovní medicíny does not process personal data in accordance with the law, you have the right to file a complaint with the Office for Personal Data Protection, Pplk. Sochora 27, Postal Code: 170 00, Prague 7.

New online consultation option. You can find everything about vaccinations before and during pregnancy in the news.

Nově možnost on-line konzultace. Vše o očkování před a v průběhu těhotenství najdete v aktualitách.