Information document about the Protection of Personal Data of City Clinic s.r.o. (processing of personal data of clients / patients to provide health care, and for marketing and other purposes)
City Clinic s.r.o., with its registered office at Prievozská 14, 821 09 Bratislava, Slovak Republic, ID No .: 47 347 023, registered in the Commercial Register of the District Court Bratislava I, Section: Sro, Insert No: 91176 / B (hereinafter referred to as the “Operator” or “Company“) processes your personal information for the purposes set forth in this document. In this document you will also find information about the processing of your personal data as well as information about your rights as the person concerned, which are in accordance with Act no. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Supplements to Certain Acts, as amended (hereinafter referred to as the “ZoOOÚ”) and the Regulation of the European Parliament and of the Council (EU) no. 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46 / EC (General Data Protection Regulation) (“GDPR”).
Our Company is the Operator of your personal data, that is, our Company determines the purposes and means of processing your personal data.
1. Contact details of our company
Business name: City Clinic s.r.o.
Address: Prievozská 14, 821 09 Bratislava, Slovak Republic
Contact: Marta Tonkovičová
2. What personal data we process
2.1 Ordinary Personal Data: Our Company, as the Operator, processes the following personal data you provide to our Company personally in our clinic, electronically by email, through our website www.cityclinic.sk, Facebook, Instagram or by other means, in particular:
2.1.1 identification data (name, surname, title, date of birth, birth number, nationality, client number);
2.1.2 contact details (permanent address, email address, telephone number);
2.1.3 demographic data (age, gender, employment);
2.1.4 data necessary for the use of electronic services (especially IP address, software, browser and device used, cookies);
2.1.5 image of a person (client) recorded by a camera.
2.2 Specific categories of personal data (sensitive data): Our Company as an Operator processes specific categories of personal data about you (sensitive data), namely health data. These include, in particular, disease data, data on the course and results of the examinations, data on treatment and other relevant circumstances related to your health status and the healthcare delivery process, data on the extent of healthcare provided, treatment regimen data and facts relevant to health assessment care performance, epidemiologically relevant facts and other health data necessary to provide you with proper healthcare.
3. The purpose of processing of personal data (why we have your personal information) and the legal bases for processing it (based on which we have your personal information)
3.1 When providing our services, we always process your personal information for a specific predetermined purpose, with only some of your personal information required for each processing purpose. In the event that we are not provided with the appropriate personal information that is necessary for our purpose, our Company will not be able to provide you with the appropriate healthcare or will be able to provide it only to a very limited extent.
3.2 Processing Purposes and Relevant Legal Basis: We process your personal data for the following purposes and based on the following legal bases:
3.2.1 Purpose of providing health care services to clients / patients – on the basis of performance of the contract, law and legitimate interest: for your purpose we process your personal data as well as personal information about your health (special category of personal data) about you as a client (patient). We will always ask for your personal data, which we necessarily need for the purpose in question, respectively. for the proper provision of our services and healthcare. We process your personal information based on the following legal bases:
126.96.36.199 Legal basis of processing – performance of the contract and by law: We process your personal data primarily in connection with the pre-contractual relationship and performance of the contractual relationship, which is based on a healthcare agreement concluded between our Company as a healthcare provider and you as a client / patient. Likewise, our Company is entitled and obliged to process your personal data and personal data about your health without your consent under § 18 et seq. of Act no. 576/2004 Coll. on health care, services related to the provision of health care and amending and supplementing certain acts, as amended, in particular in health documentation.
188.8.131.52 Legal basis of processing – legitimate interest: camera surveillance monitoring: protection of the Operator’s assets through electronic monitoring systems, while the Operator ensures strict observance of the statutory deadlines set for the liquidation of the data thus obtained, personnel attendance records.
3.3 Legal Basis of Processing – Consent given for marketing purposes: processing of your contact data mainly for newsletters, customer / patient satisfaction assessments, sending offers for products and services offered by our Company. We process your contact information for the purpose in question on the basis of your consent.
4. Beneficiaries or categories of recipients of personal data
4.1 Your personal information may be provided to the following recipients: Your personal data is processed through software. Only employees who need them to perform their work related to a particular person have access to them.
4.2 Your personal data, in connection with the provision of dental care, may be shared, in particular, with the following institutions: health insurance companies, the Social Insurance Agency, public authorities for enforcement and supervision, courts, law enforcement agencies, banks, commercial insurance companies, public inspection bodies authorities, legal service providers, as well as other institutions and bodies whose cooperation is necessary to fulfill the operator’s legal obligations.
4.3 The operator cooperates with various external entities whose cooperation is necessary to properly provide the services with which they share the patient’s personal information. Such external subjects are, in particular, medical laboratories, external dental technicians, service providers of software and technical equipment of the operator, respectively. other third parties whose interaction is necessary for the proper provision of services by the operator.
4.4 Your personal data for direct marketing is not shared with any third parties and is exclusively processed for direct marketing to our company.
4.5 Provision of Personal Information on the Instruction of the Data Subject: We may also provide your personal data to other recipients if you give our Company consent to such disclosure or instruct our Company to provide such personal information to you.
5. Retention period of personal data
5.1 We will store your personal information for as long as necessary for the purposes for which your Company processes your personal data, unless generally binding law permits or requires us to keep the personal information in question for a longer period of time.
5.2 We store each of your personal information for the following periods:
Providing services and health care to clients / patients
For the duration of the contract / agreement, whereby our company is within the meaning of Section 22 of Act no. 576/2004 Coll. obliges the client / patient’s medical record to be twenty (20) years after the client / patient’s death; other medical records twenty (20) years after the last provision of healthcare to the person.
For the duration of the consent until the withdrawal of consent.
6. Transfer of personal data to third countries
6.1 Our Company does not transfer your personal data outside of the territory of the Slovak Republic.
7. Your rights as a data subject in the processing of your personal data
7.1 Right of access: You have the right to obtain confirmation from our Company whether it processes your personal data, what personal data it processes, for what purpose it processes it, for what time they keep them, from where our company obtains them, where and to whom who else, in addition to our Company, processes the personal data in question, whether and how automated decision making, including profiling in the processing of your personal data, and what other rights you have in relation to the processing of your personal data. All information provided is provided in this instruction, but if you believe that you do not know whether and what your personal information is being processed by our Company and how it is processed, you have the right to access this personal information. Under this access right, you may request our Company to provide a copy of your personal data being processed, and it will provide you with a first copy free of charge and for additional copies charges will apply.
7.2 Right of rectification: If you find out that our Company is processing your personal data, are inaccurate, incorrect or incomplete, you have the right to have the Company correct or add to this personal data.
7.3 Right to delete: In the following cases, you have the right to have your personal data processed by our Company deleted without undue delay:
7.3.1 Your personal information is no longer required for the purposes for which our Company has acquired or otherwise processed it; or
7.3.2 you have withdrawn your consent to the processing of your personal data, while your consent was required to process this personal data and at the same time our Company has no other reason or other legal basis for their processing; or
7.3.3 You will use your right to object to the processing of your personal data processed by our Company based on a legitimate interest and our Company will find that it has no other legitimate interests that would entitle our Company to further process such personal data
7.3.4 if our Company would process your personal data illegally; or
7.3.5 to comply with the statutory obligation set out in the generally binding legal regulation applicable to our Company; or
7.3.6 if personal data were collected in connection with the offer of information society services addressed directly to the child.
It is important to note that, even if one of the above-mentioned cases is concerned, our Company is not obliged to delete your personal information if its processing is still necessary:
7.3.7 to exercise the right to freedom of expression and information; or
7.3.8 to fulfill our Company’s legal obligation under a generally binding legal regulation; or
7.3.9 for archiving, scientific or historical purposes or for statistical purposes; or
7.3.10 to prove, enforce or defend our Company’s legal claims.
7.4 Right to Restrict Processing: In certain cases, in addition to the right to delete, you also have the right to restrict the processing of your personal data by which you may, in specific cases, require your personal data to be marked and that no other processing operations be subject to any specific processing time. Our Company is obliged to limit the processing of your personal data if:
7.4.1 you contest the accuracy of your personal data during a period allowing our Company to verify the accuracy of this personal data; or
7.4.2 the use of your personal data is illegal and you object to the deletion of such personal data and you are asking instead to limit their use; or
7.4.3 our Company no longer needs your personal data for processing purposes, but you need them to prove, enforce or defend your legal claims; or
7.4.4 You will use your right to object to the processing of your personal data until such time as verifying that the legitimate reasons on our part prevail over your legitimate reasons.
If the processing of your personal data has been restricted under this processing restriction right, our Company may only process such personal data with the exception of retention with your consent or to prove, enforce or defend our Company’s legal claims or to protect the rights of another natural or legal person, or on grounds of an important public interest, of a State which is a Member State of the European Union or a Party to the Agreement on the European Economic Area.
7.5 Portability Right: You have the right to obtain all your personal information that you have provided to our Company if it is processed by our Company on the basis of the processing of personal data or performance of the contract, solely for personal data processed by our Company by automated means (electronic). We will provide your personal information in a structured, commonly used and machine-readable format and you have the right to transfer this personal information directly to another operator, as far as technically possible.
7.6 Right to object: You have the right to object to the processing of your personal data, which is done on the basis of a public interest, of legitimate interest, including opposition to profiling based on a legitimate interest. Our Company will no longer process your personal data unless our Company demonstrates the necessary legitimate grounds for processing that outweigh your interests, rights and freedoms, or unless our Company demonstrates the reasons for proving, asserting, or defending its legal claims.
If our Company processes your personal data for direct marketing purposes, you have the right to object at any time to the processing of such personal data for the purposes of such marketing, including profiling to the extent that it relates to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, our Company will no longer process such personal data for such purposes.
7.7 How to exercise the rights: You may exercise the above-mentioned rights through the contact details of our Company, as set out in point 1 mentioned above.
7.8 Right to lodge a complaint with the Office: In addition to exercising the aforementioned rights, you may also file a complaint with the Company for the processing of your personal data by the Company. The headquarters of the Office for Personal Data Protection is at Hraničná 12, 820 07 Bratislava, Slovak Republic, while other data can be found at: https://dataprotection.gov.sk/
7.9 Privacy Infringement Notice: In the event of a breach of your privacy that is likely to result in a high risk to your rights and freedoms, our Company is obliged to notify you without undue delay of the privacy breach.
8. Right to revoke personal data processing at any time
8.1 If you have given our Company permission to process some of your personal data, you may revoke such consent at any time, either in person, by e-mail or in writing to the contact details listed in point 1. of this document. The withdrawal of consent does not affect the legality of the processing based on consent prior to its withdrawal.
9. “Cookies” on our website
9.2 You can also browse our site without cookies, but its functionality may be partially limited in this case. We encourage you not to block cookies in your browser. If you still want to prevent cookies from being stored on your computer, change your browser settings. You can remove cookies at any time or not even save your browser settings.
10. Automated individual decision-making, including profiling
10.1. Your personal information will not be used for automated decisions or profiling.