GDPR

On May 25, 2018 enters into force Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) known as GDPR (General Data Protection Regulation).

In accordance with this regulation, MDT – Medical Data Transfer s.r.o. appointed a Data Protection Officer (DPO).

DPO’s contact information

e-mail: dpo@mdt.cz

phone: +420 514 514 480

Information on the processing of personal data

Personal data controller

The company MDT – Medical Data Transfer s.r.o., IČO: 28376684, with its registered office at Mojžíšova 2901/17, Královo Pole, 612 00 Brno (hereinafter referred to as “MDT”) is a provider of health services pursuant to Act No. 372/2011 Coll., on Health Services and Conditions of Their Provision (Act on Health Services).

As part of its activities, the MDT, as an administrator, processes personal data of natural persons to whom health services are provided. The processing of such data takes place in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) known as GDPR (General Data Protection Regulation).

Why we process personal data

We process your personal data for the following purposes:

  • provision of health services and fulfillment of obligations arising for health care providers from generally binding legal regulations. These duties also include keeping medical records or reporting paid health services. The legal basis for this is compliance with a legal obligation (Article 6 (1) (c) of the GDPR);
  • fulfillment of a contract with you, on the basis of which we provide you with health services (this contract does not have to be entered into in writing). The legal basis for this purpose is the fulfilment of the contract or the implementation of measures taken before the fulfillment of the contract at your request (Article 6 (1) (b) of the GDPR);
  • protection of the rights, legitimate interests and property of MDT. The legal basis for this purpose is the legitimate interests of the administrator (Article 6 (1) (f) of the GDPR);
  • if you give us your consent, we may process your personal data for the purposes stated in such consent. The legal basis for such processing is consent to the processing (Article 6 (1) (a) of the GDPR).

What personal data can we process?

MDT processes personal data that you provide to us before or during the provision of health services, as well as data collected during the provision of health services.

These are the following categories of data:

  • identification data;
  • contact information;
  • health information;
  • other data that you provide to us or that we collect during the period of providing health services.

We only process relevant personal data, to the extent necessary, given the purpose of the processing.

How long we keep your data

We will only process your personal data for the time necessary for the purpose of their processing. This time may vary for different categories of personal data and processing purposes and is governed by, for example, legal standards (medical records), duration of legitimate interest, etc. We will process personal data processed on the basis of your consent until you revoke the consent (unless we specify a shorter processing time when obtaining your consent).

To whom we pass on your personal data

  • We will pass on your personal data in accordance with generally binding legal regulations to other health care providers (eg for consultation), health insurance companies, public authorities or persons authorized to inspect your medical records under the Health Services Act.
  • If it is necessary to protect the rights, legitimate interests and property of MDT, we may pass on your personal data to, for example, judicial or administrative authorities.
  • MDT is also entitled to pass on your personal data to its processors with whom it has entered into a written agreement on the processing of personal data (eg accountants, tax or legal advisers, IT system providers).

We will only pass on your personal data to the extent necessary for the purpose of the transfer.

What are your rights?

In connection with the processing of your personal data, you have the following rights:

  • Right of access – you have the right to access the personal data we process about you.
  • Right to correct – you have the right to correct inaccurate personal data.
  • Right to delete – you have the right to ask us to delete your personal data under the conditions set out in Article 17 of the GDPR. Please note that we may not delete data that we process about you for health care purposes.
  • Right to restrict processing – in some cases you may request restrictions on the processing of your personal data.
  • Right to data portability – you have the right to ask us to pass on personal data that we process about you on the basis of a contract or your consent to you or a third party.
  • Right to object – you have the right to object to the processing of personal data concerning you.
  • Right to withdraw consent – in cases where we process your personal data on the basis of your consent, you have the right to withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of processing in the period before its revocation.

There are certain exceptions to the exercise of these rights and it may not be possible to exercise them in all situations. If you exercise your rights and your request is found to be justified, we will take the required measures without undue delay.