Personal Data Protection – Information for Patients of Sanatorium Helios

Stiahnuť dokument

Dear Patients,

This information is provided to ensure that you are properly informed about the processing of your personal data, including sensitive data (in particular data concerning your health). 

1. Who processes your personal data?

The controller of your personal data is

Contact details of the Data Protection Officer:

2. What personal data do we process?

In addition to your identification and contact details, we process information about your health status and other information provided by you in connection with your treatment.
The range of the processed data complies with Act No. 372/2011 Coll., on Health Services and the Conditions for Their Provision, specifically Part II, Section 53, paragraph 2, letters a), b), d), and e).

3. For what purposes do we process your personal data?

Identification data are necessary primarily to prevent any confusion of examination results.
Contact details are required to communicate information regarding current and future medical treatment in a timely manner.
Health-related data are essential for the clinical decision-making of the attending physician.

4. Who has access to your personal data?

In addition to employees of Sanatorium Helios, the following external processors have access to your personal data:

1. Contracted laboratories involved in the examination of your samples:

  • Alergologická a imunologická laboratoř AKI spol. s r.o., Brno Vinohrady 476/8, Štýřice
  • MeDiLa spol. s r.o., Brno Poliklinika Lesná, Halasovo nám. 1
  • JS – lab a.s., Náměstí míru 149, 667 01 Židlochovice
  • Fakultní nemocnice Brno, Dětská nemocnice, Jihlavská 20 685 00 Brno
  • REPROMEDA s.r.o., Studentská 812/6, 625 00 Brno
  • Centrum prenatální diagnostiky s.r.o., Veveří 478/39, 602 00 Bno
  • Nemocnice Valtice s.r.o. Klášterní 1150, 691 42 Valtice
  • GENNET, s.r.o., Kostelní 9/292 170 00 Praha 7
  • DGK-plus, spol. s r.o., Karásek 1767/1, 621 00 Brno
  • Damier s.r.o. Štefánikova 85/16, 602 00 Brno
  • Aeskulab k.s., Evropská 2589/33b, 160 00 Praha 6
  • SPADIA LAB Brno, s.r.o., Zahradníkova 494/2, 602 00 Brno

Categories of processing: access, recording, disclosure by transmission, and dissemination.

2. IT service providers maintaining the IntelliPAT and SmartMEDIX information systems:

  • Roman Stejskal, Software servis, Revoluční 531, Frýdek-Místek
  • MEDAX Systems s.r.o., Oběžná 2075/11, Ostrava

The controller has concluded written data processing agreements with all processors, ensuring compliance with GDPR requirements.

If you are a foreign patient, your personal and health-related data may also be disclosed to physicians designated by you as authorized recipients.

5. For how long do we store your personal data?

Personal data are stored in accordance with statutory requirements governing the retention of medical records, for a period of up to 40 years.

6. On what legal basis do we process your personal data?

Your personal data are processed on the basis of Act No. 372/2011 Coll., for the protection of your vital interests, and for the legitimate interests of the controller.

7. Can we process your personal data without your consent?

Yes. Your consent is not required where processing is necessary to comply with a legal obligation, to protect your vital interests, or for the legitimate interests of the controller.

8. How are my personal data secured?

Access to data is managed through IT security policies and protected by firewalls, antivirus software, and router-level port blocking. Physical security measures include locked server rooms, secured racks with active network components, and deactivation of unused network endpoints. When personal data are transmitted to external processors, the data are encrypted.

9. Are you obliged to provide your personal data? What happens if you do not provide them?

If you wish to receive medical care, the provision of personal data is mandatory in all healthcare facilities. Providing inaccurate or incomplete information (especially regarding your health or the health of close relatives) may jeopardize the course and outcome of your treatment.

10. What rights do you have in relation to the protection of personal data?

In particular, you have the right to:

  • fix or complete your personal data;
  • get access to your personal data;
  • be informed about breach of security of your personal data in specific cases;
  • place an objection or complaint about processing in specific cases;
  • other rights are provided by the Personal Data Protection Act and by Regulation (EU) 2016/679 (GDPR).

11. What rights do you not have?

In relation to your personal data, you do not have:

  • the right to request a restriction of processing
  • the right to request transferring the data
  • the right to erase( the right to be forgotten) in specific cases;

12. How can you exercise your right to rectification or completion of personal data?

If the data concern sensitive personal data (health-related data), changes must be made in person during a visit to our healthcare facility.

Changes to contact details may be communicated by phone to the clinic reception or by e-mail to the address provided on our website.

Version valid as of May 25, 2018.

Contact us
Contact us

Start typing and press enter to search

Scroll to Top