Information on the processing of personal data
I. Basic provisions
- The administrator of personal data pursuant to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in connection with the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) is Dentry s.r.o., IČO: 073 55 041, with registered office at Karmelitská 383/12, 118 00 Prague 1 – Malá Strana (hereinafter: “administrator”). The administrator is a provider of health services in accordance with Act No. 372/2011 Coll., on health services and conditions for their provision, as amended.
- The administrator’s contact details are listed above and below
Dentry s.r.o. address:
Senovážné nám. 8,
110 00 Prague 1
e-mail: info@dentry.cz
telephone: +420 773 523 322 - Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example a name, identification number, location data, network identifier or to one or more special elements of physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
- The administrator has not appointed a personal data protection officer. The contact details of the trustee are:
II. Sources and categories of processed personal data
- The administrator processes personal data that you have provided to him/her or personal data that the administrator has obtained based on the fulfillment of your order.
- The administrator processes your identification and contact data and data necessary to fulfill the purpose for which they were obtained.
III. Legal reason and purpose of personal data processing
- The legal reason for processing personal data is
– fulfillment of legal obligations (in particular Act No. 372/2011 Coll., on health services and conditions of their provision, Act No. 48/1997 Coll., on public health insurance, Act No. 563/1991 Coll., on accounting, Act No. 586/1992 Coll., on income taxes, Act No. 634/1992, on consumer protection)
– fulfillment of obligations from the dental care contract, on the basis of which we perform dental procedures for self-payers - The purpose of personal data processing is
– the processing of your order and the performance of rights and obligations arising from the contractual relationship between you and the administrator; when placing an order, personal data are required that are necessary for the successful processing of the order (name and address, date of birth, year no./insured number, contact), providing personal data is a necessary requirement for concluding and fulfilling the contract, without providing personal data it is not possible to conclude a contract or fulfill it on the part of the administrator,
– provision of health services
– reporting paid health services
– billing for unreimbursed health services – disclosure of health status data to you and other authorized persons
– organization of the provision of health services (ordering patients)
– keeping records of our income and expenses, payments received and management, as they result from regulations governing taxes and accounting. - The administrator does not make automatic individual decisions in the sense of Article 22 of the GDPR.
IV. Data retention period
- The administrator stores personal data
– for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the administrator and to exercise claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
– Personal data is processed for the period specified by Decree No. 98/2012 Coll., on medical documentation. Personal data processed for other purposes listed in point III/2 are processed for the period established by law or for the period during which it will be necessary to record actions and results, and subsequently for a period of five years. - After the personal data retention period has expired, the administrator deletes the personal data.
V. Recipients of personal data (subcontractors of the administrator)
- Recipients of personal data are persons
– The recipients of your personal data may, in accordance with the provisions of legal regulations, in specific cases, in addition to you, be: providers of health services, public authorities and persons authorized to inspect medical records pursuant to § 31, § 32, § 33 and § 65 of Act No. 372/2011 Coll., on health services and conditions for their provision.
– In order to ensure the purposes described above, personal data may be processed by processors in addition to the administrator, based on contracts for the processing of personal data concluded in accordance with the General Regulation on the Protection of Personal Data: Infinity Energy, s.r.o., with registered office Slavíkova 284/2, Ústí nad Labem – Bukov, 400 01 Ústí nad Labem, ID: 27337871, - The administrator does not intend to transfer personal data to a third country (a country outside the EU) or an international organization.
VI. Your rights
- Under the conditions set out in the GDPR, you have
– the right to access your personal data according to Article 15 GDPR,
– the right to correct personal data according to Article 16 of the GDPR, or to restrict processing according to Article 18 of the GDPR.
– the right to erasure of personal data according to Article 17 GDPR.
– the right to object to processing according to Article 21 GDPR and
– the right to data portability according to Article 20 GDPR. - You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
VII. Terms of security of personal data
- The administrator declares that he has taken all appropriate technical and organizational measures to secure personal data.
- The administrator has taken technical measures to secure data stores and personal data stores in paper form, in particular by using anti-virus programs, safe storage of backups, use of secure access passwords and use of secure cloud services.
- The administrator declares that only authorized persons have access to personal data.
VIII. More information
- Based on a valid authorization to provide health services, the administrator is a provider of health services in accordance with Act No. 372/2011 Coll., on health services.
- In connection with the provision of health care, the administrator is obliged to collect personal data about you – the patient, to the extent necessary for the provision and reporting of health care, while the scope of collected personal data results from valid legislation. If it records your personal data beyond the scope of its obligations set by law, it will always request your written consent in advance.
- The administrator collects and uses your personal data exclusively in connection with the provision of health care to you. It is also obliged to disclose your personal data when reporting paid health care and fulfilling other legal obligations, for example tax and accounting obligations. It discloses your personal data to authorized subjects and institutions only in cases where this obligation is imposed by law. Persons who have the opportunity to get to know your personal data are also obliged by law to protect personal data and maintain confidentiality.
- The data kept about you in the medical documentation mainly contain the facts necessary for your personal identification, data about the examinations carried out, or about the diagnosed diagnosis.
- Your personal data is collected by the administrator for the period specified by law. In particular, reference can be made to Decree No. 98/2012 Coll., on medical documentation, which establishes the period for which it is necessary to keep the patient’s medical documentation. You can also refer to legal regulations in relation to accounting and tax obligations, which also define the archiving period during which documents proving the provision of health care must be archived. In cases of fulfillment of a contractual obligation, for example in cases of provision of health care that is not covered by public health insurance, registration of your contacts in the ordering system, etc., we collect this personal data for a period of one year from the time when the reasons for their retention have passed or until withdrawal of your consent.
- As a patient, you have the right to access your personal data. If you find that personal data is not kept correctly or is inaccurate, you have the right to request the correction of your personal data. You also have the right to delete your personal data to the extent of voluntarily provided personal data, i.e. within the framework of the fulfillment of contractual obligations, if the applicable legislation does not allow or require the processing of personal data even after withdrawal of consent. On the contrary, it is not possible to demand the deletion of personal data that the health service provider is obliged to collect, based on a legal obligation (obligation imposed by law), i.e. in connection with the provision of health services that it provides to you.
- As a patient, you can file a complaint with the supervisory authority if you believe that the processing of your personal data violates legal regulations on the protection of personal data. You can file a complaint with the supervisory authority, which for the territory of the Czech Republic is the Office for the Protection of Personal Data, with headquarters in Plk. Sochora 27, 170 00 Prague 7 (uoou.cz).
- In the event that these conditions refer to a specific legal regulation and this regulation will be replaced by another legal regulation in the future, it is considered that these conditions refer directly to the new legal regulation that replaced the existing legal regulation in such a case.
IX Final Provisions
- By filling in the sworn declaration form, which will be presented to you before the treatment, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
- By granting consent, if required, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
- The administrator is authorized to change these conditions. It will publish a new version of the terms of personal data protection on its website, or send you a new version of these terms to the e-mail address you provided to the administrator.
These terms and conditions take effect on November 10, 2022.