Personal Data Protection
The Administrator of your personal data is REHA Centrum CZ s.r.o., Registration no. 07729481, with its registered office at Na Okrouhlíku 1681/28, Pražské Předměstí, 500 02 Hradec Králové, registered in the Commercial Register administrated by the Regional Court in Hradec Králové, under ref. no. C 42990 (hereinafter referred to as the “Administrator”).
Introduction
This information serves several purposes for you. You will learn which of your data we process and why we do so. You will also learn about the rights that you have in connection with personal data processing, i.e. what you can request from us and to whom you can turn with your suggestions and complaints, if you have any. Therefore, we request that you carefully read the following text. The information is divided into several sections so that it will be easier for you to find the relevant information according to your status or position.
In the event that anything is unclear to you with respect to the protection of personal data, please do not hesitate to contact us using one of the following methods:
- by post or in person upon prior agreement at the address REHA Centrum CZ s.r.o, Na Okrouhlíku 1681/28, Pražské Předměstí, 500 02 Hradec Králové
- by e-mail at the e-mail address dpo@irehabilitace.cz,
- by telephone at +420 776 811 357 from 8:00 a.m. to 15:00 (not by SMS)
- via data box ID: qnfrbtv
We would also like to remind you that the supervisory authority with respect to the issue of personal data protection in the Czech Republic is the Office for Protection of Personal Data, which is also prepared to receive your suggestions and complaints. The Office for Protection of Personal Data is located at the address Ppl. Sochora 27, 170 00 Prague 7. You can find its current contact information on its website at www.uoou.cz.
Basic principles of personal data processing
We always approach your personal data in accordance with the legislation currently in force. You can find a list of the most important legal regulations at the conclusion of this information. In accordance with these regulations, we also comply with the following basic principles of personal data processing:
- We always process your personal data in the correct manner in accordance with the law and using a method that is adequately clear, transparent and comprehensible.
- We always process your personal data in the necessary scope and using a method that is in accordance with the purpose for which we process your data.
- We take care to ensure that your personal data which we process is always accurate and updated as needed. Inaccurate personal data will be deleted or corrected.
- We process your personal data only for the absolutely necessary period of time. In certain cases, such period is stipulated by the law; in other cases, we set the period internally so that it corresponds to our legitimate interests.
- We properly secure your personal data against leakage, unauthorised processing, accidental loss and damage. For this purpose, we have adopted appropriate technical measures particularly consisting in strict setting of individual persons’ access to your data, encryption and other technical and physical means of security.
Introductory information
Our main activity is provision of medical care, whether that involves care consisting in prevention, diagnostics, dispensary care, treatment, evaluative care, therapeutic rehabilitative care, nursing care, palliative care or pharmaceutical care. All of these types of medical care have one thing in common – in order to provide them, we need to be aware of a full range of your personal data, particularly data that can be designated as sensitive. Such sensitive data comprises, in particular, data on your health condition and, in certain cases, genetic data, data on your sexual life and other data that is part of the most sensitive area of each of our lives. Due to the fact that medical care cannot be provided at a sufficient level without such data, we would like to thank you for your trust and to assure you that no unauthorised person will gain access to your data. We carefully select all persons who may gain access to your data in connection with the provision of medical care, whether that concerns our employees or contractors. All of our employees (from physicians to providers of cleaning services) are bound by law to strict confidentiality. We also negotiate a confidentiality obligation with all of our contractual partners if they may come into contact with personal data. We consider trust and a high level of data security to be one of the fundamental priorities within our operations.
Which of your data do we process?
Due to the fact that care is always very individual for each patient, the specification of personal data that you can find below is as broad as possible – this is the maximum set of data that we can process in relation to you as a patient. We obtain your personal data either directly from you or from the physicians who cared for you prior before us.
identification data: name, surname, date of birth, birth-registration number, public health- insurance policyholder number (if not the same as the patient’s birth-registration number), health-insurance provider code.
information on health condition: particularly information on the client’s health condition, date and time of admission into care, date and time of completion of the patient’s care, information on transfer of the patient to a different provider, information on the course and result of provided medical services and on other significant circumstances relating to the patient’s health condition and the process of providing medical services; in connection with the ascertained information on the patient’s health condition; working conclusions and information on the final diagnosis are prepared in relation to the patient, as are a proposal of a subsequent treatment process, information on the course of treatment and the scope of provided or required medical services; data on the current development of the patient’shealth condition according to an evaluation communicated to the patient, targeted objective findings, data on prescribed medications, food items for special medical purposes (including portioning and the number of prescribed packages) and medical devices, data on dispensing of medications or food items for special medical purposes (including the dispensed amount) registration number of provided transfusion equipment; data on provision of medications, food for special medical purposes (including the amount) and medical devices to the patient; data on issuance of a medical transfer order, records on performed nursing care (including nutritional and therapeutic rehabilitative care), immunisation records, record on provision of informed consent to or denial of a specific medical services, record on use of restraining devices, copies of medical reports, request forms on provision of medical services, information on acknowledgement or termination of temporary incapacity to work, examination results, records of incoming calls on the emergency line and other significant circumstances relating to the patient’s health condition that were ascertained in connection with the provision of medical services.
the patient’s contact information: address of permanent residence, correspondence address, telephone number, e-mail address, data box ID.
other personal data: photographs of the patient, recordings from camera systems, recordings of telephone calls that we are obligated to monitor pursuant to the law.
In what form is my personal data processed?
All of your personal data that we become aware of and process in connection with the provision of medical care is part of your medical documentation. We keep medical documentation in so-called mixed form. This refers to the situation when part of the documentation is kept electronically and part in paper form. The laws by which we are bound as a provider of medical services impose on us, in relation to the retention of medical documentation, a full range of obligations; in particular, me must always handle such documentation in a demonstrable manner and with a heightened degree of caution. Please be aware that we do not take the handling of your medical documentation lightly and we have therefore adopted additional technical and organisational measures. Documentation in electronic form is kept in a Medicalc professional information system and access to its contents by individual employees is strictly limited. Documentation in paper form is stored in a locked facility in order to prevent unauthorised access. No unnecessary copies are made. All employees are trained to heed the enhanced measures in connection with this matter.
Why do we process your data and what is the legal basis for such processing?
The purpose of processing your personal data is provision of medical services and administration of medical documentation. The legal basis for such processing essentially consists in the provision of medical care, whether this involves provision of requested care on the basis of a healthcare contract or in cases of urgent care on the basis of a statutory obligation. The scope and obligation of personal data processing are governed by special acts by which we are bound.
In certain cases, the patient’s personal data can be processed for a purpose other than provision of medical care. Such purpose may be, in particular, the use of your data for clinical studies or for the purposes of our promotion. In such a case, your personal data is processed on the basis of your voluntary consent to personal data processing, which you cannot and will not be forced to provide in any case. You can withdraw your consent at any time or, as the case may be, exercise your other rights connected with personal data processing, about which we will thoroughly instruct you before you grant consent.
We are authorised to process your personal data also for the purpose of science and research. This authorisation is conferred on us directly by the law. For this purpose, however, we process only the data that is necessary and in such a form that makes it impossible to easily identify you.
To whom can we provide your personal data?
We administrate your personal data within the provider, whereas we transfer such data to third parties with your consent as a matter of principle. In certain cases, however, we are forced to transfer your personal data to other recipients even without your consent.
First of all, in certain cases, we are obligated to transfer your personal data on the basis of the law. In particular, we transfer your data, including information on your health condition, to health-insurance companies in order to bill the medical care that we provide to you. We are further authorised to disclose your data on the basis of the law governing the provision of medical; as such, we can allow specific persons to view such data and create extracts, transcripts or copies of your medical documentation even without your consent. This will particularly involve disclosure of your data to bodies of the state administration (e.g. social-security bodies, the State Institute for Drug Control, etc.).
In order for us to provide you with high-quality care, in certain cases we also use external contractors, particularly if this involves technical support for our information system or administration of medical instruments that we use in the provision of medical care. Processing of any of your personal data may occur in connection with such activities. External contractors are in the position of processors and have a concluded written contract with us that binds them to comply with strict principles when handling your data. In such a case, your consent is not required for the purposes of carrying out processing activities, as such processing is directly allowed by a legal regulation. Please be aware that we select our contractors according to strict criteria and you thus need not be concerned about your data.
As a matter of principle, we do not transfer your personal data abroad. This may happen only exceptionally if you grant us consent for such transfer (e.g. if you participate in a clinical study) or if it is required by a legal regulation.
How long do we retain your personal data?
Your personal data is always retained for the absolutely necessary period. Due to the fact that, in the absolute majority of cases, we process your data in connection with the provision of medical care, it is necessary to retain such data for the period that the law requires for retention of medical documentation. This period is stipulated by a regulation and amounts to 5-100 years or, as the case may be, ten years from the death of the patient depending on which part of the medical documentation this involves.
If we process your data for a purpose other than provision of medical services, i.e. particularly if we process your data on the basis of your consent, we shall undertake to process your data on for the period specified in such consent.
What rights do you have in relation to your personal data?
As a data subject, the law confers on you a full range of rights. As medical care is not possible without the processing of your personal data, some of your rights are limited by the law. At the same time, as a patient, you have an obligation to provide your data to us. Failure to provide your personal data could result in our inability to provide medical services to you and could thus be detrimental to your health or pose a direct threat to your life. As a patient, however, you have the following rights in relation to your personal data.
Right of access to personal data
Of course, you have the right to know the kind of data pertaining to you that is being processed, the purpose and duration of such processing, where we obtained the data and whether and to whom we transfer the data. At the same time, you have the right to information on other rights pertaining to such data. This document in particular serves for your awareness in this regard; nevertheless, we are prepared to provide you with confirmation or clarification regarding any item of this information.
If you request it from us, we will also provide to you, without undue delay, a copy of your processed personal data. In connection with administrative costs, we are authorised to charge a proportionate fee for such copy, especially in the case that it is requested repeatedly. If you submit the request in electronic form, we will automatically assume that you are interested in provision of information also in electronic form. However, you have the option of requesting provision by other means. Please bear in mind that the rights of other persons cannot be adversely affected by the right to obtain a copy of processed personal data.
You can also exercise your right of access to personal data in accordance with the rules for viewing healthcare documentation and acquiring extracts and copies.
Right to correction of personal data
In the event you determine that the personal data that we process in relation to you is not accurate or complete, you have the right to request that we supplement or correct such data without undue delay.
Right to restriction of personal data processing
In certain cases, this right enables you to demand that certain items of your personal data be marked for restricted processing and thus not be the subject of further processing for a certain period. This is not the same as the right to deletion, as restriction of processing is not permanent. You have the right to demand restriction of the processing of your personal data in the case that:
you refute the accuracy of your data that we are processing; restriction will be imposed for the period necessary to verify the accuracy of the data.
processing is without a legal basis (e.g. beyond the scope of data that we are authorised to process), but you prefer restriction of processing instead of deletion because, for example, you anticipate that you will provide the data to us in the future.
we no longer need to process your personal data, but you request the data for the purpose of determining, exercising or defending your legal claims.
you raise an objection against processing (see the point of instruction on this right below).
If processing is restricted, data can be processed only with your consent or for the purpose of determining, exercising or defending legal claims, for the purpose of protecting the rights of another entity, whether a natural person or legal entity, or for important reasons in the public interest.
Right to raise objections against personal data processing
You can exercise the right to raise objections against the processing of personal data only in the situation when we would process any of your personal data in the public interest or on the basis of our legitimate interests or for the purposes of direct marketing. In such cases, you can raise an objection at any time. If that happens, we will further process your personal data only if we demonstrate serious, legitimate reasons for doing so (particularly if we need the data for determining, exercising or defending our legal claims). If, however, you raise an objection against data processing for the purpose of direct marketing, we will cease processing your data for such purpose without delay.
If this involves provision of medical services, we process your personal data as set forth above, on the basis of the law in the absolute majority of cases. Therefore, this right essentially does not apply to you in the position of relative of a patient.
Right to file a complaint with the supervisory authority
Exercising the rights set forth above shall not in any way affect your right to file a complaint with the Office for Protection of Personal Data via the contact information set forth in the introduction to this document. You can find the current contact information on the website of the Office for Protection of Personal Data (www.uoou.cz). You can file a complaint at any time when you have doubts as to whether your personal data is being processed as it should be, i.e. if you believe your personal data is being processed without authorisation or in conflict with legal regulations.
Right to deletion
In certain cases, you, as the data subject, have the right to have your personal data deleted. We generally accede to deletion of your personal data when we no longer need such data or we do not have a legal reason to process it. Furthermore, we will delete your personal data if it was processed on the basis of consent and that consent has been withdrawn.
Please bear in mind that, even though this concerns one of the reasons for deletion, it does not mean that we will immediately delete all of your personal data. This right does not apply in the case that processing of personal date continues to be necessary for fulfilment of our legal obligations, archiving purposes, scientific or historical research or for statistical purposes, or for determining, exercising or defending our legal claims.
Right to withdraw consent
If this involves cases in which your personal data is processed on the basis of consent, you further have the right to withdraw your consent at any time. However, previous processing that we carried out prior to withdrawal of consent shall not be affected in any way by such withdrawal of consent.
How can individual rights be exercised?
In all matters associated with the processing of your personal data, whether that involves an enquiry, exercise of rights, filing of a complaint or anything else, you can contact our data protection officer using the following methods:
- by post or in person upon prior agreement at the address REHA Centrum CZ s.r.o, Na Okrouhlíku 1681/28, Pražské Předměstí, 500 02 Hradec Králové
- by e-mail at the e-mail address dpo@irehabilitace.cz,
- by telephone at +420 776 811 357 from 8:00 a.m. to 15:00 (not by SMS)
We will handle your request without undue delay, though within one month at the latest. In exceptional cases, particularly due to the complexity of your request, we are authorised to extend this period by two months. Of course, we will inform you of any such extension and the rationale for it.
Introductory information
Our main activity is provision of medical care, whether that involves care consisting in prevention, diagnostics, dispensary care, treatment, evaluative care, therapeutic rehabilitative care, nursing care, palliative care or pharmaceutical care. All of these types of medical care have one thing in common – in order to provide them, we need to be aware of a full range of your personal data, particularly data that can be designated as sensitive. Such sensitive data comprises, in particular, data on your health condition and, in certain cases, genetic data, data on your sexual life and other data that is part of the most sensitive area of each of our lives. In legitimate cases, we need to process personal data pertaining to you, i.e. relatives of our patients. We process the needed personal data about you so that we can enable you to exercise the rights that apply to you as a relative of a patient.
We carefully select all persons who may gain access to your personal data, whether that refers to our employees or to our contractors. We consider trust and a high level of data security to be one of the fundamental priorities within our operations.
Which of your personal data do we process? For what purpose do we process your personal data and what legal basis do we have for such processing?
In the case of patients’ relatives, the data that may be processed is, in particular, identification data, i.e. your name, surname, data of birth and signature. Such processing of your personal data is carried out for the purpose of verifying your identity as well as for keeping records in medical documentation in connection with searching for such records and obtaining copies and extracts thereof, as well as for granting surrogate consent to the provision of certain medical services. In this scope, the personal data of legal and other representatives of patients is processed, as is the data of all other persons whom the patient has designated through expression of his/her will as persons with authorisation to obtain information on the patient’s health condition. Processing of such data is necessary in order to fulfil the legal obligations of our organisation, where such statutory obligation is also a legal basis of processing.
In the event that the patient wishes that you be informed or contacted in the case of any event, we process your contact data, particularly your telephone number.
In connection with the provision of medical services, it can happen that we become aware of information other than that specified above. Such information can be provided to us by your relative, e.g. a family member, if we need to know, for example, his/her family medical history. If this involves retention of and access to such data, we will focus attention on the part of such information relating specifically to patients – your data will be handled in a similar manner.
In what form is my personal data processed?
We process your data in electronic and paper form. As your personal data is essential part of your relative’s medical documentation, your data is administrated in a similar form.
To whom can we provide your personal data?
We administrate your personal data within our organisation, whereas we transfer such data to third parties with your consent as a matter of principle. In certain cases, however, we are forced to transfer your personal data to other recipients even without your consent.
In certain cases, we are legally authorised to further make your data accessible. This particularly refers to disclosure of your data to bodies of the state administration (e.g. social-security bodies, courts, etc.)
In order for us to provide you with high-quality care, in certain cases we also use external contractors, particularly if this involves technical support for our information system or administration of medical instruments that we use in the provision of medical care. Processing of any of your personal data may occur in connection with such activities. External contractors are in the position of processors and have a concluded written contract with us that binds them to comply with strict principles when handling your data. In such a case, your consent is not required for the purposes of carrying out processing activities, as such processing is directly allowed by a legal regulation. Please be aware that we select our contractors according to strict criteria and you thus need not be concerned about your data.
As a matter of principle, we do not transfer your personal data abroad. This may happen only exceptionally if you grant us consent for such transfer or if it is required by a legal regulation.
How long do we retain your personal data?
Your personal data is always retained for the absolutely necessary period. Due to the fact that, in the absolute majority of cases, we process your data in connection with the provision of medical care to your relative, it is necessary to retain such data for the period that the law requires for retention of his/her medical documentation. This period is stipulated by a regulation and amounts to 5-100 years or, as the case may be, ten years from the death of the patient depending on which part of the medical documentation this involves.
What rights do you have in relation to your personal data?
As a data subject, the law confers on you a full range of rights. As medical care is not possible without the processing of the personal data of patients and their relatives, some of your rights are limited by the law. As a relative of a patient, you have the following rights in relation to your personal data.
Right of access to personal data
Of course, you have the right to know the kind of data pertaining to you that is being processed, the purpose and duration of such processing, where we obtained the data and whether and to whom we transfer the data. At the same time, you have the right to information on other rights pertaining to such data. This document in particular serves for your awareness in this regard; nevertheless, we are prepared to provide you with confirmation or clarification regarding any item of this information.
If you request it from us, we will also provide to you, without undue delay, a copy of your processed personal data. In connection with administrative costs, we are authorised to charge a proportionate fee for such copy, especially in the case that it is requested repeatedly. If you submit the request in electronic form, we will automatically assume that you are interested in provision of information also in electronic form. However, you have the option of requesting provision by other means. Please bear in mind that the rights of other persons cannot be adversely affected by the right to obtain a copy of processed personal data.
Right to correction of personal data
In the event you determine that the personal data that we process in relation to you is not accurate or complete, you have the right to request that we supplement or correct such data without undue delay.
Right to restriction of personal data processing
In certain cases, this right enables you to demand that certain items of your personal data be marked for restricted processing and thus not be the subject of further processing for a certain period. This is not the same as the right to deletion, as restriction of processing is not permanent. You have the right to demand restriction of the processing of your personal data in the case that:
you refute the accuracy of your data that we are processing; restriction will be imposed for the period necessary to verify the accuracy of the data.
processing is without a legal basis (e.g. beyond the scope of data that we are authorised to process), but you prefer restriction of processing instead of deletion because, for example, you anticipate that you will provide the data to us in the future.
we no longer need to process your personal data, but you request the data for the purpose of determining, exercising or defending your legal claims.
you raise an objection against processing (see the point of instruction on this right below).
If processing is restricted, data can be processed only with your consent or for the purpose of determining, exercising or defending legal claims, for the purpose of protecting the rights of another entity, whether a natural person or legal entity, or for important reasons in the public interest.
Right to raise objections against personal data processing
You can exercise the right to raise objections against the processing of personal data only in the situation when we would process any of your personal data in the public interest or on the basis of our legitimate interests or for the purposes of direct marketing. In such cases, you can raise an objection at any time. If that happens, we will further process your personal data only if we demonstrate serious, legitimate reasons for doing so (particularly if we need the data for determining, exercising or defending our legal claims). If, however, you raise an objection against data processing for the purpose of direct marketing, we will cease processing your data for such purpose without delay.
If this involves provision of medical services, we process your personal data as set forth above, on the basis of the law in the absolute majority of cases. Therefore, this right essentially does not apply to you in the position of a relative of the patient.
Right to file a complaint with the supervisory authority
Exercising the rights set forth above shall not in any way affect your right to file a complaint with the Office for Protection of Personal Data via the contact information set forth in the introduction to this document. You can find the current contact information on the website of the Office for Protection of Personal Data (www.uoou.cz). You can file a complaint at any time when you have doubts as to whether your personal data is being processed as it should be, i.e. if you believe your personal data is being processed without authorisation or in conflict with legal regulations.
Right to deletion
In certain cases, you, as the data subject, have the right to have your personal data deleted. We generally accede to deletion of your personal data when we no longer need such data or we do not have a legal reason to process it. Furthermore, we will delete your personal data if it was processed on the basis of consent and that consent has been withdrawn.
Please bear in mind that, even though this concerns one of the reasons for deletion, it does not mean that we will immediately delete all of your personal data. This right does not apply in the case that processing of personal date continues to be necessary for fulfilment of our legal obligations, archiving purposes, scientific or historical research or for statistical purposes, or for determining, exercising or defending our legal claims.
Right to withdraw consent
If this involves cases in which your personal data is processed on the basis of consent, you further have the right to withdraw your consent at any time. However, previous processing that we carried out prior to withdrawal of consent shall not be affected in any way by such withdrawal of consent.
How can individual rights be exercised?
In all matters associated with the processing of your personal data, whether that involves an enquiry, exercise of rights, filing of a complaint or anything else, you can contact our data protection officer using the following methods:
- by post or in person upon prior agreement at the address REHA Centrum CZ s.r.o, Na Okrouhlíku 1681/28, Pražské Předměstí, 500 02 Hradec Králové
- by e-mail at the e-mail address dpo@irehabilitace.cz,
- by telephone at +420 776 811 357 from 8:00 a.m. to 15:00 (not by SMS)
We will handle your request without undue delay, though within one month at the latest. In exceptional cases, particularly due to the complexity of your request, we are authorised to extend this period by two months. Of course, we will inform you of any such extension and the rationale for it.
Introductory information
Selection of suitable job applicants cannot be carried out without the processing of personal data, which we obtain directly from you, as you provide such data to us within the recruitment process, in an oral interview, in your curriculum vitae or in other documentation. In addition to that, we obtain and process, to a limited extent and always in accordance with the statutory requirements, the personal data of persons who were set forth as contact persons in your references and from publicly available sources such as public registers (e.g. the Insolvency Register).
Which of your personal data do we process and for what purpose? What is the legal basis and period for such processing?
If you are interested in working with us, we need to process the following personal data for such purpose:
identification data: your name, surname, title, date of birth and gender
contact information: personal data that you provide to us so that we can communicate with you, particularly your contact address, telephone number and e-mail address
data associated with the performance of work, by which we mean information on your education, completed trainings, clean criminal record, health qualification, prior experience and references
In connection with the hiring of new employees, we process personal data for various purposes and in a varying scope. We concurrently process data on the basis of steps leading to the conclusion of a contract, on the basis of our legitimate interests and, as the case may be, on the basis of your consent.
On the basis of steps leading to the conclusion of a contract, we process your identification and contact data and data associated with performance of work for the purpose of evaluating job applications and conducting the recruitment process, specifically so that we can invite you to interviews and communicate with you, and so that we can assess your suitability for the given vacant position based on the provided materials. For these purposes, we process personal data for the period of duration of the recruitment process.
In certain cases, we process your personal data even after termination of the recruitment process, even if you were not successful in the process, so that we can contact you again if the selected candidate does not enter the given position for any reason or terminates the employment relationship in the trial period. In such a case, we process your personal data on the basis of our legitimate interest for the duration of the selected candidate’s trial period only if you granted us consent to further processing in the database of applicants.
Based on our legitimate interests, we process your identification and contact data, as well as data associated with performance of work for the purpose of protecting our legal claims. You have the right to raise objections to such processing at any time; this right may be exercised in the manner described in detail below. For these purposes, we process personal data for the duration of the statute of limitations (maximum of ten years following termination of the recruitment process) of claims arising from or associated with the recruitment process. If court, administrative or other proceedings are initiated, we process your personal data in the scope necessary for the duration of such proceedings.
In what form is my personal data processed?
We process your personal data in electronic and paper form.
To whom can we provide your personal data?
We administrate your personal data within our organisation, whereas we transfer such data to third parties with your consent as a matter of principle. In certain cases, however, we are forced to transfer your personal data to other recipients even without your consent.
In certain cases, we are legally authorised to further make your data accessible. This particularly refers to disclosure of your data to bodies of the state administration.
In certain cases, we also use external contractors, particularly if this involves technical support for our information system. Processing of any of your personal data may occur in connection with such activities. External contractors are in the position of processors and have a concluded written contract with us that binds them to comply with strict principles when handling your data. In such a case, your consent is not required for the purposes of carrying out processing activities, as such processing is directly allowed by a legal regulation. Please be aware that we select our contractors according to strict criteria and you thus need not be concerned about your data.
As a matter of principle, we do not transfer your personal data abroad. This may happen only exceptionally if you grant us consent for such transfer or if it is required by a legal regulation.
What rights do you have in relation to your personal data?
As a data subject, the law confers on you a full range of rights. As a job applicant, you have the following rights in relation to your personal data.
Right of access to personal data
Of course, you have the right to know the kind of data pertaining to you that is being processed, the purpose and duration of such processing, where we obtained the data and whether and to whom we transfer the data. At the same time, you have the right to information on other rights pertaining to such data. This document in particular serves for your awareness in this regard; nevertheless, we are prepared to provide you with confirmation or clarification regarding any item of this information.
If you request it from us, we will also provide to you, without undue delay, a copy of your processed personal data. In connection with administrative costs, we are authorised to charge a proportionate fee for such copy, especially in the case that it is requested repeatedly. If you submit the request in electronic form, we will automatically assume that you are interested in provision of information also in electronic form. However, you have the option of requesting provision by other means. Please bear in mind that the rights of other persons cannot be adversely affected by the right to obtain a copy of processed personal data.
Right to correction of personal data
In the event you determine that the personal data that we process in relation to you is not accurate or complete, you have the right to request that we supplement or correct such data without undue delay.
Right to restriction of personal data processing
In certain cases, this right enables you to demand that certain items of your personal data be marked for restricted processing and thus not be the subject of further processing for a certain period. This is not the same as the right to deletion, as restriction of processing is not permanent. You have the right to demand restriction of the processing of your personal data in the case that:
you refute the accuracy of your data that we are processing; restriction will be imposed for the period necessary to verify the accuracy of the data.
processing is without a legal basis (e.g. beyond the scope of data that we are authorised to process), but you prefer restriction of processing instead of deletion because, for example, you anticipate that you will provide the data to us in the future.
we no longer need to process your personal data, but you request the data for the purpose of determining, exercising or defending your legal claims.
you raise an objection against processing (see the point of instruction on this right below).
If processing is restricted, data can be processed only with your consent or for the purpose of determining, exercising or defending legal claims, for the purpose of protecting the rights of another entity, whether a natural person or legal entity, or for important reasons in the public interest.
Right to raise objections against personal data processing
You can exercise the right to raise objections against the processing of personal data only in the situation when we would process any of your personal data in the public interest or on the basis of our legitimate interests or for the purposes of direct marketing. In such cases, you can raise an objection at any time. If that happens, we will further process your personal data only if we demonstrate serious, legitimate reasons for doing so (particularly if we need the data for determining, exercising or defending our legal claims). If, however, you raise an objection against data processing for the purpose of direct marketing, we will cease processing your data for such purpose without delay.
Right to file a complaint with the supervisory authority
Exercising the rights set forth above shall not in any way affect your right to file a complaint with the Office for Protection of Personal Data via the contact information set forth in the introduction to this document. You can find the current contact information on the website of the Office for Protection of Personal Data (www.uoou.cz). You can file a complaint at any time when you have doubts as to whether your personal data is being processed as it should be, i.e. if you believe your personal data is being processed without authorisation or in conflict with legal regulations.
Right to deletion
In certain cases, you, as the data subject, have the right to have your personal data deleted. We generally accede to deletion of your personal data when we no longer need such data or we do not have a legal reason to process it. Furthermore, we will delete your personal data if it was processed on the basis of consent and that consent has been withdrawn.
Please bear in mind that, even though this concerns one of the reasons for deletion, it does not mean that we will immediately delete all of your personal data. This right does not apply in the case that processing of personal date continues to be necessary for fulfilment of our legal obligations, archiving purposes, scientific or historical research or for statistical purposes, or for determining, exercising or defending our legal claims.
Right to withdraw consent
If this involves cases in which your personal data is processed on the basis of consent, you further have the right to withdraw your consent at any time. However, previous processing that we carried out prior to withdrawal of consent shall not be affected in any way by such withdrawal of consent.
How can individual rights be exercised?
In all matters associated with the processing of your personal data, whether that involves an enquiry, exercise of rights, filing of a complaint or anything else, you can contact our data protection officer using the following methods:
- by post or in person upon prior agreement at the address REHA Centrum CZ s.r.o, Na Okrouhlíku 1681/28, Pražské Předměstí, 500 02 Hradec Králové
- by e-mail at the e-mail address dpo@irehabilitace.cz,
- by telephone at +420 776 811 357 from 8:00 a.m. to 15:00 (not by SMS)
We will handle your request without undue delay, though within one month at the latest. In exceptional cases, particularly due to the complexity of your request, we are authorised to extend this period by two months. Of course, we will inform you of any such extension and the rationale for it.
As the administrator of your personal data (hereinafter referred to as the “employer”), we provide to you the following information.
Introductory information
As an employee, you have received information that is intended to serve several purposes. You will learn which of your data we process and why we do so. You will also learn about the rights that you have in connection with personal data processing, i.e. what you can request from us and to whom you can turn with your suggestions and complaints, if you have any. Therefore, we request that you carefully read the following text.
Which of your personal data do we process?
Please bear in mind that, in order for our employment relationship to exist, we must process a large quantity of your personal data. The scope of such data is determined particularly by the law, performance of the contract and our legitimate interest, which will be described below.
identification data: name, surname, title, birth-registration number if one has been assigned to you; otherwise your date of birth, place and country of birth, address of permanent residence, nationality, number and period of validity of your identity document, gender, social- insurance number, identification of your health insurer, employee number.
contact information: personal data that enables us to contact you, particularly your contact address, telephone number and e-mail address.
payroll data: particularly your bank-account number, wage amount and information that is critical for calculating your wage, bonuses, travel and other expenses, wage deductions (including information on distrainment and insolvency).
tax data: particularly information and documents demonstrating entitlement to deduction of the non-taxable part of the tax base, tax credits and entitlement to tax benefits, i.e. for example, information on the employee’s marital status and children, birth-registration number, student certificate, confirmation of placement of the employee’s child/children in preschool and confirmation from a labour-union organisation on the amount of paid membership dues.
data associated with performance of work: data associated with performance of work, which is understood to be your attendance and presence at work, drawing of vacation time and compensatory leave, data on fulfilment of your work obligations and evaluation thereof, information and documents on your education and completed trainings, information on your clean criminal record, benefits, records on breach of work obligations if any, information and documents (certificates) on qualification to perform work.
security and system data: particularly your system login data, access-card number, identification data of items and equipment entrusted to you (e.g. computer, mobile telephone, automobile), localisation data of the automobile and/or mobile telephone entrusted to you, identification of remote connection, information on access to applications and systems.
information on health condition: data necessary for fulfilment of the employer’s statutory obligations, which refers particularly to information on work-related injuries and occupational illnesses and physical disabilities.
other personal data: photographs, recordings from camera systems and, as the case may be, recordings of telephone calls that we are obligated to monitor pursuant to the law.
Why do we process your data? What authorises us to process your data? How long do we retain your data?
As your employer, we process your personal data for various purposes and in a varying scope. The legal grounds by which we are authorised to process personal data comprise, in a number of cases, fulfilment of contractual obligations arising from the employment relationship, obligations imposed on us by legal regulations, our legitimate interest in such processing and, in certain cases, your consent to processing of personal data. We obtain the largest quantity of your personal data directly from you and, as the case may be, from publicly available sources such as public registers (e.g. the Commercial Register, Insolvency Register).
Processing of sensitive personal data
As mentioned above, in certain situations we are authorised to process data on your health condition. We are directly authorised to conduct such processing by legal regulations governing the area of labour law, particularly Act No. 262/2006 Coll., the Labour Code, which imposes the obligation to keep documentation on work-related injuries and occupational illnesses, and Act No. 435/2004 Coll., on Employment, which imposes on employers the obligation to keep records on employed persons with health disabilities.
For these purposes, we retain personal data in the necessary scope for a period of up to 30 years following the end of the accounting period in which the employment or similar relationship was terminated. Because we are required by law to conduct such processing, you cannot raise objections against such processing, as we are obligated to process such data.
Processing of other personal data
Processing of personal data on the basis of performance of an employment contract
We process a full range of your personal data, as the processing of such data is necessary for performance of the employment contract. On the basis of performance of the contract, we process your identification data, contact and payroll data, and data associated with the performance of work. The purpose of processing such data consists in the establishment, course and termination of the employment relationship. If we could not process such personal data, it would not be possible to cooperate with you.
Based on performance of the contract, we process your personal data for the period of duration of the employment relationship.
Personal data processing on the basis of legitimate interest
In certain cases, we process your personal data on the basis of our legitimate interest. Also in this case, this involves processing of your identification, contact and payroll data, as well as data associated with the performance of work and security and system information. We process all such data for the following purposes:
assurance of proper relations with employees – here our legitimate interest consists in determination and inspection of due fulfilment of your work obligations.
protection of property and persons – here our legitimate interest consists in security of the premises, records of items and equipment entrusted to you, prevention of damage.
protection of our legal claims – here our authorised interest consists in determining, exercising and defending the organisation’s interests.
For the purposes defined above, we process your personal data for the period necessary for implementation of the rights and obligations arising from the employment relationship and for the period of the statute of limitations (maximally ten years following termination of the employment relationship). Please bear in mind that if court, administrative or other proceedings are initiated, we will process your personal data in the necessary scope for the full period of duration of such proceedings.
You have the right to raise objections against such processing; you can learn more about such right below.
Processing of personal data on the basis of fulfilment of legal obligations
As an employer, the law imposes on us a large number of obligations for the fulfilment of which it is necessary to process your personal data. On this basis, we process your identification and contact data, payroll and tax information and data associated with the performance of work in order to comply particularly with the following legal regulations:
Act No. 262/2006 Coll., the Labour Code (for example, this act imposes the obligation to maintain a logbook of work-related injuries and to ensure provision of occupational medical examinations for employees).
Act No. 435/2004 Coll., on Employment (this act imposes the obligation to keep records on employed persons with health disabilities).
Act No. 592/1992 Coll., on Public Health Insurance Premiums, and Act No. 48/1997 Coll., on Public Health Insurance (this act imposes the obligation to report the employee’s entry into employment, change of his/her health insurer, etc.).
Act No. 582/1991 Coll., on the Organisation and Implementation of Social Security (this act imposes the obligation to make a copy of the registration document).
Act No. 187/2006 Coll., on Sickness Insurance (this act imposes the obligation to report the employee’s entry into employment, change of his/her data, etc.).
Act No. 586/1992 Coll., on Income Tax (this act imposes, in particular, the obligation to withhold tax from the income of natural persons).
Act No. 563/1991 Coll., on Accounting (this act imposes, in particular, the obligation to keep accounting records, which may also include payroll records).
Act No. 373/2011 Coll., on Specific Healthcare Services (this act imposes on the employer an obligation in the area of occupational medical examinations for employees).
For these purposes, we retain personal data in the necessary scope for a period of up to 30 years following the end of the accounting period in which the employment relationship was terminated.
Processing of personal data on the basis of consent
If none of the situations set forth above applies and none of the stated legal grounds for processing your personal data apply to us, we are authorised to process your data only on the basis of consent to personal data processing that you grant to us. Such consent is granted in written form and for precisely defined purposes. Consent must always be given of your own free will, i.e. you will not in any case be forced to grant consent. This may involve, for example, consent to the publishing of your photograph for marketing purposes.
In what form is my personal data processed?
We process your data in electronic and paper form.
To whom can we provide your personal data?
We administrate your personal data within our organisation, whereas we transfer such data to third parties with your consent as a matter of principle. In certain cases, however, we are forced to transfer your personal data to other recipients even without your consent.
In certain cases, we are obligated to transfer your data to other entities on the basis of the law. This particularly refers to disclosure of your data to bodies of the state administration (particularly social- security bodies and the labour office) and health-insurance companies. For fulfilment of statutory conditions, we transfer your personal data to courts, bodies active in criminal proceedings and supervisory bodies if they require that we do so.
In certain cases, we also use external contractors that provide various services. Processing of certain of your personal data may occur in the course of the activities that they conduct for us. External contractors are in the position of processors and have a concluded written contract with us that binds them to comply with strict principles when handling your data. In such a case, your consent is not required for the purposes of carrying out processing activities, as such processing is directly allowed by a legal regulation. Please be aware that we select our contractors according to strict criteria and you thus need not be concerned about your data.
As a matter of principle, we do not transfer your personal data abroad. This may happen only exceptionally if you grant us consent for such transfer or if it is required by a legal regulation.
What rights do you have in relation to your personal data?
As a data subject, the law confers on you a full range of rights. Because an employment relationship would essentially be impossible without the processing of personal data, certain of your rights are limited by the law. At the same time, as an employee, you have the obligation to provide your data do us in defined cases.
Right of access to personal data
Of course, you have the right to know the kind of data pertaining to you that is being processed, the purpose and duration of such processing, where we obtained the data and whether and to whom we transfer the data. At the same time, you have the right to information on other rights pertaining to such data. This document in particular serves for your awareness in this regard; nevertheless, we are prepared to provide you with confirmation or clarification regarding any item of this information.
If you request it from us, we will also provide to you, without undue delay, a copy of your processed personal data. In connection with administrative costs, we are authorised to charge a proportionate fee for such copy, especially in the case that it is requested repeatedly. If you submit the request in electronic form, we will automatically assume that you are interested in provision of information also in electronic form. However, you have the option of requesting provision by other means. Please bear in mind that the rights of other persons cannot be adversely affected by the right to obtain a copy of processed personal data.
Right to correction of personal data
In the event you determine that the personal data that we process in relation to you is not accurate or complete, you have the right to request that we supplement or correct such data without undue delay.
Right to restriction of personal data processing
In certain cases, this right enables you to demand that certain items of your personal data be marked for restricted processing and thus not be the subject of further processing for a certain period. This is not the same as the right to deletion, as restriction of processing is not permanent. You have the right to demand restriction of the processing of your personal data in the case that:
you refute the accuracy of your data that we are processing; restriction will be imposed for the period necessary to verify the accuracy of the data.
processing is without a legal basis (e.g. beyond the scope of data that we are authorised to process), but you prefer restriction of processing instead of deletion because, for example, you anticipate that you will provide the data to us in the future.
we no longer need to process your personal data, but you request the data for the purpose of determining, exercising or defending your legal claims.
you raise an objection against processing (see the point of instruction on this right below).
If processing is restricted, data can be processed only with your consent or for the purpose of determining, exercising or defending legal claims, for the purpose of protecting the rights of another entity, whether a natural person or legal entity, or for important reasons in the public interest.
Right to raise objections against personal data processing
You can exercise the right to raise objections against the processing of personal data only in the situation when we would process any of your personal data in the public interest or on the basis of our legitimate interests or for the purposes of direct marketing. In such cases, you can raise an objection at any time. If that happens, we will further process your personal data only if we demonstrate serious, legitimate reasons for doing so (particularly if we need the data for determining, exercising or defending our legal claims). If, however, you raise an objection against data processing for the purpose of direct marketing, we will cease processing your data for such purpose without delay.
In the case of an employment relationship, we process your personal data as described above on the basis of the law or of a contract in the majority of cases. Therefore, this right does not apply to you in certain cases.
Right to file a complaint with the supervisory authority
Exercising the rights set forth above shall not in any way affect your right to file a complaint with the Office for Protection of Personal Data via the contact information set forth in the introduction to this document. You can find the current contact information on the website of the Office for Protection of Personal Data (www.uoou.cz). You can file a complaint at any time when you have doubts as to whether your personal data is being processed as it should be, i.e. if you believe your personal data is being processed without authorisation or in conflict with legal regulations.
Right to deletion
In certain cases, you, as the data subject, have the right to have your personal data deleted. We generally accede to deletion of your personal data when we no longer need such data or we do not have a legal reason to process it. Furthermore, we will delete your personal data if it was processed on the basis of consent and that consent has been withdrawn.
Please bear in mind that, even though this concerns one of the reasons for deletion, it does not mean that we will immediately delete all of your personal data. This right does not apply in the case that processing of personal date continues to be necessary for fulfilment of our legal obligations, archiving purposes, scientific or historical research or for statistical purposes, or for determining, exercising or defending our legal claims. In the case of an employee and the numerous statutory obligations relating to the processing of the employee’s data, the exercise of this right is significantly restricted.
Right to withdraw consent
If this involves cases in which your personal data is processed on the basis of consent, you further have the right to withdraw your consent at any time. However, previous processing that we carried out prior to withdrawal of consent shall not be affected in any way by such withdrawal of consent.
How can individual rights be exercised?
In all matters associated with the processing of your personal data, whether that involves an enquiry, exercise of rights, filing of a complaint or anything else, you can contact our data protection officer using the following methods:
- by post or in person upon prior agreement at the address REHA Centrum CZ s.r.o, Na Okrouhlíku 1681/28, Pražské Předměstí, 500 02 Hradec Králové
- by e-mail at the e-mail address dpo@irehabilitace.cz,
- by telephone at +420 776 811 357 from 8:00 a.m. to 15:00 (not by SMS)
We will handle your request without undue delay, though within one month at the latest. In exceptional cases, particularly due to the complexity of your request, we are authorised to extend this period by two months. Of course, we will inform you of any such extension and the rationale for it.
If you cooperated us in the past in the context of an employment or similar relationship (hereinafter referred to as an “employment relationship”, we are authorised (and in some cases obligated) to further process some of your personal data, albeit in a reduced scope.
Which of your personal data do we process and for what purpose? What is the legal basis and period for such processing?
Even after termination of the employment relationship, we continue to process the following data pertaining to you:
identification data: name, surname, title, date of birth and gender
contact data: telephone number, e-mail address
data on your health-insurance provider, data on your marital status
data relating to work performance – data on education, health status, work record, completed trainings, work evaluations, etc.
In connection with former employees’ records, we process some of your personal data on the basis of a legal obligation (particularly data contained in the employment contract and payroll sheets). We process such data for a period of 30 years following termination of the employment relationship, particularly on the basis of legal regulation that govern organisation and execution of social security.
Based on our legitimate interests, we then process some of the above-mentioned data as well as data relating to work performance for the purpose of protecting our legal claims. You have the right to raise objections to such processing at any time; this right may be exercised in the manner described in detail below. For these purposes, we process personal data for the duration of the statute of limitations (maximum of ten years following termination of the employment relationship) of claims arising from or connected with the employment relationship. If court, administrative or other proceedings are initiated, we process your personal data in the scope necessary for the duration of such proceedings.
In what form is my personal data processed?
We process your personal data in electronic and paper form.
To whom can we provide your personal data?
We administrate your personal data within our organisation, whereas we transfer such data to third parties with your consent as a matter of principle. In certain cases, however, we are forced to transfer your personal data to other recipients even without your consent.
In certain cases, we are legally authorised to further make your data accessible. This particularly refers to disclosure of your data to bodies of the state administration.
In certain cases, we also use external contractors, particularly if this involves technical support for our information system. Processing of any of your personal data may occur in connection with such activities. External contractors are in the position of processors and have a concluded written contract with us that binds them to comply with strict principles when handling your data.
In such a case, your consent is not required for the purposes of carrying out processing activities, as such processing is directly allowed by a legal regulation. Please be aware that we select our contractors according to strict criteria and you thus need not be concerned about your data.
As a matter of principle, we do not transfer your personal data abroad. This may happen only exceptionally if you grant us consent for such transfer or if it is required by a legal regulation.
What rights do you have in relation to your personal data?
As a data subject, the law confers on you a full range of rights. As a former employee, you have the following rights in relation to your personal data:
Right of access to personal data
Of course, you have the right to know the kind of data pertaining to you that is being processed, the purpose and duration of such processing, where we obtained the data and whether and to whom we transfer the data. At the same time, you have the right to information on other rights pertaining to such data. This document in particular serves for your awareness in this regard; nevertheless, we are prepared to provide you with confirmation or clarification regarding any item of this information.
If you request it from us, we will also provide to you, without undue delay, a copy of your processed personal data. In connection with administrative costs, we are authorised to charge a proportionate fee for such copy, especially in the case that it is requested repeatedly. If you submit the request in electronic form, we will automatically assume that you are interested in provision of information also in electronic form. However, you have the option of requesting provision by other means. Please bear in mind that the rights of other persons cannot be adversely affected by the right to obtain a copy of processed personal data.
Right to correction of personal data
In the event you determine that the personal data that we process in relation to you is not accurate or complete, you have the right to request that we supplement or correct such data without undue delay.
Right to restriction of personal data processing
In certain cases, this right enables you to demand that certain items of your personal data be marked for restricted processing and thus not be the subject of further processing for a certain period. This is not the same as the right to deletion, as restriction of processing is not permanent. You have the right to demand restriction of the processing of your personal data in the case that:
you refute the accuracy of your data that we are processing; restriction will be imposed for the period necessary to verify the accuracy of the data.
processing is without a legal basis (e.g. beyond the scope of data that we are authorised to process), but you prefer restriction of processing instead of deletion because, for example, you anticipate that you will provide the data to us in the future.
we no longer need to process your personal data, but you request the data for the purpose of determining, exercising or defending your legal claims.
you raise an objection against processing (see the point of instruction on this right below).
If processing is restricted, data can be processed only with your consent or for the purpose of determining, exercising or defending legal claims, for the purpose of protecting the rights of another entity, whether a natural person or legal entity, or for important reasons in the public interest.
Right to raise objections against personal data processing
You can exercise the right to raise objections against the processing of personal data only in the situation when we would process any of your personal data in the public interest or on the basis of our legitimate interests or for the purposes of direct marketing. In such cases, you can raise an objection at any time. If that happens, we will further process your personal data only if we demonstrate serious, legitimate reasons for doing so (particularly if we need the data for determining, exercising or defending our legal claims). If, however, you raise an objection against data processing for the purpose of direct marketing, we will cease processing your data for such purpose without delay.
Right to file a complaint with the supervisory authority
Exercising the rights set forth above shall not in any way affect your right to file a complaint with the Office for Protection of Personal Data via the contact information set forth in the introduction to this document. You can find the current contact information on the website of the Office for Protection of Personal Data (www.uoou.cz). You can file a complaint at any time when you have doubts as to whether your personal data is being processed as it should be, i.e. if you believe your personal data is being processed without authorisation or in conflict with legal regulations.
Right to deletion
In certain cases, you, as the data subject, have the right to have your personal data deleted. We generally accede to deletion of your personal data when we no longer need such data or we do not have a legal reason to process it. Furthermore, we will delete your personal data if it was processed on the basis of consent and that consent has been withdrawn.
Please bear in mind that, even though this concerns one of the reasons for deletion, it does not mean that we will immediately delete all of your personal data. This right does not apply in the case that processing of personal date continues to be necessary for fulfilment of our legal obligations, archiving purposes, scientific or historical research or for statistical purposes, or for determining, exercising or defending our legal claims.
Right to withdraw consent
If this involves cases in which your personal data is processed on the basis of consent, you further have the right to withdraw your consent at any time. However, previous processing that we carried out prior to withdrawal of consent shall not be affected in any way by such withdrawal of consent.
How can individual rights be exercised?
In all matters associated with the processing of your personal data, whether that involves an enquiry, exercise of rights, filing of a complaint or anything else, you can contact our data protection officer using the following methods:
- by post or in person upon prior agreement at the address REHA Centrum CZ s.r.o, Na Okrouhlíku 1681/28, Pražské Předměstí, 500 02 Hradec Králové
- by e-mail at the e-mail address dpo@irehabilitace.cz,
- by telephone at +420 776 811 357 from 8:00 a.m. to 15:00 (not by SMS)
We will handle your request without undue delay, though within one month at the latest. In exceptional cases, particularly due to the complexity of your request, we are authorised to extend this period by two months. Of course, we will inform you of any such extension and the rationale for it.
Which of your personal data do we process and for what purpose? What is the legal basis and period for such processing?
If you are our contractual partner, i.e. a contractor or customer, please be aware that, as a matter of principle, we process only necessary identification data: your name, surname, data of birth, residential address and, in the case of natural persons conducting business, identification number and business address.
Such data serves for sufficient identification of the contracting party. The legal basis for the processing of such data is thus the fact that this involves processing that is necessary for performance of a contract or, as the case may be, implementation of measures adopted prior to the conclusion of the contract. Provision of the personal data set forth above is a contractual requirement, where you have the obligation to provide such data to us. In the opposite case, it will not be possible to conclude a contractual relationship.
Furthermore, if you provide to us additional contact information, including primarily your e-mail address, the addresses of your profiles on social networks and your telephone number, you will thus facilitate communication between you and the organisation; the legal basis for processing such data will be either performance of a contract or our legitimate interest consisting in facilitation of communication with contractual partners.
To whom can we provide your personal data?
We administrate your personal data within our organisation, whereas we transfer such data to third parties with your consent as a matter of principle. In certain cases, however, we are forced to transfer your personal data to other recipients even without your consent.
In certain cases, we are legally authorised to further make your data accessible. This particularly refers to disclosure of your data to bodies of the state administration.
In certain cases, we also use external contractors, particularly if this involves technical support for our information system. Processing of any of your personal data may occur in connection with such activities. External contractors are in the position of processors and have a concluded written contract with us that binds them to comply with strict principles when handling your data. In such a case, your consent is not required for the purposes of carrying out processing activities, as such processing is directly allowed by a legal regulation. Please be aware that we select our contractors according to strict criteria and you thus need not be concerned about your data.
As a matter of principle, we do not transfer your personal data abroad. This may happen only exceptionally if you grant us consent for such transfer or if it is required by a legal regulation.
In what form is my personal data processed?
We process your personal data in electronic and paper form.
How long do we retain your data?
We retain your data only for the absolutely necessary period. In accordance with the legislation in force, tax and accounting documents are retained for a period of ten years. We mostly archive also other documents for ten years with respect to the statute of limitations in the event that it is necessary to present such documents as evidence in a legal dispute. If court, administrative or other proceedings are initiated, we process your personal data in the scope necessary for the duration of such proceedings.
What rights do you have in relation to your personal data?
As a data subject, the law confers on you a full range of rights. As in certain cases the law imposes on us the obligation to process the personal data of our contractual partners, some of your rights are limited by the law. As our contractual partner, however, you have the following rights in relation to your personal data.
Right of access to personal data
Of course, you have the right to know the kind of data pertaining to you that is being processed, the purpose and duration of such processing, where we obtained the data and whether and to whom we transfer the data. At the same time, you have the right to information on other rights pertaining to such data. This document in particular serves for your awareness in this regard; nevertheless, we are prepared to provide you with confirmation or clarification regarding any item of this information.
If you request it from us, we will also provide to you, without undue delay, a copy of your processed personal data. In connection with administrative costs, we are authorised to charge a proportionate fee for such copy, especially in the case that it is requested repeatedly. If you submit the request in electronic form, we will automatically assume that you are interested in provision of information also in electronic form. However, you have the option of requesting provision by other means. Please bear in mind that the rights of other persons cannot be adversely affected by the right to obtain a copy of processed personal data.
Right to correction of personal data
In the event you determine that the personal data that we process in relation to you is not accurate or complete, you have the right to request that we supplement or correct such data without undue delay.
Right to restriction of personal data processing
In certain cases, this right enables you to demand that certain items of your personal data be marked for restricted processing and thus not be the subject of further processing for a certain period. This is not the same as the right to deletion, as restriction of processing is not permanent. You have the right to demand restriction of the processing of your personal data in the case that:
you refute the accuracy of your data that we are processing; restriction will be imposed for the period necessary to verify the accuracy of the data.
processing is without a legal basis (e.g. beyond the scope of data that we are authorised to process), but you prefer restriction of processing instead of deletion because, for example, you anticipate that you will provide the data to us in the future.
we no longer need to process your personal data, but you request the data for the purpose of determining, exercising or defending your legal claims.
you raise an objection against processing (see the point of instruction on this right below).
If processing is restricted, data can be processed only with your consent or for the purpose of determining, exercising or defending legal claims, for the purpose of protecting the rights of another entity, whether a natural person or legal entity, or for important reasons in the public interest.
Right to raise objections against personal data processing
You can exercise the right to raise objections against the processing of personal data only in the situation when we would process any of your personal data in the public interest or on the basis of our legitimate interests or for the purposes of direct marketing. In such cases, you can raise an objection at any time. If that happens, we will further process your personal data only if we demonstrate serious, legitimate reasons for doing so (particularly if we need the data for determining, exercising or defending our legal claims). If, however, you raise an objection against data processing for the purpose of direct marketing, we will cease processing your data for such purpose without delay.
Right to file a complaint with the supervisory authority
Exercising the rights set forth above shall not in any way affect your right to file a complaint with the Office for Protection of Personal Data via the contact information set forth in the introduction to this document. You can find the current contact information on the website of the Office for Protection of Personal Data (www.uoou.cz). You can file a complaint at any time when you have doubts as to whether your personal data is being processed as it should be, i.e. if you believe your personal data is being processed without authorisation or in conflict with legal regulations.
Right to deletion
In certain cases, you, as the data subject, have the right to have your personal data deleted. We generally accede to deletion of your personal data when we no longer need such data or we do not have a legal reason to process it. Furthermore, we will delete your personal data if it was processed on the basis of consent and that consent has been withdrawn.
Please bear in mind that, even though this concerns one of the reasons for deletion, it does not mean that we will immediately delete all of your personal data. This right does not apply in the case that processing of personal date continues to be necessary for fulfilment of our legal obligations, archiving purposes, scientific or historical research or for statistical purposes, or for determining, exercising or defending our legal claims.
Right to withdraw consent
If this involves cases in which your personal data is processed on the basis of consent, you further have the right to withdraw your consent at any time. However, previous processing that we carried out prior to withdrawal of consent shall not be affected in any way by such withdrawal of consent.
How can individual rights be exercised?
In all matters associated with the processing of your personal data, whether that involves an enquiry, exercise of rights, filing of a complaint or anything else, you can contact our data protection officer using the following methods:
- by post or in person upon prior agreement at the address REHA Centrum CZ s.r.o, Na Okrouhlíku 1681/28, Pražské Předměstí, 500 02 Hradec Králové
- by e-mail at the e-mail address dpo@irehabilitace.cz,
- by telephone at +420 776 811 357 from 8:00 a.m. to 15:00 (not by SMS)
We will handle your request without undue delay, though within one month at the latest. In exceptional cases, particularly due to the complexity of your request, we are authorised to extend this period by two months. Of course, we will inform you of any such extension and the rationale for it.
Introductory information
Interns also work for us in connection with the provision of health services. These include interns that come to us to gain experience in connection with their secondary-school or university studies and interns who work with us in connection with their preparation for certification. If you are or would like to become our intern, it will be necessary for us to process certain of your data. We essentially receive such data directly from you or from the organisation that arranged your internship.
Which of your personal data do we process and for what purpose? What is the legal basis for such processing?
In order for it to be possible to serve an internship in our medical facility, it is necessary that we process the following data pertaining to you:
identification data: name, surname, title, date of birth and gender
contact information: personal data that you provide to us so that we can communicate with
you, particularly your contact address, telephone number and e-mail address.
data relating to the internship, by which we mean, in particular, information on your education, clean criminal record, health qualification, completed trainings and previous experience.
The scope of processed data will always be adapted to the type of internship that you undertake with us. Your personal data is processed always in the necessary scope on the basis of steps leading to the conclusion of a contract on internship and subsequent performance of such contract. The period for which we process your data for the purposes of providing education is determined by the duration of your internship.
Based on our legitimate interests, we process your identification and contact data, as well as data relating to performance of the internship for the purpose of protecting our legal claims. You have the right to raise objections to such processing at any time; this right may be exercised in the manner described in detail below. For these purposes, we process personal data for the duration of the statute of limitations (maximum of ten years following termination of the internship) of claims arising from or connected with your internship. If court, administrative or other proceedings are initiated, we process your personal data in the scope necessary for the duration of such proceedings.
In what form is my personal data processed?
We process your personal data in electronic and paper form.
To whom can we provide your personal data?
We administrate your personal data within our organisation, whereas we transfer such data to third parties with your consent as a matter of principle. In certain cases, however, we are forced to transfer your personal data to other recipients even without your consent.
In certain cases, we are legally authorised to further make your data accessible. This particularly refers to disclosure of your data to bodies of the state administration.
In certain cases, we also use external contractors, particularly if this involves technical support for our information system. Processing of any of your personal data may occur in connection with such activities. External contractors are in the position of processors and have a concluded written contract with us that binds them to comply with strict principles when handling your data. In such a case, your consent is not required for the purposes of carrying out processing activities, as such processing is directly allowed by a legal regulation. Please be aware that we select our contractors according to strict criteria and you thus need not be concerned about your data.
As a matter of principle, we do not transfer your personal data abroad. This may happen only exceptionally if you grant us consent for such transfer or if it is required by a legal regulation.
What rights do you have in relation to your personal data?
As a data subject, the law confers on you a full range of rights. As an intern, you have the following rights in relation to your personal data.
Right of access to personal data
Of course, you have the right to know the kind of data pertaining to you that is being processed, the purpose and duration of such processing, where we obtained the data and whether and to whom we transfer the data. At the same time, you have the right to information on other rights pertaining to such data. This document in particular serves for your awareness in this regard; nevertheless, we are prepared to provide you with confirmation or clarification regarding any item of this information.
If you request it from us, we will also provide to you, without undue delay, a copy of your processed personal data. In connection with administrative costs, we are authorised to charge a proportionate fee for such copy, especially in the case that it is requested repeatedly. If you submit the request in electronic form, we will automatically assume that you are interested in provision of information also in electronic form. However, you have the option of requesting provision by other means. Please bear in mind that the rights of other persons cannot be adversely affected by the right to obtain a copy of processed personal data.
Right to correction of personal data
In the event you determine that the personal data that we process in relation to you is not accurate or complete, you have the right to request that we supplement or correct such data without undue delay.
Right to restriction of personal data processing
In certain cases, this right enables you to demand that certain items of your personal data be marked for restricted processing and thus not be the subject of further processing for a certain period. This is not the same as the right to deletion, as restriction of processing is not permanent. You have the right to demand restriction of the processing of your personal data in the case that:
you refute the accuracy of your data that we are processing; restriction will be imposed for the period necessary to verify the accuracy of the data.
processing is without a legal basis (e.g. beyond the scope of data that we are authorised to process), but you prefer restriction of processing instead of deletion because, for example, you anticipate that you will provide the data to us in the future.
we no longer need to process your personal data, but you request the data for the purpose of determining, exercising or defending your legal claims.
you raise an objection against processing (see the point of instruction on this right below).
If processing is restricted, data can be processed only with your consent or for the purpose of determining, exercising or defending legal claims, for the purpose of protecting the rights of another entity, whether a natural person or legal entity, or for important reasons in the public interest.
Right to raise objections against personal data processing
You can exercise the right to raise objections against the processing of personal data only in the situation when we would process any of your personal data in the public interest or on the basis of our legitimate interests or for the purposes of direct marketing. In such cases, you can raise an objection at any time. If that happens, we will further process your personal data only if we demonstrate serious, legitimate reasons for doing so (particularly if we need the data for determining, exercising or defending our legal claims). If, however, you raise an objection against data processing for the purpose of direct marketing, we will cease processing your data for such purpose without delay.
Right to file a complaint with the supervisory authority
Exercising the rights set forth above shall not in any way affect your right to file a complaint with the Office for Protection of Personal Data via the contact information set forth in the introduction to this document. You can find the current contact information on the website of the Office for Protection of Personal Data (www.uoou.cz). You can file a complaint at any time when you have doubts as to whether your personal data is being processed as it should be, i.e. if you believe your personal data is being processed without authorisation or in conflict with legal regulations.
Right to deletion
In certain cases, you, as the data subject, have the right to have your personal data deleted. We generally accede to deletion of your personal data when we no longer need such data or we do not have a legal reason to process it. Furthermore, we will delete your personal data if it was processed on the basis of consent and that consent has been withdrawn.
Please bear in mind that, even though this concerns one of the reasons for deletion, it does not mean that we will immediately delete all of your personal data. This right does not apply in the case that processing of personal date continues to be necessary for fulfilment of our legal obligations, archiving purposes, scientific or historical research or for statistical purposes, or for determining, exercising or defending our legal claims.
Right to withdraw consent
If this involves cases in which your personal data is processed on the basis of consent, you further have the right to withdraw your consent at any time. However, previous processing that we carried out prior to withdrawal of consent shall not be affected in any way by such withdrawal of consent.
How can individual rights be exercised?
In all matters associated with the processing of your personal data, whether that involves an enquiry, exercise of rights, filing of a complaint or anything else, you can contact our data protection officer using the following methods:
- by post or in person upon prior agreement at the address REHA Centrum CZ s.r.o, Na Okrouhlíku 1681/28, Pražské Předměstí, 500 02 Hradec Králové
- by e-mail at the e-mail address dpo@irehabilitace.cz,
- by telephone at +420 776 811 357 from 8:00 a.m. to 15:00 (not by SMS)
We will handle your request without undue delay, though within one month at the latest. In exceptional cases, particularly due to the complexity of your request, we are authorised to extend this period by two months. Of course, we will inform you of any such extension and the rationale for it.
List of legal regulations governing the protection of personal data
You can find the most important legislative provisions governing the protection of your personal data in the following regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
- Act No. 110/2019 Coll., on Personal Data Processing
- Act No. 89/2012 Coll., the Civil Code
- and other regulations in the area of administration and accounting