Security and personal data protection

Personal data manager and data subject

The joint administrators of personal data within the meaning of Article 26 of the General Regulation on the Protection of Personal Data No. 2016/679 are companies in the PROGRESS MEDICAL group of companies. Specifically, these companies are:

PROGRESS MEDICAL a.s., ID: 284 75 682, with registered office in Prague 3, Pod Krejcárkem 975/2, zip code 13000, registered in the commercial register maintained by the Municipal Court in Prague, section B, entry 14761;
OB klinika a.s., ID: 288 92 950, with registered office in Prague 3, Pod Krejcárkem 975/2, zip code 13000, registered in the commercial register maintained by the Municipal Court in Prague, section B, insert 15268; and
OB CARE, s.r.o., ID number: 289 53 568, with registered office in Prague 3, Pod Krejcárkem 975/2, zip code 13000, registered in the commercial register maintained by the Municipal Court in Prague, section C, insert 155493
(collectively hereinafter referred to as administrator).

The company PROGRESS MEDICAL a.s. is the operator of the MEDICZECH service (www.mediczech.com), which ensures the supply of foreign patients for clinics in the PROGRESS MEDICAL portfolio. The company PROGRESS MEDICAL a.s. transfers personal data obtained from data subjects who request health services through the MEDICZECH service to the companies OB klinika a.s. and OB CARE, s.r.o. for the purpose of mediating the conclusion of a contract for the provision of health care with the relevant health clinic that provides the requested health services.

The company OB klinika a.s. (www.obklinika.cz) is an inpatient medical facility with three fully equipped operating rooms, specializing primarily in the surgical treatment of obesity and other metabolic diseases. OB klinika a.s. also offers a portfolio of procedures in other fields such as orthopedics and urogynecology.

The company OB CARE, s.r.o. (www.obcare.cz) is a plastic surgery clinic providing a wide range of aesthetic surgery procedures.

The common point of contact is the e-mail address: gdpr@obklinika.cz, through which data subjects can send their requests, comments, complaints or objections. The administrator can also be contacted in writing at the address Prague 3, Pod Krejcárkem 975/2, ZIP Code 13000, to the attention of any of the above-mentioned companies forming the PROGRESS MEDICAL group of companies.

The companies in the PROGRESS MEDICAL group of companies have entered into an agreement between joint administrators, according to which all companies in the group are jointly and severally responsible for the fulfillment of obligations according to the General Regulation on the Protection of Personal Data No. 2016/679, including the fulfillment of the information obligation, in the cases of processing described below towards data subjects and the obligation to enable the exercise of data subjects' rights. The data subject can exercise his rights regarding the protection of personal data with each company in the group and against each of them.

The administrator has appointed a personal data protection officer, who is:

Mrs. Ivana Pešková, e-mail: gdpr@obklinika.cz.
The data subject is a natural person who has provided the administrator with their personal data on the basis of a contract for the provision of health care or on the basis of measures taken prior to its acceptance at the request of this natural person (request for health services). The data subject may also be a natural person whose personal data the administrator obtained from other legal sources (especially health insurance companies, state authorities, public registers or other health service providers).

What type of personal data do we collect?

The administrator processes personal data to the extent that they are provided to him by the data subjects, or to the extent that the administrator obtains them from other legal sources. It is about:

- name and surname,
- business name of a natural person,
- title,
- sex,
- marital status,
- birthdate,
- personal identification number,
- identity card number,
- passport number,
- residence,
- address of registered office or place of business,
- photo/video sent as part of a preliminary health assessment,
- nationality,
- information about the health insurance company,
- personal data contained in health documentation (detailed information on the health status of the data subject and his relatives, including photo documentation, medical records, height and weight, examination results, etc.),
- data on disability or health disadvantage,
- billing and delivery address,
- identification number and tax identification number,
- e-mail,
- phone,
- payment data (bank account number, payment card data),
- signature,
- network identifiers,
- personal data obtained from cookies.
 

For what purpose do we process personal data?

The processing of personal data is necessary for realization of  communication or the fulfillment of the contract arising from the dispatch of the order, for the following purposes:

• Product News Information.
• Implementation of services
• Informing about order status.
• Delivery of the ordered goods.
• Solving any complaints.

We also need an email address to let you know about discounts and special events, competitions and other interesting news. You need to give informed consent to this expanded marketing communication. Consent is made by confirming the email sent to you by submitting your order or by filling out the registration form for those newsletters.
If you do not want to receive this information, you have the option to remove it at any time. You can find this option in any received newsletter. You can also contact the person named above with the above email.
 

What personal data do we share with third parties?

The website is linked to several third-party applications that further process the data for their purpose. List of third-party applications that we use can be seen in following table

Service name	Data	Purpose	Type of consent
Facebook	Cookies, anonymous data about the group's behavior and interests	Authorized interests of the administrator	Opt-out, consent is not necessary
Google Analytics	Cookies, Anonymous data about on website behaviour	Anonymous data analysis	Consent is not necessary
Google Adwords	Cookies, Anonymous data about on website behaviour	Campaign optimization based on anonymous data	Consent is not necessary
Mailchimp	E-mail	Management of e-mail communications	Authorized interests of the administrator,
Smartsupp	Cookies, Anonymous site behavior information	Analysis of customer behavior on a page	Consent is not necessary

 

Through third-party applications, we collect information about your computer. These data are anonymous. They cannot identify you as a person and are only used to produce statistics and their subsequent analysis.
 

How we use Cookies

We use two types of cookies. Our own, which serves directly to run the e-shop. We store favorite products, products added to cart or products compared. We also use third-party cookies that store anonymously information about visiting an e-shop. These can then be used for analytical or marketing purposes. All the cookie information we store is anonymous.
 

What security procedures do we apply to the retention of personal data?

The Provider has adopted and maintains such technical and organizational measures in order to prevent unauthorized or accidental access to, modification, destruction or loss of personal data, unauthorized transmissions, any other unauthorized processing, and other misuse of personal data.

• Anonymization of personal data.
• Ability to restore access to and access to personal data in a timely manner and in the event of physical or technical incidents.
• Periodic testing, assessment and evaluation of the effectiveness of the established technical and organizational measures to ensure processing safety.
• Multi-level firewall.
• Antivirus protection and unauthorized access control.
• Encrypted data transfer via IT technology.
• Access to personal data only for the Provider's authorized persons.
• Servers with personal data locked in a server room.
   

How can you check the personal data you have provided?

If you wish to verify with what your particular personal data we are working, please contact the authorized person (see mail in the first part of this page). Do the same if you want to delete or change your personal data.
 

General conditions

1. Customer voluntarily provides his or her personal data and agrees to provide it to third parties under the conditions set out below.
2. Personal data will be processed electronically in an automated manner or in a printed form in a non-automated manner.
3. In the event that the purchaser believes that the seller or processor carries out the processing of his or her personal data contrary to the protection of the buyer's private and personal life or contrary to law, in particular if the personal data are inaccurate given the purpose of their processing, may:
   1.    to ask the seller or processor for his / her electronic address or written explanation,
   2.    require the seller or processor to request it in his / her electronic address or in writing to remove the situation thus created
4. If the buyer asks for information about the processing of his or her personal data, the seller is obliged to pass it on to his / her electronic address or in writing by post. The Seller has the right to request the provision of the information under the previous sentence to request a reasonable reimbursement not exceeding the costs necessary to provide the information, in the case of a repeated request.
5. The controller is a duly registered personal data administrator. Customer's personal data is secured against misuse. The handling of personal data of customers is governed by the relevant provisions of Act No. 101/2000 Coll., On the Protection of Personal Data and on Amendments to Certain Acts, in a valid and effective wording.
6. Any misconduct, inquiries, leakage or misuse of personal data may be reported to the relevant Data Protection Authority. (ÚOOÚ)