General Data Protection Regulation

Dear patients,

we would like to inform you that the company DENTmikro s.r.o., ID No.: 19419350, with a practice located at Masarykova 1, 373 41 Hluboká nad Vltavou, handles personal data responsibly and in accordance with the requirements of Act No. 101/2000 Coll. on the Protection of Personal Data and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data.

In this context, we would like to inform you that your personal data is used solely for treatment and diagnostic purposes and activities essential to the operation of the dental practice.

All data is stored on secure media, protected by passwords, and access is granted only to predefined persons. Paper-based information is protected with a lock.

We process the following personal data: name, surname, address, phone number, email, health insurance information, and health condition information.

Personal data is used only for your treatment and the operation of the dental practice. Only the doctor, dental hygienist, or healthcare personnel employed by DENTmikro s.r.o., accountant, dental software provider, and our cooperating laboratories may have access to your personal data.

INFORMATION FOR PATIENTS ON THE PROCESSING OF PERSONAL DATA

according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation)

1. Data Controller
   DENTmikro s.r.o.
   ID: 19419350
   Masarykova 1, 373 41 Hluboká nad Vltavou
   ordinace@dentmikro.cz
   
   The controller is a provider of healthcare services in accordance with Act No. 372/2011 Coll., on health services and the conditions of their provision, as amended.
   
   
2. Purpose(s) of personal data processing
   We process your personal data for the purpose of:
   • providing healthcare services
   • billing for healthcare services
   • communicating health condition data to you and other authorized persons
   • organizing the provision of healthcare services (patient appointments)
   • maintaining records of our income and expenses, received payments, and financial management, as required by tax and accounting laws
3. Legal basis for personal data processing
   The legal basis for processing your personal data mentioned in point II is:
   • fulfillment of our legal obligations (especially Act No. 372/2011 Coll., Act No. 48/1997 Coll. on public health insurance, Act No. 563/1991 Coll. on accounting, Act No. 586/1992 Coll. on income taxes, and Act No. 634/1992 on consumer protection)
   • fulfillment of obligations from a healthcare contract under which we provide you with services (this contract does not need to be in writing)
4. Recipients of personal data
   Recipients of your personal data may include: healthcare providers, public authorities, and persons authorized to view medical records under §§ 31, 32, 33, and 65 of Act No. 372/2011 Coll. Personal data may also be processed by processors based on personal data processing agreements in compliance with the GDPR.
   Your personal data is not transferred abroad.
5. Duration of personal data processing
   Personal data in medical documentation is processed for the period specified by Decree No. 98/2012 Coll. Data processed for other purposes (point III) is processed for the legally required period or as long as you remain our patient, and then for one year after that.
6. Data subject rights
   When processing personal data, you have the following rights:
   • the right to request access to your personal data
   • the right to correct your personal data
   • the right to restrict processing – this means we must label and not further process the restricted data, except for storage. You have this right if:
     • you contest the accuracy of the data (for time needed to verify it)
     • processing is unlawful and you request restriction instead of deletion
     • we no longer need the data but you need it for legal claims
     • you have objected to processing (see point VII) until it's determined whether our legitimate grounds override yours
   • the right to erasure – only for data processed for non-medical purposes; medical records cannot be deleted
   • the right to data portability – for data processed automatically with your consent or contract; medical records can be shared only with you or another authorized healthcare provider or public authority
   • the right to lodge a complaint with the supervisory authority if you believe your rights are being violated. In the Czech Republic, this is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz
7. Right to object to processing
   If we process your data based on legitimate interests (see point III), you have the right to object at any time by contacting us at the address listed in point I. We may continue processing only if we demonstrate compelling legitimate grounds that override your interests or for legal claims.
8. Mandatory processing and obligation to provide personal data
   Processing your personal data for healthcare purposes is a legal requirement. Not providing your data may prevent us from delivering medical services, which could endanger your health or life (§ 41(1)(d) of Act No. 372/2011 Coll.). This obligation also applies to your legal guardian or representative (§ 41(2) of the same Act).