Information on processing of personal data
We protect your data
This document provides you with information about your rights related to the processing of your personal data. When processing personal data, we are governed by the legal provisions, in particular the European Union's General Data Protection Regulation (GDPR) in force since 2016/679 of 27 April 2016 with effect from 25 May 2018. The processing of personal data is only ever carried out within the scope of the specific service or purpose of the processing.
The controller of your personal data is:
Ulrychova 921/47, 624 00 Brno-Komín
/hereinafter referred to as the organization/
Below you can find out how we process your personal data with regard to Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR).
Basic data protection principles
- The organisation is committed to complying with its data protection obligations to protect the rights of all subjects whose personal data the organisation processes to the fullest extent possible.
- The acquisition and processing of personal data is always handled within the framework of the principles of legality, transparency, and fairness.
- Technical, procedural, and organisational measures are implemented to ensure the protection, integrity, availability, confidentiality, and resilience of the processing of personal data. These measures shall be regularly reviewed and evaluated and improved on the basis of their effectiveness.
- Only authorised persons have access to personal data; data is only transferred to other entities for the fulfilment of a legal purpose or with the consent of the data subjects.
- Personal data are processed only to the extent and for the time necessary.
- New requirements arising from legislation or current threats are implemented without delay.
- Personal data breaches are always recorded, investigated, and reported to the supervisory authority in case of impact on the rights of data subjects, and to the data subjects in case of high risks.
- Overview of the types of data processed and their sources
- The organization collects personal data used to uniquely identify the data subject (natural persons), contact data enabling communication and other data related to the subject of the performed agendas and related to the provided services and activities of the organization. Personal data are collected directly from citizens.
Purposes of processing
The main purpose of the processing of personal data is to fulfil the agendas arising from the organisation's work activities and to provide services to citizens.
Legal basis for processing
The legal basis for the processing of personal data of citizens is the fulfilment of the legal obligations of the organisation, the performance of concluded contracts, legitimate interest, consent of the data subject, public interest, or vital interests of the data subject.
The period for which personal data are processed
The period of processing of personal data is governed by legal requirements, contractual arrangements, or the period for which the data subject has given consent to the processing of personal data.
How personal data is processed
The organisation processes your personal data in its information systems. The processing of personal data is under constant control of physical and technical security processes. When processing, the organisation uses security controls and technical mechanisms to ensure that the data processed is protected to the greatest extent possible against unauthorised access, transmission, loss, or destruction and against further possible misuse.
Employees working with personal data when performing their duties are bound by confidentiality that continues after the end of their employment relationship with the municipality.
Transfer of personal data to other persons
The organisation transfers personal data to processors of personal data on the basis of a contract with the relevant provisions on the processing of personal data. The list of processors is available for consultation with the director of the organisation.
In addition, personal data may be transferred to public authorities and state bodies if required or permitted by law.
Processing of personal data based on consent
In the case of processing of personal data based on informed consent, the data subject always freely decides whether to grant, restrict or refuse consent. The organisation is bound by the extent of the consent given.
The consent given may be withdrawn at any time. Upon withdrawal of consent or failure to provide it, the organisation will cease processing personal data.
Rights of data subjects
The right of access allows the data subject to find out whether and, where applicable, what data about his or her person is processed by the organisation, the purpose, legal basis, method and duration of the processing and the recipients to whom the personal data are disclosed. Similarly, each data subject has the right to be informed of all personal data processed about him or her by the organisation. However, this should be without prejudice to the rights of others (in particular the right to protection of their personal data, but also the protection of intellectual property or business secrets) or to national security. Data subjects should also be informed whether their personal data are used for automated decision-making or profiling.
The right to rectification allows the data subject to seek redress if he or she finds that the data recorded is incorrect, inaccurate, or incomplete. In the event of notification, the organisation must ensure that the rectification is carried out without undue delay.
The right to erasure (or right to be forgotten) allows the data subject to request the removal of their data from the organisation's records if one of the following occurs:
- personal data are recorded and processed unlawfully, e.g. the specified processing period has expired;
- the processing was based on consent that has been withdrawn and there is no other legal basis for processing;
- the parent does not consent to the processing of their child's personal data (if the data processing is based on consent for information society services);
- the personal data is no longer needed for the purpose for which it was stored and processed;
- the data subject objects to the processing based on the legitimate interests of the organisation and these legitimate interests do not override the interest in the protection of the citizen's personal data.
- If the right to erasure is exercised, the data subject is entitled to request the erasure of all occurrences and references to his or her personal data in all copies.
Right to restriction of processing
It requires the organization to restrict the processing of personal data of a citizen for the following reasons:
- if the data subject objects that the processed data is inaccurate, it is possible to request a restriction of the processing for the time necessary to verify the accuracy of the personal data;
- if there is no legal basis for the processing of personal data, the data subject may request a restriction of processing (temporary storage without further processing) instead of erasure;
- if the personal data are no longer needed for the organisation's stated purpose but may still be needed by the citizen, e.g. for the defence of any legal claims;
- if the data subject has already objected to the processing of the data, he or she is also entitled to request the restriction of the processing for the time necessary to verify whether the legitimate interests of the controller outweigh the interests of the data subject.
Right to object
The right to object allows the data subject to object to the processing of their personal data based on the legitimate or public interest of the organisation. In the event of an objection by the data subject, the organisation is obliged to verify and properly justify whether the legitimate or public interest outweighs the data subject's interest in the protection of his or her personal data.
Right to portability
The right to portability allows the data subject to obtain their personal data in a structured machine-readable form. He or she may also request that this data be transmitted directly to another controller if this is (technically) possible and feasible. However, the right only applies where the processing of personal data is based on consent or contract.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with the supervisory authority (the Office for Personal Data Protection) if you believe that the processing of your personal data has violated the data protection rules.
Office for Personal Data Protection:
Pplk. Sochora 27
170 00 Prague 7
Phone: +420 234 665 111
Method of exercising the rights of data subjects
by electronic submission:
via the electronic mailroom with a verified electronic signature at email@example.com
via the data box: ????
in person: at the company's address (written application, ID card)
Klinika Laurea - Bulharská 29 - Brno
|Monday||8.00 – 16.00|
|Tuesday||8.00 – 16.00|
|Wednesday||8.00 – 16.00|
|Thursday||8.00 – 16.00|
|Friday||8.00 – 14.00|
Procedure for exercising the rights of data subjects
- Acceptance of the application
- Identification of the applicant
- Evaluation of the application
- Decision on the application
- Enforcement of decisions
- Informing the applicant
The time limit for processing the application is 30 days from the date of receipt of the application. The time limit may be extended by up to 60 days in exceptional cases, in particular due to the complexity and difficulty of the case, which must be communicated to the data subject by the data controller, including the reason for the extension.
Information on the obligation to appoint a trustee
The obligation to appoint a trustee arises in three cases if:
- processing is carried out by a public authority or a public body (excluding courts),
- the main activities of the controller or processor consist of processing operations which require extensive regular and systematic monitoring of citizens,
- the main activities of the controller or processor consist of large-scale processing of special categories of data or personal data relating to criminal convictions and offences.
This organisation does not fulfil either of these points and therefore there is no need to appoint a trustee for this organisation.
Glossary of terms
- Legitimate interest – the interest of the controller or of a third party, for example, where the data subject is a customer of the controller.
- Personal data – information about a specific, identifiable person
- Recipient – the person to whom the data is transmitted.
- Controller – the person who determines the purpose and means of the processing of personal data; the controller may delegate the processing to a processor.
- Data subject – a living person to whom the personal data relates.
- Purpose – the reason for which the controller uses your personal data.
- Processing – an activity that the controller or processor carries out with personal data.
- Processor – a person who processes personal data for the controller.