In accordance with the applicable legal regulations — namely Act No. 110/2019 Coll. (the Personal Data Processing Act), Decree No. 444/2024 Coll. (the Decree on Medical Documentation), and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “the Regulation” or “GDPR”) — the Controller hereby informs you that, in order to perform a contract, to take steps prior to the conclusion of a contract at your request / to fulfil a legal obligation, or for purposes of the Controller’s legitimate interest (“Legal Basis for Processing”), your personal data (“PD”) will be processed within the following scope: title, first name, surname, telephone number, e‑mail, birth identification number, residence, occupation, type and number of identity document, gender of the patient at birth, chosen method of communication, information on possession of a driving licence and firearms licence, and special categories of PD (sensitive PD): previous treatment, information on current health condition, planned treatment.
The Controller informs you that the PD will be processed for the purpose(s) of providing healthcare, based on the Legal Basis for Processing. The Controller does not process PD beyond the scope prescribed by law unless you have given written consent.
Personal data will be processed both automatically and manually, while complying with all security principles for the management and processing of personal data.
The Controller informs you that, in addition to the Controller, other recipients of the PD include processors with whom the Controller has concluded a personal‑data‑processing agreement (“Processor”) and who provide sufficient guarantees for the protection of your personal data, as well as recipients who are granted access in order to fulfil legal obligations, and recipients who are not Processors for the Controller but intermediaries or providers performing services or delivering goods for the Controller and who have signed a confidentiality agreement with the Controller.
The Controller informs you that your PD will not be transferred to recipients or processors in a third country outside the European Economic Area (EEA) without your explicit consent, if such country has weaker rules for the handling of personal data than the Czech Republic.
The Controller informs you that the PD will be stored for the period strictly necessary to fulfil the given purpose of processing / for the duration of the contract / at the Controller.
The Controller informs you that you have the right to request from the Controller access to PD, their rectification or erasure, restriction of processing, or to object to processing, and the right to data portability (i.e. to obtain from the Controller the PD in a structured, commonly used and machine‑readable format and transmit them to another controller); that a complaint may be lodged with the Office for Personal Data Protection; that the provision of PD is not obligatory; and that there is no automated decision‑making or profiling.
The Controller states that you have the right to obtain confirmation from the Controller as to whether or not PD concerning you are being processed. The rules are governed by the GDPR and related legislation.
The Controller states that you have the right to erasure of PD if the PD are no longer necessary for the Purpose; if you withdraw consent and no other legal basis for processing exists; if you object to processing of PD based on the Controller’s legitimate interest or to automated individual decision‑making or profiling; if the PD were processed unlawfully; if the PD must be erased to comply with a legal obligation; or if the PD were collected in connection with the offer of information‑society services.
The Controller expressly draws your attention to the fact that you have the right to object at any time to the processing of PD concerning you that were obtained for the performance of a task carried out in the public interest or on the basis of the Controller’s legitimate interest, including profiling. You further have the right to object at any time to the processing of PD concerning you for marketing purposes.
The Controller draws your attention to the fact that you have the right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such processing is necessary for entering into or performing a contract or is based on your explicit consent.
The Controller states that, in the event of a personal‑data‑security breach likely to result in a high risk to the rights and freedoms of the data subject, such breach will be communicated to the data subject without undue delay.
Ori Dental s.r.o
Škroupova 1310/36, 430 01 Chomutov
CIN: 14038340
(“Controller”)
