DATENSCHUTZRICHTLINIE (GEMÄSS GDPR
Who we are
When we refer to “Praga
Medica”, or “us” or “we” or
“Company”, we are referring to PRAGA MEDICA HEALTHCARE s.r.o., with its registered office at Na Krutci 368/5, Prague 6, the Czech Republic, ID No. 24249726, registered in the Commercial Register kept by the Municipal Court in Prague, under File No. C 197135.
This privacy statement has been
We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website or our services, then you can be assured that it will only be used in accordance with this privacy statement.
What is GDPR
GDPR is the General Data Protection Regulation. It comes into effect on 25th May 2018. It sets out a series of new EU laws concerning how data is processed and used. The objective of the regulation is to strengthen and standardize data protection laws for all EU citizens. These regulations will apply to any organisation that controls and / or processes data on behalf of an individual or group of individuals. Those responsible for adhering to these regulations include employees of the organisation, including contractors, consultants, agents and third parties who have access to data either directly or indirectly.
Data Protection Officer
Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are respected. You can contact our Data Protection Officer at firstname.lastname@example.org or by writing to them at Data Protection Officer, PRAGA MEDICA HEALTHCARE s.r.o., with its registered office at Na Krutci 368/5, Prague 6, the Czech Republic.
What information do we collect about you?
We collect and process various categories of personal data at the start of and for the duration of your relationship with us. We will limit the collection and processing of personal data to information necessary to achieve one or more legitimate purposes as identified in this policy.
This information is usually collected through initial customer enquiry, undertaken through various channels, mostly from our online contact form, by phone, by email or from a third party.
Special categories of personal data
Under GDPR, there are special categories that require additional safeguards for processing. We will only process special categories of personal data where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so. And then only for the particular purposes and activities set out and for a limited time only. These special categories of personal data and the reasons for their collection are outlined below:
- Information required to evaluate your suitability for a selected
- Information about your health and medical conditions
- Information about your family, lifestyle and social circumstances
- Education and employment information
- Visual images and personal appearance
- Information about racial or ethnic origin
- Information required to provide accurate advice on medical
treatment, before and after care
- Information about your health
- Information about your family, lifestyle and social circumstances
- Education and employment information
- Other information for verification purposes (online
questionnaire, online booking and other consents)
- Internet Protocol (IP) address
We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
How we collect information about you
Personal data we collect and hold about you includes:
- information you give to us (for example: through a contact form online, by phone, by email, through our medical questionnaire, through our booking platform)
- information that we receive from third parties from treatment abroad portals such as WhatClinic.com or TreatmentAbroad.com)
- information that we learn about you through our relationship you
- information that we gather from technology (IP address and other usage data)
How we use your personal data
We use information about you to:
- provide relevant products and services to you, above all a relevant medical treatment;
- identify ways we can improve our products and services;
- decide and recommend how our products and services might be suitable for you.
To provide our products and services under the terms and conditions agreed between us, we need to collect and use personal information about you. If you do not provide this personal information, we may not be able to provide you with our products and services. For example: by not filling out our online questionnaire, we will not be able to provide an online evaluation and make an appointment for medical treatment.
We analyse the information that we collect on you through your use of our products and services and on our social media, apps and websites. This helps us understand how we interact with you and our position in the market place.
Your personal data and third parties
We will not share your personal
data with anyone outside the Company except:
- where we have your permission
- where required for your product or service (for example: we will share your personal information with a consultant specialist to evaluate your online questionnaire, we will share your personal information with a doctor in order to make an appointment at a clinic etc.)
- where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world
- with third parties providing services to us, such as market analysis and benchmarking, and agents, consultants and sub-contractors acting on our behalf (for example: we may disclose some personal information to our contracted drivers so that they can meet you at the airport and take you to your hotel)
- in anonymised form as part of statistics or other aggregated data shared with third parties; or where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.
- with our payment service providers. Financial transactions relating to our website and services are handled by our payment service providers, in particular by PayPal. We will share transaction data with our payment service providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
We require that these third parties provide sufficient guarantees that the necessary safeguards and controls have been implemented to ensure there is no impact on your data rights and freedoms.&
Lawful basis for processing
To use your personal data lawfully, we rely on one or more
of the following legal bases:
Performance of a contract
Processing your information is necessary for us to provide you with products and services that are related to treatment abroad and that we agree to deliver subject to our terms and conditions.
Our legitimate interests
Legitimate interest means the interests of the Company in conducting and managing our business when providing products and services. Our core legitimate interests are to provide the best customer service, improve our products and services, and to protect our customers, employees and shareholders. A very important part of our legitimate interests is the ability to manage our relationship with you as effectively as possible and provide you with the best possible customer experience.
We will ask for your consent on multiple occasions, such as:
- To process your enquiry
- To evaluate an online questionnaire
- To make a booking
- For any marketing activities (newsletters)
We ensure that your consent will always be given to a very specific action and in a clear, affirmative way. We will keep a record of your consent and how we obtained it.
Consent can be withdrawn at any time which will result in the immediate cessation of all data processing, unless we have already delivered the product or service.
We may sometimes require your consent to use your personal information. For example, when we use sensitive personal information (known as special category information under GDPR) about you, such as medical or biometric data, we always request your explicit consent.
How long we keep your personal data
This section sets out our data retention policies and procedures, which are designed to ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Your information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Special categories of personal data (especially medical questionnaire data) will be retained for a minimum period of 1 year following the submission of the data, and for a maximum period of 3 years following the treatment date.
Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.
- By providing you with products or services, we create records that contain your information, such as customer account records, activity records, billing account records. Records can be held on a variety of media (physical or electronic) and formats.
- We manage our records to help us to serve our customers to a high standard (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.
How we keep your information safe
We are aware of security threats and make every possible effort to protect your information. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are respected. Should you have any questions, please do not hesitate to contact our Data Protection Office.
International transfers of your personal data
We may transfer your personal information outside of the European Economic Area (EEA) to help us provide the best customer experience, on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws. For example, the hosting facilities for our website, our database and our email servers are situated both in the Czech Republic and abroad. Any international transfers of your personal data will be protected by appropriate safeguards.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Our marketing activities towards you are very limited and
- sending newsletters
- social media related activities
- requesting feedback
We will always ask for your consent in relation to any
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
Cookies used by our service providers
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.