INFORMATION ON PERSONAL DATA PROCESSING

(Updated version dated December 1, 2024)

We are Josh Fyzio s.r.o., a non-state healthcare facility, with registered office at: Lidická 337/30, 150 00 Prague 5, Company ID: 032 777 47, registered in the Commercial Register at the Municipal Court in Prague, file no.: C 229556, email: info@joshfrana.cz, phone: +420 606 022 319 (hereinafter referred to as „Josh Fyzio“ or „we„). On October 30, 2014, Josh Fyzio was issued a decision by the Regional Authority of the Plzeň Region, Department of Healthcare, granting authorization to provide healthcare services under ref. no. ZDR/2488/14. This decision came into effect on November 3, 2014, and provides professional non-medical healthcare services in accordance with Act No. 372/2011 Coll., on Healthcare Services and Conditions for Their Provision (Act on Healthcare Services) (hereinafter referred to as „AHCS„). In this document, you will find comprehensive information about your rights. We have not appointed a Data Protection Officer.

We recommend that you read this information carefully. We have done everything to make it as comprehensible as possible. If anything remains unclear, we will be happy to explain any term or section to you.

Scope and Responsibility for Processing

In this document, you will find information about the processing of personal data carried out by Josh Fyzio in the role of Controller, i.e., as the entity that determines the purposes and means and decides on the processing of your personal data.

Personal data means information that can identify your person, such as name, address, telephone number, email address, but also data about your health condition, which are necessary for providing our services.

When processing personal data, we comply with the relevant legal regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as „GDPR„) and Act No. 110/2019 Coll., on Personal Data Processing, as amended.

Whose Data We Process

At Josh Fyzio, we process data of:

  • our clients and, if necessary, also their legal representatives or guardians,
  • visitors to our website.

What Rights Do You Have Regarding Your Personal Data?

In relation to your personal data that we process, you have the following rights that you can exercise against us:

  • to obtain confirmation of (non)processing of your personal data and access to personal data concerning you that we process;
  • to rectification or completion of your personal data if they are inaccurate or incomplete;
  • to erasure or restriction of processing of your personal data if the conditions given by legal regulations are met;
  • to object to the processing of personal data concerning you;
  • to transfer your personal data to another controller;
  • to withdraw your consent to the processing of personal data, if you have given it to us;
  • to lodge a complaint with the Office for Personal Data Protection, as well as the right to effective judicial protection.

You can exercise your rights or any questions by written submission delivered electronically to: info@joshfrana.cz.

The supervisory authority is the Office for Personal Data Protection, with registered office at Pplk. Sochora 27, 170 00 Prague 7, website: https://www.uoou.cz

How Do We Protect Your Personal Data?

You can be absolutely sure that we handle your personal data with due care and in accordance with applicable legal regulations. We protect your personal data to the maximum extent possible, corresponding to the technical level of available means.

  1. Personal Data of Our Clients

If you express interest in our services, we need to know some of your personal data for mutual communication and service provision. At the same time, we are authorized to process individual categories of personal data to the extent according to § 53 paragraph 2 of AHCS, to the extent and for the period stipulated by Decree No. 444/2024 Coll., on Medical Documentation, as amended.

  1. a) Which Personal Data Do We Process?
  • Client identification data (name, surname, gender, date of birth, personal identification number, signature);
  • Identification data of the legal representative (name, surname, signature);
  • Client contact details (permanent residence address, correspondence address, telephone number, email address);
  • Health data, in particular:
    • information about the client’s health condition, date and time of admission to care, date and time of termination of care, information about transferring the client to another provider, information about the course and result of the provided healthcare services and about other significant circumstances related to the client’s health condition and the procedure in providing healthcare services, including anamnestic data necessary for providing healthcare services, medical reports, examination results, and extracts from medical documentation of other healthcare facilities provided by the client,
    • following the identified information about the health condition, work conclusions and information about the final diagnosis, proposal for further treatment, information about the course of care, extent of provided or requested healthcare services, data on the current development of the health condition according to the assessment communicated by the client, targeted objective finding are processed about the client,
    • record of giving informed consent/disagreement with a specific healthcare service, copies of medical assessments, requests for healthcare services, examination results, and other significant circumstances related to the client’s health condition that were identified in connection with the provision of healthcare services.
  1. b) Why Do We Process the Data and on What Basis?
  • legal obligation – obligations under AHCS, accounting, tax processing;
  • fulfillment of mutual contract on service provision or actions leading to the commencement of service provision;
  • purposes of scientific research and clinical studies – measurement and examination results may be processed usually in anonymized form (i.e., without the possibility of backward linking to the client’s person), if a specific project requires verification of data by linking to a specific client, such personal data are pseudonymized with a secured encryption key (identification of the client is not possible without using a secured encryption key) – processing according to Art. 5(1)(b), Art. 9(2)(j), and Art. 89(1) GDPR – compatible processing for scientific purposes;
  • legitimate interest, which is not in conflict with your rights to personal data protection (e.g., records of contractual partners, sending news, creating internal statistics and reports, protection and defense of our legally protected interests in case of possible claims for damages against us, etc.);
  • provision of consent to processing (e.g., for the purpose of publishing references to our services, etc.).
  1. c) Form of Personal Data Processing

Your data may be subject to automated processing as part of providing our services, but we do not perform any profiling or automated decision-making. Personal data that are part of medical documentation are kept exclusively in electronic form.

  1. d) How Long Will We Process the Data?

Personal data are always kept for the necessary time. Personal data from medical documentation are kept in accordance with AHCS for at least 5 years, which begins on January 1 of the following calendar year in which care was last provided to the client, unless AHCS stipulates otherwise.

Personal data processed in connection with the fulfillment of a mutual contract on service provision are kept for the duration of the contract and subsequently in the minimum possible extent to fulfill our legal obligations (especially from the title of legal requirements for accounting and tax records) for up to 10 years from the termination of the mutual contract. This period may exceptionally be longer based on our legitimate interest if it is necessary, e.g., for resolving insurance events or protecting our legal interests.

Personal data processed on the basis of consent are processed for the period specified in the consent, or until the moment of withdrawal of such consent.

If you have only expressed interest in our services, but the provision has not commenced, all personal data are deleted within 1 year from the last active contact from your side.

  1. e) Who Can Have Access to the Data?
  • external provider of accounting and tax services,
  • external provider of marketing services,
  • contractual specialists providing services within our premises,
  • possibly other providers of processing software or services, which, however, we do not currently use.

A complete current list of processors can be requested at info@joshfrana.cz.

  1. f) To Whom Else Do We Provide Your Personal Data and Why?

Your personal data may, in connection with ensuring contractual fulfillment or fulfillment of a legal obligation, be transferred to the necessary extent for processing to third parties, always only in such a way that complete protection of your personal data is maintained, as stated in this information statement. The recipient may also be your legal representative, guardian, or another person whom you have indicated in the consent to provide information about your health condition. We may provide personal data to public administration bodies or bodies authorized to look into medical documentation in accordance with AHCS, if requested. A complete current list of recipients of your personal data can be requested at info@joshfrana.cz.

Transfer of personal data abroad does not take place.

  1. g) Sending Commercial Communications

We may send our clients a newsletter or other commercial communications regarding the services we offer via email, phone, or SMS message, if you do not refuse this service as part of the informed consent before starting to provide our services. You can unsubscribe at any time directly from the link within the sent commercial communication, by sending a response SMS, or by email to info@joshfrana.cz.

  1. Personal Data of Visitors to Our Website
  2. a) Which Personal Data Do We Process?

Your IP address is processed when visiting our website only for the purpose of processing anonymized traffic statistics. If you fill in and send a contact form, this information is part of the user identification, is stored in the system with other user data, and follows the fate of the entire group of data entered in the form.

On our website, we also use technical or necessary cookies, which are needed for the proper functionality of our website. We do not need your consent for their use, but the processing takes place on the basis of our legitimate interest.

  1. b) Who Can Have Access to the Data?

Furthermore, possibly another provider of processing software, services, and applications may have access to this data, which, however, we do not currently use.

A complete current list of processors can be requested at info@joshfrana.cz.

We do not provide your data to any other third parties or abroad.

  1. Where Can You Learn More?

Please send your requests, questions, and opinions to email: info@joshfrana.cz, or to the postal address of the premises Josh Fyzio s.r.o., Radlická 142, 150 00 Prague 5. We value your opinions, and submitted suggestions will be confidential.

Our representative will contact you without undue delay at the contact you provided with a proposed solution or appropriate explanation.