Galenio

O problému               Funkce pro pacienty               Funkce pro nemocnice

Consent to the processing of personal data

1. You hereby grant consent to the company Language solutions s.r.o., with
its registered office at Nové sady 988/2, Staré Brno, 602 00 Brno, Company
ID: 19590024, registered in the public register maintained by the Regional
Court in Brno, Section C, Insert 135244/KSBR (hereinafter referred to as the
„Controller“), to process the following personal data in accordance with
Regulation (EU) No. 2016/679 of the European Parliament and of the
Council on the protection of natural persons with regard to the processing
of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation) (hereinafter
referred to as the „Regulation“):

a. Identification data

– First name

– Lastname

– Dateofbirth

– Nationality

– Gender

b. General information, which refers to information that is not classified as
special categories of personal data under Article 9 of the GDPR.
c. Sensitive data, which refers to special categories of personal data under
Article 9 of the GDPR, consisting of information about the health of the
User-Patient, which the Controller obtains during the use of the Application
by the User-Patient or during interaction between Users.

2. Purpose of personal data processing
a. Identification data such as first name, last name, date of birth, nationality,
and gender are processed by the Controller for the purpose of identifying
the User-Patient by the doctor and enabling the functionality of the
Application. For this purpose, the company requires the explicit and
informed consent of the User-Patient, which has been granted to the
Controller. This data is stored by the Controller for a period of 24 hours. After
this time, it is deleted from all of the Controller’s databases.

b. General information, which refers to information that is not classified as
special categories of personal data under Article 9 of the GDPR. The
Controller processes this data to provide general information to the doctor
about the condition and location of the User-Patient. The Controller also
processes this data for the purpose of communication and enabling the
functionality of the Application. For this purpose, the company requires the
explicit and informed consent of the User-Patient, which has been granted
to the Controller. This data is stored by the Controller for a period of 24
hours. After this time, it is deleted from all of the Controller’s databases.

c. Sensitive data, which refers to special categories of personal data under
Article 9 of the GDPR, consisting of information about the health of the
User-Patient, obtained by the Controller during the use of the Application
by the User-Patient. The Controller processes this data to enable the
treatment of the patient by the doctor to whom the User-Patient provides
this data. The Controller also processes this data for the purpose of
providing the doctor with information about the health condition of the
User-Patient, which allows the doctor to determine the User-Patient’s
health status. The Controller further processes this sensitive data to
facilitate communication between the User-Patient and the doctor. For the
purpose of processing this sensitive data, the company requires explicit
and informed consent from the User-Patient in accordance with Article 9,
paragraph 2, point (a). This data is stored by the Controller for a period of
24 hours. After this time, it is deleted from all of the Controller’s databases.

3. Circumstances according to Article 13 paragraph 2 point(e)
a. The provision of personal data to the Controller is a contractual
requirement. By providing personal data, the Controller will be able to offer
the User-Patient the services of the Application. Failure to provide personal
data will result in the inability to use the services of the Application.

4. Datasecurity
Data is sent to the Application server using a secure and encrypted protocol at
regular intervals without the need for the User-Patient’s involvement, and is stored
in accordance with applicable legal regulations for as long as necessary.

To maximize the security of the User-Patient’s personal data, the Controller implements the following security measures:

a. Dataencryption,

b. Using passwords and other security measures to ensure access to
user data, such as implementing multiple levels of system protection
and using strong passwords,

c. Ensuring adequate physical measures that restrict access to the
areas where data is stored,

d. Entering into data processing agreements in accordance with GDPR
with verified processors.

5. The processing of personal data is carried out by the Controller, but personal
data may also be processed by the following verified processors on behalf of
theController:
a. Hosting services,
b. Analytical tools,
c. Contractual partners of the Controller who assist us in providing our
services.

6. Please note that under the GDPR Regulation, you have the right to:
a. withdraw consent at any time,
b. request information from us about what data we process about you,
and request a copy of this data,
c. request access to this data and have it updated or corrected, or
request a restriction on processing,
d. request the deletion of this personal data,
e. exercise your right to data portability,
f. file a complaint with the Office for Personal Data Protection or
contact the court.

7. By the above processing, you give your explicit and informed consent. The
provision of all personal data is voluntary. Consent can be withdrawn at any
time by sending an email to brno@galenio.cz.