Personal Data Protection Policy

1. Data controller and contacts


Welcome to the Concierge Medicine Europe website. At Concierge Medicine Europe, we provide top-quality medical care, particularly in the field of preventive and lifestyle medicine, while respecting the privacy of our patients, visitors, employees, and other individuals who communicate with us or whose personal data we otherwise process under the conditions specified in this privacy policy (hereinafter referred to as the "Policy"). The Policy summarizes detailed information about the conditions for processing personal data (hereinafter referred to as "personal data") that we obtain through the website https://conciergemedicine.cz (hereinafter referred to as the "website") or by other means specified below, always in accordance with Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR").

The administrator of personal data processed under the conditions set out in this policy, unless expressly stated otherwise in this Policy, is Concierge Medicine Europe s.r.o. , with its registered office at Pujmanové 1753/10a, Nusle, 140 00 Prague 4, ID No.: 05612926, VAT No.: CZ05612926, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 267339 (hereinafter referred to as "CME" or "controller"). As the controller, you can contact us at the address of CME's registered office or use the other contact details provided on the website in the Contact section.


2. Purpose and duration of personal data processing


Contact

When you contact us via the contact form or using other contact details listed on the website in the Contact section with any questions, comments, or requests, particularly regarding the services we provide, we will process your personal data that you provide to us in connection with this to the extent necessary for the purpose of handling your request. In this case, we process your personal data for the time necessary to handle your inquiry, communication, or request, and then for a maximum of six months for internal control and possible follow-up communication. The legal basis for the above processing of personal data is Article 6(1)(f) of the GDPR.


Ordering and providing medical care

If you place an order or submit an inquiry, request, or communication via the website or by other means, and it is related to an agreement on the provision of healthcare, we process personal data relating to you and, where applicable, other persons such as your representatives or family members. communication, or request is related to an agreement on the provision of healthcare, we process personal data relating to you and, where applicable, other persons such as your representatives or family members, including information about your health that you or other healthcare providers make available to us at any time in connection with the provision of healthcare. During your treatment and care, you provide us with a range of personal data, including sensitive information about your health, which falls under the so-called special categories of personal data. We need all this personal data to make the correct diagnosis, ensure proper treatment, monitor your health, and bill you for the healthcare provided. We handle your personal data as patients and, where applicable, other persons primarily in accordance with the relevant provisions of Act No. 372/2011 Coll., on health services and conditions for their provision (hereinafter referred to as the "Health Services Act"), as amended. When processing personal data for this purpose, we comply with a number of other obligations set out in generally binding regulations.

The purpose of processing patients' personal data is primarily to provide health services, including maintaining medical records and properly billing for these services. The purpose of processing patients' personal data is also our need to ensure the smooth operation of our healthcare facilities, to prevent and defend against any legal disputes regarding the care provided, and to continuously improve the quality of the services provided, including the training of our employees.

We store your personal data for the period necessary to fulfill the contract and to comply with legal obligations, including the proper maintenance of medical records, as well as accounting and tax obligations.

The legal basis for the above processing of personal data is compliance with the legal obligations of the controller and the fulfillment of the healthcare contract concluded with the patient pursuant to Article 6(1)(b) and (c) of the GDPR in conjunction with Article 9(h) of the GDPR. The legal basis is also the legitimate interests of the controller or a third party (Article 6(1)(f) of the GDPR), except where such interests are overridden by the interests or fundamental rights and freedoms of patients requiring the protection of personal data. In such cases, health data is processed on the basis of the exception under Article 9(2)(i) of the GDPR, if its processing is necessary for reasons of public interest in the area of public health, or on the basis of the exception under Article 9(2)(f) of the GDPR, if the processing is necessary for the establishment, exercise, or defense of legal claims of the controller.


Sending newsletters

Based on your consent or if we obtain your contact details in connection with the provision of our services, we process your personal data to promote our services and CME, by sending electronic communications informing you about news related to CME. We will process your personal data for this purpose for the duration of your consent, or until you withdraw your consent, and in other cases for a maximum of 2 years from the date of the last communication. We select relevant news based on the nature of the services we have provided to you and your preferences. Using appropriate technical tools, we evaluate the success of delivery and information about the viewing of our communications. You can easily unsubscribe from receiving communications at any time by contacting CME or by clicking on the "unsubscribe" link in each individual communication. The legal basis for the above processing of personal data is, in the case of consent, Article 6(1)(a) of the GDPR and otherwise Article 6(1)(f) of the GDPR.


Career

We may also process your personal data if you apply for a job at CME. The purpose of processing personal data that you provide to us directly or through a third party (recruitment agency, employment agency, or job portal operator), or that we obtain from reliable public sources, is to evaluate applicants and carry out the recruitment process for the relevant position. In this case, personal data is stored for the duration of the selection process, for a maximum of six months. The legal basis for the processing of personal data is taking steps prior to entering employment contract, or a contract for work or a contract for services pursuant to Article 6(1)(c) of the GDPR.

If you decide to increase your future chances of employment at CME, you can give us your consent to continue processing your personal data for a period of 3 years beyond the recruitment process for a specific job position so that we can offer you a similar job opportunity. You can revoke this consent at any time. In this case, we process the personal data obtained based on your consent in accordance with Article 6(1)(a) of the GDPR.


Cookies

We use various types of cookies on our website, which we or third parties whose tools we use may store on your device and retrieve from your device. We may use some cookies without your consent and others only if you give your prior consent on the website. We use the following types of cookies on our website and the corresponding options for their use. We use the personal data obtained through cookies for all the purposes listed below for the duration of their validity. You can set and change your cookie settings at any time in the cookie bar that appears when you first visit the website, or you can view it at any time later by clicking on the Cookie Settings button in the footer of the website.

Essential cookies: Essential or technical cookies help us to ensure the basic functions of the website, such as navigation and saving your preferences, including those relating to cookies. Without these cookies, the website cannot function properly or provide you with the services you request. Therefore, we do not need your consent to use them. We process the personal data we collect based on our legitimate interest in ensuring the functionality and security of our website (Article 6(1)(f) of the GDPR).

Analytical cookies: Analytical cookies help us track and analyze how visitors interact with the website. This information allows us to improve the content and provide better user experience. We process the personal data obtained with your consent based on Article 6(1)(a) of the GDPR.

Marketing cookies: With your consent, we also use marketing cookies to promote ourselves and our website. The information we collect about your use of the website helps us to show you tailored offers. For this purpose, we also pass on information about your use of the website to advertising and social networks so that we can also show you our offers on third-party websites. We process the personal data obtained with your consent based on Article 6(1)(a) of the GDPR.

For all of the above purposes, we use personal data obtained through cookies for the period specified for each cookie in the cookie bar.


3. Access to data


In order to achieve the above-mentioned purposes, we are entitled to disclose your personal data to public authorities, if required by law, or to contractually authorized processors (administrative or IT service providers) who provide CME with sufficient guarantees that they have implemented appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR and that your rights are protected.

Your personal data may be transferred to a third country outside the European Economic Area for which the European Commission has not issued a decision ensuring an adequate level of personal data protection. In such a case, we will take appropriate safeguards to ensure an adequate level of protection, e.g. through standard contractual clauses on personal data protection adopted by the European Commission. You can obtain a copy of such safeguards upon request.


4. Your rights


In connection with the above processing of your personal data, you have the following rights under the conditions specified in chapter three of the GDPR.

In all matters relating to the processing of your personal data, whether it be a query, exercising your rights, filing a complaint, or anything else, you can contact us using the contact details provided on the website in the Contact section.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7 (https://uoou.gov.cz/).


5. Conclusion


We may update this Policy as necessary to reflect changes in the processing of personal data (e.g., if we introduce a new system or procedure that involves a new method of processing personal data) or to clarify the information contained in this Policy. Changes will always be in accordance with the relevant personal data protection regulations, particularly the GDPR.

We recommend that you pay attention to any updates to this policy. We will always inform you of changes to this policy by publishing the current version of the policy on our website or directly, if necessary, to comply with the GDPR.


LAST UPDATED: 01.09.2025