Protection of personal data at Mediestetik Clinic - GDPR

Protection of personal data at Mediestetik Clinic - GDPR

The European Union Regulation (GDPR) on the handling of personal data will soon come into force. Therefore, we need to ask your consent once more in order to receive our newsletters.


Personal data is any information that concerns a particular subject. In order to be considered as determined or determinable, it decides whether it is possible to identify it directly or indirectly on the basis of the data. Personal data include personal contact information, its IP address, information on the use of services, activities or preferences. The protection of personal data is regulated by Act No. 101/2000 Coll., On the Protection of Personal Data and on Amendments to Certain Acts, as amended (the "Personal Data Protection Act").


Processing of personal data means any operation or a series of operations in which the controller or processor systematically, manually or automatically, collects, stores, modifies, alters, uses or dispenses data. The Mediestetik Clinic collects personal data for the needs of healthcare management and for marketing purposes. Each patient must explicitly consent to their use for marketing purposes, in particular, the distribution of information emails, business communications using data, internet or mobile communications, such as calls, SMS messages, etc.

All of this data is stored on secure media, password protected, and only predefined persons have access to it.


Data is processed by Mediestetik s.r.o., based in Senovážné náměstí 23, Prague 1. The Mediestetik Clinic is thus the administrator of this personal data, i.e. it determines how the personal data will be processed and for what purpose.


All personal data is used only for the internal needs of The Mediestetik Clinic and will not be passed on, or otherwise distributed among others, whether legal or natural persons. We appreciate your privacy, so no one will ever receive your contacts from us.


We will process all personal data provided by the patient for the needs of the clinic, whether conducting medical records or sending commercial communications. In particular, the contact details (name, surname, address, email, telephone number), based on either business relationships, or the accounting and payment details (ID, VAT, credit card number, account number), these are the data that are necessary for the faultless provision of our services. All data is processed for the duration of the contractual relationship and subsequently is archived for 10 years after its termination.

Personal information provided by persons who have expressed their consent to the sending of business announcements, news, promotions, etc., include, in particular, the name, surname, e-mail address and telephone, city of residence, date of birth. Consent is expressed by ticking the appropriate box in the healthcare agreement and subsequently confirmed by email. The consent can be revoked at any time via the logout link, which is in each sent message.

In the event of a visit to our website, we may collect information about your visits to our website, the use of our services. This information includes your IP address, behaviour on the website and its use of the loyalty program. We automatically obtain this information through cookies or tracking technologies to improve our service and offer you the best possible service. We process the data for one year.


If we process your personal data as an administrator, you have the right to contact us at any time and exercise the right to determine which of your personal data we process or modify. If you have any doubts about the condition, we will be happy to provide you with an explanation and we will arrange to remedy the malfunction. Whether it's a blocking of messaging, repairs, or complete liquidation/destruction of personal data (other than medical documentation, governed by a separate law, and we are obliged to archive it for a specified period of time).


We handle all personal data with due diligence and in accordance with valid legislation. We use both automated and non-automated means to process personal data. All data is stored on secure servers and workstations stored exclusively in the European Union. Personal data is protected as much as possible by means of:

  • We use a multi-level firewall to protect the server.
  • All communication within a corporate network is encrypted and secured by virtual private networks.
  • Access to the personal data of our employees, co-workers, patients, and others whose personal data we have at our disposal has only a predefined and defined number of people, including the segmentation of their access levels to individual data.
  • Security monitoring and eventual security incidents are provided 24 hours a day.


The Mediestetik Clinic honestly declares that, as the personal data manager of its patients, it meets all the legal obligations required by applicable legislation, in particular, the Personal Data Protection Act, and that:

  • processes patient's personal data only on the basis of a legal title (the patient has expressed his free and voluntary consent to the processing of his or her personal data),
  • fulfils the registration duty with the Office for Personal Data Protection,
  • fulfils the obligation to provide information to its patients under the Personal Data Protection Act,
  • allows their patients to exercise their rights under the Personal Data Protection Act,
  • performs all other duties of the personal data controller pursuant to the Personal Data Protection Act.

Kontaktujte nás

vyberte soubory