Protection of personal data at Mediestetik Clinic - GDPR

Protection of personal data at Mediestetik Clinic - GDPR

Service offered at Mediestetik Clinic by Mediestetik s.r.o., with its registered office at Senovážné náměstí 978/23, Nové Město, 110 00 Prague 1, company ID number: 285 34 492 and Mediest - medical s.r.o., with its registered office at Mánesova 983/36, Vinohrady, 120 00 Prague 2, company ID: 076 87 460, as joint administrators according to Article 26 of the General Regulation on Personal Data Protection (EU) 2016/697 ("GDPR") (hereinafter collectively "Mediestetik Clinic") also include the processing of personal data. Because we want you to be as well informed as possible about how we handle your data, incl. special categories of personal data "handle", we have written this privacy policy on the protection of personal data.

what is personal data?

Personal data is any information that relates to a particular entity. For an entity to be considered as determined or identifiable, it decides whether it is possible to identify it directly or indirectly based on the data. Personal data thus includes in particular name, surname, address, contact data.

A special category of personal data is personal data that indicate racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, health condition or sexual life, or the sexual orientation of an individual.


Processing of personal data means any operation or series of operations in which the controller or processor systematically, whether manually or automatically, collects, stores, modifies, alters, uses or disposes of them.

Mediestetik Clinic collects personal data for the needs of health care management and marketing purposes. Marketing purposes include, in particular, the sending of information e-mails, business messages utilizing data internet or mobile communication, such as e-mails and SMS messages.

All data is stored on secure media, protected by passwords and only predefined persons have access to them. 


The data are processed by the Mediestetik Clinic, i. e. Mediestetik s.r.o. and Mediest - medical s.r.o., as joint personal data controllers. The Mediestetik Clinic determines how personal data will be processed and for what purpose.


All personal data is used for the internal needs of the Mediestetik Clinic by the legal regulations of the Czech Republic, especially Act No 372/2011 Coll., on health services, as amended, and will not be transmitted or otherwise disseminated to others, legal or natural persons. We respect your privacy and therefore we have taken technical and organizational measures to prevent your date from being processed unauthorizedly.

Doctors, employees of the Mediestetik Clinic may have access to the data according to their access rights, or our suppliers with whom we, if they are in the position of personal data processor, have concluded a contract according to Article 28 of the GDPR.


We will process all personal data provided by the patient for the needs of the clinic, whether conducting medical records or sending commercial communications.

 In particular, the contact details (name, surname, address, email, telephone number) and data on health status for the purposes of keeping medical records.

, d According to the need (purpose) and business relationship, the accounting and payment data (ID, VAT, payment card number, account number). This is always the data that is necessary for the faultless provision of our services. All data are processed for the duration of the contractual relationship and subsequently archived for 10 years from its termination. 

Personal information provided by persons who have expressed their consent to the sending of business announcements, news, promotions, etc., include, in particular, the name, surname, e-mail address and telephone, city of residence, date of birth and provided media. Consent is expressed by ticking the appropriate box in the healthcare agreement and subsequently confirmed by email. The consent can be revoked at any time via the logout link, which is in each sent message.

In the event of a visit to our website, we may collect information about your visits to our website, the use of our services. This information includes your IP address, behaviour on the website and its use of the loyalty program. We automatically obtain this information through cookies or tracking technologies to improve our service and offer you the best possible service. More information on data processing via cookies is available here

When visiting the Mediestetik Clinic, the clinic uses cameras to monitor the safety of patients and staff in common areas. The record is kept for 72 hours.


If we process your personal data as an administrator, you have the right to contact us at any time and exercise the right to determine which of your personal data we process or modify. If you have any doubts about the condition, we will be very happy to provide you with an explanation and we will arrange to remedy the malfunction. Whether it's a blocking of messaging, repairs, or complete liquidation/destruction of personal data (other than medical documentation, governed by a separate law, and we are obliged to archive it for a specified time).

The full list of your rights is available here.


We handle all personal data with due diligence and in accordance with valid legislation. We use both automated and non-automated means to process personal data. All data is stored on secure servers and workstations stored exclusively in the European Union. Personal data is protected as much as possible using:

  • we use a multi-level firewall to protect the server;
  • communication within a corporate network is encrypted and secured by virtual private networks;
  • access to the personal data of our employees, co-workers, patients, and others whose personal data we have at our disposal has only a predefined and defined number of people, including the segmentation of their access levels to individual data;
  • security monitoring and eventual security incidents are provided 24 hours a day.


Mediestetik Clinic honestly declares that as a controller of personal data of its patients it meets all legal obligations required by applicable legislation, in particular GDPR and the Personal Data Protection Act, and therefore that:

  • processes personal data of its patients only on the basis of fulfilment of legal obligations pursuant to Act No. 372/2011 Coll., on health services and/or consent to the processing of personal data for the purposes specified in the relevant forms, or legitimate interest in, for example, a camera system,
  • fulfils an information obligation towards its patients
  • allows its patients to exercise their rights
  • fulfils all other obligations of the personal data controller, as regards data security

You can read the additional wording of the privacy policy here.

Kontaktujte nás

vyberte soubory