Privacy Policy (GDPR)

Secure communication and procedures

The following describes the individual privacy practices or circumstances recommended by the VFN.

Secure communication

Why it is necessary to protect personal information

In the current digitized period, the requirements not only within the EU and the Czech Republic for the protection of personal data are increasing and tightening. This obligation also applies to the protection of medical records, personal data of patients and VFN staff.

Obligations for the protection of all personal data managed and processed in the VFN arise from generally applicable laws and standardsthat apply to the manager, ie the VFN, in particular:

  • EU Regulation No. 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR).
  • Act No. 110/2019 Sb., on the processing of personal data.
  • Act No 181/2014 Sb., on cyber security.

The Personal Data Administrator, ie VFN, is obliged to protect personal data so that they are not misused.

In VFN these are primarily personal data of patients, patients of designated persons, employees, visitors of VFN, etc., both in electronic form (eg NIS, personnel systems, data storage, camera recordings, etc.) paper (eg filing cabinets, medical records, copies of documents, etc.).

Personal information is any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier (name, surname, personal identification number, address, medical records / examination or medical history, mobile number, e-mail, etc.) or any combination of data from which the person is identifiable (eg email and surname name).

Possibilities of communication with doctors

The VFN, as the administrator of your personal data contained in the medical documents you can receive from our doctors (eRecept, test results, medical report, etc.), will protect your privacy.

For this reason, we offer these forms of communication with the doctor:

  1. Personally
  2. Recommended letter
  3. E-mail in case of acceptance of "Consent to send personal data to e-mail" (see below)
  4. By e-mail with your own qualified electronic signature (issued by qualified certification service provider - overview)
  5. By registering to Central eRecept repository directly at SUKL - only for eReceptes!

Possibility of subject consent with sending personal data by e-mail

In cases where the subject requires the sending of information about the examination, diagnosis, eRecept, medication and other personal information, it is absolutely necessary first understand and accept the notification of risks arising from the sending of personal data by regular e-mail by the entity. Ordinary e-mail is an unsecured form of communication, ie without the use of, for example, content encryption, where it cannot be guaranteed, among other things, that its content will not be read or modified by an unauthorized person.

How to proceed in these cases:

  1. Submit a request for information about examinations, diagnosis, eRecept, medication and other personal information to the VFN employee's email.
  2. You will receive an email with the text below from a VFN employee (name.surname@vfn.cz) where you are warned of risks and asked to consent to sending personal information by regular e-mail.
  3. If you accept these risks, click the "I agree" button in the received email to confirm this.
  4. Your requested data will then be sent to the email address from which you have confirmed your consent. If you do not give your consent, the requested documents will be provided to you in another way, eg in printed form.

If you request repeated sending of personal data from the same email address for the same person (not a spouse or child, etc.), the consent will no longer be required repeatedly and the requested information will be sent to you. If the applicant's email address or person does not match, you will be asked to agree repeatedly for the person and the email you use.

"Consent to receive personal information on email"

You have received this email because you have asked a doctor or other VFN employee to e-mail you an eRecept, examination results, medical report, etc. These and other types of documents contain your personal information or the person for whom you exercise the rights ( children, persons with limited legal capacity).

The VFN takes care to protect your privacy and, as the administrator of the personal data, it warns you of the risks of sending them by regular e-mail, ie an unsecured e-mail message without using eg content encryption. For unsecured e-mail, we cannot guarantee, among other things, that its content will not be read, modified or misused by an unauthorized person after it is sent.

If you do not want to accept these risks, please choose a different communication path - you can find them HERE.

If you accept these risks and if you agree to send the personal data in question by regular email, please confirm this by clicking the "I agree" button. Subsequently, the required data will be sent to this email address: (specific email will be shown here)

I agree I disagree

This request for explicit consent is sent to you on the grounds that you are requesting an insecure transfer of personal data, such as health data. Health data is part of the so-called special category of personal data under Article 9 of Regulation (EU) No 2016/679 of the European Parliament and of the Council, also known as GDPR, and therefore requires a higher level of security.

If you wish to change your consent to receive personal information, you can do so here anytime.

Granting consent to subject

In cases where consent to the processing of personal data of a patient, employee or other person is necessary consent to the processing of personal data will meet the following conditions, ie be:

  • freely granted (if not granted, will not mean disadvantage);
  • inform about the purpose and scope of consent;
  • clearly and unambiguously formulated;
  • clearly separated from another text;
  • at any time revocable as easily as it was given.

Entering an employee or patient request according to the rights defined in the GDPR

The patient or employee (as well as other persons) is entitled under the rights defined in the GDPR:

  • on requesting information about personal data being processed;
  • on request for deletion of personal data;
  • on objection to the processing of their personal data;
  • request the portability of personal data processed;
  • and more

and enter your request:

  • Patient, former employee, as well as other persons:
    • it shall be sent by post: in writing with the applicant's officially signed signature, which shall be sent to the VFN address;
    • personal delivery of the application to the registry of the General Teaching Hospital, U Nemocnice 499/2, Prague 2, building of the headquarters A5, 4th floor (Mon - Thu 9 am - 3 pm, Fri 9 am - 2 pm), then the identity of the applicant will be verified ;
    • by email to poverenec@vfn.cz, provided that the applicant signs the e-mail with its own qualified electronic signature;
    • it is sent by the data box, provided that the applicant matches the data message sender.
  • Employee (in employment):

Reporting suspected or detected personal data leaks

When suspected or detected personal data leakage or abuse, I have the possibility of this fact report to the Data Protection Officer VFN (contact below).

Where to contact when you need to clarify your privacy

If you need clarification of your privacy, please contact the VFN Privacy Officer (also known as the DPO) for the following areas:

  • independent control and advisory function in relation to personal data;
  • monitoring and evaluating the compliance status of the VFN with GDPR requirements;
  • communication with personal data subjects (eg patients, employees) using their rights under the GDPR Regulation (eg right to information, deletion, objection, portability);
  • communication with the ÚOOÚ and reports possible breaches of personal data protection.

Contact details for the VFN Privacy Officer are listed below.

VFN Data Protection Officer (DPO)

contact e-mail: poverenec@vfn.cz

Do NOT follow this link or you will be banned from the site!