How do we process your personal data?
Our company THERMAL-F, a.s., Reg. No. 25401726, with its registered office at I. P. Pavlova 2001/1, Karlovy Vary, places great emphasis on the protection of your personal data. We process your personal data in accordance with the applicable legislation, namely with Act No. 101/2000 Sb., on the Protection of Personal Data, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), which came into force on 25 May 2018.
1. What data do we process?
Our company THERMAL-F, a.s., Reg. No. 25401726, with its registered office at I. P. Pavlova 2001/1, Karlovy Vary, processes the following data:
If you stay with us to receive a spa treatment:
Contact personal information contained in the registration form you filled in when checking in for your stay at our spa:
- first name and last name, and degree if applicable
- date of birth
- address of your permanent residence
- if you are not a Czech national, the data required by law for reporting foreigners’ stay (nationality, travel document number, visa number)
Data contained in your spa treatment plan, specifically (in addition to your contact details):
- health insurance company details
- your health insurance number
- details of the physician certifying your spa treatment application
- your employer’s details
- your medical history
- details of the proposed length of stay
Data on your completed spa treatment stays – data on health care services provided to you in our facilities and other data required by health insurance companies in the case of reimbursed spa and rehabilitation care services.
Details of any out-of-pocket payments for your stay (including your account or credit card number, if applicable).
If you are a member of our loyalty programme/club:
- details of the membership as provided in the loyalty programme/club application form, along with details of the benefits used
We do not process any of your other personal data.
2. On which basis, for which purpose and for how long do we process your personal data?
In order to provide our services, we process data contained in the application for your spa treatment, data filled in the registration form, and data on the payment of your stay on the basis of the legal relationship between you and our spa, the subject-matter of which is the provision of spa and rehabilitation care and related services (accommodation, catering, etc.). The purpose of such processing is to provide the aforementioned services.
Similarly, we also process data on your spa treatment stays on the same legal basis. In the case of spa and rehabilitation services covered in full or in part by your public health insurance, we are also obliged to give your health insurance company data on the health care services provided to you in our facilities and other data required by health insurance companies, and to enable them to verify the data.
If you are not a Czech national, we process data necessary for reporting the stay of foreigners on the basis of our duty imposed on us by Act No. 326/1999 Sb., on the Stay of Foreigners in the Czech Republic, as amended. This processing is carried out solely for the purpose of fulfilling the aforesaid duty and includes the transmission of the data contained in the registration form to the foreign police.
If you have given us consent to process your contact details and data regarding your stays with us, we process these data on the basis of your consent (like in the case of your membership in our loyalty programme/club). The purpose of this processing is to have an option to inform you about our service and product offers.
The accounting documents and invoices that we use to bill the care provided also contain some personal data (first and last name of the client, type of service provided, date of issue of the document). We only keep these documents for the purpose of complying with the duties set forth in the relevant accounting and tax laws for the period of time provided for by such laws.
In our spa, there are no cases of services being disputed by a health insurance company or self-paying clients. If such a case were to arise, we would have to process data about the care for the duration of the dispute, solely for the purpose of protecting our rights in such a dispute. In that case, we would inform you of such processing of your personal data without undue delay.
The processing of your data based on your consent is limited to the period of validity of your consent, generally 10 years, unless the consent is withdrawn earlier.
3. To whom do we disclose or transmit your personal data?
We disclose your personal data exclusively to the relevant health insurance company for the purposes of supervision, a duty imposed on health insurance companies by generally binding laws (Act No. 48/1997 Sb., on Public Health Insurance, as amended). If you pay in full for the care provided, we do not disclose your personal data to anyone.
If you are not a Czech national, we transmit your personal data contained in the registration form to the foreign police.
We may transmit your personal data to third parties providing support for us, such as mailing, debt collection, or legal services. These third parties are in the position of personal data processors; we only transmit to them the personal data necessary for the given purpose (mailing, debt collection or legal services) and pertaining only to those clients concerned by the specific support activity. We carefully select, and from time to time change and add the personal data processors providing the aforesaid activities. With regard to the updates and changes, we are ready to provide you, upon your written or email request, with an up-to-date list of such entities that may potentially receive your above-mentioned data.
We do not transmit your personal data to other countries.
4. Your rights under applicable law
We would also like to inform you that you have the following rights under the applicable data protection laws:
- the right of access to the personal data we process in your case;
- the right to have your personal data rectified, if they are incorrect or inaccurate in any respect;
- in the event that you discover or believe that we process your personal data in a way that is contrary to the protection of your private and personal life or contrary to the law, in particular if your personal data is inaccurate in respect of the purpose of its processing, you have the right to ask us for an explanation and to request that we remedy the situation (e.g. by blocking, rectifying, supplementing or destroying your personal data);
- the right to request erasure of your personal data or restriction of their processing;
- the right to object to the processing in order to assess whether there has been a breach of the duties imposed on us by applicable law;
- where we process your personal data on the basis of consent, you have the right to withdraw your consent.
- In addition to the above, you also have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7.
- You also have the right to portability of the data that you have provided to us and that we process for the purpose of performing a contract. In the event that you wish to transmit those data to another controller, we will allow you to receive your personal data in a structured, commonly used and machine-readable format or, if technically feasible, we will transmit the data directly to another controller.
If you wish to raise any question about the processing of your personal data, you can contact us at any time in writing at: THERMAL-F, a.s., with its registered office at I. P. Pavlova 2001/1, Karlovy Vary, or by phone at +420 359 002 251; you can also contact the responsible person by email at email@example.com.
Karlovy Vary, 1 May 2018