About Hospital
Processed personal data
Processed personal data
PERSONAL DATA - PATIENTS
- Identification data of the administrator
Administrator: Hospital Jihlava, contributory organization
ID: 00090638
based at Vrchlického 59, 586 33 Jihlava
- Kontaktní údaje pověřence pro ochranu osobních údajů
v Nemocnic Jihlava je jmenován pověřenec pro ochranu osobních údajů, který pomáhá při řešení problematiky ochrany osobních údajů pan Mgr. Petr Navrátil.
Pověřenec pro ochranu osobních údajů je vám k dispozici pro vyřizování dotazů týkajících se nakládání s osobními údaji nebo pro poskytování dalších informací o ochraně osobních údajů a můžete jej kontaktovat:
Hospital Jihlava, contributory organisation
Vrchlického 59, 586 01 Jihlava
Tel: +4230 567 157 197, +420 157 909
e-mail: dpo@nemji.cz
web: www.nemji.cz
- Purpose of processing
The purpose of the processing personal data relating to patients is to obtain data directly related to the identification of the patient and to the patient's state of health, so that the patient can be provided with correct and comprehensive health care.
- Categories of data subjects and personal data
The data subjects whose personal data are processed by the administrator are the administrator's patients.
- Source of personal data
The source of the personal data is the medical records of each patient, which contain the personal data processed by the controller for the above purpose. The data is processed in both paper and electronic form.
- Places of processing personal data
The processing of personal data will take place at the administrator's headquarters at Vrchlického 59, 586 33 Jihlava.
- Recipient or category of recipients
The recipient of the personal data are the employees of the controller who use it to carry out their activities. These are mainly doctors and nurses.
- Expected transfer of personal data to other countries
There will be no transfer of personal data to other countries.
- Description of the personal data protection measures
The camera server is installed in a room without windows with the other information and communication technology of the Hospital. The entrance to the room is provided with a door in a standard design with a security lock and a ball on the outside. The room is secured by a motion sensor and a code-controlled alarm, the output of which is routed to the security agency's counter and the room is also monitored by one of the CCTV cameras. The room is accessible only to the ICT Department staff.
The stored records can only be accessed by logging into the Windows operating system with a login and password and then logging into the image information processing application with another login and password. Only one person, the designated administrator of the CCTV system, has the relevant permissions.
For the operation of the CCTV system, the Hospital has prepared a directive "CCTV system with recording equipment of the Jihlava Hospital", which also determines the administrator of the CCTV system and the persons in charge of supervision.
The detailed handling of personal data is set out in an internal directive.
PERSONAL DATA - EMPLOYEES
- Identification data of the administrator
Administrator: Hospital Jihlava, contributory organisation
ID: 00090638
based at Vrchlického 59, 586 33 Jihlava
- Purpose of processing
The purpose of the personal data processing concerning the controller's employees is to obtain data directly related to the conclusion of the employment relationship, in particular:
- to draw up an employment contract,
- to report applications and social security and health insurance payments,
- to fill in pension insurance record sheets,
- to calculate the correct salary,
- to calculate the correct monthly advance tax payments,
- to determine your exact entitlement to retirement pension,
- to meet the mandatory proportion of disabled workers,
- to report the employment of foreigners,
- to declare an income taxpayer,
- for various income certificates - tax office, employment office, courts, banking institutions, etc.
- Categories of data subjects and personal data
The data subjects whose personal data are processed by the administrator are the administrator's emplyoees.
- Source of personal data
The source of personal data is the personal file of each employee, which contains the personal data processed by the controller for the above purpose.
- Description of the data processing method
Before concluding the employment, the data controller (employer) requests individual data from the employee, which means that the employer requests personal data from the employee corresponding to the stated purpose and to the extent strictly necessary for the fulfilment of the stated purpose. These personal data are then:
- First name, surname (and all former surnames),
- date of birth,
- place of birth,
- birth number (for foreigners, the assigned birth number),
- nationality, marital status,
- contact address,
- education (original documents),
- previous practice,
- proof of criminal record (for managers and health professionals),
- information on health status,
- information on the pension,
- for women, the number of children brought up,
- handicaps,
- health insurance company,
- details of your wife and children (for tax relief),
- bank account number (for sending the salary to the employee's account upon request),
- membership in the Czech Medical Association (a prerequisite for practising medicine).
- Places of processing personal data
The processing of personal data will take place at the administrator's headquarters at Vrchlického 59, 586 33 Jihlava.
- Recipient or category of recipients
The recipient of the personal data is the data controller and the institutions to which the data are communicated in connection with the establishment and termination of the employment relationship, the payment of salary, or in connection with other facts related to the employment relationship, e.g. the Labour Office, the Financial Office, the health insurance company, the District Social Security Administration and others.
- Expected transfer of personal data to other countries
There will be no transfer of personal data to other countries.
- Description of the personal data protection measures
Access to data in electronic form in the Personnel and Payroll Programme is available to employees of the Personnel and Payroll Department and the designated ICT administrator.
Only employees of the Personnel and Payroll Departments, who are bound by confidentiality, have access to employee personnel files.
Data security measures are standard. The room where the data is stored has an entrance door secured with a security lock and a ball, and there are locked cupboards inside the room for storing personnel records.
The detailed handling of personal data is set out in an internal directive.
CCTV SYSTEM
- Identification data of the administrator
Administrator: Hospital Jihlava, contributory organization
ID: 00090638
based at Vrchlického 59, 586 33 Jihlava
- Purpose of processing
The purpose of the processing is to protect the property of persons from theft, to protect persons, in particular employees of the controller from attack by aggressive patients, as well as to protect against other illegal or criminal activities.
The purpose of the CCTV system is to prevent undesirable phenomena, in particular the entry of homeless people and their unauthorized stay in the Hospital building, against pickpocketing, against vandalism, and also as a preventive protection of the Hospital staff during night hours against aggressive patients (especially in the premises of the emergency ambulance with continuous operation). The reason for the installation of the camera system was also the fact that incidents that occurred in the Hospital before the installation of the camera system and were investigated by the Police of the Czech Republic could not be documented by the camera footage.
The data from the CCTV system will be processed, consisting of the recording of the footage taken, which will be used to identify persons in connection with certain actions (see above). The scope of the data processed will consist only in recording persons at certain precisely defined locations. The controller will not process data relating to address and identification data, nor sensitive data, nor descriptive data.
Personal data will be processed without the consent of the data subjects within the meaning of Section 5(2)(e) of Act No. 110/2019 Coll.
- Categories of data subjects and personal data
The data subjects whose personal data are processed by the administrator are in particular patients of the administrator, employees of the administrator, as well as other persons entering the premises of the administrator for any reason.
On all entrances to the premises of the Hospital and on the fence of the premises of the Hospital, there are placed information labels of approximately A5 format with the phrase "Attention The premises of the Hospital are monitored by the camera system!" with a pictogram of the camera.
- Source of personal data
The source of the personal data will be an image record (recording from the camera system) stored for a certain period of time.
- Description of the data processing method
A total of 31 cameras of the AXIS 211, 221 D&N, 216 FD and 212 PTZ types (with the possibility of remote control of the direction of view and the angle of view - zoom) are installed in the premises of the Hospital. The cameras are fixed mounted, while the cameras installed in the basement of the Hospital have the possibility of "night vision". The cameras capture colour images with a resolution of 640 x 480 pixels, the recording is also stored in this resolution, the sound is not captured. The quality of the recording (resolution and frame rate) is sufficient to identify the persons being monitored and to recognise their activities.
The camera system is in continuous operation 24 hours a day, with continuous recording from four cameras, while the remaining cameras are only activated if motion is detected in the camera's field of view. The recording storage time is set by SW to 7 days.
The cameras are installed in various places in the Hospital buildings and their list is part of the internal guideline.
- Places of processing personal data
The processing of personal data will take place at the administrator's headquarters at Vrchlického 59, 586 33 Jihlava.
- Recipient or category of recipients
In certain circumstances, in addition to the administrator, the recipient may be the law enforcing authorities (the Police of the Czech Republic, the prosecutor's office, the court), or state or local government authorities dealing with misdemeanours, based on the rules established by law.
- Expected transfer of personal data to other countries
There will be no transfer of personal data to other countries.
- Description of the personal data protection measures
The camera server is installed in a room without windows with the other information and communication technology of the Hospital. The entrance to the room is provided with a door in a standard design with a security lock and a ball on the outside. The room is secured by a motion sensor and a code-controlled alarm, the output of which is routed to the security agency's counter and the room is also monitored by one of the CCTV cameras. The room is accessible only to the 5 employees of the ICT Department.
The stored records can only be accessed by logging into the Windows operating system with a login and password and then logging into the image information processing application with another login and password. Only one person, the designated administrator of the CCTV system, has the relevant permissions.
For the operation of the CCTV system, the Hospital has prepared a directive "CCTV system with recording equipment of the Jihlava Hospital", issued on 18 February 2008, which also determines the administrator of the CCTV system and the persons in charge of supervision.
The detailed handling of personal data is set out in an internal directive.
Booking system Reenio (conferences, services)
- Identification data of the administrator
Administrator: Hospital Jihlava, contributory organisation
ID: 00090638
based at Vrchlického 59, 586 33 Jihlava
- Purpose of processing
The purpose of processing personal data relating to users is to obtain data directly related to the booking or registration.
- Categories of data subjects and personal data
The data subjects whose personal data are processed by the administrator are the booking system users.
- Source of personal data
The source of the personal data is the booking system, which lists the personal data that the controller processes for the above purpose. The data is processed in electronic form.
- Description of the data processing method
When registering or booking in the booking system, the user shall indicate the purpose and to the extent necessary to fulfil the stated purpose. This includes the following personal data:
- Name and surname,
- e-mail,
- phone.
- Places of processing personal data
The processing of personal data will take place at the administrator's headquarters at Vrchlického 59, 586 33 Jihlava.
- Recipient or category of recipients
The recipient of the personal data are the employees of the controller who use it to carry out their activities.
- Expected transfer of personal data to other countries
There will be no transfer of personal data to other countries.
- Description of the personal data protection measures
Access to data in electronic form via the Reenio booking system is secured by the need to log in with a username and password. Personal data cannot be accessed without a login. The identification and password is individual for each user. The user is bound by confidentiality. Access to the reservation system is restricted according to each user's job title.
The detailed handling of personal data is set out in an internal directive.
Stravovací provoz – Objednání jídel
- Identification data of the administrator
Administrator: Hospital Jihlava, contributory organisation
ID: 00090638
based at Vrchlického 59, 586 33 Jihlava
- Purpose of processing
Účelem zpracování osobních údajů týkající se uživatelů je získání údajů, které bezprostředně souvisí s objednávkou jídel.
- Categories of data subjects and personal data
Subjekty údajů, jejichž osobní údaje správce zpracovává, jsou uživatelé objednávkového systému jídel.
- Source of personal data
Zdrojem osobních údajů je objednávkový systém jídel, ve které jsou uvedeny osobní údaje, které správce k výše uvedenému účelu zpracovává. Údaje se zpracovávají ve formě elektronické.
- Description of the data processing method
Součástí registrovaných údajů v systému objednávek jídel jsou tyto údaje vedeny k účelu a v rozsahu nezbytně nutném pro naplnění stanoveného účelu. Jedná se pak o tyto osobní údaje:
- Jméno,
- příjmení,
- e-mail,
- phone.
- Places of processing personal data
The processing of personal data will take place at the administrator's headquarters at Vrchlického 59, 586 33 Jihlava.
- Recipient or category of recipients
The recipient of the personal data are the employees of the controller who use it to carry out their activities.
- Expected transfer of personal data to other countries
There will be no transfer of personal data to other countries.
- Description of the personal data protection measures
Přístup k údajům v elektronické podobě prostřednictvím objednávkového systému jídel FONS AKORD DIET je zabezpečen nutností přihlásit se uživatelským jménem a heslem. Bez přihlášení se nelze k osobním údajům dostat. Identifikace a heslo je pro každého uživatele individuální. Uživatel je vázán mlčenlivostí. Přístup do objednávkového systému jídel je omezen dle pracovního zařazení každého uživatele.
The detailed handling of personal data is set out in an internal directive.
The legal department of the Hospital Jihlava is responsible for the validity.