Book an appointment

Error: Contact form not found.

Privacy Policy and Confidential Information

This document contains information about the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and related Czech legislation.

1. Definitions

For the purposes of this privacy notice, the following terms apply:

  • Controller — the entity that determines the purpose and means of personal data processing; in this case AndroMedical s.r.o.
  • Data subject — a natural person whose personal data is being processed (e.g. patients, prospective clients, applicants, business partners, website visitors).
  • Personal data — any information that may lead to the direct or indirect identification of a specific natural person.
  • Processing of personal data — any operation or set of operations performed on personal data (e.g. collection, storage, modification, disclosure, transfer, deletion).
  • Processor — a natural or legal person that processes personal data on behalf of the Controller (e.g. an IT or laboratory services provider).
  • Recipient — an entity to whom personal data is disclosed (e.g. healthcare registries, service providers, public authorities as required by law).
  • Consent — a freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they agree to the processing of their data for a specified purpose; consent may be withdrawn at any time.
  • Health data — a special category of personal data relating to the physical or mental health of a person, including data relating to the provision of healthcare services that reveal information about health status.

2. Data Controller

AndroMedical s.r.o., Company ID: 21444722, registered office: Jičínská 2348/10, Vinohrady, 130 00 Prague 3, registered at the Municipal Court in Prague, file ref. C 402016 (hereinafter ‘the Controller’).

The Controller is a healthcare provider under Act No. 372/2011 Coll., on Healthcare Services, and a controller of personal data within the meaning of the GDPR.

3. Categories of data subjects and purposes of processing

Prospective clients seeking a consultation: Data: first name, last name, phone number, email.

Purpose: providing an initial consultation and communication.

Retention: 5 years.

Users of the online symptom assessment form: Data: first name, last name, phone number, email, age.

Purpose: preliminary assessment of symptoms, evaluation of suitability for consultation, and subsequent communication.

Preservation: 5 years.

Patients / clients: Data: identification data (first name, last name, title, national ID number / date of birth, address), health data, contact details.

Purpose: provision of healthcare, maintenance of medical records, fulfilment of legal obligations.

Job applicants: Data: CV, cover letter, and correspondence.

Purpose: conducting the recruitment process.

Retention: until the process ends, maximum 1 year (unless consent is given for retention for future recruitment).

Business partners: Data: contact and invoicing details. Purpose: business communication and fulfilment of contracts.

Visitors to our premises: Data: CCTV recordings.

Purpose: protection of property and security.

Retention: automatically overwritten loop with a retention period of 7 days, unless otherwise specified (e.g. footage handed to police).

Marketing communication and message personalisation
If you give us your consent, we may use your contact details (in particular email, phone or website visit details) to send you health tips, news about our services, specialist information and TestoClinic offers.
We may also use this data to personalise marketing communications, including displaying relevant advertising on social media (e.g. Facebook, Instagram, LinkedIn) and other online platforms.
The legal basis for the processing is your consent pursuant to Article 6(1)(a) GDPR, which you can withdraw at any time.
Marketing communications are not based on health data and do not contain sensitive health information.

4. Legal basis for processing

  • Compliance with legal obligations (Health Services Act, tax and accounting regulations).
  • Contract conclusion and execution (e.g. health care, employment contracts, commercial contracts).
  • Legitimate interest of the Controller (protection of property, security, defence in case of a dispute).
  • Consent of the data subject (e.g. marketing, sending of newsletters, voluntary contact details, job applicants if they ask to keep their CV).
  • Marketing communication, including personalised advertising on social networks, is only carried out on the basis of the data subject’s voluntary consent, which can be withdrawn at any time.

Consent is voluntary and may be withdrawn at any time without restriction by sending a request to the contacts listed below.

5. Recipients of personal data

The controller only shares personal data with authorised entities:

  • laboratory and IT service providers,
  • medical software (e.g. CompuGroup Medical),
  • external service providers (accountants, legal advisors),
  • providers of CRM systems and related services,
  • providers of marketing and analytical services (Google Ireland Ltd., Meta Platforms Ireland Ltd., Alma Career Czechia s.r.o.).

In the case of data transfers outside the EU (e.g. Google, Meta), data protection is ensured through standard contractual clauses (SCC) approved by the European Commission.

Online marketing and social networks: As part of our marketing activities, we may use the services of social network operators and online advertising systems (e.g. Meta Platforms Ireland Ltd, Google Ireland Ltd, LinkedIn Ireland). These providers may process some data separately according to their privacy policies.

6. Cookies and online tracking

Cookies are used on the Administrator’s website:

  • Technical (necessary) – for the proper functioning of the website, they cannot be disabled.
  • Analytical – for measuring traffic and improving the website (Google Analytics). Activated only with consent.
  • Marketing – for content personalization and advertising (e.g. Meta Pixel, Google Ads). Activated only with consent. Marketing cookies can also be used to personalise advertising messages and display relevant offers on social networks and other online platforms.

When you first visit the site, you will see a cookie bar where you can set your preferences. You can change your settings at any time.

7. Preservation period

  • Medical documentation: according to Decree No. 98/2012 Coll.
  • Interested: 5 years.
  • Jobseekers: max. 1 year.
  • Camera footage: 7 days.
  • Data processed on the basis of consent: until withdrawal of consent.

8. Data security

The controller uses technical and organisational measures to protect data against unauthorised access, loss, destruction or misuse. Only authorised persons bound by confidentiality have access to the data.

9. Rights of data subjects

You have the right:

  • access to personal data,
  • to correct inaccurate data,
  • to erasure (“right to be forgotten”) if the purposes of the processing have ceased to exist,
  • to limit processing,
  • to data portability (where the legal basis is consent or contract),
  • object to processing on the basis of legitimate interest,
  • withdraw consent at any time,
  • file a complaint with the Office for Personal Data Protection (www.uoou.cz).

10. Contact

Administrator: AndroMedical s.r.o., Jičínská 2348/10, Prague 3, 130 00

E-mail: info@testoclinic.cz

Data Protection Officer: poverenec@testoclinic.cz

Scroll to Top