Privacy Policy

Privacy Contact

To exercise GDPR rights, submit formal requests, complaints, or other data-protection submissions, please use the privacy contact point below. We have not formally designated a Data Protection Officer (DPO) under Article 37 GDPR at this time. If the scope of our processing makes the appointment of a DPO mandatory under Article 37(1) GDPR, we will appoint one, notify the Czech Office for Personal Data Protection (ÚOOÚ), and update this Policy accordingly. You can contact us using the following methods.

• Postal: Klinika Krejcárek s. r. o., Prosecká 876/89, Prosek, 190 00 Prague 9, Czech Republic
• By e-mail at: privacy@openmedical.cz

Supervisory Authority

The supervisory authority for personal data protection in the Czech Republic is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), located at Pplk. Sochora 27, 170 00 Prague 7. Current contact information is available at www.uoou.cz. You have the right to file a complaint with this authority at any time.

Identification data

Name, surname, date of birth, birth-registration number (rodné číslo), insurance type (including Czech statutory public health insurance: VZP, VoZP, ČPZP, OZP, ZPŠ, ZPMV ČR, or RBP), public health insurance policyholder number, health-insurance provider code, identification document data where required, and your OpenMedical client account identifier.

Insurance information is collected and kept up to date so that we can split clinic services correctly between public-insurance-covered items and self-paid items, prepare or collect standard documents you may choose to submit to your commercial insurer for your own reimbursement request, coordinate care with the right partner providers, and handle billing correctly. OpenMedical does not decide coverage, submit claims, negotiate reimbursement, or act as an insurer, broker, or claims handler. Where you notify us of a change in your insurance during the membership year, we update your record accordingly and reassess clinic-side billing and reimbursement-document handling under our Terms of Service.

Contact data

Address of permanent residence, correspondence address, telephone number, e-mail address, data box ID, and preferred language of communication.

Health-related context shared for navigation

Limited health-related context that you choose to share with us so we can navigate care correctly, for example the reason you are seeking care, prior diagnoses you wish to disclose, allergies or medications relevant to scheduling, and copies of medical reports, referrals, lab results, or imaging that you upload to be forwarded to a partner provider. We do not create medical documentation, do not record clinical findings, and do not act as the system of record for your medical history; that role belongs to the partner provider that delivers your care.

Data generated through the client portal and digital channels

Appointment records and reminders, documents you upload to share with partner providers, messages exchanged through secure messaging, audit logs of access to your account and uploaded documents, consent records, and profile settings. OpenMedical does not currently coordinate telehealth consultations at partner providers. If such coordination is launched in the future, those sessions and any recordings will take place on the partner provider’s systems under the partner’s legal basis; OpenMedical does not store telehealth recordings.

Images and documents

Photos of documents you upload, for example prior medical reports and referrals, images captured during examinations, and imaging studies.

Billing and payment data

Data necessary to bill the membership and coordination service to you directly or to your employer where applicable, including transaction identifiers. We do not store full payment card numbers; these are handled by certified payment providers.

Technical data

IP address, device and browser information, log data, and cookies, collected when you use openmedical.cz or the client portal. Details are provided in our Cookie Policy.

Other personal data

Recordings of telephone calls with our team (both inbound and outbound) captured via the CloudTalk cloud platform, including the call content, metadata (timestamp, duration, telephone numbers, operator identifier), and the related operator notes. You are informed of the recording at the start of each call and may request a non-recorded call. Details of the purpose, legal basis, and retention period are set out in the "Telephone calls and call recording" subsection below.

Communications you send us through website chat, WhatsApp, Telegram, or other messaging channels you choose to use.

Delivery of the membership and care-navigation service

This is the primary purpose. For all personal data needed to deliver this service (identification, contact, membership, scheduling, communication, and billing data), the legal basis is the performance of our contract with you under Article 6(1)(b) GDPR. Where you share health-related context with us for the purpose of navigation or scheduling, that information is special-category data and two cumulative layers of legal basis apply at the same time: the same contractual basis under Article 6(1)(b) GDPR, together with your explicit consent under Article 9(2)(a) GDPR, which lifts the special-category prohibition. Processing of health-related context is limited to what is necessary for that purpose.

Website contact and callback handling

When you submit the public contact form, we process the contact-form data needed to respond and arrange follow-up: your name, email address, telephone number if provided, selected programme or specialization, stated intent, privacy acknowledgement, marketing-consent state, locale, and your free-text enquiry message.

The form is delivered to our operations inbox through our website email infrastructure so coordinators can respond or arrange a callback. This operational handling is independent of marketing consent; MailerLite remains used only for marketing email processing when marketing consent is granted.

Telephone calls and call recording

Telephone communication between you and our team (both inbound and outbound calls) takes place via the CloudTalk cloud platform and is recorded for quality assurance, coordinator training, care coordination, and the defence of legal claims. You are informed of the recording at the start of each call. If you do not wish to be recorded, you may request a non-recorded callback at any time by emailing info@openmedical.cz; we will call you back from a line that is not recorded.

The legal basis has three layers, applied according to the content of the call. For the recording itself, we rely on our legitimate interest under Article 6(1)(f) GDPR (quality assurance, traceability of communication, and defence of legal claims), balanced against your rights and freedoms; you have the right to object under Article 21 GDPR at any time and request a non-recorded call. For the content of the call with existing clients, we rely on performance of contract under Article 6(1)(b) GDPR. Where you share health-related information during the call (for example the reason you are contacting us, prior diagnoses, or medications), your explicit consent under Article 9(2)(a) GDPR additionally applies to that special-category data, under the same rules as other health context shared for care navigation described in the "Administrator of Personal Data" section above.

Recordings and the related operator notes are retained for 12 months from the call date and then deleted. Where a dispute, complaint, or legal proceeding is pending in relation to a specific call, the relevant recordings are retained until the matter is finally resolved and for one year thereafter.

Access to recordings is limited to authorised coordinators, support leads, and persons handling a specific complaint or legal claim; access is logged and audited. Details of transfers outside the European Economic Area are described in the "Transfers outside the EEA" section below.

Operation of the client portal, appointments, and secure messaging

Legal basis: performance of contract under Article 6(1)(b) GDPR and our legitimate interest under Article 6(1)(f) GDPR in operating a secure, auditable service. Telehealth coordination through OpenMedical is not currently active; if launched in the future, the telehealth itself will take place on the partner provider’s systems under the partner’s legal basis.

Billing and accounting

Legal basis: performance of contract and compliance with legal obligations under tax and accounting legislation.

Protection of our legitimate interests

This includes security of our systems, fraud prevention, maintaining audit trails, and defence of legal claims. Legal basis: legitimate interests under Article 6(1)(f) GDPR, balanced against your rights and freedoms. Where the establishment, exercise, or defence of legal claims requires us to handle health-related context that you previously shared with us for navigation, Article 9(2)(f) GDPR applies as the additional special-category condition; both layers apply together and only to the extent necessary.

Direct marketing and promotional communications about OpenMedical services

For existing clients, the legal basis is legitimate interests, with the right to object at any time. For non-clients and for marketing by electronic means beyond what is permitted by law, we rely on your consent under Article 6(1)(a) GDPR and Section 7 of Act No. 480/2004 Coll. on certain information society services.

When you tick the marketing checkbox in our contact form, you consent to receive promotional and marketing emails about OpenMedical services. The data we use for this purpose is limited to your name, email address, locale, and the structured form fields you submitted (referral source and selected specialization). The free-text message field is used solely to respond to your enquiry and to coordinate any subsequent care navigation; its content is not transferred to our marketing processor, not used to build or segment marketing audiences, and is not used to infer any special-category data about you. We use the marketing data only to send the communications you have agreed to and to measure their effectiveness.

To send these emails we use MailerLite (UAB MailerLite, Paupio g. 46, 11341 Vilnius, Lithuania) as a processor acting on our behalf under a written data processing agreement. MailerLite hosts subscriber data and email analytics on EU infrastructure. Where MailerLite uses sub-processors located outside the European Economic Area, the transfer takes place under Standard Contractual Clauses approved by the European Commission and supplementary measures. Current details are available in the MailerLite privacy and DPA documentation.

We retain marketing-consent records and contact data used for marketing for three years from your last interaction with our marketing emails or until you withdraw your consent, whichever is sooner. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Every marketing email contains a one-click unsubscribe link. You can also withdraw consent at any time by writing to privacy@openmedical.cz. The active marketing subscriber list and unsubscribe enforcement are operated by MailerLite as our processor under a written data processing agreement; once you unsubscribe, MailerLite stops sending you marketing emails immediately and we remove your contact data from our active marketing list within 30 days. In our own internal records we additionally keep a minimal entry (the sha256 hash of your lower-cased email address together with a timestamp) so we can reliably honour your preference even if our email service provider is later replaced. Without this entry we would not be able to recognise you as a previously-unsubscribed contact.

Clinical studies, research, and statistical purposes

The legal basis has two layers. The standard route is your consent under Article 6(1)(a) GDPR together with, for health data, your explicit consent under Article 9(2)(a) GDPR. Where a specific research project allows it and the law permits, we may also rely on legitimate interests or public interest under Article 6(1)(e) or (f) GDPR combined with the scientific-research condition under Article 9(2)(j) GDPR, always with appropriate safeguards and, wherever possible, pseudonymised or anonymised data.

Use of AI-assisted tools

We are introducing AI-assisted tools gradually. When live, their use will be limited to support functions such as FAQ and support assistance, scheduling and triage support, summarisation of communications, structured extraction from documents you choose to share for navigation, and internal drafting. Each tool will be subject to human oversight. AI is not used to make clinical decisions; clinical decisions are made by clinicians at partner providers.

Before any AI-assisted tool processes information about your health that you have shared with us, we will obtain your explicit consent under Article 9(2)(a) GDPR in addition to the Article 6 basis (performance of contract under Article 6(1)(b) GDPR or our legitimate interests under Article 6(1)(f) GDPR for non-health support uses). We will update this notice when each capability goes live.

Your personal data is not used to train third-party AI models. Where AI processing takes place under our supervision, we contractually require that no provider may use your data for training, fine-tuning, or otherwise improving generally available AI models.

Withdrawal of consent and consequences

Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

The practical consequence of refusing or withdrawing explicit consent to the processing of health-related context for navigation is that parts of the service that depend on handling such information (in particular routing you to a specific partner provider, forwarding history, prior reports or results, and coordinating follow-up care) cannot be delivered. Your membership contract continues and general coordination and administrative tasks continue, but specific actions that depend on health context cannot be performed on your behalf until consent is given. Marketing, research, and other consent-based processing are independent of this and can be refused or withdrawn separately at any time.

Medical documentation held by partner providers

Inspection of, and copies from, the deceased client’s medical documentation is governed by Section 33 of Act No. 372/2011 Coll. Close persons (spouse, registered partner, parent, child, sibling, partner, and other persons the client identified as close during their lifetime) have the right to inspect that documentation unless the client expressly prohibited disclosure to specific persons during their lifetime. Because that documentation is held by partner providers, requests for it should be addressed to the partner provider that delivered the care. We will, on request, help identify the relevant partner.

Membership and coordination data we hold

For the data we hold ourselves (the client account, scheduling history, communications with our team, billing records, and any health-related context the client shared with us for navigation), close persons may request access to the extent permitted by law and by any instructions the client left with us during their lifetime. Such requests should be sent by post, in person, or by another secure channel agreed with us. We may require proof of identity and proof of the requester’s relationship to the deceased, for example a birth or marriage certificate, or a sworn declaration where the law allows.

Client’s lifetime instructions

During their lifetime, the client may name persons who are entitled to access data we hold, or, conversely, exclude specific persons. Such instructions are recorded in the client account and applied when handling requests after the client’s death.

Limits on disclosure

Information that the deceased client expressly prohibited from disclosure, and information whose disclosure would breach the legitimate interests of third parties, may be withheld in line with the law. The right of close persons does not extend to data outside the categories named above, except where another statutory basis applies.

State authorities and public bodies

We may disclose data where we are legally obliged to do so, for example to courts, law enforcement, or other public authorities within the limits of the law.

Partner clinics and specialist providers

OpenMedical coordinates care delivered by a network of partner clinics, hospitals, laboratories, and specialist providers. Where you proceed to receive care from a partner, for example for a consultation, an imaging study, or a laboratory test, we share the data necessary to schedule and refer you, including any health-related context you have shared with us for that purpose.

Each partner provider is an independent controller for the personal data and medical documentation they create and process when delivering care. Partner providers are bound by their own healthcare confidentiality and data protection obligations under Czech and EU law. In specific pathways where OpenMedical and a partner jointly determine how data is processed, the relationship may be structured as joint controllership under Article 26 GDPR, and you will be informed accordingly.

Some partner clinic premises may operate CCTV for safety and security. In that case the partner clinic is the controller for the camera footage and provides its own information notice and signage at the location.

Insurance and assistance partners

Where you choose a programme that includes a partner-managed insurance or assistance benefit (for example a travel-insurance or worldwide medical-assistance benefit), or ask us to activate such a benefit, we may share the personal data necessary to activate and administer that benefit. This usually includes identification, contact, membership, and eligibility data. The current provider is named in the programme description on our website and may change from time to time.

We share health-related context with an insurance or assistance partner only where it is necessary for the requested benefit or claims handling and only with the applicable legal basis, including explicit consent where required. The insurance or assistance partner acts as an independent controller for its own benefit administration, assistance handling, and claims handling under its own terms and privacy information.

Processors acting on our behalf

This includes providers of IT infrastructure, hosting and protected storage, the client portal and operations platform, secure messaging, document management, identity verification, notifications, audit logging, payment processing, customer support tools, analytics, and advertising and conversion measurement. All processors are bound by written data processing agreements and are selected under strict criteria. OpenMedical does not allow processors to use your data for their own purposes.

For our public-facing services (the website, the contact form, subscriber emails, and our business email) we currently rely on the following named sub-processors. If an additional processor is introduced in the future (for example a scheduling tool or analytics platform), this notice will be updated and the new processor will be named here with its country and transfer basis before any related processing begins.

• Hetzner Online GmbH (Germany, EU): hosting of the website and the contact-form backend.
• Cloudflare, Inc. (United States, under the EU-US Data Privacy Framework and Standard Contractual Clauses): authoritative DNS, reverse proxy, and DDoS protection for openmedical.cz; all web traffic passes through Cloudflare's edge network, where TLS is terminated, traffic is filtered, and bot protection is applied.
• Google LLC, Google Workspace (United States, under the EU-US Data Privacy Framework and Standard Contractual Clauses): business email used to receive and reply to your enquiries.
• UAB MailerLite (Lithuania, EU): delivery of subscriber and notification emails.
• CloudTalk s. r. o. (Slovak Republic, EU): cloud telephony platform, call recording, operational customer-support, and contact records associated with telephony, including callbacks and operator notes related to phone calls. For voice routing and recording storage, CloudTalk may rely on sub-processors located outside the EEA (in particular Twilio Inc. and Amazon Web Services, Inc. in the United States) under the EU-US Data Privacy Framework, Standard Contractual Clauses approved by the European Commission, and supplementary measures.
• Google LLC, Google Tag Manager, Google Analytics, and Google Ads (United States, under the EU-US Data Privacy Framework and Standard Contractual Clauses): consent-gated tag management, website analytics, advertising, and conversion measurement, only if you have given the relevant analytics or marketing consent via our cookie banner.

Google's role for third-party tags and measurement

When Google Tag Manager is loaded after consent and Google tags are used through it (Google Analytics 4 and Google Ads), Google also processes a limited set of data on its own infrastructure for its own purposes, in particular network security, fraud prevention, and the development and evaluation of advertising systems. To that extent Google acts as an independent controller under Article 4 GDPR, or as a joint controller under Article 26 GDPR where the purposes are determined jointly with OpenMedical.

For processing carried out solely on OpenMedical's behalf (for example delivery of a specific measurement event that we have configured), Google acts as a processor under Article 28 GDPR. The website analytics layer is limited to allowlisted interaction events and does not send names, e-mail addresses, telephone numbers, free-text enquiry messages, health-related context, or raw submitted form values to Google tags. This subsection does not apply if you have not consented to analytical and marketing cookies; in that case no related Google tag-side processing takes place.

You may exercise your GDPR rights in relation to Google's independent or joint controllership directly with Google under its privacy information available at policies.google.com/privacy; for the remainder you contact OpenMedical.

Your employer or corporate client

This applies only where you are enrolled in an employer-linked programme and only to the extent you have agreed to. Employers do not receive your medical data without your explicit consent.

Family members or household members

This applies only where you are enrolled in a family or household account and have explicitly agreed to the applicable access arrangements.

Transfers outside the EEA

We generally do not transfer your medical and client data outside the European Economic Area (EEA). Where any processor is located outside the EEA, or where a sub-processor provides services from outside the EEA, such transfer takes place only under the safeguards required by the GDPR, in particular Standard Contractual Clauses and supplementary measures, and, for health data, only where strictly necessary.

If you consent to analytical or marketing cookies on openmedical.cz, Google Tag Manager may load Google Analytics 4 or Google Ads tags and certain data associated with those cookies, such as your IP address, cookie identifiers, and allowlisted interaction events, is transferred to Google LLC in the United States. This transfer takes place under Google’s certification to the EU-US Data Privacy Framework and Standard Contractual Clauses approved by the European Commission. Details are available in our Cookie Policy.

Emails you exchange with our business addresses are processed via Google Workspace, which Google LLC operates from the United States. This transfer takes place under Google’s certification to the EU-US Data Privacy Framework and Standard Contractual Clauses approved by the European Commission.

Where MailerLite uses sub-processors outside the EEA for delivery of marketing emails, those transfers take place under Standard Contractual Clauses approved by the European Commission.

All communication between your device and openmedical.cz passes through the edge network operated by Cloudflare, Inc., which runs global infrastructure including data centers in the EU and the United States. In doing so, Cloudflare processes your IP address, request headers, and other technical data for TLS termination, attack mitigation, bot detection, and content delivery. The transfer may include processing in the United States under Cloudflare's certification to the EU-US Data Privacy Framework and Standard Contractual Clauses approved by the European Commission.

Telephone calls with our team and the related contact records are processed by CloudTalk s. r. o., headquartered in the Slovak Republic (EU). For voice routing and recording storage, CloudTalk may rely on sub-processors located outside the EEA, in particular Twilio Inc. and Amazon Web Services, Inc. with infrastructure in the United States. Those transfers take place under the EU-US Data Privacy Framework, Standard Contractual Clauses approved by the European Commission, and the supplementary measures described in the CloudTalk data processing agreement.

What happens when your client relationship ends

When you terminate your client relationship with OpenMedical, or we terminate it in line with our Terms of Service, the following applies. Before the client account is deactivated, you can request a final export of your account data and download any documents you have uploaded to the portal. The client portal remains accessible for a 30-day transition period after termination, during which you can complete any outstanding downloads or requests; we will confirm the exact timing in writing.

After the transition period, the portal login is closed and active processing of your account stops. Communications and account data are retained for the legal periods set out above and then deleted or anonymised. Copies of medical documentation held by partner providers must be requested directly from those providers under the rules of Section 65 of Act No. 372/2011 Coll.; we will, on request, help you identify the relevant partner.

Right of Access

You have the right to know what data about you we process, for what purpose, for how long, where it was obtained, and to whom it is transferred. Upon request, we will provide a copy of your processed personal data without undue delay. For repeated or excessive requests, we may charge a reasonable fee to cover administrative costs. Access to your medical documentation held by a partner provider is exercised at that partner provider under the rules of Section 65 of Act No. 372/2011 Coll.

Right to Rectification

If you believe any of your personal data is inaccurate or incomplete, you have the right to request correction or completion without undue delay.

Right to Restriction of Processing

You may request restriction of processing in specific cases, for example when you contest the accuracy of your data, when processing is unlawful but you prefer restriction over deletion, when we no longer need the data but you need it for legal claims, or when you have objected to processing and verification is pending.

Right to Object

You may object to processing based on our legitimate interests or carried out in the public interest. If you object, we will only continue processing where we can demonstrate compelling legitimate grounds or where processing is necessary for the establishment, exercise, or defence of legal claims. If you object to direct marketing, we will stop immediately. For processing based on a legal obligation, this right does not apply.

Right to Erasure ("Right to Be Forgotten")

You have the right to have your personal data erased in certain cases, particularly when we no longer need it or when you have withdrawn consent and there is no other legal basis for processing. This right does not apply where processing remains necessary to comply with our legal obligations, for archiving in the public interest, scientific research, or for the establishment, exercise, or defence of legal claims.

Right to Data Portability

Where processing is based on consent or on a contract and is carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Office for Personal Data Protection (www.uoou.cz) at any time if you believe your data is being processed unlawfully.