RIGHTS OF DATA SUBJECTS IN CONNECTION WITH THE PROCESSING OF PERSONAL DATA
According to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) each data subject is granted certain rights in connection with the processing of their personal data.
Below is information on the rights you are granted in connection with processing your personal data by Klinika Flebologii sp. z o.o. (“Controller”), including the manner and conditions of their implementation. Legal provisions, including the GDPR, may also provide for other conditions that must be met to exercise a given right.
In case of any queries regarding rights you are granted in connection with the processing of your personal data by the Controller and the manner of their implementation, please contact the Data Protection Officer:
1. in writing at Klinika Flebologii, ul. Wawelska 5, 02-034 Warszawa, Poland, with the annotation „IOD”;
2. via e-mail at: firstname.lastname@example.org;
3. by phone at: (+48) 535 443 338.
RIGHT TO ACCESS YOUR PERSONAL DATA
You are entitled to obtain confirmation as to whether or not we are processing your personal data.
If we process your personal data, you are entitled to access them and obtain information on the terms and conditions of your data processing. Such information should be easily accessible and easy to understand, which means that clear and plain language should be used. Such information should include, among others, the purpose of the processing, categories of personal data, recipients of data transfers, or retention period.
We will provide you with a copy of your personal data undergoing processing at your request. The right to obtain a copy of personal data shall not adversely affect the rights and freedoms of others.
RIGHT TO RECTIFICATION (CORRECTION) YOUR PERSONAL DATA
Processing of incorrect data may infringe on your interests. Therefore, if your personal data that we process are incorrect, you have the right to obtain the rectification of such inaccurate personal data. If your request is justified, we must correct your data without delay.
The rectification of your personal data will be notified to the recipients to whom your data have been disclosed unless this proves impossible or would involve a disproportionate effort.
RIGHT TO THE COMPLETION OF YOUR PERSONAL DATA
We make every effort to ensure that, to the extent it is necessary to achieve legitimate purposes, the personal data we process is complete. If your personal data we process are incomplete, you have the right to have them completed, including by means of providing a supplementary statement.
The completion of your personal data will be notified to the recipients to whom your data have been disclosed unless this proves impossible or would involve a disproportionate effort.
RIGHT TO ERASURE (“RIGHT TO BE FORGOTTEN”)
At your request, we have an obligation to erase your personal data without undue delay where one of the following grounds applies:
1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
2. the consent for processing has been withdrawn, and there is no other legal ground for the processing;
3. you effectively objects to the processing;
4. the personal data have been unlawfully processed;
5. the personal data have to be erased for compliance with Controller’s legal obligation;
6. personal data have been collected in relation to the offer of information society services.
In the events specified in the provisions of the GDPR, we can refuse to erase your personal data. We will refuse to erase your personal data if the processing is necessary:
1. for compliance with a legal obligation or the performance of a task carried out in the public interest, which concerns, among others, a legal obligation to retain medical records;
2. for the establishment, exercise, or defense of legal claims.
The erasure of your personal data will be notified to the recipients to whom your data have been disclosed unless this proves impossible or would involve a disproportionate effort.
RIGHT TO RESTRICTION OF PROCESSING
The processing of your personal data will be restricted where one of the following applies:
1. the accuracy of the personal data is contested by you – for a period enabling us to verify the accuracy of the personal data;
2. the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
3. we no longer need your personal data for the purpose of processing, but you require them for the establishment, exercise, or defense of legal claims;
4. you have objected to processing – pending the verification of whether the object is effective.
Where processing has been restricted, we can process your personal data:
1. with your consent;
2. for the establishment, exercise, or defense of legal claims or the protection of the rights of another person
3. for reasons of important public interest;
with the exception of storage.
RIGHT TO DATA PORTABILITY
You are entitled to receive your personal data, which you provided to us, and to transmit those data to another controller. your personal data will be provided in a structured, commonly used, and machine-readable format. This right is granted to you when the processing is carried out by automated means based on your consent or a contract concluded with us.
Where technically feasible, at your request, we will transmit your personal data directly to another Controller.
RIGHT TO OBJECT
Where the processing is based on Article 6(1)(e) of the GDPR (processing is necessary for the performance of a task carried out in the public interest) or Article 6(1)(f) of the GDPR (our legitimate interests), you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data.
In such a case, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
Where personal data are processed for direct marketing purposes, you are entitled to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. In such a case, your personal data will no longer be processed for such purposes.
RIGHT TO LODGE A COMPLAINT
Where you believe the processing of your data violates legal provisions, you are entitled to complain to the competent authority, the President of the Personal Data Protection Office. The complaint can be submitted in writing or electronic form.
A written complaint should be sent to Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa.
For more information on lodging complaints, please see the information on the Personal Data Protection Office website, available at https://uodo.gov.pl in the “Complaints” tab.
RIGHT OF WITHDRAWAL OF THE CONSENT
Where the processing is based on your consent, you are entitled to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
RIGHT TO OBTAIN AN INFORMATION ON THE BREACH
The safety and confidentiality of your data are our top priority. We will inform you about the data protection breach in which your personal data are involved when it is likely to result in a high risk to your rights and freedoms.