INFORMATION CLAUSE PROCESSING OF PERSONAL DATA IN CONNECTION WITH MEDICAL SERVICES
In accordance with Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") we kindly inform you that:
1. the Controller of your personal data is Klinika Flebologii sp. z o.o., a limited liability company duly organized and existing under the laws of Poland, with its principal office located at 5, Wawelska St, 02-034 Warsaw, Poland, tax identification No. (NIP): 7010498962, registered in the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register under company registration No.: KRS: 0000568625 ("Controller"). You can contract the Controller:
a) in writing at Klinika Flebologii, ul. Wawelska 5, 02-034 Warszawa, Poland;
b) via e-mail at:
rejestracja@klinikaflebologii.pl;
c) by phone at: (+48) 735 998 880 or (+48) 22 417 10 00;
2. the Controller appointed Data Protection Officer, who is responsible for all matters relating to the processing of personal data. In case of any queries regarding the processing of your personal data by the Controller or your rights related to the processing of personal data, please contact the Data Protection Officer:
a) in writing at Klinika Flebologii, ul. Wawelska 5, 02-034 Warszawa, Poland, with the annotation „IOD”;
b) via e-mail at: iod@klinikaflebologii.pl;
c) by phone at: (+48) 535 443 338;
3. we may process your personal data for the following purposes:
a) booking an appointment for medical services (Article 6(1)(b) of the GDPR), which applies to general identification data (name and last name, e-mail address, phone number). The Controller retains such data until the service is provided, and if the service is not provided, for a period of up to 3 months from the planned date of providing the service;
b) conclusion and performance of medical services agreement (Article 6(1)(b) of the GDPR and Article 9(2)(h) of the GDPR), which applies to general personal data (name, last name, date of birth, Personal Identification No. (PESEL), gender, type, series and number of an identity document, address of residence, e-mail address, phone number, etc.) and sensitive data (data about health, genetics; the Controller may also process data revealing racial or ethnic origin, religious beliefs, workplace or family status data). The data mentioned above is stored for the period of archiving medical records indicated in Article 29 of the Act of November 6, 2008, on patients' rights and the Ombudsman for Patients' Rights, i.e., in principle for 20 years;
c) exercising the patient's rights (Article 6(1)(c) of the GDPR and Article 9(2)(c) and (h) of the GDPR), which concerns information on health and keeping, archiving, and sharing medical records. The data mentioned above is stored for the period of archiving medical records indicated in Article 29 of the Act of November 6, 2008, on patients' rights and the Ombudsman for Patients' Rights, i.e., in principle for 20 years.
Apart from the above, the Controller processes personal data only in order to comply its legal obligations (Article 6(1)(c) of the GDPR), including tax obligations, as well for the purposes of the legitimate interests of the Controller (Article 6(1)(f) of the GDPR), including, among others, (i) transfer of data to the payment services provider due to providing online payment infrastructure, handling and settlements of online payments made by the patients using electronic payment instruments, monitoring the proper performance of the contracts concluded with the Controller, in particular protection of payers’ interests in connection with their complaints, (ii) establishing, pursuing claims or defending against claims;
4. the Controller shall keep your personal data confidential and prevent unauthorised access to them by third parties in accordance with the applicable legislation;
5. your personal data shall not be transferred to entities outside the European Economic Area or to international organizations;
6. your personal data shall not be used for automated decision-making, and no profiling will be made based on your personal data;
7. your personal data may be transferred to our employees and associates, that is, to people with whom we cooperate in business activity, as well as third-party service providers whose services we use when processing your personal data, e.g., IT service providers or payment services providers, and other entities processing personal data on our behalf under the data processing agreement, regulatory bodies or entities entitled to access processed personal data under separate legal provisions;
8. according to the legislation of data processing and to the extent specified there, you, as a data subject, have the following rights: the right to access to your personal data, to the rectification of any information you believe, is inaccurate (correction), to the completion of the information you believe is incomplete, to the erasure and the restriction of processing of your personal data, to data portability, as well as the right to obtain a copy of your data, to object to the processing of your personal data, and where the processing is based on your consent, you are entitled to withdraw consent at any time (the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal). If you believe that the processing of your data violates legal provisions, you are entitled to complain to the competent authority, the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa, Poland). For more information on the rights of the data subject, please see the list of rights available at our website in the Personal Data tab;
9. providing your data indicated in point 3 (a) and (b) above is necessary in order to conclude and perform a medical services contract, and in the remaining scope, the basis for processing is a legal provision.