In accordance with Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) we kindly inform you that:

1.            the Controller of your personal data is Klinika Flebologii sp. z o.o., a limited liability company duly organized and existing under the laws of Poland, with its principal office located at 5 Wawelska St, 02-034 Warsaw, Poland, tax identification No. (NIP): 7010498962, registered in the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register under company registration No.: KRS: 0000568625 (“Controller”). You can contract the Controller:

a)            in writing at Klinika Flebologii, ul. Wawelska 5, 02-034 Warszawa, Poland;

b)           via e-mail at:;

c)            by phone at: (+48) 735 998 880 or (+48) 22 417 10 00;

2.            the Controller appointed Data Protection Officer, who is responsible for all matters relating to the processing of personal data. In case of any queries regarding the processing of your personal data by the Controller or your rights related to the processing of personal data, please contact the Data Protection Officer:

a)            in writing at Klinika Flebologii, ul. Wawelska 5, 02-034 Warszawa, Poland, with the annotation „IOD”;

b)           via e-mail at:;

c)            by phone at: (+48) 535 443 338;

3.            the Controller process your personal data, that is, image and the time and place of the incident to enhance the safety of the patient, employees of the Controller, and other persons in the monitored area and to increase the protection of the property therein, i.e., under Article 6(1)(e) of the GDPR (processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the Controller) and Article 6(1)(f) of the GDPR (processing is necessary for the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child);

4.            video surveillance covers entrances and exits of the Controller’s healthcare facility, traffic routes, as well as registration and waiting areas. There are signs on the premises of the Controller’s healthcare facility indicating that the facility is monitored;

5.            personal data are recorded by surveillance cameras which record images continuously. Only the image is recorded and stored. Access monitoring registers the entries and exits of authorised persons;

6.            personal data in the form of records are stored for a period of 3 months;

7.            the Controller secures and makes personal data available only to the relevant authorities authorised by the applicable law, for example, law enforcement, prosecution authorities, or the court. Apart from these entities, the recipients of your personal data may be employees and associates of the Controller. The Controller shall not disclose your personal data to other recipients;

8.            the Controller shall keep your personal data confidential and prevent unauthorised access to them by third parties in accordance with the applicable legislation;

9.            your personal data shall not be transferred to entities outside the European Economic Area or to international organizations;

10.          your personal data shall not be used for automated decision-making, and no profiling will be made based on your personal data;

11.          according to the legislation of data processing and to the extent specified there, you, as a data subject, have the following rights: the right to access to your personal data, to the rectification of any information you believe, is inaccurate (correction), to the completion of the information you believe is incomplete, to the erasure and the restriction of processing of your personal data, to data portability, as well as the right to obtain a copy of your data, to object to the processing of your personal data, and where the processing is based on your consent, you are entitled to withdraw consent at any time (the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal). If you believe that the processing of your data violates legal provisions, you are entitled to complain to the competent authority, the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa, Poland). For more information on the rights of the data subject, please see the list of rights available at our website in the Personal Data tab;

12.          providing your personal data is voluntary; however, it is necessary, due to technical reasons, in order to stay at the healthcare facility of the Controller.