Health services

Health services

INFORMATION CLAUSE PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE PROVISION OF HEALTH SERVICES

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) ("RODO"), we kindly inform you that:

  1. The administrator of your personal data is Klinika Phlebologii spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, ul. Wawelska 5, 02-034 Warsaw, holding tax identification number (NIP): 7010498962, entered in the register of entrepreneurs kept by the District Court for the City of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number: 0000568625 ("Administrator"). Contact with the Administrator is possible:
  1. by mail to: Clinic of Phlebology, 5 Wawelska Street, 02-034 Warsaw, Poland;
  2. by e-mail to: rejestracja@klinikaflebologii.pl;
  3. by telephone on the following numbers: (+48) 735 998 880 or (+48) 22 417 10 00;
  1. The Controller has appointed a Data Protection Officer. The Data Protection Officer is responsible for all matters relating to the processing of personal data by the Controller. If you have questions about how or to what extent your personal data is being processed in the course of the Administrator's activities, or about your rights in relation to it, you may contact the Data Protection Officer:
  1. by post to: Clinic of Phlebology, 5 Wawelska Street, 02-034 Warsaw, marked "IOD";
  2. by e-mail to: iod@klinikaflebologii.pl;
  3. by telephone at (+48) 535 443 338;
  1. The controller processes your personal data for the following purposes:
  1. the booking of a date for the provision of a healthcare service (Article 6(1)(b) RODO), which concerns basic identification data (name, email address, telephone number). The aforementioned data are stored by the Administrator until the provision of the service and, if the provision of the service does not take place, for a period of up to 3 months after the scheduled date of provision;
  2. the conclusion and performance of the contract for the provision of healthcare services (Article 6(1)(b) RODO and Article 9(2)(h) RODO), which concerns both ordinary data (first name, surname, date of birth, PESEL, gender designation, type, series and number of identity document, address of residence, e-mail address, telephone number, etc.) and sensitive data (data on health status, genetic data; the Administrator may also process data revealing racial or ethnic origin, religious beliefs, concerning the place of work or data on family status). The aforementioned data shall be stored for the period of archiving of medical records indicated in Article 29 of the Act of 6 November 2008 on Patients' Rights and Patients' Rights Ombudsman, i.e. in principle for 20 years. If personal data have been provided to the Administrator in connection with your completion of the patient card provided online, in the event that the healthcare service obliging the Administrator to keep medical records does not take place, the personal data contained in the patient card will be deleted immediately after the healthcare service is cancelled, no later than 3 months from the planned date of service provision;
  3. the exercise of the patient's rights (Article 6(1)(c) of the DPA and Article 9(2)(c) and 9(2)(h) of the DPA), which concerns information about the patient's state of health and the keeping, archiving and making available of medical records. The aforementioned data are kept for the period of archiving of medical records indicated in Article 29 of the Act of 6 November 2008 on Patients' Rights and Patients' Ombudsman, i.e. in principle for 20 years;
  4. scientific research, consisting in conducting scientific research on the safety and efficacy of applied medical procedures, as well as the development of articles, papers, presentations or other types of scientific publications in the field of medicine, which, as far as personal data is concerned, constitutes the fulfilment of the Administrator's legitimate interest (Article 6(1)(f) RODO and Article 9(2)(j) RODO) and concerns basic identification data (first name, surname, year of birth, e-mail address) and data on the state of health contained in the questionnaire for the assessment of the safety and efficacy of a medical procedure. The aforementioned data are kept for no longer than the period of archiving of medical records indicated in Article 29 of the Act of 6 November 2008 on Patients' Rights and Patients' Rights Ombudsman, i.e. in principle for 20 years;
  5. the fulfilment of the legitimate interests of the Administrator, i.e. increasing safety and improving the quality of patient service and establishing, investigating and defending against claims (Article 6(1)(f) RODO and, to the extent that the processing concerns sensitive data, Article 9(2)(a) RODO), which applies to personal data in the form of voice recording and the data recorded using it in connection with the recording of incoming calls to the Administrator's contact numbers. Consent to the recording of a call is given by continuing the call after the recording message has been broadcast. Consent to recording is voluntary but necessary in order to receive the call. The aforementioned data shall be stored for no longer than 3 months from the time of the recording or for the period necessary to complete proceedings under the law or proceedings in which the recordings may or will constitute evidence;
  6. evidential (confirmation of a scheduled visit or treatment), in connection with the establishment, investigation or defence of claims (Art. 6(1)(f) RODO, and, insofar as the processing concerns sensitive data, Art. 9(2)(f) RODO. (f) RODO), which concerns patients' personal data in the form of a voice recording and the data transmitted using it (in particular name, appointment or treatment date, type of appointment or treatment) recorded in connection with the recording of outgoing telephone calls made to confirm a scheduled appointment or treatment with a patient. The aforementioned data shall be stored for no longer than 3 months from the time of the recording or for the period of time necessary to complete proceedings under the law or proceedings in which the recordings may or will constitute evidence;
  7. to establish, assert or defend a claim, which concerns a claim for reimbursement of the deposit paid (Article 6(1)(f) RODO and, to the extent that the processing concerns sensitive data, Article 9(2)(f) RODO), which concerns patients' personal data in the form of name, identification data, data on health status, data on family status and other data contained in documents or a certificate confirming the circumstances justifying the entitlement to reimbursement of the deposit. If the claim is upheld, the data will be processed until the claim is satisfied, otherwise no longer than until the statute of limitations for possible claims.

In addition to the aforementioned purposes, the Administrator processes personal data solely for the purpose of fulfilling the Administrator's legal obligations (Article 6(1)(c) of the DPA), inter alia arising from tax law provisions and the fulfilment of the Administrator's legitimate interests (Article 6(1)(f) of the DPA), including but not limited to the following (i) the transfer of data to a payment operator in connection with the provision to the Administrator of the service of making available the infrastructure for handling payments over the Internet, the handling and settlement of payments made by patients over the Internet using payment instruments, the verification of the due performance of the agreements concluded with the Administrator, in particular ensuring the protection of the interests of the payers in connection with the complaints submitted by them, (ii) the establishment, assertion of claims or defence against claims;

  1. The Administrator shall keep your personal data confidential and protect them from unauthorised access by third parties in accordance with the principles set out in the applicable legislation;
  2. Your personal data contained in the safety and efficacy assessment questionnaire may be transferred to Switzerland on the basis of a decision of the European Commission recognising an adequate level of personal data protection when transferring data to that country. Otherwise, your personal data will not be transferred to a third country (outside the European Economic Area) or to an international organisation;
  3. Your personal data will not be processed by automated means and will not be profiled;
  4. The recipients of your personal data are the Administrator's employees and co-workers, i.e. persons with whom the Administrator cooperates in the performance of his/her professional duties, external service providers, i.e. entities whose services are used by the Administrator to process your data, e.g. providers of IT or payment services, as well as other independent recipients, i.e. entities processing data on behalf of the Administrator on the basis of a personal data processing entrustment agreement, institutions entitled to control the Administrator's activity or entities entitled to obtain personal data on the basis of separate regulations;
  5. In accordance with the principles set out in the personal data protection legislation and to the extent provided therein, the data subject has the right to: access personal data concerning him/her, rectify (amend) them, complete them if they are incomplete, erase or restrict the processing, transfer and receive a copy, object to the processing or withdraw consent to the processing of personal data (if the processing is based on consent; the withdrawal of consent does not affect the legality of the processing performed before the withdrawal). The data subject is also entitled to lodge a complaint with the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw) against the Controller if he/she considers that the processing of personal data violates the provisions of the law. For more information on your rights in relation to the processing of your personal data, please refer to the list of rights published on the Controller's website under Personal Data;
  6. Your provision of data in the scope indicated under point 3 a) and b) above is necessary for the conclusion of a healthcare contract with you and its execution. The provision of data within the scope indicated under point 3 d) (within the scope of the safety and efficacy assessment questionnaire) is voluntary. The provision of personal data to the extent indicated in (i) point 3 f) is voluntary, but failure to do so will prevent you from taking advantage of the opportunity to confirm your appointment by telephone, (ii) in point 3 g) is voluntary, but necessary in order to establish your entitlements and obligations relating to the refund of the deposit. For the rest, the basis for data processing is the law.