Privacy policy

Privacy policy

At the Phlebology Clinic, we attach great importance to the protection of privacy and personal data. We process personal data in accordance with legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) ("RODO").

In order to ensure transparency and fairness in the processing of personal data, we have provided information below regarding the processing of personal data in connection with the use of our website https://klinikaflebologii.pl/.

DATA OF THE ADMINISTRATOR

The Administrator of your personal data is Klinika Phlebologii spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, ul. Wawelska 5, 02-034 Warsaw, holding tax identification number (NIP): 7010498962, entered in the register of entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number: 0000568625 ("Administrator"). Contact with the Administrator is possible:

  1. by mail to: Clinic of Phlebology, 5 Wawelska Street, 02-034 Warsaw, Poland;
  2. by e-mail to: rejestracja@klinikaflebologii.pl;
  3. by telephone on the following numbers: (+48) 735 998 880 or (+48) 22 417 10 00.

DATA PROTECTION OFFICER

The Controller has appointed a Data Protection Officer. The Data Protection Officer is responsible for all matters relating to the processing of personal data by the Controller.

The function of Data Protection Officer is performed by Alicja Wozniak.

If you have questions about the manner or extent of the processing of your personal data in the course of the Administrator's activities, or about your rights in this regard, you may contact the Data Protection Officer:

  1. by post to: Clinic of Phlebology, 5 Wawelska Street, 02-034 Warsaw, marked "IOD";
  2. by e-mail to: iod@klinikaflebologii.pl;
  3. by telephone at (+48) 535 443 338.

PURPOSES AND GROUNDS FOR PROCESSING PERSONAL DATA

We may process your personal data for the following purposes:

  1. to enable you to use the prescription order form which is available on our website, i.e. on the basis of Article 6(1)(b) RODO (processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract), Article 6(1)(c) RODO (processing is necessary for compliance with a legal obligation incumbent on the controller) and, as regards sensitive data, also on the basis of Art. 9(2)(h) RODO (processing is necessary for the purposes of preventive health or occupational medicine, assessment of the employee's fitness for work, medical diagnosis, provision of health care or social security, treatment or management of health care or social security systems and services under Union or Member State law or pursuant to a contract with a health care professional and subject to the conditions and safeguards referred to in Article 9(3) RODO). On this basis, we may process your name and surname, your PESEL number, as well as your health data regarding the medicinal products you are taking; the aforementioned data will be processed for the archiving period of your medical records as indicated in Article 29 of the Act of 6 November 2008 on Patients' Rights and Patients' Ombudsman, i.e. in principle for 20 years;
  2. issuing and storing invoices and other accounting documents, i.e. on the basis of Article 6(1)(c) of the RODO (processing is necessary for the fulfilment of a legal obligation incumbent on the controller). On this basis, we may process your identification and financial data, such as your name, surname, correspondence address, e-mail address, telephone number, bank account or payment card number, the designation of the bank that maintains the bank account or is the issuer of the payment card. We will process the aforementioned data for the period required by law (e.g. tax law), as a rule for 5 years counting from the end of the calendar year in which the deadline for payment by the Administrator of the tax due for the delivery of the service (goods) documented by the aforementioned invoice or accounting document expired;
  3. to conduct correspondence with you, including via the contact form, to archive correspondence and to handle complaints, i.e. on the basis of Article 6(1)(f) of the RODO (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data). On this basis, we may process your name, email address, telephone number, and other personal data indicated in correspondence addressed to us, which we will process until we no longer need to contact you, but for no longer than 3 months after such contact has ceased;
  4. the handling of complaints regarding the services we provide or the goods we sell, i.e. on the basis of Article 6(1)(c) RODO (processing is necessary for the fulfilment of a legal obligation incumbent on the controller), which includes the handling of your complaints, bookkeeping and settlements of complaints handled, or Article 6(1)(f) RODO (processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where these are overridden by the interests or fundamental freedoms of the person concerned. (f) RODO (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data), which includes the establishment, defence or assertion of claims which may arise in the relationship between you and the controller. Based on the aforementioned grounds, we may process your identifying or financial data that is indicated in the complaint or that is necessary for the investigation of the complaint or the establishment or defence of our rights. We will process the aforementioned data for the duration of the complaint, unless we are obliged by law to process personal data for longer, or we process personal data for longer in connection with your potential claim, until it is time-barred in accordance with the law, in particular the Civil Code;
  5. job recruitment, i.e. on the basis of Article 6(1)(b) RODO (processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract). On this basis, we process your data to the extent that they include your first name(s) and surname, date of birth, contact details, education, professional qualifications and previous employment history. We process the remaining data contained in the application on the basis of your consent (Art. 6(1)(a) RODO). With your consent, we also process the aforementioned data for future recruitment purposes. We process the aforementioned personal data until the recruitment is completed, not longer than for a period of 6 months, and in the case of your consent to process the data also for the purposes of future recruitment, until you revoke your consent.
  6. direct marketing based on your consent to receive commercial information in connection with our satisfaction survey, i.e. on the basis of Article 6(1)(f) of the (f) RODO (the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data), and additionally, on the basis of the aforementioned provision, also for the purpose of establishing, defending or asserting claims that may arise within the relationship between you and the controller. Based on the aforementioned basis, we may process your basic identification data (name, surname, e-mail address) or other data necessary to establish or defend our rights. We will process the aforementioned data until we have carried out a satisfaction survey or you have withdrawn your consent to receive commercial communications, whichever comes first, unless we are obliged by law to process your personal data for longer or we process your personal data for longer in connection with a potential claim, until it is time-barred in accordance with the law, in particular the Civil Code.

In all other cases, i.e. where personal data is collected for a different purpose or on a different basis, we set out the aforementioned information in the relevant information clauses that we provide when collecting the data.

In particular, this applies to the processing of personal data in connection with the provision of health services by the Administrator, i.e. for the purposes of booking a date for the provision of health services, the conclusion and performance of a contract for the provision of health services, the exercise of the patient's rights, as well as scientific research involving the safety and efficacy of the medical procedures used, the principles of which are described in detail in the information clause concerning the processing of personal data in connection with the provision of health services, the electronic version of which is available on the Administrator's website under "Personal Data" (https://klinikaflebologii.pl/Dane-osobowe/Swiadczenia-zdrowotne).

DATA PROCESSING PRINCIPLES AND PROFILING

We keep the personal data provided to us confidential and secure it from unauthorised access by third parties under the terms of the applicable legislation, including the RODO.

Your personal data will not be processed by automated means and will not be profiled.

TRANSFER OF PERSONAL DATA

The recipients of your personal data may be:

  1. our employees and associates, i.e. persons with whom we work, and our service providers, i.e. entities whose services we use to process your personal data, e.g. ICT service providers;
  2. entities that process your personal data on our behalf under an entrustment agreement for the processing of personal data;
  3. institutions entitled to control our activities or entities entitled to obtain personal data on the basis of separate regulations.

Your personal data may be transferred to entities whose services we use in the course of processing your personal data, which are based outside the European Economic Area ("EEA"). The aforementioned countries may not offer the same level of personal data protection as EEA countries. We make every effort to ensure that the transfer of this data does not lead to a lowering of the level of protection guaranteed by the RODO. Consequently, your data may only be transferred to third countries or entities for which an adequate level of data protection has been established by a decision of the European Commission. A list of countries for which the European Commission has issued a decision confirming the adequacy of data protection can be found on the website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en#relatedlinks.

If no such decision has been issued with regard to a third country, personal data may be transferred to that country only on the basis of binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the Polish supervisory authority and approved by the European Commission, an approved code of conduct or an approved certification mechanism. In the absence of adequate safeguards in the country to which the data is to be transferred, the transfer will be based on your consent. Before giving your consent, we will inform you of the risks involved in such a transfer.

POWERS RELATING TO PROCESSING

You have the following rights in relation to the processing of your personal data:

  1. access to personal data concerning you, rectification (amendment), completion if incomplete, deletion or restriction of processing, portability of the data and to receive a copy of the data;
  2. to object to the processing;
  3. lodge a complaint with the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw) concerning our activities if you believe that the processing of your data violates the law;
  4. where the processing is based on your consent, to withdraw your consent to the processing of personal data (withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal).

The aforementioned rights are available to you to the extent set out in the law, including the RODO. The law, including the RODO, may stipulate conditions that must be met for the exercise of a particular right.

You are not obliged to provide us with your personal data. However, please note that if you refuse to provide it, we may not be able to provide certain services to you.

For more information on your rights in relation to the processing of your personal data, please refer to the List of Rights published on the Controller's website under Personal Data.