INFORMATION ON PROCESSING OF PERSONAL DATA
Below you will find basic information regarding the processing of your personal data provided in your patient card in connection with the provision of medical services to you, as required by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ECA (General Data Protection Regulation) (OJ EU L. of 2016 No. 119, p.1), hereinafter referred to as RODO.
The administrator of your personal data is Małgorzata Dworak , conducting business under the name Estedent , Al. Krakowska 80 , 05-090 Raszyn.
Contact with the data administrator is possible at the e-mail address: email@example.com at phone number 226445292 , or in writing to the address: Al. Komisji Edukacji Narodowej 96 , 02-777 Warsaw.
Your data, including data on your health, will be processed to provide medical services (diagnosis, consultation, performance of surgery) and to keep medical records – the legal basis for the processing is the necessity of the processing for the purposes of health prevention, medical diagnosis and treatment, providing health care and the management of health care systems and services (art. 9.2.h RODO in connection with art. 3.1 of the Act of 15 April 2011 on medical activity and art. 24 of the Act of 6 November 2008 on Patients’ Rights and Patients’ Rights Ombudsman).
Alternatively, your data may be processed in order to assert claims related to the contract for the provision of medical services concluded with you – then the legal basis for data processing is the necessity of the processing to pursue the legitimate interest of the administrator, which is the possibility to assert claims.
Your data will be stored until the statute of limitations for claims arising from the contract for the provision of medical services or until the expiration of the obligation to store data under generally applicable laws, in particular the obligation to store accounting documents and medical records (depending on which of the above events occurs later).
Your data may be transferred to entities processing personal data on behalf of the controller, on the basis of a contract concluded with the controller and only in accordance with the instructions of the controller (accounting office keeping the controller’s accounts, dental technician performing prosthetic work, medical analysis laboratory). The data contained in the medical records may also be transferred to the entities listed in Article 26 of the Act of 6 November 2008 on Patient’s Rights and Patient’s Rights Spokesman.
Your data will not be transferred to recipients located in countries outside the European Economic Area.
You have the right to access your data, demand their rectification, erasure, restriction of processing (whereby in the period of keeping medical records provided for in Article 29 of the Act of 6 November 2008 on Patient’s Rights and Patient’s Rights Ombudsman, the right to erasure of data and restriction of their processing do not include your data contained in those records). To the extent in which the basis for the processing of your personal data is a legitimate interest of the controller, you have the right to object to the processing of your personal data, which is binding for the controller, unless the controller is able to demonstrate that with respect to your data there are important legitimate grounds that override your interests, rights and freedoms, or your data will be necessary for the establishment, investigation and defense of claims. You also have the right to lodge a complaint to the supervisory authority responsible for the protection of personal data (in Poland: the President of the Office for Personal Data Protection) if you believe that the processing is unlawful. In order to exercise the above rights, please contact the data controller.
In connection with the processing of your personal data, decisions regarding you will not be made in an automated manner (without human involvement).
Providing personal data in connection with the provision of medical services to you is voluntary but necessary to obtain the service.