WE CARE ABOUT YOUR TRUST AND YOUR PRIVACY
We have appointed a data protection officer whose job is to ensure that we comply with the requirements, guidelines, and procedures of the personal data protection regulations.
WHY DO WE PROCESS YOUR DATA?
We process your data so that you can receive healthcare services of the highest quality according to your choice, needs, referrals, agreements, and requirements of regulatory acts. We carry out video surveillance and process your personal data when you visit our regional centres or head office, for your personal safety and for the safety of our employees, customers, and property. Video surveillance is carried out in accordance with strict security and confidentiality rules, using state-of-the-art technology and equipment.
We wish to inform you about various news and current events in relation to our services. E-mails are only sent with your free consent, if you wish to receive the newsletter you must indicate this on our website or in the form. When you receive an e-mail from us, you will always be sent a link with the option to opt out of receiving the newsletter. If you choose this option, your e-mail address will be removed from our database and you will no longer receive information.
We store and record incoming and outgoing correspondence to protect our legitimate interests and/or fulfil our contractual obligations.
If we process personal data for purposes that we have not informed you about in this Policy, we will inform you about the individual processing of that data separately.
WHAT KIND OF DATA PROCESSING DO WE DO?
The categories of personal data we process depend on the services you receive. When you receive healthcare services, pursuant to the requirements of the regulatory acts, we are obliged to process information identifying you and the information that confirms the diagnosis, justifies examinations and treatment, and accurately reflects the results of the treatment. To achieve the purpose of healthcare services, we may process a wide range of personal data, including your name, surname, personal number, contact information, lifestyle, information about past illnesses, information about the healthcare services received and to be received (which doctor, how often, which services selected) and other information that the relevant healthcare professional decides to check and write down in medical records in a specific situation.
When you visit our regional centres or head office, your video and the time of your visit may be processed. Video surveillance is not carried out in areas where you can expect increased privacy, and information stickers are placed in areas where video surveillance is carried out. When you contact us, we may store the content of the message and the information about the means of communication used, which may include, e. g., your email address and telephone number.
We process data on the history of the website use by using online identifiers and the information that you knowingly provide, such as your assessment of the quality of our services.
WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
Data processing is carried out for the purpose of providing healthcare services. Data processing is necessary to enable us to provide you with high-quality healthcare services, to fulfil an agreement we have signed with you, to comply with legal obligations applicable to us, and it may be necessary for preventive or occupational medicine purposes, to assess the employee's ability to work, for diagnosis, medical services, or treatment, or to ensure the management of healthcare systems and services. In certain cases, we may process data to protect our legitimate interests and legitimate interests of third parties.
Data processing through video surveillance is carried out to prevent or solve a crime, in connection with the protection of individuals and property, to ensure the highest standards of customer service, to protect individuals’ legitimate interests and vital interests, including the protection of life and health.
Data processing may be carried out to protect our legitimate interests and the legitimate interests of third parties, e. g., to handle your complaints or to obtain evidence in case of possible claims.
We store and record incoming and outgoing correspondence in order to sign an agreement with you or fulfil it, to comply with legal obligations imposed, and in cases such action is necessary to protect our legitimate interests or the legitimate interests of third parties.
We analyse our website and social media browsing history if such processing is necessary to protect our legitimate interests or the legitimate interests of third parties.
WHO DO WE OBTAIN PERSONAL DATA FROM?
We collect personal data that you give us before you receive a service (including by telephone), during the provision of the service or after you receive the service, and when you visit our branches or head office (video surveillance) and our website (when you subscribe to our newsletter), and when they are sent to us on your behalf by another medical facility or physician.
WHO DO WE PASS YOUR PERSONAL DATA TO?
Law enforcement agencies, courts or other state or municipal bodies, if it arises from regulatory acts, and the bodies concerned are entitled to get the information if it has been specifically requested.
To third parties under an agreement, to perform a function necessary for fulfilment of the agreement (e. g., in case of an insurance contract to pursue the legitimate interests of the Controller; to another medical facility subject to the conditions set out in the Law on Rights of Patients) or if it is necessary to improve service and ensure the provision of high-quality services to clients with the involvement of service providers.
You, as the data subject, according to a clear and unambiguous request.
Courts or other state bodies to protect the legitimate interests. Authorised employees of the Controller, Data Processors, law enforcement bodies and supervisory authorities may receive your data.
We will disclose personal data only to the extent necessary and sufficient, as required by regulatory acts and objective circumstances justified by the specific situation.
We always try to process your personal data within the European Union and the European Economic Area (EU/EEA). Your personal data will not be processed in a country outside the EU/EEA to provide the service you have chosen. The transfer and processing of personal data outside the EU/EEA may occur of there is a legal basis for doing so, i. e., to comply with a legal obligation, to sign or fulfil an agreement or with your consent, subject to appropriate security measures.
HOW LONG DO WE STORE YOUR DATA?
All personal data collected from you will be stored for as long as you use our services or until you withdraw your consent if your personal data is processed on that basis. A longer period of personal data storage is allowed in order to comply with legal requirements for a minimum storage period for documents or information or to protect our legitimate interests.
After this period, we will securely delete your personal data or make it unavailable (archiving) or unidentifiable so that it cannot be linked to you. The storage period for personal data may depend on the agreement we have signed, our legitimate interests or applicable regulatory acts that we are obliged to comply with.
When providing medical services, we comply with specific regulatory acts governing the obligation to store certain data. Please contact us if you would like to get more information.
HOW DO WE PROTECT YOUR DATA?
We maintain, continuously review, and improve security measures to protect your personal data from unauthorised access, accidental loss, disclosure, or destruction. We do this by applying state-of-the-art technology, technical and organisational requirements, including the use of firewalls, intrusion detection software and data encryption.
We thoroughly check all service providers processing your data on our behalf and instruction and evaluate whether the Data Controllers apply appropriate security measures to ensure that your data is processed in accordance with our authorisation and requirements of the regulatory acts. In case of a security incident involving your data, if it involves a possible high risk to your rights and freedoms, we will inform you, if possible, or the information will be published on the Controller's website or by other possible means.
However, we recommend you comply with general computer and internet security rules and requirements for the protection and storage of personal data (particularly personal identification documents) and we will not be liable for unauthorised access and/or loss of your personal data if this happened due to your fault or negligence.
WHAT ARE YOUR RIGHTS?
We consider protecting and respecting your rights to be our priority. We process your data responsibly and will always respect your rights and interests pursuant to regulatory acts.
You have the right to ask us to confirm whether we are processing your personal data and, in such cases, to request access to your personal data that we are processing or to provide information about personal data if direct access is not provided. If you believe that information about you is outdated, incorrect or incomplete, you have the right to ask us to correct it.
You have the right to request to delete your personal data or to object to its processing if you believe that the data has been processed unlawfully or is no longer necessary for the purposes for which it was collected and/or processed.
You have the right to file a complaint with the Data State Inspectorate if you consider that we have unlawfully processed your data. If we process your personal data based on your consent, you have the right to withdraw your consent to the processing of personal data at any time.
You have the right to object to the processing of personal data for the purposes of direct marketing at any time.
You have the right to object to the processing of personal data that we process based on your legitimate interests, but we will continue to process your data even if you object in case we have good reasons to continue processing personal data. Please send us or our data protection officer a written application to exercise the aforesaid rights.
In certain situations, you have the right to request to delete your personal data, but this does not apply in cases where the law requires to store the data. Please send us or our data protection officer a written application to exercise the aforesaid rights.
You have the right to restrict the processing of your personal data in certain circumstances. Please note that if you request to restrict the processing of your data, this may affect your ability to receive our services. Please send us or our data protection officer a written application to exercise the aforesaid rights.
Finally, you have the right to receive or transfer your personal data to another data controller. This right only applies to data that you have provided to us based on your consent or agreement and where processing is automatic. Please send us or our data protection officer a written application to exercise the aforesaid rights.
DO YOU HAVE ANY QUESTIONS?