In connection with the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection “GDPR”), we inform you about the rules for the processing of your personal data and about your rights related to this.
The following rules apply from May 25, 2018.
The administrator of patients’ personal data is Barwijuk Clinics Sp. z o.o. Sp.k., ul. Puławska 488, 02-844 Warsaw, NIP: 9512470819 REGON: 381520483.
Patient’s personal data is used for the following purposes and on the following legal grounds:
- establishing patients’ identities in accordance with the requirements of the Act on Patient Rights and the Patient Ombudsman, which is a legal obligation (Article 6 (1) (c) of the GDPR in connection with Article 9 (2) (h) of the GDPR),
- keeping medical records in accordance with the requirements of the relevant provisions of law, including the Act on patient rights and the Ombudsman for Patients and the Regulation of the Minister of Health of 9 November 2015 on the types, scope and models of medical documentation and how to process it, which is a legal obligation ( art.6 par.1 lit.c RODO in connection with art.9 par.2 lit.h RODO),
- contacting in connection with the business and benefits provided, including appointments, which constitutes a legitimate legal interest (Article 6 (1) (f) of the GDPR).
- The personal data processed may include all personal data necessary for conducting medical activity, including data on the state of health. The personal data administrator has a statutory obligation to keep personal data secret.
- The administrator informs that providing personal data necessary to keep medical records is mandatory – without providing personal data, the administrator will not be able to fulfill his obligations, and as a consequence may refuse to make an appointment or provide medical treatment.
- The administrator informs that in connection with legal regulations, personal data will be stored for at least 20 years from the last entry in the medical documentation.
The administrator may transfer patient data to entities that provide services related to business support to him. In particular, this applies to IT support services or support provided by an administrator of operations. Personal data may also be transferred to other medical entities in order to ensure continuity of medical care. In addition, personal data may be disclosed to persons indicated by the patient.
- The administrator informs about the right to lodge a complaint to the supervisory body, which is the President of the Office for Personal Data Protection. The administrator also informs about the right to access personal data, the right to delete them and limit processing. The administrator also informs about the right to object to processing and the right to transfer data to another data controller.
- If the patient makes an appointment via the medifem.erecepcja.pl portal, the administrator has obtained the patient’s personal data from this portal. Acquiring personal data was necessary to arrange and complete the visit. The personal data obtained from the medifem.erecepcja.pl portal included name, email address and telephone number.
- Patient online registration is done via a digitized ssl connection. The data is stored on nazwa.pl servers based on an agreement with Erecepcja.pl, a system for intentional patient registration. Erecepcja.pl is responsible for data security. – Dux Company Piotr Jędrzejczyk, Piłsudskiego 135, 92-318 Łódź, NIP 7282194851.