The controller of your personal data processed within the scope of coverage of the healthcare provided is HUMAN4HUMAN, based in Poznań at 31 Murawa Street.
hereinafter: ‘Controller’, within the meaning of Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, hereinafter: ‘RODO’.
If you wish to contact us about matters relating to the processing of your personal data, you may do so via the postal address or at the following email address: firstname.lastname@example.org (and where applicable we indicate the contact details for the appointed Data Protection Officer).
Scope and purpose of personal data processing
Your personal data is processed for the purpose of providing you with healthcare as part of the service provided by the physiotherapist. Your personal data shall be processed in the following scope: first name(s), surname, gender, date of birth, PESEL number (if there is no PESEL number the type and number of the document which proves identity), address of residence, in case of a minor also the data of a legal guardian and the data about your health condition and services provided.
We may also process your e-mail address and telephone number for contact purposes, however providing this data is not obligatory.
We keep medical records for you, which contain all information about your health condition and services provided, and in exceptional cases also about e.g. addictions. This is necessary for making a diagnosis and for the proper conduct of your treatment.
Your personal data are processed by the Administrator based on:
– Article 6(1)(b) and (c) and Article 9(2)(h) of the RODO in conjunction with Article 25(1) of the Patient Rights Act and § 10(1)(2) of the MZ Regulation as part of proper registration and provision of health services;
– Article 9(2)(h) of the RODO in conjunction with Article 24(1) of the Patient Rights Act and the MZ Regulation in the maintenance of your medical records;
– Article 6(1)(b) and (f) of the RODO, as the administrator’s so-called legitimate interest in contacting you about appointment reminders, postponements and information about the results of the consultation carried out.
– Article 6(1)(b), (c) and (f) RODO and in connection with the Accounting Act of 29 September 1994 we are entitled to process your data also for the purpose of asserting potential claims in connection with the activity conducted or defending against them as well as for tax purposes.
Profiling and transfer of data to third countries
Profiling consists in the fact that on the basis of the information collected about you we are entitled to create profiles of preferences of our patients whose personal data are in our databases. Based on this, we adjust our services and communications to you. This is always done with human intervention, not by automated means. Remember that the possibility of not being subject to automated decisions in this respect is your fundamental right, which you can exercise at any time.
The Administrator may use services of external entities providing services necessary for proper realization of health services and in this connection your personal data may be transferred outside of the European Union e.g. in case of servicing IT software. We assure you that the transfer of data will be secured in an appropriate manner based on, among others, an appropriate agreement containing standard clauses adopted by the European Commission.
Do I provide my personal data voluntarily or obligatorily?
You provide your personal data on a voluntary basis, however, failure to provide such data may result in refusal to make an appointment or provide a health care service. When providing physiotherapy services the Administrator is obliged to keep medical records in the manner prescribed by law, including marking the identity of the patient using their personal data. Failure to provide a phone number and e-mail address does not affect the provision of health services although in many cases it significantly improves communication and the quality of services provided.
How long we process your personal information
Please note that if you use our services as part of a health service provided to you and a
medical records are created for you, your personal data will be processed by the administrator for at least 20 years from the date of entry in your medical records.
Additionally, the data may be processed by us for the purpose of asserting claims for a period resulting from the provisions of civil law, and due to tax considerations for 5 years calculated from the end of the calendar year in which the tax obligation arose. After the expiry of the aforementioned periods, your data is deleted or made anonymous.
Information about your rights
The Administrator provides you with the right to access your data, you can also correct them, request their deletion or limit their processing. You can also exercise your right to object to the processing of your data to the Administrator and the right to transfer your data to another data controller.
We would also like to inform you that you have the right to lodge a complaint to the supervisory authority supervising the observance of personal data protection regulations, i.e. you may lodge it with the President of the Office for Personal Data Protection by sending a message to the address given below:
Office for Personal Data Protection
Stawki 2 Street
00 – 193 Warsaw