Privacy policy

Below you will find information about the processing of personal data at KARDIOTEL Medical Center Ltd. with the BLIKPOL Branch. They have been prepared in accordance with the provisions of Article 13 and 14 of the General Data Protection Regulation 2016/679 (GDPR).

Administrator data

Administrator of personal data processed for all purposes outlined in the Privacy Policy is:

KARDIOTEL Medical Center Ltd.
ul. Jana z Kolna 16
81-741 Sopot
Phone: +48 58 550 46 73
Email: biuro@kardiotel.pl
Website: www.kardiotel.pl
www.blikpol.pl

Data Protection Officer

For all matters related to the protection of personal data at CM KARDIOTEL-BLIKPOL, you can contact the Data Protection Officer at: biuro@kardiotel.pl

Information on the processing of patient data at CM Kardiotel-Blikpol

Cele przetwarzania danych osobowych i podstawa prawna przetwarzania

Purposes of processing personal data and legal basis for processing

Patients’ personal data may be processed for the following purposes:

Provision of healthcare services and maintenance of medical documentation,

Verification of entitlement to receive and settlement of provided healthcare services,

Communication regarding the coordination of healthcare services, including organization of healthcare provision, assessment of patient well-being after provision of services, patient satisfaction surveys,

Performing other auxiliary activities related to the provision of healthcare services, including providing functionalities of the online appointment scheduling service, as well as activities related to maintaining the teleinformatics system,
based on the provisions of Article 6(1)(b) and (c) (applies to patients who individually finance healthcare services), Article 6(1)(c) (applies to patients whose healthcare services are financed based on an agreement with the National Health Fund), and Article 9(2)(h) of the General Data Protection Regulation 2016/679 (GDPR), Article 3 of the Medical Activity Act, and Article 24 of the Patient Rights and Patient Ombudsman Act, and

Marketing purposes, receiving commercial information, receiving electronically a survey regarding the opinion on the provided service, based on the patient’s consent (Article 6(1)(a) of the GDPR).

Providing personal data to the extent related to entering into a contract for the provision of healthcare services is voluntary and is a condition for concluding the contract. Providing personal data to the extent related to the provision of healthcare services, including the maintenance of medical documentation, is a legal requirement and is necessary for the proper provision of healthcare services.

Providing personal data to the extent related to marketing purposes, receiving commercial information, receiving electronically a survey regarding the opinion on the provided service, is voluntary.

Information about recipients of personal data

Personal data of patients of CM KARDIOTEL-BLIKPOL may be transferred to:

• to healthcare entities cooperating with CM KARDIOTEL-BLIKPOL to ensure continuity of treatment and availability of healthcare services,
• to technical and organizational service providers enabling the provision of healthcare services and the management of medical documentation, especially providers of teleinformatics services, suppliers and service providers of medical equipment, courier and postal companies,
• to authorized individuals for obtaining information about health status and planned and provided healthcare services, as well as individuals authorized to access medical documentation,
• to entities authorized under the provisions of the law,
• to legal and advisory service providers and those supporting CM KARDIOTEL-BLIKPOL in asserting rightful claims or defending rights (in particular law firms and debt collection companies).

Transfer of personal data to third countries or international organizations

Due to the fact that CM KARDIOTEL-BLIKPOL uses subcontractors’ services in providing its services, patients’ personal data may be transferred outside the European Economic Area. CM KARDIOTEL-BLIKPOL ensures that in such cases, the transfer of data will be based on an appropriate agreement between CM KARDIOTEL-BLIKPOL and the entity outside the EEA or an agreement between the subcontractor and the entity outside the EEA, containing standard data protection clauses adopted by the European Commission or based on a decision by the European Commission that the country outside the EEA to which the data is transferred provides an adequate level of protection.

Period for which personal data will be retained

Patients’ personal data, to the extent that they are related to the conclusion of a contract for the provision of healthcare services, are retained for the period of limitation of any claims.

Patients’ personal data collected in medical records are kept for the period required by law for the retention of medical documentation.

Rights of patients regarding the processing of personal data

Patients have the right to request access to their personal data, their rectification, deletion, or limitation of processing, as well as the right to object to their processing and the right to data portability.

If the processing of personal data is based on the patient’s consent, the patient has the right to withdraw consent at any time without affecting the lawfulness of the processing carried out based on the consent before its withdrawal.

The right to request rectification, deletion, or limitation of the processing of personal data, as well as the right to object to the processing of data contained in medical records, is granted to the patient unless it violates the obligation of the Administrator to retain medical documentation.

Web Analytics

The administrator monitors the quality of services provided by themselves because they care about meeting patients’ expectations. For this purpose, statistics on the use of individual functions of the website are conducted using:

• internal analytical tools,
• statistical tools provided by partners providing analytical services.

To achieve this goal, data regarding visitor activity on the website are processed. The legal basis for data processing is Article 6(1)(f) of the GDPR, i.e., the legitimate interest of the administrator, consisting of facilitating customers’ use of services provided by the administrator electronically and improving the functionality of these services.

Cookies

On the Administrator’s websites, technology is used to store and access information on the visitor’s computer or other device connected to the network to ensure maximum visitor comfort when using the website, including for statistical purposes. During a visitor’s visit to the website, data regarding the visit may be automatically collected, such as browser type, operating system type, IP address, visitor identifier, and other information transmitted via the http protocol. Additionally, the Administrator may process usage data or information about the device’s location used to access the website. The cookies used on the website are not harmful to the visitor or the visitor’s computer/device, so it is recommended not to disable them in browsers. Two types of cookies are used on the website: session cookies, which remain stored on the visitor’s computer or mobile device until they log out of the website or turn off the software (web browser), and persistent cookies, which remain on the visitor’s device for a specified period or until manually deleted in the web browser. Cookies allow the Administrator to ensure the proper functioning of the website, improve the speed and security of using the website, and use marketing tools.

There is a possibility to delete all cookies stored on the end device. In the browser settings, you can accept or reject all future cookies, but it should be noted that by disabling cookies, some content of the pages may become unavailable. Below are links to information on controlling cookies in specific browsers:

• Internet Explorer:  https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-managecookies
• Chrome:  https://support.google.com/chrome/answer/95647?hl=en&p=cpn_cookies
• Firefox:  https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?redirectlocale=en-
US&redirectslug=Enabling+and+disabling+cookies
• Safari:  https://support.apple.com/?path=Safari/5.0/en/9277.html

Profiling for marketing purposes, including on the website and social media

CM KARDIOTEL-BLIKPOL processes personal data of users visiting the administrator’s profiles on social media (e.g., Facebook) as well as on the website. These data are processed solely for the purpose of managing the profile, including informing users about the Administrator’s activities and promoting various events, services, and products, as well as communicating with users through functionalities available on social media. Please note that the Administrator uses profiling tools to personalize content and advertisements and to analyze traffic on the website and the internet.

You can opt out of interest-based advertising by visiting the following websites:
https://adssettings.google.com/
http://www.networkadvertising.org/choices
http://www.youronlinechoices.com

Your data may be transferred to third countries (including the USA) in connection with: actions taken on social media platforms and the use of plugins and other tools from these platforms (e.g., Facebook, Twitter); the use of analytical tools and tools for anonymized tracking of user behavior, especially such as Google Analytics and Google AdWords.

INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA OF INDIVIDUALS APPLYING FOR EMPLOYMENT AT CM KARDIOTEL-BLIKPOL (“CANDIDATES”)

Purposes of personal data processing and legal basis for processing

Candidates’ personal data is processed for the purpose of conducting the recruitment process and establishing an employment relationship, based on consent (Article 6(1)(a) of the General Data Protection Regulation 2016/679 (GDPR)).

Providing personal data is voluntary but necessary for the achievement of the purpose.

Information about recipients of personal data

Candidates’ personal data may be disclosed to entities authorized under the law as well as to technical and organizational service providers, especially IT service providers, courier and postal companies, and the primary occupational health service provider.

Period for which personal data will be stored

Candidates’ personal data is stored:

– until the end of the recruitment process for individuals who have consented to the processing of their personal data for the purposes of that specific recruitment process,

– for a period of 1 year from the last day of the year in which the candidate provided their data to CM KARDIOTEL-BLIKPOL, for individuals who have consented to the processing of their personal data for future recruitment processes.

Rights of candidates in relation to the processing of personal data

Candidates have the right to request access to their personal data, their rectification, erasure, or restriction of processing, or to object to processing, as well as the right to data portability.

Candidates have the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Information about the right to lodge a complaint with the supervisory authority

PATIENTS, AUTHORIZED INDIVIDUALS, CUSTOMERS, CONTRACTORS, EMPLOYEES, AND JOB APPLICANTS have the right to lodge a complaint with the supervisory authority:

President of the Office for Personal Data Protection (UODO)

ul. Stawki 2

00-193 Warszawa

tel. 22 531 03 00

fax. 22 531 03 01

kancelaria@uodo.gov.pl

www.uodo.gov.pl

Office hours: 8:00 AM – 4:00 PM

Helpline: 606-950-000