INFORMATION ABOUT THE DATA CONTROLLER FOR LUXURY CLINIC PATIENTS


In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation – GDPR), we hereby inform you that:

The Controller of your personal data: is:

LUXURY CLINIC
STOMATOLOGIA I MEDYCYNA ESTETYCZNA
Al. Wojska Polskiego 3
44-240 Żory
phone:. 32 46 96 356
LUXURY CLINIC Data Protection Officer
For matters related to data protection, please contact our Data Protection Officer at: praktykastom@poczta.onet.pl


PROVIDING PERSONAL DATA IS A LEGAL REQUIREMENT


The legal basis for processing patients’ personal data is as follows:

  • Article 9(2)(h) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • The Act of 15 April 2011 on Medical Activity
  • The Act of 6 November 2008 on Patients’ Rights and the Patient Ombudsman
  • The Act of 27 August 2004 on Healthcare Services Financed from Public Funds
  • The Act of 28 April 2011 on the Healthcare Information System
  • The Regulation of the Minister of Finance of 3 December 2013 on issuing invoices

The purpose of collecting and processing patients’ personal data is to protect their health, provide medical services, carry out treatment by licensed healthcare professionals, deliver other related medical services and manage the provision of care (e.g. issuing invoices, sending text messages with appointment reminders).

Key categories of personal data processed include: Surname, first name, date of birth, PESEL (personal identification number), home address, telephone number, test results, diagnosis codes, medical categories, medical orders, procedures performed, referring institution, referring physician and data of a legal representative (if applicable).

Recipients of personal data:

  • Other medical entities, to ensure continuity of care
  • Individuals authorised to access health information and medical records
  • Institutions maintaining medical service registers
  • Insurance providers (with the patient’s consent)
  • Public authorities and institutions authorised by law (e.g. NFZ, ZUS)
  • Entities contracted by the Data Controller under data processing agreements for the purpose of delivering services related to the collection and processing of personal data as described above

Data retention period: Personal data is stored in accordance with applicable legal regulations, including:

  • Article 29 of the Act of 6 November 2008 on Patients’ Rights and the Patient Ombudsman (concerning medical documentation)
  • Article 112 of the VAT Act (concerning financial records)

Rights of data subjects: Patients have the right to access their personal data, request its rectification or completion, and—under certain circumstances (particularly where data has been obtained on the basis of consent)—request its portability, erasure, restriction of processing or object to its processing. They also have the right to lodge a complaint with the Personal Data Protection Office (UODO). The Data Controller does not make any automated decisions regarding patients, including those based on profiling.

Medical data is disclosed only upon submission of a formal request form, available at reception, and in accordance with the provisions of the Act on Patients’ Rights and the Patient Ombudsman.

Dotacje Unijne