Protection of personal data

We would like to inform you that our clinic is covered by an internal video surveillance system, without signal transmission to the outside. The camera system does not include rooms: toilets and toilets.

Monitoring recordings are recorded in DVRs and stored for 3 weeks, after which they are overwritten by subsequent recordings.

The administrator of the data processed in connection with monitoring is Dębski Clinic MD Sp. z o. o. Sp. K. with its registered office in Warsaw, 00-841, ul. Żelazna 51/53, entered in the National Court Register maintained by the District Court for the City of Warsaw in Warsaw under KRS number 0000818823, having TIN 1182203375.

The data are processed on the basis of Article 22² of the Labour Code and Article 6 (1) (c), d and f of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation “GDPR”). in order to ensure the safety of patients and workers, to prevent theft and other undesirable events that may harm patients and employees and the Data Controller. Monitoring also serves to protect against fraud attempts and the enforcement of claims.

The data are processed exclusively on the premises of the building and are not transferred or made available to other persons, if such access is not necessary for the performance of a legal obligation incumbent on the Administrator or for purposes arising from the legitimate interests pursued by the Administrator.

Monitoring data is stored for a period of 3 weeks after which it is destroyed.

For further information about your data processed in connection with monitoring, please contact the Administrator or write us an email to the following address: iod@debskiclinic.pl

Rights of the persons whose data are processed:

The right to access your personal data,
The right to rectification of data when they are false or incomplete,
Right to restriction of processing,
Right to erasure, when the data are not processed lawfully or the data are no longer necessary for the purposes for which they were collected, an objection to the processing of the data will be filed, the data must be deleted in order to comply with a legal obligation,
The right not to be subject to automated decision-making, including profiling,
The right to object to the processing of personal data when the processing of personal data is carried out on the basis of a legitimate interest or for statistical purposes and the objection is justified by the particular situation of the person whose data are processed or when the data are processed for the purposes of direct marketing
The right to lodge a complaint regarding data processing to the President of the Office for Personal Data Protection.

‍

Information clause on the recruitment process

The administrator of personal data is Dębski Clinic MD Sp. z o. o. Sp. K. with its registered office in Warsaw, 00-841, ul. Żelazna 51/53, entered in the National Court Register maintained by the District Court for the City of Warsaw in Warsaw under KRS number 0000818823, having TIN 1182203375

‍The Administrator has appointed an Inspector of Personal Data Protection, who, in accordance with the provisions of the GDPR, is the person supervising compliance with the rules of personal data protection in the entity in which he was appointed. In order to contact him, an e-mail address is provided: iod@debskiclinic.pl.

In all matters concerning personal data, please contact me by email with the administrator by writing to the address iod@debskiclinic.pl

Personal data within the scope referred to in Article 22¹ 1 of the Labor Code, i.e.: first name (s) and surname, parents' names, date of birth, place of residence (address for correspondence), education, course of previous employment, will be processed in order to carry out the recruitment process as part of the fulfillment of the legal obligation incumbent on the data controller (legal basis: 22¹1 of the Labor Code
in conjunction with Article 6 (1) (c) of the Regulation of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as 'the Regulation'). If you give your consent, your personal data will also be processed in the field of image (legal basis: 22² § 1 of the Labour Code in conjunction with Article 6 (1) (a) of the Regulation), future recruitment and/or recruitment for another position.

In case of expressing the aforementioned consents, you will be entitled to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal. The consent can be withdrawn by writing to iod@debskiclinic.pl

Provision of personal data referred to in Article 22¹ 1 of the Labor Code is voluntary, but necessary to participate in recruitment. The provision of other data and the expression of the aforementioned consents is voluntary and does not affect the possibility of participation in the recruitment or the evaluation of the candidate.

Personal data collected in order to carry out the recruitment process will be processed for the duration of the recruitment process. After that, the data will be destroyed.

In case of withdrawal of consent to the use of the image, this data will be deleted immediately.

Predicted categories of data recipients (entities processing data on behalf of the Controller): authorized employees of the Administrator,

Personal data will not be transferred to a third country.

You have the following rights regarding the personal data provided:

right of access to data (Art. 15 GDPR)
the right to request rectification of data (Art. 16 GDPR)
the right to request deletion of data (Art. 17 GDPR)
right to request restriction of data processing (Art. 18 GDPR)
right to data portability (Art. 20 GDPR)
the right to withdraw consent to the processing of personal data
the right to object to the processing of personal data

You have the right to lodge a complaint with a supervisory authority.

I inform you that your data will not be processed in an automated manner.

‍

Information clause for patients

The Administrator has appointed an Inspector of Personal Data Protection, who, in accordance with the provisions of the GDPR, is the person supervising compliance with the rules of personal data protection in the entity in which he was appointed. In order to contact him, an e-mail address is provided: iod@debskiclinic.pl.

Providing personal data necessary for maintaining medical records is a statutory requirement. In accordance with Art. 25 mouth. 1 Under the Act of 6 November 2008 on the rights of the patient and the Ombudsman for the maintenance of medical records, it is necessary to provide at least such data as:

name and surname,
date of birth,
gender designation,
address of residence,
the PESEL number, if assigned, in the case of a newborn, the PESEL number of the mother, and in the case of persons who do not have the assigned PESEL number, the type and number of the document confirming the identity,
in the case where the patient is a minor, completely incapacitated or unable to give informed consent, the surname and first name (s) of the legal representative and the address of his or her place of residence.

The consequence of not providing the above-mentioned personal data will be the impossibility of accepting you by our clinic for the provision of medical services.

Personal data are provided personally by you at the time of applying to our facility or through other channels in force at the time of registration. In case of continuation of treatment started elsewhere, data may also be obtained from other medical institutions. In connection with the takeover by the administrator of tasks in the field of medical activity from Dębski Clinic Romuald Dębski, Marzena Dębska Spółka Jawna, the patients' data were taken over on the basis of Article 30 a (2) and Article 26 (3) (1) of the Act of 6 November 2008 on the rights of patients and the Ombudsman.

Your data including: name, surname, PESEL, date of birth, telephone number, email, if you have provided it, are also processed in order to arrange appointments and to verify your identity before providing health care on the basis of the submitted identity document.

The data controller is a medical entity and as such is obliged to maintain and store medical records, the content and scope of which are determined by the applicable legal provisions. The data included in the documentation include, among others, a description of the course of the diagnostic and therapeutic process.

Your personal data is processed for the purpose of providing health services (diagnosis, prevention, therapy, treatment) and management of health care services, i.e. maintaining and storing medical records, identity verification before the visit.

Legal basis: Article 9 (2) (h) GDPR; Act of 15 April 2011 on medical activities; Act of 6 November 2008 on patients' rights and patients' ombudsman; Act of 27 August 2004 on publicly funded healthcare services

Your data may also be processed for the purpose of keeping accounting books and tax settlements.
Legal basis: Article 6 (1) (c) GDPR; Act of 29 September 1994 on Accounting; Act of 11 March 2004 on Goods and Services Tax.

Your data may also be processed in order to defend the rights of the data controller to assert claims in connection with the activities carried out by him.

Legal basis: Article 6 (1) (b) and (f) of the GDPR

Your data may also be processed on the basis of your consent

Legal basis: Your consent, in accordance with Art. 6 (1) lit. a GDPR.

Personal data will be stored for the period resulting from Article 29 of the Act of 6 November 2008 on the rights of the patient and the Ombudsman, i.e. a period of 20 years, counting from the end of the calendar year in which the last entry was made, with the exception of:

medical records in the event of death of the patient as a result of bodily injury or poisoning, which are kept for a period of 30 years from the end of the calendar year in which the death occurred;
medical records containing the data necessary to monitor the fate of blood and its components, which shall be kept for a period of 30 years from the end of the calendar year in which the last entry was made;
X-ray images stored outside the patient's medical records, which are kept for a period of 10 years from the end of the calendar year in which the photograph was taken;
Referrals for examinations or doctor's orders that are kept for a period of time:

5 years, counting from the end of the calendar year in which the health service that is the subject of a referral or a doctor's order was provided,
2 years, counting from the end of the calendar year in which the referral was issued - in the event that the health service was not provided due to the patient's failure to report within the established period, unless the patient received a referral;

medical records relating to children up to the age of 2 years, which are kept for a period of 22 years.

In case of possible claims, this period may be extended on the basis of applicable law.

Personal data will not be made available by the Administrator to unauthorized persons.

Pursuant to Article 26 of the Act of 6 November 2008 on Patients' Rights and Patients' Rights Ombudsman — the entity providing health services shall make medical records available to the patient or his legal representative, or to a person authorised by the patient. Medical records may also be made available to, inter alia, entities providing health services, if this documentation is necessary to ensure continuity of services, to public authorities, including the Ombudsman for Patients' Rights, the National Health Fund, self-government bodies of the medical professions and national and provincial consultants, to the extent necessary for these entities to perform their tasks, in particular supervision control and control, as well as in cases provided for by applicable law. Medical records are also made available to public authorities, courts, the prosecutor's office and Social Insurance Companies.

Your personal data will not be used for automated decision-making or transferred to third countries.

You have the following rights regarding the personal data provided:

right of access to data (Art. 15 GDPR)
the right to request rectification of data (Art. 16 GDPR)
the right to request the deletion of data, if this is permissible (Article 17 of the GDPR), but this right does not apply to the personal data of the Patient processed on the basis of Article 9 (2) (h) of the GDPR — in particular contained in medical records, stored for the period indicated in Article 29 (1) of the Act on the Rights of the Patient and the Ombudsman and other provisions concerning the period of storage of medical records,
right to request restriction of data processing (Art. 18 GDPR)
the right to data portability (Article 20 of the GDPR), whereas this right does not apply to the personal data of the Patient processed on the basis of Article 9 (2) (h) of the GDPR, in particular to data processed within the framework of medical records and others processed on the basis of the aforementioned premises
the right to withdraw consent to the processing of personal data, without affecting the previous processing
the right to object to the processing of personal data, whereas this right does not apply to the personal data of the Patient processed on the basis of Article 9 (2) (h) of the GDPR, in particular to data processed within the framework of medical records and others processed based on the aforementioned conditions
the right to lodge a complaint with a supervisory authority.

‍