Who is the Administrator of your personal data?
Retina Okulistyka Sp. z o.o. Sp. Km
Gimnazjalna 1, 01-364 Warszawa
NIP 7010343001, REGON 146131157-00026, KRS 0000682837
tel. 22 664 44 33
tel. 22 869 41 19
tel. 693 722 448
Who is the Data Protection Officer?
In all matters related to the personal data protection in the Retina Outpatient Clinic and Ophthalmology Hospital, you can contact the Data Protection Officer, Ms Magdalena Czerwińska:
– e-mail: email@example.com
– address: ul. Gimnazjalna 1, 01-364 Warszawa.
What is the purpose of personal data processing?
Your personal data will be processed for:
– concluding a contract for the provision of health services, including ensuring the continuity of healthcare, coordination of the provision of services, which may include, among others, a reminder about scheduled visits, confirmation of the visit, cancellation of the visit, information about organizational changes that affect the provision of the expected services; post-service communication to assess the patient’s well-being/state of health; receiving and archiving patient’s statement of intent; verification of entitlements to obtain healthcare services and settlement of healthcare services provided (legal basis – Art. 6.1.b GDPR).
– performance of our contractual obligations (legal basis – Art. 6.1.(b) GDPR),
– treatment, keeping medical records and management of healthcare systems and services, and for preventive healthcare (legal basis – Art. 9.2.(h) GDPR),
– fulfilment of legal obligations of the Retina Outpatient Clinic and Ophthalmology Hospital resulting from the applicable provisions of law, including the Act on Patient Rights and the Patient’s Rights Ombudsman in the field of archiving medical records, the Act on medical activities, tax and accounting regulations concerning, among other things, issuing and storing VAT invoices and other accounting documents (legal basis – Art. 1(c) GDPR)
– claiming payment for services provided in the event the payment has not been made and defending against claims of other persons (legal basis – Art. 6.1(f) GDPR),
– direct products or services marketing during the course of the contract (legal basis – Art. 9.2(h) and Art. 6.1(f) GDPR – meaning legitimate Administrator interest).
If you have consented to your personal data processing, the consent statement specifies the purpose for data processing.
Whether or how we profile data?
The Retina Outpatient Clinic and Ophthalmology Hospital patients’ data are not subject to automated decision making, including profiling.
To which recipients may personal data be transferred?
Respecting the confidential nature of personal data, using mechanisms that minimize the amount of data transferred, personal data may be transferred to:
– medical operators cooperating with the Retina Outpatient Clinic and Ophthalmology Hospital to ensure continuity of treatment and availability of health services,
– external entities providing ICT support for the Administrator and medical equipment service technicians,
– providers of legal and advisory services and those supporting the Retina Outpatient Clinic and Ophthalmology Hospital in the recovery of due claims or defence of rights (law firms and debt collection companies),
– courier and postal companies – due to correspondence transsmittion,
– entities conducting payment activity (e.g., banks) – due to payments made,
– family and relatives of the patient after appropriate authorization,
– external medical entities to consult the research results after data anonymization.
Can the indicated data be transferred outside European Economic Area?
The Administrator will transfer your personal data to recipients located in countries outside the European Economic Area, if it is necessary for the mutual contract’s performance. The Administrator will provide the required data security and the required anonymization of the indicated data before their transfer.
Patients’ rights related to personal data processing?
– The right to rectify data is to rectify or correct the personal data processed by the Retina Outpatient Clinic and Ophthalmology Hospital that concern a patient and which are incorrect or out of date. Taking into account the purposes of the processing, patient also has the right to request supplementing incomplete personal data, including by providing an additional statement;
– the right to delete data (the so-called “right to be forgotten”) – patient has the right to request the deletion of personal data if there are circumstances provided for by law. The Retina Ophthalmology Outpatient Clinic and Hospital, is obliged under applicable law Article 29 of the Act of November 6, 2008, on Patients’ Rights and the Patient’s Rights Ombudsman (Journal of Laws of 2020, item 849) to store medical records for a period of 20 years from the end of the calendar year of the last entry. Only after this period can the Retina Outpatient Clinic and Ophthalmology Hospital completely delete the data;
– the right to limit processing by suspending data operations for a specified period or not deleting data (the application should indicate the appropriate method of restricting processing),
– the right to access data – patient has the right to receive confirmation from the Retina Outpatient Clinic and Ophthalmology Hospital as to whether patient’s personal data was processed. If this is the case, patient can also access them. As part of the access to data, the Retina Outpatient Clinic and Ophthalmology Hospital will provide patient with a copy of the personal data in the Retina Outpatient Clinic and Ophthalmology Hospital possession. For any subsequent copies that patient requests, the Retina Outpatient Clinic and Ophthalmology Hospital will be able to charge a reasonable fee based on the administrative costs for the preparation of the relevant information;
– the right to transfer data – patient has the right to receive data in a structured, commonly used and machine-readable format under certain conditions provided for in the law. After receiving the data, patient has the right to transfer them to another entity (Administrator) without any obstacles on our part;
– lodging a complaint to the supervisory body dealing with personal data protection, which is the President of the Office for Personal Data Protection (to the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warszawa);
– patient has the right to withdraw consent to the extent that the basis for the processing of personal data is consent, but this will not affect the processing’s lawfulness, which was carried out based on consent before its withdrawal;
To exercise the above rights, please contact the Administrator or the Data Protection Officer.
How long will patient’s personal data be stored?
– personal data will be stored until the limitation of claims under the contract for the provision of medical services or until the expiry of the obligation to store data resulting from legal provisions,
– data processed based on patient’s consent may be processed until consent withdrawal or determination them being obsolete,
– data processed for direct marketing of products and services may be processed until patients objects to their processing for this purpose or determine that they have become obsolete.