Who is the Controller in the Retina Clinic and Ophthalmology Hospital:
Who is the Data Protection Officer in the Retina Clinic and Ophthalmology Hospital:
In all matters related to the protection of personal data in the Retina Outpatient Clinic and Ophthalmology Hospital, you can contact the Data Protection Officer: email@example.com
What is the purpose of personal data processing and what is the legal basis for personal data processing in our facility:
Patients’ personal data can be processed for the following purposes:
– providing health services and keeping medical records,
– verification of entitlements and settlement of healthcare services provided,
– communicating on matters related to the coordination of providing services, including e.g. the organization of providing services, assessment of the patient’s well-being after providing the service, patient satisfaction survey,
– performing other auxiliary activities in the provision of health services, including providing a website functionality for making appointments, as well as activities related to the maintenance of the ICT system, based on the provisions of Article 6 par. 1 items b and c (for patients admitted commercially) and Article 9 par. 2 item h of the General Data Protection Regulation 2016/679 (GDPR), Article 3 of the Act on Medical Activity and Article 24 of the Act on Patients’ Rights and the Patient’s Rights Ombudsman,
– marketing purposes, receiving commercial information, electronically receiving a feedback survey on the provision of services, based on the patient’s consent (Article 6 par. 1 item a of the General Data Protection Regulation 2016/679 (GDPR)).
The scope of providing personal data is related to the conclusion of a contract for the provision of health services, is voluntary, and is a prerequisite for the conclusion of the contract. Providing personal data to the extent to which they relate to the provision of health services, including the keeping of medical records, is a statutory requirement and is necessary for the proper provision of health services.
Providing personal data to the extent to which they relate to marketing purposes, receiving commercial information, and receiving an e-mail survey regarding the submission of feedback on the provided benefits is voluntary.
Who can be the recipient of personal data:
Personal data of the patients of the Retina Outpatient Clinic and the Ophthalmology Hospital may be transferred to:
– medical operators cooperating with the Retina Outpatient Clinic and Ophthalmology Hospital to ensure continuity of treatment and availability of health services,
– technical and organizational service providers, which enable the provision of health services and medical records, in particular to ICT providers, suppliers and service technicians of medical equipment and courier and postal companies,
– persons authorized to obtain information about health and the planned and provided health benefits, as well as those authorized to obtain medical documentation,
– entities authorized under the law,
– providers of legal and advisory services and those supporting the Retina Outpatient Clinic and Ophthalmology Hospital in the recovery of due claims or defense of rights (law firms and debt collection companies).
How long personal data can be stored:
To the extent to which they relate to the conclusion of a contract for the provision of health services, the patients’ personal data are kept for the limitation period for possible claims.
The patient’s personal data collected in medical records are stored for the required period of storage for medical records, as required by law.
What rights are available to patients in relation to the processing of personal data in our facility:
Patients have the right to request access to their personal data, to rectify them, delete or restrict their processing or to object to their processing, as well as the right to transfer data.
If the processing of personal data is based on the patient’s consent, the patient has the right to withdraw their consent at any time without affecting the legality of the processing carried out based on the consent prior to withdrawal.
The right to request rectification, deletion or restriction of the processing of personal data and the right to object to the processing of data contained in the medical documentation is vested in the patient unless it violates the Controller’s obligation to store medical records.
Where the patient may lodge a complaint to the supervisory authority:
Patients have the right to submit a complaint to the supervisory authority at the address:
Office of the Inspector General for the Protection of Personal Data
ul. Stawki 2
tel. 22 531 03 00
fax 22 531 03 01
Office opening hours: 8.00 – 16.00
Personal data of patients at the Retina Outpatient Clinic and the Ophthalmology Hospital are not subject to automated decision-making, including profiling.