Personal Data Protection in accordance with the provisions of article 13 and 14 of the General Data Protection Regulation 2016/679 (GDPR)

In the above document you will find information on the processing of personal data in the Retina Outpatient Clinic and Hospital.
They were prepared in accordance with the provisions of Article 13 and 14
of the General Data Protection Regulation 2016/679 (GDPR).

 

A) Information for the patients on the personal data processing in the Retina Outpatient Clinic and Hospital

Who is the Administrator of your personal data?

Retina Okulistyka Sp. z o.o. Sp. Km
Gimnazjalna 1, 01-364 Warszawa
NIP 7010343001, REGON 146131157-00026, KRS 0000682837
tel. 22 664 44 33
tel. 22 869 41 19
tel. 693 722 448
retina@retina.pl
www.retina.pl

Who is the Data Protection Officer?

In all matters related to the personal data protection in the Retina Outpatient Clinic and Ophthalmology Hospital, you can contact the Data Protection Officer, Ms Magdalena Czerwińska:

– e-mail: iod@retina.pl

– address: ul. Gimnazjalna 1, 01-364 Warszawa.

What is the purpose of personal data processing?

Your personal data will be processed for:

– concluding a contract for the provision of health services, including ensuring the continuity of healthcare, coordination of the provision of services, which may include, among others, a reminder about scheduled visits, confirmation of the visit, cancellation of the visit, information about organizational changes that affect the provision of the expected services; post-service communication to assess the patient’s well-being/state of health; receiving and archiving patient’s statement of intent; verification of entitlements to obtain healthcare services and settlement of healthcare services provided (legal basis – Art. 6.1.b GDPR).

– performance of our contractual obligations (legal basis – Art. 6.1.(b) GDPR),

– treatment, keeping medical records and management of healthcare systems and services, and for preventive healthcare (legal basis – Art. 9.2.(h) GDPR),

– fulfilment of legal obligations of the Retina Outpatient Clinic and Ophthalmology Hospital resulting from the applicable provisions of law, including the Act on Patient Rights and the Patient’s Rights Ombudsman in the field of archiving medical records, the Act on medical activities, tax and accounting regulations concerning, among other things, issuing and storing VAT invoices and other accounting documents (legal basis – Art. 1(c) GDPR)

– claiming payment for services provided in the event the payment has not been made and defending against claims of other persons (legal basis – Art. 6.1(f) GDPR),

– direct products or services marketing during the course of the contract (legal basis – Art. 9.2(h) and Art. 6.1(f) GDPR – meaning legitimate Administrator interest).

If you have consented to your personal data processing, the consent statement specifies the purpose for data processing.

Whether or how we profile data?

The Retina Outpatient Clinic and Ophthalmology Hospital patients’ data are not subject to automated decision making, including profiling.

To which recipients may personal data be transferred? 

Respecting the confidential nature of personal data, using mechanisms that minimize the amount of data transferred, personal data may be transferred to:

– medical operators cooperating with the Retina Outpatient Clinic and Ophthalmology Hospital to ensure continuity of treatment and availability of health services,

– external entities providing ICT support for the Administrator and medical equipment service technicians,
– providers of legal and advisory services and those supporting the Retina Outpatient Clinic and Ophthalmology Hospital in the recovery of due claims or defence of rights (law firms and debt collection companies),

– courier and postal companies – due to correspondence transsmittion,
– entities conducting payment activity (e.g., banks) – due to payments made,
– family and relatives of the patient after appropriate authorization,
– external medical entities to consult the research results after data anonymization.

Can the indicated data be transferred outside European Economic Area?

The Administrator will transfer your personal data to recipients located in countries outside the European Economic Area, if it is necessary for the mutual contract’s performance. The Administrator will provide the required data security and the required anonymization of the indicated data before their transfer.

Patients’ rights related to personal data processing? 

– The right to rectify data is to rectify or correct the personal data processed by the Retina Outpatient Clinic and Ophthalmology Hospital that concern a patient and which are incorrect or out of date. Taking into account the purposes of the processing, patient also has the right to request supplementing incomplete personal data, including by providing an additional statement;

– the right to delete data (the so-called “right to be forgotten”) – patient has the right to request the deletion of personal data if there are circumstances provided for by law. The Retina Ophthalmology Outpatient Clinic and Hospital, is obliged under applicable law Article 29 of the Act of November 6, 2008, on Patients’ Rights and the Patient’s Rights Ombudsman (Journal of Laws of 2020, item 849) to store medical records for a period of 20 years from the end of the calendar year of the last entry. Only after this period can the Retina Outpatient Clinic and Ophthalmology Hospital completely delete the data;

– the right to limit processing by suspending data operations for a specified period or not deleting data (the application should indicate the appropriate method of restricting processing),
– the right to access data – patient has the right to receive confirmation from the Retina Outpatient Clinic and Ophthalmology Hospital as to whether patient’s personal data was processed. If this is the case, patient can also access them. As part of the access to data, the Retina Outpatient Clinic and Ophthalmology Hospital will provide patient with a copy of the personal data in the Retina Outpatient Clinic and Ophthalmology Hospital possession. For any subsequent copies that patient requests, the Retina Outpatient Clinic and Ophthalmology Hospital will be able to charge a reasonable fee based on the administrative costs for the preparation of the relevant information;

– the right to transfer data – patient has the right to receive data in a structured, commonly used and machine-readable format under certain conditions provided for in the law. After receiving the data, patient has the right to transfer them to another entity (Administrator) without any obstacles on our part;

– lodging a complaint to the supervisory body dealing with personal data protection, which is the President of the Office for Personal Data Protection (to the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warszawa);

– patient has the right to withdraw consent to the extent that the basis for the processing of personal data is consent, but this will not affect the processing’s lawfulness, which was carried out based on consent before its withdrawal;

To exercise the above rights, please contact the Administrator or the Data Protection Officer.

How long will patient’s personal data be stored? 

– personal data will be stored until the limitation of claims under the contract for the provision of medical services or until the expiry of the obligation to store data resulting from legal provisions,

– data processed based on patient’s consent may be processed until consent withdrawal or determination them being obsolete,

– data processed for direct marketing of products and services may be processed until patients objects to their processing for this purpose or determine that they have become obsolete.

B) Information on personal data processing for persons authorized to obtain information about the patients’ health condition and persons authorized to obtain medical records in the Retina Outpatient Clinic and Hospital

Who is the Administrator in the Retina Clinic and Ophthalmology Hospital?

Retina Okulistyka Sp. z o.o. Sp. km
Gimnazjalna 1, 01-364 Warszawa
NIP 7010343001, REGON 146131157-00026, KRS 0000682837
tel. 22 664 44 33
tel. 22 869 41 19
tel. 693 722 448
retina@retina.pl
www.retina.pl

Who is the Data Protection Officer?

In all matters related to personal data protection in the Retina Outpatient Clinic and Ophthalmology Hospital, you can contact the Data Protection Officer, Ms Magdalena Czerwińska:

– email: iod@retina.pl

– address: ul. Gimnazjalna 1, 01-364 Warszawa.

What is the purpose of personal data processing?

Personal data of authorized persons are processed to implement the authorization to obtain information about the patient’s health and the planned and provided health services and to obtain medical documentation based on the provisions of Art. 31.2 the Act of December 5, 1996, on the professions of doctor and dentist (Journal of Laws of 2020, items 514 and 567). Providing personal data is voluntary though necessary to implement the authorization.

What are the categories of processed personal data?

The following personal data of authorized persons are processed: name, phone number or address.

Information about recipients of personal data

Personal data of patients of the Retina Outpatient Clinic and the Ophthalmology Hospital may be transferred to entities authorized under the law and to technical and organizational service providers, which enable the provision of health services and medical records, in particular to ICT providers and courier and postal companies.

Period during which personal data will be stored

The personal data of authorized persons are kept for the period required by law for storing medical records, or until the patient’s authorization is withdrawn.

Rights of authorized persons in relation to the processing of personal data

Authorized persons have the right to request access to their personal data, to rectify them, delete or restrict their processing or to object to their processing, as well as the right to transfer data; and the right to file a complaint to the supervisory body – Office of the Inspector General for the Protection of Personal Data (address, ul. Stawki 2, 00-193 Warszawa).

In the Retina Outpatient Clinic and the Ophthalmology Hospital, personal data of authorized persons are not subject to automated decision making, including profiling.

C) Information on personal data processing for natural persons signing a civil law contract with the Retina Outpatient Clinic and Hospital, or employees and persons representing the entity concluding a civil law contract (contractors) with the Retina Outpatient Clinic and Hospital

Who is the Administrator in the Retina Clinic and Ophthalmology Hospital?

Retina Okulistyka Sp. z o.o. Sp. km
Gimnazjalna 1, 01-364 Warszawa
NIP 7010343001, REGON 146131157-00026, KRS 0000682837
tel. 22 664 44 33
tel. 22 869 41 19
tel. 693 722 448
retina@retina.pl
www.retina.pl

Who is the Data Protection Officer?

In all matters related to the protection of personal data in the Retina Outpatient Clinic and Ophthalmology Hospital, you can contact the Data Protection Officer, Ms Magdalena Czerwińska:

– email: iod@retina.pl

– address: ul. Gimnazjalna 1, 01-364 Warszawa.

What are the purpose and the legal basis for personal data processing?

Contractors’ personal data are processed for keeping up-to-date and ongoing correspondence, responding to questions, providing information on prices of services and the services provided by the Retina Outpatient Clinic and Ophthalmology Hospital communication on other matters under Art. 6.1(b) General Data Protection Regulation 2016/679 (GDPR).

Providing personal data is voluntary though necessary to achieve intended purposes.

Information about recipients of personal data

Contractors’ personal data may be transferred to technical and organizational service providers, particularly telecommunication services and companies providing courier and postal services.

How long personal data can be stored?

Contractors’ personal data are kept for the period necessary to achieve the intended purpose. 

Customers rights concerning personal data processing

Customers have the right to request access to their personal data, to rectify them, delete or restrict their processing or to object to their processing, as well as the right to transfer data; and the right to file a complaint to the supervisory body – Office of the Inspector General for the Protection of Personal Data (address, ul. Stawki 2, 00-193 Warszawa).

In the Retina Outpatient Clinic and the Ophthalmology Hospital, customers’ personal data are not subject to automated decision making, including profiling.

D) Information on personal data processing in the video monitoring system for people on the premises of institutions the Retina Outpatient Clinic and Hospital (located at ul. Gimnazjalnej 1 and Cieszkowskiego 1/3, lok. 79/80)

Who is the Administrator in the Retina Clinic and Ophthalmology Hospital?

Retina Okulistyka Sp. z o.o. Sp. km
Gimnazjalna 1, 01-364 Warszawa
NIP 7010343001, REGON 146131157-00026, KRS 0000682837
tel. 22 664 44 33
tel. 22 869 41 19
tel. 693 722 448
retina@retina.pl
www.retina.pl

Who is the Data Protection Officer?

In all matters related to personal data protection in the Retina Outpatient Clinic and Ophthalmology Hospital, you can contact the Data Protection Officer, Ms Magdalena Czerwińska:

– email: iod@retina.pl

– address: ul. Gimnazjalna 1, 01-364 Warszawa.

What are the purpose and the legal basis for personal data processing?

The Retina Outpatient Clinic and Ophthalmology Hospital processes your personal data to ensure the safety of persons and protection of property, including to secure medical records and other protected information, under Art. 6.1(f) – meaning legitimate Administrator interest.

For the purpose indicated above, personal data may be shared with other personal data recipients. These may include institutions authorized by law, particularly in connection with an assault, burglary or destruction of property to conduct appropriate proceedings by the police, law enforcement agencies, judicial authorities, an insurer.

What are the categories of processed personal data?

The following personal data are processed: image of people, date and time of recording.

Period during which personal data will be stored

The personal data processed in the monitoring system are stored for a period no longer than 14 days. The video recordings storage may be extended when they are evidence in the proceedings until the proceedings’ final conclusion.

Rights of data subjects 

Deletion of data unduly processed;
Access to data, including providing information about the data processed or a copy of the data;
Data transfer;
Lodging a complaint to the supervisory body dealing with the protection of personal data, which is the President of the Office for Personal Data Protection (to the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warszawa).

The requirement to provide data

Providing personal data in terms of image is voluntary though necessary to obtain services in our facilities.

Retina Ophthalmological Outpatient Clinic and Hospital in Warsaw is a modern medical facility with an excellent and experienced team of specialized physicians – including pediatric ophthalmologists. Retina opened in 2004. Since that time we have performed over 10,000 eye surgeries, hundreds of angiographic tests and ultrasounds, and have had over 15,000 patients.

The name of our hospital comes from Greek. Retina is an inner coat of the eyeball responsible for vision. A Patients’ ability to see is the most important for us, ophthalmologists. Knowledge and many years of experience help our team to achieve that goal.

We are unique in our non-standard approach to eye diseases, innovative solutions and patient-friendly approach. Knowledge and experience are not enough and need to be supported by tests, which we perform on the most up-to-date equipment.

ISO 9001:2015