Who is the controller of your personal data?
The controller, that is an entity which collects, stores and decides on how to use your personal data, is Przychodnia24 Spółka z Ograniczoną Odpowiedzialnością Biały Kamień 2, 02-593 Warsaw, which includes:
- Poradnia Podstawowej Opieki Zdrowotnej „Przychodnia24” Biały Kamień 2, Warsaw 02-593
How can you contact us to learn more about the processing of your personal data?
Write to the personal data protection officer we have appointed: [email protected]
How did we obtain your data?
We obtained them from you when you were submitting your declaration to be able to benefit from the Primary Health Care services provided in Przychodnia24
What are the purpose of and legal grounds for the processing of your personal data by Przychodnia24?
We process your personal data because by providing healthcare services we are obliged to do it under the specific health care regulations adopted by the Polish legislation system, including namely:
– Act on the Healthcare Activities of 15 April 2011 (Journal of Laws of 2018.160),
– Act on the Patients’ Rights and Patient’s Rights Ombudsman of 16 May 2019 Journal of Laws no. 1128)
Also GDPR provides Przychodnia24 with legal grounds for the processing of personal data belonging to different categories:
“processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law” art.9 item 2 h GDPR.
In addition, legal provisions require us to process your personal data for the purposes of settlement with the National Health Fund, which, according to the laws in force, is a payer of healthcare services provided to patients.
As a result, you can:
- Benefit from free medical services provided in primary healthcare centres for adult patients
- receive comprehensive advice in one location and perform required diagnostic tests,
- Be sure that as a medical entity we observe the legislation in force and make every effort possible to protect the data of our patients.
Do you have to provide us with your personal data?
The processing of patients’ personal data for the purposes of providing medical services does not require Przychodnia24 to obtain their consent for personal data processing, because the manner and the extent of the processing are in this case strictly defined in the applicable regulations and constitute a statutory obligation.
The refusal to provide your personal data is, however, equivalent to your refusal to be treated.
We request you to provide the following personal data for us to be able to register you and provide you with a medical service:
- Name and surname, PESEL (personal identification number) – if assigned, in case of an infant – mother’s PESEL and, if no PESEL has been assigned – type and number of the identity document as well as patient’s residence address.
- If it is necessary to keep specific medical records for patients – individual and collective ones – additional data are defined at length in the Regulation of the Minister of Health of 6 April 2020 on the types, extent and models of medical records and the way of their processing except for cases referred to in the legislation in force and to the extent which has not been defined in the acts of law, providing your personal data is voluntary.
What kind of rights do you have with respect to Przychodnia24 as regards the processing of your data?
We guarantee your rights arising from the General Data Protection Regulation, that is the right of access and rectification.
You can exercise those rights when:
- In case of the right of access – you seek information,
- In case of the right of rectification: when you notice that your data are inaccurate or incomplete.
The other rights referred to in GDPR, that is the right to erase your data, restrict their processing, to transfer them as well as to object to the processing of your personal data due to the statutory storing obligation imposed onto the healthcare centre, cannot be exercised.
You are entitled to lodge a complaint regarding the processing of your personal data by our entity to the supervisory body, that is to the President of the Personal Data Protection Office.
Who do we share your personal data with?
Your personal data can be shared exclusively with:
- Individuals and entities entitled pursuant to article 26 of the Act of the Patients’ Rights and Patients’ Rights Ombudsman, namely: legal representatives of patients, persons authorized by them, National Health Fund, Patients’ Rights Ombudsman and other public administration bodies and authorized entities designated in the Act.
- Service providers of Przychodnia24 in Warsaw, through the agency of whom we take care of the maintenance and fitness for use of our medical equipment, safety of our IT network and data bases used for the processing of medical data and quality of services provided.
For how long do we store your personal data?
We store your personal data according to the provisions of the Act of 6 November 2008 on the Patients’ Rights and Patients’ Rights Ombudsman, that is:
„the entity which provides medical services stores medical records for 20 years, starting from the end of the calendar year when the last entry was made, except for:
- Medical records of a patient who died as a result of bodily injury or intoxication, which must be stored for 30 years starting from the end of the calendar year in which the patient died,
- Medical records including data necessary to track the flow of blood and its components, which must be stored for 30 years, starting from the end of the calendar year in which the last entry was made,
- X-rays stored outside of the patient’s medical records which must be stored for 10 years starting from the end of the calendar year in which the X-ray was performed,
- Referrals for tests or doctor’s requests which must be stored for:
- 5 years starting from the calendar year in which the medical service referred to in the doctor’s referral or request was provided,
- 2 years, starting from the end of the calendar year in which the referral was issued – if a medical service was not provided because the patient in question did not appear on the fixed date unless they collected the referral,
- Medical records of children under 2 years of age, which must be stored for 22 years.
Once the time frames referred to in item 1 expire, the provider of medical services shall destroy medical records in a way which prevents the identification of the data subject. The medical records to be destroyed can be released to the patient, their legal representative or a person authorized by them.”
Do we transfer your data outside of the European Economic Area?
Your personal data will not be transferred by Przychodnia24 to third countries from outside of the EEA.
Do we process your personal data automatically (including through profiling) in a way which affects your rights?
Your personal data processed by Przychodnia24 will not be profiled.