INFORMATION CLAUSE ON PROCESSING OF PATIENTS 'PERSONAL DATA AT„PALEY EUROPEAN INSTITUTE” Sp. z o.o., (LLC)

The Controller of your personal data is: „PALEY EUROPEAN INSTITUTE SP Z.O.O.”, a limited liability company under Polish law with its registered office in Warsaw; address: ul. Zapłocie 148C, 02-970 Warszawa, Warsaw, entered in the register of entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw, XIII Commercial Department of the National Court Register under the number KRS 731870, Regon: 380240540, Tax ID: 5223125965.

For data protection and execution of your rights, you can contact us at the following e-mail address: rodo@paleyeurope.com

The data will be processed in order for the Controller to operate its business and to provide medical consultation services and to keep the medical documentation required by law and for direct contact, e.g. to confirm the date or cancel the date of medical consultation.

Providing data is voluntary, however, failure to do so will result in inability to provide medical services.

Type of data collected: In order to provide services, we need the following set of data: name, surname, PESEL, gender and date of birth (in case of persons without PESEL number), address of residence, family relationship (in the case of persons reported by a family member). We may also receive your e-mail address and telephone number for current contact and coordination of services by the Controller.

You have the right to access your data, rectify it, the right to limit processing and the right to transfer data, if these rights are not limited by the provisions of the Act on Medical Activity and the Law on Patient Rights and the Patient Rights Ombudsman.
You have the right to lodge a complaint with a supervisory authority if your data is processed in a manner that is not in accordance with legal requirements.

The legal basis for the processing of your data in order for the Controller to conduct its business, including in the scope of keeping medical records, is art. 25 section 1 of the Patients’ Rights Act and the Patient Rights Ombudsman, art. 6 par. 1 letter. b) and c) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC – hereinafter: ” GDPR „

The basis for processing of data to the extent that is necessary to protect the vital interests of the patient may also be art. 6 par. 1 letter d GDPR in conjunction with art. 25 point 1 of the Patients’ Rights Act and the Patient Rights Ombudsman. To the extent that the data processed includes data of specific categories, the legal basis for data processing is your consent based on art. 7 paragraph 2 in conjunction with Article 9 paragraph 2 letter a of GDPR.

To verify your identity before providing services, in particular to verify the data when arranging a remote visit (eg via the hotline) as well as in the doctor’s office is Article 6 paragraph 1 letter. c and art. 9 par. 2 letter h of GDPR in conjunction with art. 25 point 1 of the Patients’ Rights

Act and the Patient Rights Ombudsperson and § 10 par. 1 point 2 of the Ordinance of the Minister of Health.

We may share your data with medical entities in regard to continuity of treatment, administrative bodies in connection with the fulfillment of legal obligations, providers supplying the Controller with technical and organizational solutions, enabling health services and management of our organization (in particular IT service providers, courier companies and postal service), legal and advisory services providers and supporting the Controller in pursuing due claims (in particular law offices), persons authorized by you as part of the implementation of your patients’ rights.

The Controller will not use automated decision making nor profiling in reference to you.

Your personal data may be transferred outside the European Union. In this case, the transfer of data will be carried out in accordance with the provisions of the GDPR

Data processing period: Personal data included in the medical documentation will be processed in accordance with the requirements of art. 29 par. 1 of the Act of November 6, 2008 on patient’s rights and the Patient’s Rights Ombudsman, ie for a maximum of 20 years, counting from the end of the calendar year in which the last entry was made, with the exceptions specified in art. 29 of the Act on Patients’ Rights and the Patient’s Rights Ombudsman. If the data has been processed by us in order to pursue claims (eg in debt collection proceedings), we process the data for this purpose during the period of limitation of claims resulting from the provisions of the Civil Code. All data processed for accounting purposes and for tax purposes are processed for 5 years counted from the end of the calendar year in which the tax obligation arose. After the above-mentioned periods, your data is deleted or anonymized.