Patient's Rights and Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Legal regulations

From May 25th, 2018, the law regarding the processing of personal data in the European Union countries has changed. By virtue of the document: 1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC ( general regulation on the protection of personal data), hereinafter referred to as: GDPR, supplemented by the Act of the Ministry of Digitization.

Information on personal data

Personal data is all information relating to a natural person that allows the identification of that person. This data is obtained when visiting websites and websites, and saved in cookies. The processing of personal data consists of collecting, recording, organizing, ordering, storing, viewing, combining, modifying and deleting personal data. What data is processed: name, surname, gender, PESEL number, date of birth, email address, IP address, telephone number and health information.

Personal data administrator

The administrator of your personal data is Dr. Aneta Szulska-Schoepp, W. Rutkiewicz 30 Str., 50-571 Wroclaw.

The data administrator can be contacted by writing to the address of the administrator's office or via email: perfect-derm@perfect-derm.com. The personal data administrator is bound by the provisions on the processing of personal data contained in the Regulation of the Minister of Health of December 21, 2010 on the type and scope of medical documentation and the method of its processing, as well as in the Act of November 6, 2008 on the rights of the Patient and the Ombudsman. Patient's rights. Pursuant to the provisions of the Act, the data necessary to keep medical records are an exception to the general rules resulting from the GDPR.

Consent to provide your personal data

Consent to the processing of personal data must be voluntary, specific, conscious and unambiguous. Providing personal data is necessary to provide our medical service. Failure to consent to the provision of personal data and consent to the processing of such data results in the inability to provide services. The necessity to keep medical records by the personal data administrator requires basic personal data. This data is also needed to issue a bill (or an invoice). The data may also be processed in order to defend the rights and pursue claims by the data administrator in connection with his business. However, the provision of services may take place without consenting to the processing of personal data for marketing purposes. Data processing for these purposes is voluntary.

Collecting personal data

Your personal data is obtained when using the services of our office: 1 / in person - at the time of registration, via the registration system, by phone, 2 / from other medical facilities - in case of continuation of a treatment initiated elsewhere, 3 / from relatives - in health or life-threatening accident.

Purpose of processing personal data

The processing of personal data by the personal data administrator is aimed at: verification of identity, keeping medical records, medical history, providing medical services, and making settlements for these benefits. Personal data may be processed for the purposes of accounting and accounting settlements. Personal data may also be processed for the purpose of pursuing the administrator's claims in connection with the scope of his activity. In the event of giving marketing consent, personal data may be processed for the purposes of offering services and products made by the administrator.

Patient's rights

You have the right to: access personal data, obtain information regarding the processing of personal data, modify or correct personal data, delete personal data (the right to be forgotten), limit the processing of personal data, transfer personal data, object to the processing of personal data, notification of breach of personal data protection, lodge a complaint with the supervisory authority.

Data storage period

The period of data storage is determined by law, resulting from art. 29 of the Act of November 6, 2008 on patient's rights and the Patient's Rights Ombudsman. If the legal basis for the processing of personal data is consent, the data may be processed until the consent is revoked. When the consent is revoked, there is still a limitation period for claims - 10 years, which is kept by the data administrator and claims that may be incurred against the data controller. If the legal basis for the processing of personal data is a contract, the data is processed as long as the contract requires. After this time, the limitation period also follows. Usually it is 3 years. As a rule, medical records are kept for 20 years from the end of the calendar year in which the last entry was made. Medical records for children up to the age of 2 are kept for 22 years. Data used for accounting and accounting purposes are processed for 5 years from the end of the calendar year in which the tax obligation arose. The processing of personal data for marketing purposes is processed until the consent to the processing of personal data is suspended.

Recipient of your data

The recipient of personal data is every person whose personal data is processed, as well as third parties cooperating with the facility to which personal data is made available, i.e. accounting, analytical laboratories, pharmacies, post office, courier companies.