Kręgosłup.pl

PRIVACY POLICY

Below we present information concerning the processing of personal data of patients, persons authorized by them or acting on their behalf.

The principles have been developed on the basis of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46 / EC (General Regulation on Data Protection) (“GDPR”)

PERSONAL DATA ADMINISTRATOR

  1. The administrator of personal data is the Wielkopolskie Centrum Medyczne, limited liability company limited joint-stock partnership, ul. B. Krzywoustego 114, 61-144 Poznań, tel. 61 62 33 111, email: sekretariat@szpitalswwojciecha.pl (“Hospital”)

DATA PROTECTION INSPECTOR

  1. The hospital has appointed a Data Protection Officer, who can be contacted by phone at 616233440 or at the following email address: iod@szpitalswwojciecha.pl

OBJECTIVES OF PROCESSING

  1. The hospital processes patient’s personal data in order to:
  • take steps at the request of a patient or a person acting on his behalf to provide him / her health services (including identification of the patient, patient registration, information on planned visits, cancellation or change of visit date) (Article 6 paragraph 1 lit. b and Article 9 (2) (h) of the GDPR);
  • provide health care services to the patient (including a medical diagnosis, providing health care, treatment, ensuring health prophylaxis) (Article 6 (1) (b) and Article 9 (2) (h) of the GDPR);
  • keep and store medical records (Article 6 (1) (c) and Article 9 (2) (h) of the GDPR);
  • implement of patients’ rights (eg: the authorization of other persons to access medical records or provide them with information about a patient’s state of health) (Article 6 (1) (c) and Article 9 (2) (h) of the GDPR);
  • fulfill the other legal obligations related to the medical activity carried out at the Hospital (including bookkeeping and tax obligations) (Article 6 (1) (c) and Article 9 (2) (h) of the GDPR);
  • establish, investigate or defend claims (Article 6 (1) (f) and Article 9 (2) (h) of the GDPR);
  • implement of other legitimate interests of the Hospital, i.e. marketing of services offered by the Hospital and for the Hospital’s internal administrative purposes (Article 6 (1) letter f of the GDPR);
  • protect the vital interests of patients (Article 6 (1) (d) and Article 9 (2) (c) of the GDPR);
  • communicate via electronic channels (legal basis: Article 6 (1) (a) and (GDPR),
  • marketing of services offered by the Hospital via electronic channels (legal basis: Article 6 (1) (a) and GDPR).
  1. The hospital processes personal data of persons authorized by the patient or acting on his behalf (eg: statutory representatives) in order to:
  • establish the entitlement of such a person, including acting on behalf of the patient (Article 6 (1) (c) of the GDPR);
  • keep and store medical records (Article 6 (1) (c) of the GDPR);
  • fulfill the other legal obligations related to the medical activity carried out at the Hospital (including bookkeeping and tax obligations) (Article 6 (1) (c) of the GDPR);
  • establish, investigate or defend claims (Article 6 (1) (f) of the GDPR);
  • implement the other legitimate interests of the Hospital, i.e. the marketing of services offered by the Hospital and for the Hospital’s internal administrative purposes (Article 6 (1) (f) of the GDPR);
  • conduct communication via electronic channels (legal basis: Article 6 paragraph 1 (a));
  • marketing of services offered by the Hospital via electronic channels (legal basis: Article 6 (1) (a) and GDPR).
  1. Patient health data may be processed for the purpose of marketing and promotion of Hospital services only on the basis of patient’s express consent (Article 9 (2) (a) of the GDPR).

 

RECIPIENTS OF PERSONAL DATA

 

  1. Personal data of the patient and persons authorized by the patient or acting on his behalf may be made available in the Hospital to the following recipients or groups of recipients:

1) other therapeutic entities cooperating with the Hospital for the provision of health services,

2) entities rendering services to the Hospital in the field of ICT solutions and in the scope of technical and organizational support, enabling the provision of health services and hospital management;

3) entities rendering services in the marketing area to the Hospital;

4) entities providing legal or advisory services to the Hospital;

5) other entities entrusted by the Hospital with the processing of personal data;

6) other entities authorized to receive personal data on the basis of relevant legal provisions.

 

STORAGE PERIOD

  1. Personal data of patients are kept by the Hospital for a period necessary to achieve the purposes of their processing, i.e. in the scope of:
  • activities aimed at providing or providing health services – until the completion of their benefits, and after that – for a period and to the extent required by law or necessary to secure any claims of the Hospital;
  • protecting the vital interests of patients – in the period necessary to ensure this protection.
  1. Personal data of patients and persons authorized by the patient or acting on his behalf are kept by the Hospital for a period necessary to achieve the purposes of their processing, i.e. in the scope of:
  • keeping medical records – in most cases for a period of 20 years counting from the end of the calendar year in which the last entry was made; in some cases the law requires the Hospital to keep records in a longer period (eg: 30 years in the case of a patient’s death) or a shorter period (eg: 2 or 5 years in the case of referrals);
  • keeping accounting books and tax obligations – for a period of 5 years counting from the end of the calendar year in which the tax obligation arose;
  • fulfilling other legal obligations related to the conducted medical activity, including the implementation of patients’ rights, until the hospital fulfills these obligations;
  • determining, investigating or defending of claims – in the period necessary to defend these claims to the extent provided by the law;
  • marketing of services offered by the Hospital – until time to express opposition or revocation of consent;
  • communication via electronic channels- until withdrawal of consent;
  • implementing of other legitimate interests pursued by the Hospital – until time to express opposition, unless there is a superior legal basis for the processing;
  • based only on consent – until withdrawal of consent, unless there is another legal ground for processing or there is no other condition to stop processing.

RIGHT TO WITHDRAW CONSENT

  1. If the Hospital processes personal data only on the basis of the consent given by or on behalf of the data subject, that person may withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.

 

OTHER RIGHTS

  1. Person whose data is processed by the Hospital is entitled to:

1) obtain confirmation whether its data are processed by the Hospital, as well as the right to access its data (Article 15 of the GDPR);

2) correcting and supplementing their data (Article 16 of the GDPR);

3) deletion of your data (Article 17 of the GDPR);

4) requests to limit the processing of your data (Article 18 of the GDPR);

5) transferring their data to another administrator (article 20 of the GDPR).

 

RIGHT TO OPPOSE

  1. Person whose data is processed by the Hospital has the right to oppose at any time – for reasons related to his particular situation – to the processing of his or her data in order to perform a task carried out in the public interest or to implement legally legitimate interests of the Hospital, including profiling. In this case, the Hospital may process the person’s data, provided that they demonstrate the existence of legally valid grounds for processing, overriding the interests, rights and freedoms of that person or grounds for establishing, investigating or defending claims (Article 21 paragraph 1 of the GDPR).
  2. If personal data are processed for direct marketing purposes, the data subject has the right to oppose at any time to the processing of his personal data for such marketing purposes, including profiling, to the extent to which the processing is related to such direct marketing (Article 21 paragraph 2 of the GDPR)

 

RIGHT TO COMPLAIN

  1. Person whose data is processed by the Hospital has the right to lodge his/her complaint to the supervisory body, i.e. the Inspector General for Personal Data Protection, and after the entry into force of the new Personal Data Protection Act – to the President of the Office for Personal Data Protection.

 

SOURCE OF DATA ORIGIN

  1. The source of patient’s personal data is a patient or a person acting on his behalf.
  2. The patient or data subject is the source of personal data of persons authorized by the patient or acting on his behalf.

 

WHEN DATA IS NOT PROVIDED

  1. Providing data by the patient, including health, is voluntary. However, if they are not given, the hospital may refuse to provide the patient with any or all specific health services.
  2. The patient’s indication of persons authorized by the patient or acting on his behalf is voluntary, however, it is a condition for the authorization or acting on behalf of the patient.

PROFILING

  1. The data provided by the patient can be subject to profiling, i.e. automated processing. Profiling may form the basis of decisions taken by the hospital. This applies to the case of profiling for hospital’s marketing services. It is based on the fact that based on information about the patient (for example, information about age, gender, or information about visits) hospital can create patient preference profiles and customize services or information to patients (eg: patients can be informed about promotions regarding the hospital services that they had previously used).
  2. In the case of patient health data, it is permissible to base the decision on profiling if the patient gave explicit consent and the hospital guarantees protection of his rights, freedoms and legitimate interests. The consent granted may be withdrawn at any time. The patient also has the right to ask the Hospital for human interference in the decisions made, the right to express his own position and the right to challenge such a decision.

DO NOT WAIT! MAKE AN APPOINTMENT TODAY

Make an appoitment

+48 663 66 66 55
+48 616233112

Contact us

FIND OUT IF WE CAN HELP YOU!