GDPR Information clause

GDPR Information clause on the processing of personal data 

Ladies and gentlemen,

Pursuant to Art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, p. 1–88) hereinafter referred to as GDPR, we hereby inform You that the Controller of your Personal Data is SPEKTRUM Sp. z o.o. based in Wrocław, POLAND, KRS 0000016751, NIP 8971658338, REGON 932632951.

CONTACT DETAILS OF THE DATA CONTROLLER:

Contact with the Controller is possible via the telephone number: +48 71 345 31 41 or the e-mail address: biuro@spektrum.wroc.pl and by correspondence at the following address: ul. Zaolziańska 4, 53-334 Wrocław, POLAND.

CONTACT DETAILS OF THE DATA PROTECTION OFFICER:

The controller has appointed the Personal Data Protection Officer, Mr. Sebastian Stecyszyn, who can be contacted by calling telephone number +48 71 345 31 41 or by the following e-mail address: iod@spektrum.wroc.pl and by correspondence at: ul. Zaolziańska 4, 53-334 Wrocław, POLAND.

PURPOSE FOR THE PROCESSING OF PERSONAL DATA

Your personal data may be processed by the Data Controller for the purpose of::

  • preventive healthcare, medical diagnosis and medical treatment,
  • keeping medical records,
  • ensuring the continuity of healthcare services,
  • performance of the contract for the provision of services,,
  • resulting from legitimate interests pursued by the administrator, e.g. for contact regarding confirmation, modification or cancellation of a medical visit,
  • marketing activities, based on Your separate consent.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The legal basis for processing of personal data is Art.6 sec. 1 points a-d and Art. 9 sec. 2 point h of the GDPR Regulation:

  1. Art. 6. sec. 1 point a: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  2. Art. 6 sec. 1 point b:  processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  3. Art. 6. sec. 1 point c: processing is necessary for compliance with a legal obligation to which the controller is subject.
  4. Art. 6. sec. 1 point d: processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  5. Art. 9 sec. 2 point h: processing is necessary for the purposes of preventive healthcare, medical diagnosis and the provision of healthcare.

RECIPIENTS OF PERSONAL DATA

The recipients of your personal data are entities to which the Data Controller provides your data in order to properly fulfill the obligation assumed at the time of data collection (performance of services covered by the concluded contract) and based on the contract for entrusting the processing of personal data concluded with the data recipient.


PERSONAL DATA STORAGE PERIOD

Your personal data in the medical records will be kept for 20 years from the end of the calendar year in which the last entry was made, with the exceptions specified in art. 29 sec. 1 of the Act of 6 November 2008 on patient's rights and the Patient's Rights Ombudsman (Consolidated version Journal of Laws of 2017 item 1318):

  1. Medical documentation in the event of the patient's death as a result of bodily injury or poisoning, which is kept for 30 years from the end of the calendar year in which the death occurred.
  2. Medical records containing data necessary to monitor the blood and its components, which are kept for 30 years from the end of the calendar year in which the last entry was made.
  3. X-ray images stored outside the patient's medical records, which are stored for a period of 10 years from the end of the calendar year in which the photo was taken.
  4. Test or medical order referrals that are kept for a period:

a)     5 years, counting from the end of the calendar year in which the health service that is the subject of the referral or doctor's order was provided,

b)    2 years from the end of the calendar year in which the referral was issued - if the health service was not provided due to the patient's failure to report within the prescribed period, unless the patient received the referral.

  1. Medical documentation for children up to the age of 2, which is kept for a period of 22 years.

Pursuant to Art. 29 Par. 2 of the Act of 6 November 2008 on patient's rights and the Patient's Rights Ombudsman: “After the expiry of the periods mentioned in sec. 1, the entity providing health services destroys medical documentation in a way that prevents identification of the patient it concerned. Medical documentation intended for destruction may be issued to the patient, his legal representative or a person authorized by the patient.”.

RIGHTS OF THE DATA SUBJECT AND INFORMATION ON TRANSMISSION OF PERSONAL DATA OUTSIDE EEA AND ON DATA PROFILING

  1. You have the right to:

a)    request Data Controller to access personal data,

b)    rectification, deletion or limitation of processing,

c)    objection to processing,

d)    data transfer,

e)    withdraw consent at any time without affecting the lawfulness of the processing which was carried out on the basis of consent before its withdrawal,

f)     file a complaint with the supervisory authority.

  1. Providing personal data is a statutory requirement. Failure to provide your data will result in the inability to provide medical services.
  2. Your personal data will not be profiled and will not be used for automated decision making resulting in any legal effects on you.
  3. Your personal data will not be transferred outside the EEA or made available to international organizations.
  4. Your personal data will be processed only for the period necessary and specified in the provisions of law.

 

Contracts with insurers

  • NFZ - Narodowy Fundusz Zdrowia
  • Compensa