Privacy Policy
This Policy is intended to provide information about what personal data we collect, for what purposes, how we use them and who we are. It aims to indicate the rights that you have in connection with the processing of personal data by us.
WHO IS THE ADMINISTRATOR OF PERSONAL DATA?
We kindly inform you that the administrator of your personal data is FLOSMED Sp. z o. o. with its registered office in Poznań, at ul. Barwicka 14/A, 60-192 Poznań, registered under the number KRS 0000631237, NIP 7792445588, REGON 36511082, hereinafter referred to as the "Personal Data Administrator".
Contact regarding the protection of personal data is possible at the company's registered office or e-mail address: rodo@flosmed.pl
The Administrator has appointed a Personal Data Protection Inspector, whose function is performed by Daria Kochańska. Contact is possible at the following e-mail address: rodo@flosmed.pl
WHAT ARE THE GOALS AND BASIS FOR PROCESSING PERSONAL DATA?
In order to provide services in accordance with the scope of our activity, the Personal Data Administrator processes your personal data - for various purposes, but always in accordance with the law.
Below are the specified purposes of personal data processing along with the legal grounds:
A. in order to verifying identity before providing our services and providing medical documentation to the patient or a person authorized by the patient we process the following personal data: |
Name and surname, PESEL number, address of residence, e-mail address, telephone number, ID card number and other information you provide us. |
the legal basis for such data processing is: - article 9 sec. 2 lit. h GDPR, the processing is necessary for the purposes of preventive healthcare or the management of healthcare systems and services. - article 24 section 1 of the Act on Patient Rights. The entity providing health services is obliged to keep, store and share medical records, as well as art. 25 sec. 1 - art. 26 section 1 of the Act on Patient Rights. The entity providing health services provides medical documentation to the patient or his legal representative or a person authorized by the patient. |
B. in order to activities related to the provision of our medical services and keeping medical records, we process the following personal data: |
Name, surname, patient card, tests, patient's address, PESEL number, date of birth, address of residence, telephone number, ID card number and other information you provide us. |
the legal basis for such data processing is: - article 6 sec. 1 lit. b and lit. c GDPR, which allows you to process personal data if they are necessary to perform the contract or processing is necessary to fulfill the legal obligation incumbent on the administrator; - article 9 sec. 2 lit. h GDPR, the processing is necessary for the purposes of preventive healthcare or the management of healthcare systems and services. - article 24 section 1 of the Act on Patient Rights. The entity providing health services is obliged to keep, store and share medical records, as well as art. 25 sec. 1 |
C. to comply with our legal obligationse.g. issuing a VAT invoice, accounting documents and making tax settlements, we process the following personal data: |
Name and surname, company name, PESEL number, date of birth, address of residence, company seat, correspondence address, e-mail address, telephone number, NIP number, REGON number, bank account number, REGON number, permit and concession numbers, information contained in public registers, personal data of employees: name, surname, contact details, position and other information you provide to us; |
the legal basis for such data processing is: - article 6 sec. 1 lit. c of the GDPR, which allows the processing of personal data if such processing is necessary for the Administrator to fulfill his obligations under the law. - article 74 sec. 2 of the Accounting Act of September 29.09.1994, XNUMX |
D. in order to storing offers/inquiries left unanswered we process the following personal data: |
Name and surname, company name, e-mail address, telephone number or other data you have provided to us; |
It may happen that we decide to use your services after some time from receiving the offer and the legal basis for such data processing is article 6 sec. 1 lit. f of the GDPR, which allows the processing of personal data, if in this way the Administrator pursues his legitimate interest. |
E. in order to archival and evidence, we process the following personal data: |
Name, Surname, patient card, patient's address, PESEL number and other information you provide to us; |
the legal basis for such data processing is: - article 6 sec. 1 lit. f of the GDPR, which allows the processing of personal data, if in this way the Administrator pursues his legitimate interest (in this case, the Administrator's interest is to have personal data that will prove certain facts related to the performance of the service/contract, performance, e.g. when a state authority requests it) ) - Art. 6 sec. 1 lit. c of the GDPR, which allows the processing of personal data if such processing is necessary for the Administrator to fulfill his obligations under the law. |
F. in order to direct marketing, we process the following data: |
Name and surname, company name, e-mail address, telephone number, correspondence address, IP address, data contained in public registers, e.g. KRS, REGON, CEIDG or other data you provided us; |
the legal basis for such data processing is: - article 6 sec. 1 lit. a of the GDPR, which allows the processing of personal data on the basis of a voluntary consent - art. 6 sec. 1 lit. f of the GDPR, which allows the processing of personal data, if in this way the Administrator pursues his legitimate interest. |
G. in order to taking actions related to concluding a contract with our contractors we process the following personal data: |
Name and surname, company name, registered office, correspondence address, e-mail address, telephone number, NIP number, REGON number, website address, information contained in public registers and other information you provide to us, e.g. personal data of employees: name, surname, contact details, position, but also other personal data that have been included in the documentation you provide to us; |
the legal basis for such data processing is article 6 sec. 1 lit. b of the GDPR, which allows you to process personal data if they are necessary to perform the contract or take steps to conclude the contract. |
H. in order to administering the website (automatic saving of the following data in the so-called server logs each time you use our website www.flosmed.pl) we can process such personal data as: |
IP address, server date and time, web browser information, operating system information; |
the legal basis for such data processing is article 6 sec. 1 lit. f of the GDPR, which allows the processing of personal data, if in this way the Administrator pursues his legitimate interest (in this case, the Administrator's interest is to be able to administer the website. More information can be found in our Cookies Policy. |
HOW TO EXERCISE THE RIGHT TO WITHDRAW CONSENT?
1. If the processing of personal data is based on your consent, you can withdraw this consent at any time - at your discretion.
2.If you would like to withdraw your consent to the processing of personal data, it is enough for this purpose send a letter directly to the Personal Data Administrator or send an e-mail.
3. If the processing of your personal data was based on consent, its withdrawal does not make the processing of personal data illegal until then. In other words, until the consent is withdrawn, we have the right to process your personal data and its withdrawal does not affect the legality of the existing processing.
REQUIREMENT TO PROVIDE PERSONAL DATA
Providing us with personal data is a condition for using our medical services. The law requires us to collect data from you.
In other cases, when we collect data based on consent, providing personal data is voluntary and depends on your decision.
DO WE PERFORM AUTOMATED DECISION-MAKING AND PROFILING?
Personal data is not processed in an automated manner in the form of profiling.
WHO CAN WE SEND YOUR PERSONAL DATA TO?
1. We may transfer your data to our employees and associates who must have access to the data to be able to perform our obligations or activities for you.
2. Like most entrepreneurs, in our activities we also use the help of other entities, which often involves the need to provide personal data. Therefore, if necessary, we transfer your personal data to the following recipients:
- entities operating our IT and ICT systems;
- entities conducting payment activities (banks, payment institutions);
- entities conducting insurance activity;
- entities conducting postal and courier activities;
- entities providing us with advisory, consulting, auditing services or legal, tax, accounting and HR assistance;
- medical entities or entities conducting preventive health activities;
- entities providing laboratory services to us;
- entities providing health services, if the transfer of data is necessary to ensure the continuity of health services.
3. In addition, it may happen that, for example, on the basis of an appropriate legal provision or a decision of a competent authority, we will also have to transfer your personal data to other entities, whether public or private, such as e.g. Social Insurance Institution, Tax Office, National Revenue Administration, etc. Therefore, it is extremely difficult for us to predict who may submit a request to provide personal data. However, for our part, we assure you that we analyze each case of a request to provide personal data very carefully and thoroughly, so as not to inadvertently provide information to an unauthorized person.
DO WE TRANSFER YOUR PERSONAL DATA TO THIRD COUNTRIES?
The company may export data, i.e. transfer data outside the European Economic Area. This process is related to the use of IT infrastructure solutions.
HOW LONG CAN WE KEEP YOUR PERSONAL DATA?
1. In accordance with applicable law we process your personal data for the time necessary to achieve the intended purpose. After this period, your personal data will be irreversibly deleted or destroyed.
2. Regarding the individual periods of personal data processing, we kindly inform you that we process personal data for the period of:
- 20 years counting from the end of the calendar year in which the last entry in the medical records was made;
- duration of the contract, but also after its termination, but not longer than 5 years - in relation to personal data processed in order to conclude and perform the contract; in relation to personal data related to the fulfillment of obligations under tax law, e.g. storage of invoices, bills;
- 1 year - in relation to personal data that was collected in connection with the offer, and at the same time the contract was not concluded immediately;
- until the consent is withdrawn, the objection is effectively raised or the purpose of processing is achieved - in relation to personal data processed on the basis of consent; in relation to personal data processed on the basis of the Administrator's legitimate interest or for marketing purposes;
3. Periods in years are counted from the end of the year in which we started processing personal data in order to improve the process of removing or destroying personal data. Separate calculation of the deadline for each event would involve significant organizational and technical difficulties, as well as significant financial outlay, therefore setting a single date for removing or destroying personal data allows us to manage this process more efficiently.
4. Right to be forgotten: Of course, if you exercise your right to be forgotten, such situations are considered individually.
WHAT RIGHTS DO YOU HAVE?
1. We kindly inform you that you have the right to:
- The right to access the content of your data personal data - that is, obtaining information about the purpose and method of processing your personal data and a copy of the data.
- The right to rectify data – i.e. correcting data when it is incorrect, has changed or has become outdated.
- The right to partial or complete deletion of data ("Right to be forgotten") – that is, the deletion of data that is processed without legitimate legal grounds.
- Right to restriction of processing – i.e. limiting the processing of data only to their storage.
- The right to data portability – that is, obtaining your personal data that you have provided to us or indicating another administrator to whom we should provide it, if it is technically possible.
- Right to object, as to personal data, the provision of which is voluntary – that is, e.g. for direct marketing purposes.
- Right to withdraw consent – you can withdraw any consent you have given at any time. Please remember that after submitting the instruction, we will no longer process data for the purpose indicated by you, but until the consent is withdrawn, we have the right to process your data.
2. We respect your rights under the provisions on the protection of personal data and try to facilitate their implementation to the highest possible extent.
3. We point out that the above-mentioned rights are not absolute, and therefore in some situations we may lawfully refuse you to fulfill them. However, if we refuse to comply with the request, it is only after a thorough analysis and only if the refusal to comply with the request is necessary.
4. Regarding the right to object, we explain that you have the right to object to the processing of personal data at any time on the basis of the legitimate interest of the Personal Data Administrator, in connection with your particular situation. However, you must remember that in accordance with the regulations, we may refuse to accept the objection if we demonstrate that:
- there are legitimate grounds for processing that override your interests, rights and freedoms, or;
- there are grounds for establishing, pursuing or defending claims.
5. In addition, you can object to the processing of your personal data for marketing purposes at any time.
In such a situation, after receiving the objection, we will stop processing for this purpose.
6. You can exercise your rights by sending a letter directly to the Personal Data Administrator to the address of the registered office or by sending an e-mail to the following address: rodo@flosmed.pl.
YOU HAVE THE RIGHT TO LODGE A COMPLAINT TO THE PERSONAL DATA PROTECTION OFFICE
If you believe that your personal data is being processed contrary to applicable law, you can lodge a complaint with:
President of the Personal Data Protection Office | Office for Personal Data Protection st. Stawki 2, 00-193 Warsaw |
MISCELLANEOUS
1. To the extent not covered by this Privacy Policy, the provisions on the protection of personal data shall apply, including:
a) Regulation on the Protection of Personal Data (Regulation of the European Parliament and of the Council (EU) of 27 April 2016. 2016/679)
b) The Act of May 10, 2018 on the protection of personal data
c) Act of July 18, 2002. on the provision of electronic services
d) Act of July 16, 2004. – Telecommunications law
2. You will be notified of any changes to this Privacy Policy by e-mail or as part of a message on our website: www.flosmed.pl.
3. This Privacy Policy valid from the date of January 1, 2022