Information on the processing of Patient's personal data at the Luxdentica Dentistry Center.
Who is the data controller?
The administrator of your personal data is NZOZ Centrum Stomatologii LUXDENTICA Dariusz Wilisowski, based at ul. Lubostroń 22g/7, 30-383 Kraków.
Who will answer questions related to the processing of personal data?
You can contact the personal data protection officer by writing to the following address: email@example.com
What is the scope of personal data processed?
We need the following set of your data: name, surname, PESEL number, gender and date of birth (in the case of persons without a PESEL number), address of residence, relationship (in the case of persons reported by a family member). We may also receive your e-mail address and telephone number, but we do not need this data to provide medical services.
When using health care, we create your medical records in which we record all information regarding the treatment process, in particular information about your health condition. We collect this information if it is necessary to make a diagnosis and properly conduct the treatment process.
What is the purpose and legal basis for the processing of personal data?
1) Determining the patient's identity before providing the service, verifying data when arranging an appointment remotely or on-site: at the reception desk or in the doctor's office.
Art. 6 section 1 letter c and art. 9 section 2 letter h GDPR in connection with joke. 25 point 1 of the Act on Patient Rights and § 10 section 1 point 2 of the Regulation of the Ministry of Health of November 9, 2015 on the types, scope and templates of medical documentation and the method of its processing.
2) Maintaining and storing medical records.
Article 9(1) 2 letter h GDPR in connection with joke. 24 section 1 of the Act on Patient Rights and the Regulation of the Ministry of Health of November 9, 2015.
on the types, scope and templates of medical documentation and the method of its processing.
3) Receiving and storing statements authorizing other people to access medical records and provide them with information about their health condition.
Art. 6 section 1 letter c GDPR in connection with joke. 9 section 3 and art. 26 section 1 of the Act on Patient Rights and § 8 section 1 of the Regulation of the Ministry of Health of November 9, 2015 on the types, scope and templates of medical documentation and the method of its processing.
4) Contact us at the telephone number or e-mail address provided by the patient to, for example, confirm the reservation, cancel the consultation date, or inform about the need to prepare for the scheduled procedure or examination.
Art. 6 section 1 letter b and f GDPR.
5) Maintaining accounting reporting, issuing invoices or bills and fulfilling tax obligations.
Art. 6 section 1 letter c GDPR in connection with joke. 74 section 2 of the Act of 29 September 1994 on Accounting.
6) Pursuing claims related to business activity.
Art. 6 section 1 letter b and f GDPR, as the so-called the legitimate interest of the administrator, which is to pursue our claims.
If you do not consent, we will be unable to provide you with medical services.
What are the consequences of not providing personal data?
The use of our services is completely voluntary, however, as a healthcare entity, we are obliged by law to keep medical records. In such a case, failure to provide data may result in a refusal to book an appointment or provide health services. We also have a legal obligation to process your data due to accounting purposes. Failure to provide data may result in the inability to issue an invoice or a personal bill.
If you provide us with your telephone number or e-mail address, it is done on a voluntary basis - failure to provide them will not result in the refusal to provide health services, but you will not receive confirmation of your visit from us or you will not be able to cancel it via e.g. SMS.
How long will the data be processed?
If you are our patient and we have created your medical records, we store the medical records for a period of 20 years from the end of the calendar year, with the exceptions:
- in the event of the patient's death as a result of bodily injury or poisoning - 30 years;
- X-ray images stored outside the patient's medical records - 10 years;
- referrals for tests or orders - 5 years or 2 years (if the health service was not provided due to the patient's failure to report on the agreed date, unless the patient received a referral);
- medical records regarding children up to 2 years of age, which are stored for a period of 22 years.
If the data was processed by us in order to pursue claims related to our business activities, we process the data for this purpose for the period of limitation of claims resulting from the provisions of the Civil Code.
We process all data processed for accounting and tax purposes for 5 years from the end of the calendar year in which the tax obligation arose. After the above-mentioned periods, your data is deleted or anonymized.
To which entities may personal data be transferred?
- other medical entities, prosthetic studios and laboratories cooperating to ensure continuity of treatment and availability of health care;
- service providers providing technical and organizational solutions enabling the provision of health services and management;
- providers of ICT and IT services, software, diagnostic and dental equipment;
- courier and postal companies;
- providers of legal and advisory services and those supporting the pursuit of due claims;
- persons authorized to exercise patient rights.
In the scope of using external software or medical equipment service, your personal data may be transferred outside the European Economic Area. Such transfer may only take place on the basis of a contract or other legal instrument that contains standard data protection clauses adopted by the European Commission.
What are your rights?
The right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. The right to access your personal data, copies of processed data, rectification, deletion or limitation of processing. You have the right to object to the processing of personal data for marketing purposes, as well as the right to lodge a complaint with the President of the Data Protection Office. The data will not be used for automated decision-making or profiling.