GDPR

INFORMATION RELATING TO THE PROCESSING OF PERSONAL DATA

I.THE DATA OF THE CONTROLLER
PRYZMAT Sp. z o.o. z siedzibą w Gliwicach (44-100) przy ul. Tarnogórskiej 70/1, NIP: 631 252 03 04, REGON: 240619914, KRS: 0000279217

II.DATA OF THE DATA PROTECTION OFFICER
The Data Protection Officer shall be: Maciej Bolek
Mobile: +48 502 242 165
e-mail: iod@pryzmat-okulistyka.pl

The DPO meets with customers after prior appointment by telephone.

III. THE PURPOSE OF THE DATA PROCESSING
– provision of health care
– the exercise of patients’ rights
– making medical records available to authorised persons or entities
– contact with the patient
– issuing VAT invoices
– for statistical purposes
– issue of certificates

IV. LEGITIMATE INTERESTS PURSUED BY THE CONTROLLER OR BY A THIRD PARTY
Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

V. INFORMATION ON RECIPIENTS OF PERSONAL DATA OR CATEGORIES OF RECIPIENTS, IF ANY
– Article 26 of the Act on Patient’s Rights and Patient Ombudsman
– Accounting office
– medical software provider
– IT specialist/IT company
– National Sanitary and Epidemiological Station
– companies carrying out technical inspections of medical equipment
– other public administration bodies on the basis of special provisions.

VI. INFORMATION ON THE INTENTION TO TRANSFER DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION

Not applicable

VII. THE PERIOD DURING WHICH PERSONAL DATA WILL BE STORED, OR, WHERE THIS IS NOT POSSIBLE, THE CRITERIA FOR DETERMINING THIS PERIOD

– medical documentation – Article 29 of the Act on Patient’s Rights and the Patient’s Rights Ombudsman,
– voluntary personal data are kept as long as medical records,
– personal data on VAT invoices – in accordance with the Act on Value Added Tax.

VIII. INFORMATION ON THE RIGHT TO REQUEST FROM THE CONTROLLER ACCESS TO PERSONAL DATA CONCERNING THE DATA SUBJECT, THEIR RECTIFICATION, ERASURE OR RESTRICTION OF THE PROCESSING OR THE RIGHT TO OBJECT TO THE PROCESSING, AS WELL AS ON THE RIGHT TO DATA PORTABILITY.

I would like to inform you that according to Articles 15 to 22 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 you have the right to do so:

– have access to their personal data
– correct their personal data,
– delete their personal data to the extent provided for by law,
– transfer their personal data
– restrictions on processing (medical records only)
– objection (medical doc. only)

IX. WHERE PROCESSING IS CARRIED OUT PURSUANT TO ARTICLE 3(1) OF REGULATION (EC) NO 1493/1999. 6 PARAGRAPH 1 LETTER A OR ARTICLE 9 PARAGRAPH 2 LETTER A- INFORMATION ON THE RIGHT TO WITHDRAW CONSENT AT ANY TIME WITHOUT PREJUDICE TO THE LAWFULNESS OF PROCESSING CARRIED OUT ON THE BASIS OF CONSENT PRIOR TO ITS WITHDRAWAL

In connection with your consent to the processing of your personal data for a specific purpose, I would like to inform you that this consent may be revoked at any time. Without prejudice to the lawfulness of any processing that has been carried out on the basis of consent prior to its withdrawal.

X. INFORMATION ABOUT THE RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

I would like to inform you that in connection with the processing of your personal data, it is possible to lodge a complaint with the supervisory authority in the event that the processing of personal data does not comply with the applicable provisions of law.

XI. WHETHER THE PROVISION OF PERSONAL DATA IS A STATUTORY OR CONTRACTUAL REQUIREMENT OR A CONTRACTUAL CONDITION AND WHETHER THE DATA SUBJECT IS OBLIGED TO PROVIDE THEM AND WHAT ARE THE INTERNAL CONSEQUENCES OF NOT PROVIDING THE DATA.

1. MANDATORY:
– name, surname, PESEL no. (if the PESEL no. was not assigned: on the ID card or passport), date of birth, address of residence, sex (Article 25 of the Act on Patients’ Rights and the Patient’s Ombudsman), minors: name and surname of the statutory representative and his address of residence,
– in the case of minors, a legal representative must be present at the first visit

2. ADDITIONAL:
– telephone number, e-mail address
– NIP of the company (in order to issue a sick leave),
– NIP (in order to issue a VAT invoice)
– card number or card entitling to a discount

XII. INFORMATION ON AUTOMATED DECISION-MAKING, INCLUDING PROFILING AS REFERRED TO IN ARTICLE 22 PARAGRAPH 1 AND 4, AND – AT LEAST IN THESE CASES – RELEVANT INFORMATION ON THE PRINCIPLES OF THEIR TAKING, AS WELL AS ON THE SIGNIFICANCE AND THE CONSEQUENCES OF SUCH PROCESSING FOR THE DATA SUBJECT

In connection with the provision of health care, the personal data you provide may be processed in the profiling process. This process is necessary for the provision of health care and you may not consent to it.