Privacy Policy
in the Medical Centre Your Med Sp. z o.o.
I. General Provisions
1. Name and Data Controller Information:
The Data Controller is Your Med Sp. z o.o. based in Warsaw, Magazynowa 9/13 street, 02-652 Warsaw, registered in the National Court Register (KRS) under the number 0000656593, (Tax Number) NIP 521-376-17-54.
2. Purpose of this Document:
This Privacy Policy is intended to inform patients and other individuals using the services of Your Med Medical Center about the principles of processing their personal data and the rights related to their protection.
3. Compliance with Regulations:
The processing of personal data at Your Med Medical Center is conducted in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council dated April 27, 2016, and the Polish Personal Data Protection Act.
II. Scope of Processed Data
1. Personal Data Processed by Your Med Medical Center:
◦ Patient’s first and last name
◦ PESEL, Passport no., date of birth
◦ Address of residence and mailing address
◦ Phone number and email address
◦ Medical information, including health history, test results, medical recommendations, and medical records
◦ Payment information in cases of paid services (e.g., bank account number)
2. Data Sources:
Personal data is collected directly from patients during registration, the course of treatment, or while using electronic services (e.g., online booking).
3. Requirement to Provide Data:
Providing personal data is voluntary but necessary for delivering medical services and ensuring proper treatment. Failure to provide data may prevent service provision.
III. Purposes and Legal Basis for Data Processing
1. Purposes of Data Processing:
◦ Provision of medical services, including diagnostics, treatment, and health prevention
◦ Maintenance of medical records in accordance with legal requirements
◦ Contact with patients regarding treatment (e.g., appointment reminders, test results)
◦ Financial settlements, invoicing, and payment-related activities
◦ Maintenance of patient records and management of appointment booking systems
◦ Ensuring patients’ medical safety
IV. Data Retention Period
1. Data Processing Period::
Personal data will be retained for the period specified by law, including the Act on Medical Activity and Patient Rights. Medical records are kept for at least 20 years from the date of creation, in accordance with applicable regulations.
2. Data Processed Based on Consent:
If data is processed based on the patient’s consent (e.g., for receiving marketing information), it will be retained until the consent is withdrawn.
V. Data Recipients
1. Recipients of Personal Data:
Personal data may be disclosed to the following categories of entities:
◦ Employees and associates of Your Med Medical Center who require access to data for performing their duties
◦ External service providers supporting Your Med Medical Center’s activities (e.g., medical software providers, accounting firms) who process data based on data processing agreements
◦ Entities authorized to access personal data under the law (e.g., National Health Fund, law enforcement, courts)
2. Data Protection Rules for Recipients:
All entities entrusted with personal data processing are obligated to use appropriate technical and organizational measures to ensure data protection in compliance with GDPR requirements.
VI. Patient Rights
1. Right of Access to Data:
Patients have the right to obtain confirmation of whether their personal data is being processed and, if so, to access their personal data and obtain a copy.
2. Right to Rectification of Data:
Patients have the right to request correction of their personal data if it is incorrect or incomplete.
3. Right to Erasure (Right to be Forgotten):
Patients can request the deletion of their personal data, provided there are no legal requirements for its continued storage (e.g., medical record retention requirements).
4. Right to Restrict Processing:
Patients have the right to request restriction of data processing in certain situations, e.g., when they dispute the accuracy of data or object to its processing.
5. Right to Data Portability:
Patients have the right to receive their personal data in a structured, commonly used format and to transfer it to another data controller.
6. Right to Object:
Patients may object to the processing of their personal data at any time, provided the processing is based on the Data Controller’s legitimate interests or conducted for marketing purposes.
7. Right to Withdraw Consent:
Patients have the right to withdraw consent to data processing at any time, without affecting the legality of processing conducted prior to withdrawal.
VII. Data Protection Measures
1. Security Measures:
Your Med Medical Center implements appropriate technical and organizational measures to protect personal data from unauthorized access, loss, alteration, or destruction. Data protection measures include data encryption, securing IT infrastructure, and access control.
VIII. Privacy Policy Changes
1. Policy Changes:
This Privacy Policy may change, especially due to legal changes or new services offered by Your Med Medical Center. Any changes will be published on Your Med Medical Center’s website.
IX. Contact
1. Contact Information:
For questions or requests regarding the processing of personal data, please contact us at:
◦ E-mail address: yourmed@wp.pl
◦ Mailing address: ul. Magazynowa 9, 02-652 Warszawa
2. Right to File a Complaint:
In the event of a violation of rights related to personal data processing, patients have the right to file a complaint with the President of the Personal Data Protection Office.
X. Final Provisions
This Privacy Policy is effective as of January 1, 2020, and is available at the premises of Your Med Medical Center and on the website.
Language Clause
This document has been prepared in both Polish and English versions. In the event of any discrepancies between the two versions, the Polish version shall be considered binding.