GDPR
MEDICAL CENTER YOUR MED
Warsaw, date
Data Controller
(Personal Data Processing Entity):
Your Med Sp. z o.o.
Magazynowa 9/13 street
02-652 Warsaw
NIP: 521-376-17-54
REGON: 366236839
Data Processing Entity
Patient’s Information:
Surname:
First Name:
PESEL/Passport no.:
Data Scope:
Address:
Postal code
Mobile number
Email address:
CONSENT TO PERSONAL DATA PROCESSING
I, the undersigned, hereby give my explicit and voluntary consent, in accordance with Article 7(2) of Regulation (EU) 2016/679 of the European Parliament and of the Council dated April 27, 2016, commonly known as GDPR*, for the processing and collection of my personal data by Medical Center Your Med, located at Magazynowa 9/13 street in Warsaw, for the purposes of communication, medical services, photographic documentation, and receiving information about planned appointments and requested information via mobile phone and email (treatment plans, X-ray images, additional information about my treatment, marketing and informational materials). I further declare that my consent meets all conditions specified in Article 7 of the GDPR, including the right to withdraw my consent at any time. The request for consent was presented clearly and understandably, and I have been informed about its revocability. I have also been informed that the data are collected by Medical Center Your Med at Magazynowa 9/13 street in Warsaw, the purpose of collection, the voluntary nature of providing data, the right to review and correct them, and that the data will not be shared with other entities without my explicit prior request.
(patient’s signature)
* Regulation (EU) 2016/679 of the European Parliament and of the Council dated April 27, 2016, on the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
INFORMATION CLAUSE ON THE MANDATORY PROCESSING OF PERSONAL DATA RELATED TO MEDICAL SERVICES
1. Data Processing Delegation
The Data Controller delegates the processing of personal data to the Processing Entity, pursuant to Article 28 of the General Data Protection Regulation dated April 27, 2016 (hereinafter referred to as “the Regulation”). The Processing Entity agrees to process the personal data in accordance with this agreement, the Regulation, and all other applicable laws protecting the rights of individuals whose data is being processed.
2. Scope and Purpose of Data Processing
The Processing Entity shall process data provided under this agreement, including first name, last name, address, PESEL, Passport no., medical history, and photographic documentation, solely to fulfill this agreement.
3. Responsibilities of the Processing Entity
The Processing Entity commits to secure the personal data by applying appropriate technical and organizational measures that provide a level of security appropriate to the risk, as specified in Article 32 of the Regulation. The Processing Entity also agrees to issue authorizations to employees for data processing and ensure data confidentiality both during and after their employment.
4. Right of Control
The Data Controller reserves the right to verify that the Processing Entity meets the agreement’s requirements and applies adequate measures for securing personal data, in accordance with Article 28(3)(h) of the Regulation.
5. Further Data Delegation
The Processing Entity may only further delegate data processing to subcontractors in order to fulfill this agreement, following the Data Controller’s prior written consent.
6. Liability of the Processing Entity
The Processing Entity is responsible for any unauthorized access or misuse of the personal data, as well as for informing the Data Controller of any administrative or judicial proceedings related to the data, per this agreement.
7. Duration of the Agreement
This agreement is valid for 20 years from the date of its signing.
8. Termination of the Agreement
The Data Controller may immediately terminate this agreement if the Processing Entity fails to address any control deficiencies or processes the data inconsistently with the terms.
9. Confidentiality
The Processing Entity agrees to maintain the confidentiality of all information, data, materials, documents, and personal data received from the Data Controller.
10. Final Provisions
In matters not regulated by this agreement, the Civil Code and the Regulation shall apply.
I acknowledge having read the above information clause.
(patient’s signature)
Language Clause
This agreement has been drafted in both Polish and English versions. In the event of any discrepancies between the two versions, the Polish version shall be deemed the binding text.