DENTAL WHITE ADVANCED STOMATOLOGY CENTER
PRIVACY POLICY OF THE SERVICE www.dentalwhite.pl (hereinafter: the Website)
This PRIVACY POLICY defines the rules for the processing and protection of personal data provided by you – users or patients of the Website – in connection with the provision of health services and using the services of ordering products through the Website.
DEFINITIONS
Website – means the website where the Center runs the website, operating in the domain: nazwa.pl
User – means an entity for which electronic services may be provided or with which a contract for the provision of electronic services may be concluded.
Patient – means a person applying for health services or using health services
According to Art. 13 of the General Regulation of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of personal data, we present the following information:
Data controller:
The administrator of your personal data is Dental White Centrum Stomatologii Advanced – Dentist Michał Jonasz, ul. Klonowicza 2 / U3, 01-228 Warszawa (hereinafter referred to as the Center)
Contact regarding the processing of personal data:
In all matters related to the processing of personal data, please contact us at the following e-mail address: m.jonasz@dentalwhite.pl or correspondence address: ul. Klonowicza 2 / U3, 01-228 Warszawa, or contact the Center directly.
Sources and method of obtaining data:
The website obtains information about users, patients and their behavior in the following way:
Through voluntarily entered data in forms
By collecting “cookies” [see COOKIES POLICY].
Scope of collected personal data:
The data provided in the forms are processed for the purpose resulting from the function of a specific form, in particular in order to process the selection and purchase of the product, information contact
Purposes and basis of personal data processing:
Personal data is processed:
Based on the consent expressed by the user or patient;
For the performance of a contract with a user or patient.
Providing health services for the protection of health and life (also remotely), in particular making a medical diagnosis, providing health care, treatment, ensuring preventive healthcare, and made available to other entities for this purpose
Fulfillment of other legal obligations incumbent on the Administrator related to the conducted medical activity (in particular, keeping accounting books and tax obligations, for archival, scientific and statistical purposes)
Protection of the vital interests of patients, including ensuring the safety and protection of property and counteracting the effects of a pandemic
Establishing, investigating or defending claims
Implementation of other legitimate interests of the Administrator for internal administrative purposes
Conducting communication in electronic channels
The basis for the processing of your personal data are, in particular, the following legal provisions:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data;
Act of November 6, 2008 on the rights of the patient and the Patient’s Rights Ombudsman (Journal of Laws of 2017, item 1318, as amended).
Act of December 5, 1996 on the professions of doctor and dentist (Journal of Laws of 2017, item 125, as amended).
Act of 15 April 2011 on medical activities (Journal of Laws of 2018, item 160, as amended)
Act of September 29, 1994 on accounting;
Act of 16 July 2004 Telecommunications Law;
Act of July 18, 2002 on the provision of electronic services.
Provision of personal data:
Personal data may, to a certain extent, be transferred to the following recipients:
Persons performing the medical profession, employed or cooperating with the Administrator, other persons performing auxiliary activities in the provision of health services,
Entities providing the Administrator with services in the field of ICT solutions,
Medical entities cooperating with the Administrator to ensure the continuity of treatment and the availability of health services,
Providers of technical and organizational services for the Administrator that enable the provision of health services (in particular to suppliers and entities specialized in providing technical support for ICT systems and medical equipment), as well as courier and postal companies
Entities providing legal, advisory, financial and accounting services to the Administrator
Other entities entrusted by the Administrator with the processing of personal data for purposes related to its activity
Other entities authorized to receive personal data on the basis of applicable law.
Transferring data outside the European Union:
Personal data is not transferred outside the European Union.
Data profiling
The data is not processed in an automated manner, including profiling.
The period of personal data processing:
Keeping medical records – in most cases for a period of 20 years from the end of the calendar year in which the last entry was made; in some cases over a longer period (e.g. 30 years for patient death) or over a shorter period (e.g. 2 or 5 years for referrals);
Keeping accounting books and tax obligations – for a period of 5 years from the end of the calendar year in which the tax obligation arose;
Fulfilling other legal obligations incumbent on the Administrator, related to the conducted medical activity, including the implementation of patients’ rights – until these obligations are fulfilled;
Determination, investigation or defense of claims – in the period necessary to defend these claims to the extent provided for by specific legal provisions;
Based solely on consent – until the consent is withdrawn, unless there is any other legal basis for processing or there is no other ground to stop processing;
Communication in electronic channels – until the consent is withdrawn;
Implementation of other legitimate interests pursued by the Administrator – until an objection is raised, unless there is an overriding legally justified basis for processing.
If an additional consent is given, which details the scope of data processing, then the data is processed from the moment of giving consent until its withdrawal. After the required deadlines, personal data is deleted.
Obligation to provide personal data:
The use of the Website’s services is voluntary. However, in accordance with applicable law, we are obliged to keep medical, financial and accounting records, which include the identification of the user or patient along with their specific personal data.
The obligation to provide personal data by the patient is regulated by the Act on Patient Rights and the Patient Ombudsman.
Due to the tax and registration (accounting) obligation, failure to provide relevant data results, in particular, in the inability to issue an invoice / personal invoice.
The data we obtain on the basis of additional consent is an e-mail address and telephone number. Failure to do so results in the inability to send a message reminding you of the date of receipt of the ordered products.
Rights of persons whose data is processed:
We provide the right to access data, rectify it, request its removal or limit its processing, provided, however, that other legal provisions do not provide otherwise.
The data contained in the form may be viewed by the natural person who placed it there. The use of the above rights is possible by contacting the following e-mail address: jonasz@dentalwhite.pl or correspondence address: ul. Klonowicza 2 / U3, 01-228 Warsaw, or contact us directly at the Center.
It is possible to lodge a complaint to the Personal Data Protection Office about the mode and manner of personal data processing in the event of failure to comply with the provisions on the protection of personal data.
Security of personal data processing
In the interest of the security of your personal data, we have developed internal procedures and recommendations to prevent disclosure of data to unauthorized persons. We control their performance and constantly check their compliance with the relevant legal acts – the Act on the protection of personal data, the Act on the provision of electronic services, as well as all types of implementing acts and Community law.
Links to other websites may appear on the Website. Such websites operate independently of the Website and are not supervised by the Website in any way. These websites may have their own privacy policies and regulations, which we recommend that you read.
If in doubt about any of the provisions of this Privacy Policy, please contact the data provided on the Website in the CONTACT tab.
We reserve the right to introduce changes to the Website Privacy Policy, due to the development of the Website, Internet technology and changes in the law regarding the processing and protection of personal data.
Updated on December 17, 2020