Privacy Policy

„SKIN-MEDIDERM II Kamila Stachura, Albert Stachura S.C.” with registered office in Szczecin

This Privacy Policy aims to explain the most important rules and information regarding the processing of your personal data in our company, i.e. “SKIN-MEDIDERM II Kamila Stachura, Albert Stachura S.C.” with registered office in Szczecin – in connection with the obligations imposed on the Administrator of personal data by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on free movement of such data and repealing Directive 95/46 / EC (general regulation on data protection – hereinafter “GDPR”) of 27 April 2016 (Journal of Laws EU No. 119, p. 1), as well as applicable national regulations.

§ 1
Administrator of personal data

Please be advised that the controllers of your data (on a co-administration basis) are Ms. Kamila Stachura and Mr Albert Stachura, who run a business in the form of a civil law partnership under the name “SKIN-MEDIDERM II. Kamila Stachura, Albert Stachura S.C.” with its registered office in Szczecin at ul. Jagiellońska 87U / 2, 70-437 Szczecin, having REGON: 360401390 and NIP: 8513180595.

Contact with Administrators can be made by phone: 0048 535 350 055 or by e-mail at: biuro@klinikadrstachura.pl

Current contact details for Administrators can also be found on our website: klinikadrstachura.pl

§ 2
Categories and types of processed data

The following types of your personal data may be processed by us as their Controllers, in the collections indicated below (categories):

Customers:

  • identification data: name and surname, date of birth, PESEL number, or numbers from other registers or records; contact details: home address, email address, phone number; data collected and processed for the purpose of providing services by Administrators as part of a civil law partnership, including the provision of medical services or other services provided by them, and necessary to perform all activities related to the planned or provided provision, as well as to meet legally justified obligations Administrators – 
  • in particular data on the state of health, treatment history, dates, type and scope of services provided so far, test results, biometric data (e.g. anatomical features, body dimensions, image, photographs of parts of the body or specific areas before and after the procedure) . 
  • data collected and processed for accounting and tax purposes as well as investigation or defence against claims – 
  • data regarding the date, type, number of services rendered and the price for individual services, as well as the date and manner of its settlement; data collected and processed in connection with the functioning monitoring system at the registered office of the Administrators’ civil partnership – the image registered while the person was in this facility;

Persons authorized to access medical records:

  • identification data: name and surname, PESEL (personal identification number), possibly ID number and address of residence;
  • data collected and processed in connection with the functioning monitoring system at the headquarters of the Administrators’ civil partnership – the image registered while the person was in this facility;

Counterparties, potential counterparties and their representatives:

  • identification data: name and surname, company, PESEL, NIP, or numbers from other registers or records; contact details: business address, e-mail address, telephone number; data collected and processed for accounting and tax purposes, investigation or defence against claims, compliance with legally justified obligations by Administrators – 
  • data regarding the date, type, quantity and prices of services or goods purchased or sold under legal relations between Administrators and their Contractors, and also the date and method of financial settlements, 
  • data on enforcement proceedings (e.g. in the case of attachment of claims); 
  • data collected and processed in connection with the functioning monitoring system at the registered office of the Administrators’ civil partnership – the image registered while the person was in this facility;

Employees and associates and candidates for employees or associates:

  • identification data: name and surname, date of birth, social security number, tax identification number, or numbers from other registers or records; contact details: residence or stay address, telephone number, or e-mail address; 
  • data collected and processed in order to conclude and perform a contract with an employee or associate, including compliance with legally justified obligations by Administrators – in particular: 
  • data on the occupation, employment history, education held or acquired rights, including courses and training, 
  • data on pending enforcement proceedings (in the case of receivables classes), information on the state of health (in the field of occupational medicine); information on family members to the extent necessary for health insurance and other social benefits; 
  • data collected and processed in connection with the functioning monitoring system at the headquarters of the Administrators’ civil partnership – the image registered while the person was in this facility;

§ 3
Sources of obtaining personal data

Personal data of the clients of our company (from the category: Clients) are obtained by us directly from you or possibly from an authorized person when booking the visit or during it, and then also during the performance of the service ordered by you (e.g. when performing medical consultation, making a diagnosis, performing an examination or performing an operation, or performing a service other than a medical service on your behalf). Customers’ personal data may also be made available to us via the Known Doctor website – upon your express request to contact our facility. 

We would like to inform you that we do not collect Customer data from third parties in an aggregate or random manner (e.g. by acquiring entire databases of potential customers), and thus we can obtain your data from a third party only at your express request and unequivocally Your will to contact us. We obtain the data of Persons authorized to access medical records directly from clients – based on the relevant authorizations given to us by clients given to these persons in the above scope. 

Personal data thus obtained above as a consequence, the authorized person are only part of the documentation of the client and are not separately processed outside this documentation. 

Data of Contractors, potential contractors and representatives of contractors are obtained by us directly from you, as well as from publicly available sources (including those made available by Contractors for marketing and advertising purposes). 

Data of employees, co-workers and candidates for employees or co-workers are obtained by us directly to you, but they can also be provided to us by third parties in connection with the recruitment process.

§ 4
Purpose of processing data

Your data may be processed by us as Controllers for the following purposes:

providing health services, including keeping medical records, concluding and performing contracts for the provision of medical services (regarding the category: Customers) – the basis for processing is art. 6 clause 1 lit. b), c) or d) GDPR and art. 9 item 2 lit. c) or h) GDPR in connection with from art. 3 clause 1 of the Act on medical activity and art. 24 of the Act on Patient Rights and the Ombudsman for Patient Rights and the Regulation of the Minister of Health on the types, scope and models of medical documentation and how to process it, and moreover Art. 6 clause 1 lit. a) and art. 9 item 2 lit. a) GDPR – if the data subject has also consented to their processing in this regard;

providing other services than medical services / e.g. cosmetic services / cosmetology services, including conclusion and performance of contracts in this area and keeping documentation regarding such services (regarding category: Customers) – art. 6 paragraph 1 point b) or d) GDPR, and moreover Art. 6 clause 1 lit. a) and art. 9 item 2 lit. a) GDPR – if the data subject has also consented to their processing in this regard;

provision of healthcare and management of healthcare systems and services / among others for identification purposes for the purposes of registration and provision of health services / (regarding category: Customers) – the basis for processing is art. 6 clause 1 lit. b), c) or d) and art. 9 item 2 lit. c) or h) GDPR in connection with from art. 3 clause 1 of the Act on medical activity and art. 24 and 26 of the Act on Patient Rights and the Patient Ombudsman, §10 para. 1 point 2 of the Regulation of the Minister of Health on the types, scope and models of medical documentation and the method of its processing, art. 32 in relation from art. 3 clause 1 of the Act on the information system in healthcare, and moreover Art. 6 clause 1 lit. a) and art. 9 item 2 lit. a) GDPR – if the data subject has also consented to their processing in this regard; 

providing social security and management of social security systems and services / among others in order to issue medical exemptions and certificates / (regarding the category: Customers) – the basis for processing is art. 6 clause 1 lit. b), c) or d) and art. 9 item 2 lit. c) or h) GDPR in connection with from art. 3 clause 1 of the Act on medical activity and art. 24 of the Act on Patient Rights and the Patient Ombudsman and Art. 54 of the Act on cash benefits from social insurance in the event of sickness and maternity, and moreover Art. 6 clause 1 lit. a) and art. 9 item 2 lit. a) GDPR – if the data subject has also consented to their processing in this regard;

conducting an interview and making a medical diagnosis (regarding the category: Customers) – the basis for processing is art. 6 clause 1 lit. b) or d) and art. 9 item 2 letter h) GDPR in connection from art. 3 clause 1. the Act on medical activity and Art. 24 of the Act on Patient Rights and the Patient Ombudsman, and moreover Art. 6 clause 1 lit. a) and art. 9 item 2 lit. a) GDPR – if the data subject has also consented to their processing in this regard;

implementation of preventive healthcare (regarding the category: Customers) – the legal basis for processing is art. 6 clause 1 lit. d) and art. 9 item 2 lit. h) GDPR in connection from art. 3 clause 2 of the Act on medical activities and Art. 24 of the Act on Patient Rights and the Patient Ombudsman, and moreover Art. 6 clause 1 lit. a) and art. 9 item 2 lit. a) GDPR – if the data subject has also consented to their processing in this regard;

exercising patient rights, including the right to appoint a person authorized to access the patient’s medical records or to obtain information about his health by an authorized person (regarding categories: Customers, Persons authorized to access the medical records) – the legal basis for processing is Art. 6 clause 1 lit. c), d) or f) and art. 9 item 2 lit. h) GDPR in connection from art. 26 section 1 of the Act on Patient Rights and the Patient Ombudsman and § 8 para. 1. Ordinance of the Minister of Health on the types, scope and models of medical documentation and the method of its processing, and moreover Art. 6 clause 1 lit. a) and art. 9 item 2 lit. a) GDPR – if the data subject has also consented to their processing in this regard;

providing contact with customers through the available means of communication for purposes related to the services rendered and customer service / e.g. confirmation of the visit, cancellation of the visit, postponing the date of the procedure, reminding about the control, informing about the availability of test results, etc. / (regarding the category: Customers) – the basis for processing is art. 6 clause 1 letter b), c), d) or f) and art. 9 item 2. lit. c) or h) GDPR, and moreover Art. 6 clause 1 lit. a) and art. 9 item 2 lit. a) GDPR – if the data subject has also consented to their processing in this regard;

conclusion and performance of contracts with Administrator’s contractors (regarding categories: Contractors, potential contractors and their representatives) – the basis for processing is art. 6 clause 1 lit. b) or f) GDPR, and moreover Art. 6 clause 1 lit. a) GDPR – if the data subject has also consented to their processing in this regard;

performance of the duties and rights of the employer or principal, including the conclusion and implementation of contracts with employees and associates of Administrators as part of their civil partnership (regarding the category: Employees and associates and candidates for employees or associates) – the basis for processing is art. 6 clause 1 lit. b) or f) and art. 9 item 2 lit. h) GDPR, and moreover Art. 6 clause 1 lit. a) and art. 9 item 2 lit. a) GDPR – if the data subject has also consented to their processing in this regard;

identification and pursuit of claims and defence against claims arising from the activities of the Administrators (regarding categories: Clients; Contractors, potential contractors and their representatives; Employees and associates and candidates for employees or associates) – the basis for processing is Art. 6 clause 1 lit. b) or f) GDPR, and moreover Art. 6 clause 1 lit. a) GDPR – if the data subject has also consented to their processing in this regard;

keeping accounting books and tax documentation, the basis for processing is art. 6 clause 1 lit. b) or f) GDPR in connection with the provisions of the Accounting Act, the Tax Ordinance Act and special provisions in the field of tax law, 

and moreover art. 6 clause 1 lit. a) GDPR – if the data subject has also consented to their processing in this regard; ensuring the safety of persons and property using monitoring cameras, recording the image and behaviour of persons staying in the premises of the controllers’ civil partnership (regarding categories: Customers; Contractors, potential contractors and their representatives; Employees and associates and candidates for employees or associates) – the basis for processing is art. 6 clause 1 lit. f) GDPR.

§ 5
Reasons for processing your data by our company and the basis for this processing

Providing your personal data to Administrators is voluntary, but it is necessary for the implementation of the contract between the data subject (possibly the entity that this person represents) and the Controllers, or for the Controllers to take actions related to the conclusion of such a contract. In the case of customer data using medical services offered by Administrators as part of a civil law partnership, providing personal data, as well as any data of persons authorized to access medical records, results from the need for Administrators to maintain relevant documentation performed in the abovementioned services and benefits, including the maintenance of the aforementioned medical documentation required by applicable law. 

Please be advised that failure to provide the necessary personal data by you may result in the inability to conclude an agreement or even start activities aimed at concluding such an agreement on the part of the Administrators, and, consequently, the inability to perform for you the service offered by the Administrators as part of their civil partnership. The basis for the processing of your personal data for the purposes referred to in § 4 paragraph 1. this Privacy Policy, are cited there in detail, for each of the purposes listed therein, the provisions of the GDPR Regulation (related to individual national provisions due to the specificity of the services provided). We would like to inform you that the processing of your personal data on our part, as a rule, does not require your consent, because it finds sufficient, independent basis only in applicable law. Regardless of this state of affairs, we would still like to process your personal data with your additional consent, granted to us on your part in writing in a conscious and explicit manner. To this end, we have prepared a special form for you in this regard, asking you kindly to give us the said consent when using it. 

We would like to inform you that your consent to the processing of your personal data by us is fully voluntary, and failure to provide it (or withdrawal of consent in the future) will only result in the processing (or continuing processing) of your data in under other grounds resulting from applicable law, if it has substantive justification. 

§ 6
Time of processing personal data

Your personal data may be processed, including stored and archived, for a period not longer than necessary for the purposes for which they were made available and collected – in particular, regarding data constituting medical documentation, they will be processed for a period of which is mandatory to keep medical records on the basis of applicable law. On the other hand, regarding other processed data (unless they are inseparably connected with medical documentation) they will be processed until the expiry of the limitation periods for mutual claims of data subjects and the controllers’ claims, as well as for the period of possible enforcement of such claims, and for the period , in which it is mandatory to keep accounting and tax documentation on the basis of applicable law, including during the limitation period for tax obligations arising from the activities carried out by Administrators, or these data will be processed until another legally justified moment of ending the storage of personal data.

Please be advised that the data processed as part of the monitoring system operating at the headquarters of the Controllers’ civil partnership (for the purpose described in § 4 item 13 above), will be stored for no longer than one month and in the absence of a basis for their further legitimate use, will be permanently deleted in automatically, as a result of overwriting recorded recordings in the so-called loop.

§7
Your rights in relation to the processing of personal data by our company

Please be advised that in connection with the processing of your personal data by us within the civil law partnership we run, you have the following rights:

  • the right to access your personal data – in accordance with art. 15 GDPR;
  • the right to rectify your personal data – in accordance with art. 16 GDPR;
  • the right to delete your personal data – in accordance with art. 17 GDPR and in the circumstances indicated there;
  • the right to limit the processing of your personal data – in accordance with art. 18 GDPR and in the circumstances indicated there;
  • the right to transfer your data – in accordance with art. 20 GDPR and in the circumstances indicated there;
  • the right to lodge a complaint to the President of the Office for Personal Data Protection in connection with a possible violation of personal data protection on the part of their Administrators;
  • right to withdraw your consent to the processing of personal data at any time (if such consent was previously granted) – without affecting the validity of the processing that was made on the basis of such consent before its withdrawal and without affecting the right to further processing of personal data on a different legal basis ;
  • the right to object to the processing of your personal data in relation to the processing carried out for purposes arising from the legitimate interests of the Controllers (i.e. carried out on the basis of art.6 par.1 letter f) GDPR); 

§ 8
Entrusting the processing of personal data

Please be advised that the personal data of our civil law clients may be entrusted for processing to entities cooperating with us as Administrators in the implementation of services offered by us as part of a civil law partnership, in particular to our subcontractors.

At the same time, all personal data processed by us as their Administrators can be entrusted to law firms providing legal services to our business, entities providing HR, payroll, accounting and accounting services to our benefit, as well as suppliers of IT systems used to support our business, as well as entities in the IT industry, providing technical support and service of the IT infrastructure we possess to conduct our business – and only to the extent necessary for the proper and full performance by these entities of their contractual obligations on our behalf. 

§ 9
Recipients and transfer of personal data

Your personal data may be transferred by us, as Controllers, only to entities authorized to receive them under applicable provisions, e.g. authorized public authorities, as well as persons authorized by you to access your medical documentation.

We would like to inform you that, apart from the situations referred to in the previous sentence, as the Controllers of your data, we do not transfer the data in question to any other recipients who could process it on their own behalf, for their own purposes and for their own purposes.

We also inform that your personal data will not be transferred, as a rule, outside the territory of the Republic of Poland, in particular they will never be transferred to third countries, i.e. to countries outside the European Economic Area.

§ 10
Automated decision making, including personal data profiling

Please be advised that your personal data will not be subject to automated decision making, including profiling.

§ 11
Cookies on our website

Please be advised that the website of our company klinikadrstachura.pl uses the so-called cookies. These are files containing information stored on the user’s end device – such as your computer or smartphone, which can be read by the IT system of Administrators. Cookies help Administrators develop their website by collecting statistics on the use of the site, or they can be used to remember the preferences of users visiting our company’s website and to properly secure it. Cookies used by our website are not combined with your personal data, nor do they adversely affect your end devices. The cookies we use can be deleted at any time, and to do this you should use the option menu in your web browser. We would like to inform you that in the absence of your consent to the use of cookies on our website, some of the functionality of our website may be unavailable or not work properly.

§ 12
Safety of personal data

In connection with the processing of your personal data by us as their Administrators, we kindly inform you that we use appropriate technical and organizational measures (including, among others, physical and IT protection measures) so that your data remains secure and is properly protected. In particular, your personal data is protected by us against accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to this data by unauthorized persons.