Information on GDPR

In connection with the implementation of the requirements of the Regulation of the European Parliament and of the Council of the EU 2016/679 of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/49/EC (General Data Protection Regulation "GDPR"), we inform you that the Administrator of your personal data are medical entities: Diagdent Polska Sp. z o.o., ul. Sądowa 14/1A, 50-046 Wrocław, KRS 0001064129, REGON 526697293, NIP 8971928708, CBCT Sp. z o.o., 03-253 Warszawa, ul. Białołęcka 166D, KRS: 935996, REGON: 520643089, NIP: 5242930030 and CBCT Polska Sp. z o.o., 02-439 Warszawa, ul. Zdobnicza 8, KRS: 936013, REGON: 520643333, NIP: 5223215013 hereinafter referred to as the "Administrator".

The Administrator, in accordance with Article 37(1)(a) of the GDPR, has appointed a Data Protection Supervisor, who can be contacted via the following e-mail address: or by writing to the correspondence address: Diagdent Polska Sp. z o.o., ul. Sądowa 14/1A, 50-046 Wrocław.

Your data is processed in order to protect your health, provide medical and diagnostic services, manage the provision of health services, contact you as our patient, as well as to release medical records to persons authorised by you. We also process data in connection with maintaining and ensuring the security of the ICT system in which medical records are processed.

The legal basis for processing the acquired data is:

  • Article 6(1)(b) or (c) of the GDPR and Article 9(2)(h) of the GDPR in connection with Article 3(1) of the Act on Medical Activity and Article 24 of the Act on Patient Rights and Patient Ombudsman and the Regulation of the Minister of Health on types, scope and models of medical records and the manner of their processing.
  • Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act and other specific provisions
  • Article 6(1)(f) of the GDPR


Additionally, legal regulations require the Administrator to process data for statistical, accounting or tax purposes. Your data is processed only to the extent related to the above purposes.

The data may be disclosed to persons authorised by the Administrator, e.g., physicians, radiology technicians who are employees or associates of the Administrator, as well as other entities acting on our behalf, e.g., electronic medical records software providers, IT service providers on the basis of a data entrustment clause.

We do not share your data with other recipients except those authorised by law.

The obligation to provide data results from relevant provisions of the law, including the Act of 6 November 2008 on Patient Rights and Patient Ombudsman and the Act of 27 August 2004 on health care services financed from public funds. Providing personal data is voluntary; however, it is a statutory condition for the Administrator to keep records, including medical records, in the manner prescribed by law, including the identification of your identity. Therefore, failure to provide the data may result in refusal to book an appointment, registration or to provide health care services - refusal to provide the data will prevent the Administrator from providing health care services.

The purpose of processing personal data in the form of contact data is to establish contact through the use of a telephone number or e-mail address in order, for example, to confirm or cancel an appointment, which constitutes the legitimate interest of the Personal Data Controller (ADO) (Article 6(1)(f) of the GDPR). If you do not provide your telephone number and/or e-mail address, the Administrator cannot refuse to provide you with a health service; however, the provision of this data facilitates your use of the services by enabling us to contact you regarding the provision of services.

The Administrator does not intend to transfer your data to a third country or to international organisations.

Your data will be stored no longer than necessary, i.e., until the expiry of the archiving period regulated by separate regulations on drawing up, processing and archiving medical records.

In relation to the Administrator's processing of your personal data, you are entitled to:

  • The right of access to your personal data (Article 15 of the GDPR);
  • The right to rectify your personal data (Article 16 of the GDPR);
  • the right to request the erasure of data in cases referred to in Article 17(1), subject to the exceptions laid down in Article 17(3) of the GDPR;
  • The right to request the restriction of data processing in the cases set out in Article 18 of the GDPR;

In relation to the processing of personal data by the Administrator, you have the right to lodge a complaint with the DPA if you consider that the processing of your personal data violates the provisions of the General Data Protection Regulation of 27 April 2016.

On the basis of the personal data provided, the Administrator will not make automated decisions towards you as a result of profiling.

Diagdent - Pracownie Radiologii Stomatologicznej i Laryngologicznej
We accept:

Diagdent on social media:
© Diagdent - All rights reserved