In connection with the implementation of the requirements of the Regulation of the European Parliament and of the Council of the EU 2016/679 of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/49/EC (General Data Protection Regulation "GDPR"), we inform you that the Administrator of your personal data is: CBCT Sp. z o.o., 03-253 Warszawa, ul. Białołęcka 166D, KRS: 935996, REGON: 520643089, NIP: 5242930030 and CBCT Polska Sp. z o.o., 02-439 Warszawa, ul. Zdobnicza 8, KRS: 936013, REGON: 520643333, NIP: 5223215013 hereinafter referred to as the "Administrator".
The Administrator, in accordance with Article 37(1)(a) of the GDPR, has appointed a Data Protection Supervisor, who can be contacted via the following e-mail address: email@example.com or by writing to the correspondence address: CBCT Sp. z o.o., 03-253 Warszawa, ul. Białołęcka 166D or CBCT Polska Sp. z o.o., 02-439 Warszawa, ul. Zdobnicza 8.
Your data is processed in order to protect your health, provide medical and diagnostic services, manage the provision of health services, contact you as our patient, as well as to release medical records to persons authorised by you. We also process data in connection with maintaining and ensuring the security of the ICT system in which medical records are processed.
The legal basis for processing the acquired data is:
Additionally, legal regulations require the Administrator to process data for statistical, accounting or tax purposes. Your data is processed only to the extent related to the above purposes.
The data may be disclosed to persons authorised by the Administrator, e.g., physicians, radiology technicians who are employees or associates of the Administrator, as well as other entities acting on our behalf, e.g., electronic medical records software providers, IT service providers on the basis of a data entrustment clause.
We do not share your data with other recipients except those authorised by law.
The obligation to provide data results from relevant provisions of the law, including the Act of 6 November 2008 on Patient Rights and Patient Ombudsman and the Act of 27 August 2004 on health care services financed from public funds. Providing personal data is voluntary; however, it is a statutory condition for the Administrator to keep records, including medical records, in the manner prescribed by law, including the identification of your identity. Therefore, failure to provide the data may result in refusal to book an appointment, registration or to provide health care services - refusal to provide the data will prevent the Administrator from providing health care services.
The purpose of processing personal data in the form of contact data is to establish contact through the use of a telephone number or e-mail address in order, for example, to confirm or cancel an appointment, which constitutes the legitimate interest of the Personal Data Controller (ADO) (Article 6(1)(f) of the GDPR). If you do not provide your telephone number and/or e-mail address, the Administrator cannot refuse to provide you with a health service; however, the provision of this data facilitates your use of the services by enabling us to contact you regarding the provision of services.
The Administrator does not intend to transfer your data to a third country or to international organisations.
Your data will be stored no longer than necessary, i.e., until the expiry of the archiving period regulated by separate regulations on drawing up, processing and archiving medical records.
In relation to the Administrator's processing of your personal data, you are entitled to:
In relation to the processing of personal data by the Administrator, you have the right to lodge a complaint with the DPA if you consider that the processing of your personal data violates the provisions of the General Data Protection Regulation of 27 April 2016.
On the basis of the personal data provided, the Administrator will not make automated decisions towards you as a result of profiling.