Polityka prywatności
Entity Corten Medic Tomasz Sikora, ul. Xawerego Dunikowskiego 10, 02-784 Warsaw, NIP number 521 145 49 01, as a representative of the Entities from the Medea Regina Sp. z o. o. (hereinafter jointly also referred to as CM CORTEN MEDIC) and other entities of CM CORTEN MEDIC, fulfilling the obligations arising from the applicable provisions of law on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), would like to provide you with information regarding the processing and protection of your personal data.
WHO IS THE ADMINISTRATOR OF YOUR PERSONAL DATA?
- For people using the facility’s services:
- at st. Pasaż Ursynowski 9, Warsaw; st. Krakowskie Przedmieście 24/26, Warsaw; st. Makolagwy 21, Warsaw; st. Modzelewskiego 58, Warsaw; st. Etiudy Revolutionary 48, Warsaw, st. Roentgena 46/10 Warsaw, st. Szkolna 6, Milanowek; st. Gomulińskiego 2, Pruszkow; st. Beliny Prażmowskiego 33A, Radom; st. Królowej Jadwigi 21/4, Radom, st. Wojska Polskiego 78, Zwolen; st. Zagnańska 84b, Kielce; st. Olszewskiego 21, Kielce; – the administrator of personal data is Tomasz Sikora running a business under the name Corten Medic Tomasz Sikora with its registered office in Warsaw at ul. Xawerego Dunikowskiego 10, Warsaw 02-784 (hereinafter referred to as “Corten Medic”).
- at st. Mikołaja Kopernika 10, Ciechanów; st. Targowa 25, Hrubieszów; al. Marszałka Józefa Piłsudskiego 43/44, Mława; st. Ignacego Jana Paderewskiego 14b, Nowy Dwór Mazowiecki; st. Nowy Swiat 38, Lublin; st. Fabryczna 11/5, Lublin; al. Legionów 3/7, Kielce; st. Jacka Malczewskiego 29, Radom; st. Królowej Jadwigi 21/4, Radom; st. Władysława Beliny-Prażmowskiego 33A, Radom; st. Belgradzka 4/U10, Warsaw; st. Makolagwy 21, Warsaw; st. Mehoffera 29, Warsaw; st. Radiowa 1A, Warsaw; st. Radzymińska 250, Warsaw; st. Rawska 4, Warsaw; st. Modzelewskiego 58 Warsaw; st. Krakowskie Przedmieście 24/26, Warsaw; st. Pasaż Ursynowski 9, Warsaw; st. Etiudy Revolutionary 48, Warsaw; st. Kijowska 1, Warsaw (hereinafter referred to as “Corten Dental”).
- at st. Kijowska 1 – the administrator of personal data is Corten Medic Praga Tomasz Sikora Sp. j. with its registered office in Warsaw at st. Kijowska 1, 03-738 Warsaw (hereinafter referred to as “Corten Medic Praga”).
- at al. Legionów 3/7 – the administrator of personal data is Medika Sp. z o. o. with its registered office in Kielce at al. Legionów 3/7, 25-035 Kielce (hereinafter referred to as “Medika”).
- at st. Ignacego Krasickiego 29N – the data administrator is Corten Medic Sp. z o. o. with its registered office in Nowa Iwiczna at st. Ignacego Krasickiego 29N, 05-500 Nowa Iwiczna (hereinafter referred to as “Corten Medic Spółka”).
- at st. Młynarska 26/28 – the data administrator is Paragon Sp. z o. o. with its registered office in Warsaw at st. Młynarska 26/28, 01-171 Warsaw (hereinafter referred to as the “Receipt”).
- In relation to the contractors of the Entities from the Medea Regina Sp. z o. o. and their representatives (suppliers and recipients of services and products, excluding patients) – co-administrators of personal data jointly determining the purposes and methods of data processing are: Corten Medic Tomasz Sikora, Corten Medic Praga Tomasz Sikora Sp. j., Corten Dental Sp. z o.o., Medika Sp. z o.o., Corten Medic Sp. z o.o., and Paragon Sp. z o. o.
- For candidates applying for employment offers in Entities from the Medea Regina Sp. z o. o. – co-administrators of personal data jointly determining the purposes and methods of data processing are: Corten Medic Tomasz Sikora, Corten Medic Praga Tomasz Sikora Sp. j., Corten Dental Sp. z o.o., Medika Sp. z o.o., Corten Medic Sp. z o.o., and Paragon Sp. z o. o.
- For persons who submitted their data in connection with receiving the newsletter – the co-administrators of personal data jointly determining the purposes and methods of data processing are: Corten Medic Tomasz Sikora, Corten Medic Praga Tomasz Sikora Sp. j., Corten Dental Sp. z o.o., Medika Sp. z o.o., Corten Medic Sp. z o.o., and Paragon Sp. z o. o.
- For persons who make appointments via the Appointment Appointment functions – the co-administrators of personal data jointly determining the purposes and methods of data processing are: Corten Medic Tomasz Sikora, Corten Medic Praga Tomasz Sikora Sp. j., Corten Dental Sp. z o.o., Medika Sp. z o.o., Corten Medic Sp. z o.o., and Paragon Sp. z o. o.
- For persons contacting in matters related to the protection of personal data via the contact form and e-mail – the co-administrators of personal data jointly determining the purposes and methods of data processing are: Corten Medic Tomasz Sikora, Corten Medic Praga Tomasz Sikora j., Corten Dental Sp. z o.o., Medika Sp. z o.o., Corten Medic Sp. z o.o., and Paragon Sp. z o.
PERSONAL DATA PROTECTION INSPECTOR, CONTACT WITH CM CORTEN MEDIC
In matters relating to the protection of personal data in each of the Entities of the Medea Regina Sp. z o.o., you can contact:
- by e-mail: biuro@cortenmedic.pl,
- using the phone: (+48) 22 270 30 30,
- by post: st. Xawerego Dunikowski 10, (02-784) Warsaw
- using the contact form available on the website www.cortenmedic.pl
And with the Inspector of Personal Data Protection, additionally also by e-mail: iod@cortenmedic.pl.
WHAT PERSONAL DATA COLLECTS AND PROCESSES CM CORTEN MEDIC?
CM CORTEN MEDIC collects and processes personal data to the extent necessary to achieve the purpose for which they were collected.
Depending on the purpose and legal basis for collecting and processing personal data, CM CORTEN MEDIC may collect and process, among others: the following data:
- identifying data, including but not limited to: name, surname, PESEL number, date of birth;
- contact details, including but not limited to: address, telephone number, e-mail address;
- dane zbierane i przetwarzane do postawienia diagnozy i przeprowadzenia procesu leczenia, w tym w szczególności dane dotyczące stanu zdrowia, z zastrzeżeniem, że dotyczy to wyłącznie osób korzystających ze świadczonych przez CM CORTEN MEDIC usług medycznych.
PROCESSING OF PATIENTS’ PERSONAL DATA
If you use the services provided by CM CORTEN MEDIC facilities (including you are patients of the facilities), the given administrator (determined in accordance with point I above) processes your data for the following purpose:
- in order to conclude and perform a contract for the provision of medical services and medical activity, including the provision of health services or for the purposes of preventive health care or occupational medicine, including the assessment of the employee’s ability to work. The legal basis for data processing is Art. 6 sec. 1 lit. b and c, art. 9 sec. 2 lit. h GDPR and specific provisions regarding health protection (e.g. the Act on Patient Rights and the Patient Ombudsman and its executive acts),
- in order to confirm the patient’s identity before providing the service (by phone, at reception desks and in the doctor’s office). The legal basis for data processing is Art. 6 sec. 1 lit. b, art. 9 sec. 2 lit. h GDPR,
- to ensure social security and to manage social security systems and services, e.g. issuing certificates or sick leaves. The legal basis for data processing is Art. 9 sec. 2 letter h of the GDPR in connection with specific provisions regarding health protection,
- in order to fulfill the obligations incumbent on the Administrator, e.g. in the field of archiving medical records, issuing and storing invoices and accounting documents, responding to complaints and fulfilling other legal obligations incumbent on the Administrator. The legal basis for data processing is Art. 6 sec. 1 lit. c GDPR,
- in order to implement the legitimate interests of the Administrator, e.g. to pursue claims by the Administrator or defend against such claims, marketing of products and services, analytical activities, confirmation or cancellation of medical consultations, informing about the possibility of receiving test results and other activities constituting the legitimate interests of the Administrator. The legal basis for data processing is Art. 6 sec. 1 lit. f GDPR,
- for other activities for which you have given your consent to the processing of personal data, for the purpose and to the extent specified therein. The legal basis for processing is art. 6 sec. 1 lit. a GDPR and art. 9 sec. 2 lit. and the GDPR.
PROCESSING OF PERSONAL DATA OF CONTRACTORS
If you are contractors of Entities from the Medea Regina Sp. z o. o. (or their representatives), the given administrator (determined in accordance with point I above) processes your data for the following purpose:
- conclusion and implementation of the contract concluded with a given Entity from the Medea Regina Sp. z o. o. and maintaining relations, including by contacting representatives of the contractor – the legal basis for processing is art. 6 sec. 1 lit. b and f GDPR
- archival (evidence) which are the implementation of the legal obligation and the legitimate interest of a given Entity from Grupa Medea Regina Sp. z o.o., including the interest of securing information in the event of a legal need to prove facts regarding cooperation – the legal basis for processing is art. 6 sec. 1 lit. c and f GDPR
- in order to possibly determine, pursue claims and defend against claims for business activity being the implementation of a legitimate interest – the legal basis for processing is art. 6 sec. 1 lit. f GDPR
- keeping accounting books and tax documentation – the legal basis for processing is art. 6 sec. 1 lit. c GDPR
- responding to requests from relevant institutions regarding the provision of personal data – the legal basis for data processing is art. 6 sec. 1 lit. f GDPR
PROCESSING OF PERSONAL DATA OF PERSONS RECEIVING THE NEWSLETTER
- for purposes related to the handling of the newsletter, as well as for commercial and marketing purposes – the legal basis for data processing is art. 6 sec. 1 lit. and the GDPR
PROCESSING OF PERSONAL DATA OF APPLICANTS FOR POSITIONS AT CM CORTEN MEDIC
- for the purpose of recruitment – the legal basis for data processing is art. 6 sec. 1 lit. and the GDPR
WHERE DOES CM CORTEN MEDIC OBTAIN YOUR DATA?
- The data is obtained directly from you or from an authorized person – during the conclusion and performance of the contract, booking a visit, performing the service
- If you use the medical program as part of occupational medicine examinations, the data is obtained from your employer (in this case, in particular, data such as: name, surname, PESEL number, address of residence, position) are collected.
- If you use medical services under group insurance, the data is obtained from the entity that concluded the contract (in this case, in particular, data such as: name, surname, PESEL number are collected)
- If it is necessary to ensure the continuity of health services, data is obtained from other medical entities as part of providing access to medical records (in this case, in particular, data such as: name, surname, PESEL number, health data) are collected.
- In the case of establishing business contacts, the data is obtained directly from you or from the entity on behalf of which you are acting (in the case of data collected: name, surname, telephone number, e-mail address, job position)
IS IT NECESSARY TO PROVIDE YOUR DATA?
Providing your personal data is voluntary but necessary to conclude and perform the contract for the provision of medical services. Failure to provide them will make it impossible to perform services or conclude a contract. In the remaining scope, providing your personal data by you is voluntary, but it may limit the scope of the service (e.g. no confirmation of the visit by phone if you do not provide a contact telephone number, no possibility to register on-line, no possibility to issue an invoice).
TO WHOM CAN CM CORTEN MEDIC TRANSFER YOUR PERSONAL DATA?
Your personal data may be transferred to the necessary extent:
- entities processing personal data at the request of the administrator, in particular providers of technical and organizational services that enable the provision of health services by a given administrator (external entities providing ICT services, external entities providing IT support for a given administrator, including hosting companies in the field of data collection on external servers diagnostic equipment, courier and postal companies),
- insurance companies, including in the event of claims against a given data controller,
- providers of legal and advisory services of a given administrator,
- other medical entities in order to ensure the continuity of treatment, the availability of health services and to consult test results,
- public authorities to the extent and purposes resulting from the relevant provisions of law, including the National Health Fund, if the benefits are provided from public funds,
- family and relatives, if they have the appropriate authorization.
WILL YOUR DATA BE TRANSFERRED TO COUNTRIES OUTSIDE THE EUROPEAN ECONOMIC AREA (TO COUNTRIES OTHER THAN EUROPEAN UNION COUNTRIES AND ICELAND, NORWAY AND LIECHTENSTEIN)?
Entities from the Medea Regina Sp. z o. o. may transfer your personal data to countries outside the European Economic Area and international organizations, which is related to the scope of their activities and cooperation with various entities. CM CORTEN MEDIC ensures that the data will be transferred to countries for which the European Commission has issued decisions on their compliance with an adequate level of personal data protection and/or in compliance with all legal requirements, including on the basis of an appropriate agreement containing data protection clauses adopted by the Commission European Union, ensuring an appropriate method of securing the personal data transferred.
WHAT RIGHTS DO YOU HAVE IN RELATION TO DATA PROCESSING BY CM CORTEN MEDIC?
In connection with the processing of your personal data by CM CORTEN MEDIC, you have the following rights, which you can exercise in one of the ways indicated in point II above:
- the right to access the content of your data, as well as the right to rectify, delete, limit their processing, the right to object to the processing of personal data (to the extent that the data is processed on the basis of the legitimate interests of the data controller, i.e. Article 6 para. 1 letter f of the GDPR and in the event of the need to process them to perform a task carried out in the public interest or in the exercise of public authority entrusted to the data controller, Article 6 paragraph 1 letter e of the GDPR), as well as the right to transfer and rectify them in to the extent that the data is inconsistent with the facts,
- in the case of processing personal data on the basis of consent – the right to withdraw consent to the processing of personal data at any time, which will not affect the lawfulness of the processing of personal data, which was made on the basis of the consent received before its withdrawal,
- the right to lodge a complaint with the supervisory authority if it is found that data processing is unlawful.
WILL YOUR DATA BE TAKEN BY AUTOMATED DECISIONS (NO-HUMAN PARTICIPATION)?
In order to adjust the services, your personal data will be profiled, i.e. an automatic assessment will be made regarding your factors. During profiling, your data will not be processed in a fully automatic manner.