Klauzula informacyjna o przetwarzaniu danych osobowych

 

Following the entry into force of the Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and on repealing the directive of 27.04.2016 (hereinafter: GDPR), you are kindly requested to become familiar with the following information about the processing of your personal data.

I. PERSONAL DATA CONTROLLER

The role of the Personal Data Controller is performed by Krystyna Lubelska, Małgorzata Lubelska-Sazanów, Jakub Sazanów-Lubelski and Jerzy Lubelski, the partners acting under a civil-law partnership with a business name of SKIN LASER LUBELSCY MEDYCYNA ESTETYCZNA I DERMATOLOGIA - K.J.M.J. LUBELSCY s.c. in Katowice (40-092), at ul. Mickiewicza 14/2, hereinafter referred to as the “Personal Data Controller”.

The Personal Data Controller can be contacted via email: klinika@skin-laser.pl or by traditional mail to the address of the Personal Data Controller’s head office.

II. THE PURPOSES OF AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

As a result of pursuing therapeutic activities for health-related purposes and providing medical services as well as other services by the Personal Data Controller, the Personal Data Controller processes your personal data for the following purposes:

The purpose of personal data processing The legal basis for data processing
- for the purpose of rendering medical services Article 9, Section 2, point h) of the GDPR in connection with Article 3, Section 1 of the Act on therapeutic activities and Article 24 of the Act on Patients’ Rights and Patients’ Rights Ombudsman
- for the purpose of providing medical care and managing healthcare systems and services as part of medical services

Article 9, Section 2, point h) of the GDPR in connection with Article 3, Section 1 of the Act on therapeutic activities and Article 24 of the Act on Patients’ Rights and Patients’ Rights Ombudsman

- for the purpose of executing a contract for service performance to which the client is a party

Article 6, Section 1, point b) of the GDPR in connection with the Civil Code

- for the purpose of fulfilling the legal obligations imposed on the Personal Data Controller, arising out of the provisions of law for tax and accounting purposes

Article 6, Section 1, point c) of the GDPR - fulfilling the legal obligations imposed on the Personal Data Controller, arising out of the provisions of tax law

- for the purpose of possible establishment or pursuit of claims or defence against the same in connection with litigation and proceedings before public authorities or other proceedings, including those for the purpose of pursuing and defending against claims, in order to ensure safety and security Article 6, Section 1, point f) of the GDPR - pursuing the Personal Data Controller’s legitimate interest arising out of the applicable provisions of law

- for the purpose and to the extent specified in the consent to personal data processing, where the processing takes place based on such consent

Article 6, Section 1, point a) of GDPR - when the processing of personal data is lawful under the Client’s consent

 

III. CATEGORIES OF PERSONAL DATA

The Personal Data Controller shall process your personal data only within the categories necessary for the performance of medical and other services.

IV. PERSONAL DATA RECIPIENTS

Your personal data may be transferred to the following recipients or categories of recipients:

  1. The entities providing personnel / payroll / IT / security or other services for the Personal Data Controller – under a personal data processing outsourcing agreement.
  2. Public authorities and entities performing public tasks or acting on behalf or at their direction of public authorities – to the extent and for the purposes specified in the provisions of law.

V. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

We shall not transfer your personal data outside the European Economic Area.

VI. THE PERIODS OF PERSONAL DATA PROCESSING

Your personal data will be processed for the period necessary to achieve the purposes indicated in point II.

VII. THE RIGHTS OF THE DATA SUBJECT

The Personal Data Controller ensures that all the persons whose personal data are being processed shall have appropriate rights resulting from the GDPR.

As a result, you have the following rights:

1. The right of access to the personal data – including the right to obtain a copy of such personal data;

2. The right to demand rectification (correction) of the personal data – in the event where the personal data are incorrect or incomplete

3. The right to demand removal of personal data (the so-called “right to be forgotten”) – in the event where:

  1. the personal data are no longer necessary for the purpose(s) for which they were collected or otherwise processed;
  2. the data subject has filed a reasonable objection to the processing of such personal data;
  3. the data subject has revoked the consent for the processing of such personal data and there is no other legal basis for doing so;
  4. the personal data have been processed unlawfully;
  5. the personal data must be removed in order to comply with the obligation under the provisions of law;

4. The right to demand limitation of data processing – in the event where:

  1. the data subject contests the correctness of the personal data;
  2. pthe processing of the personal data is unlawful, and the data subject opposes their removal, demanding their limitation instead;
  3. the personal data controller no longer needs the personal data for its own purposes, but the data subject needs them to establish, defend or pursue claims;
  4. the data subject has objected to the processing of the personal data – until it is determined whether the Personal Data Controller’s legitimate grounds take precedence over the grounds for objection;

5. The right to transfer the personal data – in the event where:/p>

  1. the data are processed on the basis of a contract concluded with the data subject or on the basis of the consent expressed by the same.
  2. the personal data are processed with automatic tools;

6.  The right to revoke the consent for personal data processing:

you are entitled to revoke your consent to the extent it has been granted for the purpose of processing your personal data and where the processing takes place based on such consent. The revocation of consent shall not affect the lawfulness of data processing activities performed on the basis of such consent before it was revoked; moreover, we would like to inform you that, in a situation where the processing of personal data by the Personal Data Controller takes place based on the provisions of law rather than on the consent expressed, such consent may not be revoked;;

7. The right to lodge a complaint with a supervisory authority:

where the processing of your personal data by the Personal Data Controller is deemed to infringe the provisions of the GDPR, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

VIII. INFORMATION ON THE REQUIREMENT/VOLUNTARINESS OF DATA PROVISION

In the event where the Personal Data Controller asks for consent to the processing of personal data (when the data can be processed on the basis of consent, e.g. for the purposes of sending the Newsletter), please be advised that the provision of your personal data is voluntary. Only such personal data should be provided, which you deem appropriate.