Following the entry into force of the Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and on repealing the directive of 27.04.2016 (hereinafter: GDPR), you are kindly requested to become familiar with the following information about the processing of your personal data.
I. PERSONAL DATA CONTROLLER
The role of the Personal Data Controller is performed by Krystyna Lubelska, Małgorzata Lubelska-Sazanów, Jakub Sazanów-Lubelski and Jerzy Lubelski, the partners acting under a civil-law partnership with a business name of SKIN LASER LUBELSCY MEDYCYNA ESTETYCZNA I DERMATOLOGIA - K.J.M.J. LUBELSCY s.c. in Katowice (40-092), at ul. Mickiewicza 14/2, hereinafter referred to as the “Personal Data Controller”.
The Personal Data Controller can be contacted via email: email@example.com or by traditional mail to the address of the Personal Data Controller’s head office.
II. THE PURPOSES OF AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
As a result of pursuing therapeutic activities for health-related purposes and providing medical services as well as other services by the Personal Data Controller, the Personal Data Controller processes your personal data for the following purposes:
|The purpose of personal data processing||The legal basis for data processing|
|- for the purpose of rendering medical services||Article 9, Section 2, point h) of the GDPR in connection with Article 3, Section 1 of the Act on therapeutic activities and Article 24 of the Act on Patients’ Rights and Patients’ Rights Ombudsman|
|- for the purpose of providing medical care and managing healthcare systems and services as part of medical services||
Article 9, Section 2, point h) of the GDPR in connection with Article 3, Section 1 of the Act on therapeutic activities and Article 24 of the Act on Patients’ Rights and Patients’ Rights Ombudsman
- for the purpose of executing a contract for service performance to which the client is a party
|Article 6, Section 1, point b) of the GDPR in connection with the Civil Code|
- for the purpose of fulfilling the legal obligations imposed on the Personal Data Controller, arising out of the provisions of law for tax and accounting purposes
Article 6, Section 1, point c) of the GDPR - fulfilling the legal obligations imposed on the Personal Data Controller, arising out of the provisions of tax law
|- for the purpose of possible establishment or pursuit of claims or defence against the same in connection with litigation and proceedings before public authorities or other proceedings, including those for the purpose of pursuing and defending against claims, in order to ensure safety and security||Article 6, Section 1, point f) of the GDPR - pursuing the Personal Data Controller’s legitimate interest arising out of the applicable provisions of law|
- for the purpose and to the extent specified in the consent to personal data processing, where the processing takes place based on such consent
|Article 6, Section 1, point a) of GDPR - when the processing of personal data is lawful under the Client’s consent|
III. CATEGORIES OF PERSONAL DATA
The Personal Data Controller shall process your personal data only within the categories necessary for the performance of medical and other services.
IV. PERSONAL DATA RECIPIENTS
Your personal data may be transferred to the following recipients or categories of recipients:
V. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
We shall not transfer your personal data outside the European Economic Area.
VI. THE PERIODS OF PERSONAL DATA PROCESSING
Your personal data will be processed for the period necessary to achieve the purposes indicated in point II.
VII. THE RIGHTS OF THE DATA SUBJECT
The Personal Data Controller ensures that all the persons whose personal data are being processed shall have appropriate rights resulting from the GDPR.
As a result, you have the following rights:
1. The right of access to the personal data – including the right to obtain a copy of such personal data;
2. The right to demand rectification (correction) of the personal data – in the event where the personal data are incorrect or incomplete
3. The right to demand removal of personal data (the so-called “right to be forgotten”) – in the event where:
4. The right to demand limitation of data processing – in the event where:
5. The right to transfer the personal data – in the event where:/p>
6. The right to revoke the consent for personal data processing:
you are entitled to revoke your consent to the extent it has been granted for the purpose of processing your personal data and where the processing takes place based on such consent. The revocation of consent shall not affect the lawfulness of data processing activities performed on the basis of such consent before it was revoked; moreover, we would like to inform you that, in a situation where the processing of personal data by the Personal Data Controller takes place based on the provisions of law rather than on the consent expressed, such consent may not be revoked;;
7. The right to lodge a complaint with a supervisory authority:
where the processing of your personal data by the Personal Data Controller is deemed to infringe the provisions of the GDPR, you have the right to lodge a complaint with the President of the Personal Data Protection Office.
VIII. INFORMATION ON THE REQUIREMENT/VOLUNTARINESS OF DATA PROVISION
In the event where the Personal Data Controller asks for consent to the processing of personal data (when the data can be processed on the basis of consent, e.g. for the purposes of sending the Newsletter), please be advised that the provision of your personal data is voluntary. Only such personal data should be provided, which you deem appropriate.