Home/Privacy policy

Privacy policy

General information clause

Based on Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as GDPR, we would like to inform you that:
1. The administrator of your personal data is Centrum Medyczne Gizińscy Sp. z o. o. in Bydgoszcz, ul. Leśna 9A, 85-676 Bydgoszcz, phone: 52 345 50 80, e-mail address info@gizinscy.pl. You can contact us using the following methods: by post, by phone, by e-mail.
2. In all matters related to the processing and protection of your personal data, you can contact our Inspector of Personal Data Protection, Mr. Tomasz Powała at iod@gizinscy.pl
3. We process your ordinary and sensitive data in the following ways:
• Patient data: last name and first name(s), PESEL number, gender, date of birth, address of residence and residence, kinship (in the case of persons reported by a family member), data from the document confirming identity and all other information regarding the treatment process forming the documentation medical information, in particular information on health, as well as information on addictions, sexual preferences, or genetic data in the case of, and if the patient is a minor, completely incapacitated or incapable of giving informed consent – surname and first name(s) of the statutory representative and address of his place of residence, telephone number, e-mail address, identifiers and authorizations in IT systems (e-registration, e-results),
• Information about the persons authorized by the patient to obtain information about his health condition, access to medical records: name, surname, telephone number, relationship, address.
4. Your personal data is processed by the Administrator who is a medical entity in order to provide health care, treatment and preventive health care, as well as to manage health care systems and services. Your personal data is processed on the basis of legal provisions, in particular:
• para 6 (1)(c) and para 9(2)(h) GDPR in connection with para 25 (1) of the Act on Patient Rights and para 10 (1)(2) of the Regulation of the Minister of Health of November 9, 2015 on the types, scope and patterns of medical documentation and the method of its processing, in order to determine the patient’s identity, in particular by applying for medical care, verifying data when arranging a remote visit (e.g. via hotline, e-registration),
• para 9 (2)(h) GDPR in connection with para 24 (1) of the Act of November 6, 2008 on patient rights and the Ombudsman for Patients’ Rights and the Regulation of the Minister of Health of November 9, 2015 on the types, scope and templates of medical documentation and the method of its processing, in order to keep and store medical records,
• para 6 (1)(c) GDPR in connection with para 9 (3) and para 26 (1) of the Act on Patient Rights and para 8 (1) of the Regulation on documentation in order to exercise the patient’s rights, including receiving and archiving patient’s statements in which the patient authorizes other people to access medical documentation and to provide them with information about the state of health,
• para 6 (1)(b) and (f) of the GDPR (legitimate interest of the Administrator, which is patient care and more efficient management of the medical entity) in order to make contact at the telephone number or e-mail address provided, e.g. to confirm registration, remind or cancel the date, inform about the need to prepare for scheduled procedure or inform about the possibility of collecting tests,
• para 6 (1)(c) GDPR in connection with para 74 (2) of the Accounting Act of September 29, 1994 in order to issue, e.g. bills for the performance of services by 10 WSzK z P, which may involve the need to process personal data and pursue claims in this respect and defend the rights of 10 WSzK z P based on para 6 (1)(b) and (f) GDPR (the so-called legitimate interest of the Administrator),
5. Using the services of C.M. Gizińscy is fully voluntary. However, if you choose the services of our facility, C.M. Gizińscy as a medical entity, in accordance with applicable law, will be obliged to keep medical records, including identifying the patient using their data, or by issuing a bill. In this case, providing data is mandatory, and failure to provide data may result in refusal to book a visit or provide a health service (except for life-saving procedures). Providing the telephone number or e-mail address is voluntary – failure to provide this information, however, will not result in refusal to provide a health service, but then contact will be impossible.
6. You have the right to access your data, the right to rectify it, the right to object, delete, limit processing, the right to transfer data to another administrator, or if the processing is based on consent, the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal. If you want to use the above-mentioned rights – please send a request to the postal or e-mail address.
7. You also have the right to submit a complaint with the President of the Office for Personal Data Protection, if you believe that the processing of your personal data violates the provisions of the GDPR.
8. C.M. Gizińscy as the Administrator cares about the confidentiality of data. However, due to the need to fulfill the purpose of processing, exercise patient rights or ensure appropriate work organization, e.g. in the field of IT infrastructure, security of processed data, it may share data with entities with which it has concluded separate contracts for the provision of services, including: to the extent necessary to maintain the continuity of treatment and the availability of health care, entities of services supplying the Administrator with technical, IT and organizational solutions, enabling the provision of health services and their management, control entities or other entities authorized under the law.
9. Your data is not subject to automated decision making, including profiling.
10. Your personal data will not be transferred to a third country/international organization, i.e. outside the European Union.
11. Your personal data included in the medical documentation, in accordance with legal obligations, will be processed for a period of 20 years from the date of the last entry. If the data was processed in order to pursue claims (e.g. in debt collection proceedings), the data will be processed for this purpose for the period of limitation of claims, resulting from the provisions of the Civil Code. All data processed for accounting purposes and for tax reasons will be processed for 5 years from the end of the calendar year in which the tax obligation arose. After the expiry of the above-mentioned periods, the data is deleted or anonymised.