In connection with the implementation of obligations under Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (the “General Data Protection Regulation”) (“RODO”), we would like to inform you about the principles of processing of your personal data and your rights in this regard:

  1. The controller of your personal data is Klinika Osipowicz & Turkowski sp. z o.o. based in Warsaw, address: ul. Bartycka 24B/U1, 00-716 Warsaw, having tax identification number (NIP): 5213873364 and REGON: 384091580, entered in the register of entrepreneurs kept by the District Court for the m. st. Warsaw, XIII Commercial Department of the National Court Register under KRS number: 0000798762, entered in the Register of Entities Performing Medical Activities kept by the Mazovian Governor (W-14) under registration book number 000000214025 (“Administrator”);
  2. The Administrator has appointed a Data Protection Officer. The Data Protection Officer is responsible for all matters related to the Administrator’s processing of personal data. If you have questions about the manner or scope of the processing of your personal data in the course of the Administrator’s activities, or about your rights in connection therewith, you may contact the Supervisor by letter to the following address Klinika Osipowicz & Turkowski sp. z o.o., ul. Bartycka 24B/U1, 00-716 Warsaw or by email to rodo@klinikaotco.pl;
  3. The Administrator processes your personal data for the following purposes:
    1. Reservation of a health care appointment (Article 6(1)(b) of the DPA), which concerns basic identification data (name, email address, telephone number). The aforementioned. the data is stored by the Administrator until the service is provided, and if the service is not provided, for a period of up to 3 months from the scheduled date of the service;
    2. To conclude and execute a contract for the provision of health services (Article 6(1)(b) RODO and Art. 9 paragraph. 2(h) RODO), which applies to ordinary data (name, surname, date of birth,
      PESEL, gender designation, type, series and number of identity document, address of residence, e-mail address, telephone number, data including name, surname, telephone number, address of residence of next of kin, name and surname and address of residence of legal representative) and sensitive data (data on health, genetic data; the Administrator may also process data revealing racial or ethnic origin, revealing religious beliefs, concerning the place of work or data on family status). The aforementioned. data are kept for the archiving period of medical records indicated in Art. 29 of the Law of November 6, 2008. On Patient Rights and Patient Ombudsman, i.e. essentially for 20 years;
    3. Exercise of the patient’s rights (Art. 6(1)(c) RODO and Art. 9 paragraph. 2(c) and (h) RODO), which relates to health information and the maintenance, archiving of
      and sharing of medical records. The aforementioned. data are kept for the archiving period of medical records indicated in Art. 29 of the Law of November 6, 2008. On Patient Rights and Patient Ombudsman, i.e. essentially for 20 years;
    4. Execution of the contract for delivery of the newsletter “Newsletter” via https://klinikaotco.pl (Article 6(1)(b)) RODO), which applies to ordinary data (email address). The aforementioned. data are stored for the period of performance of the contract for the provision of the newsletter “Newsletter”.

    In addition to the aforementioned. purposes The Administrator processes personal data only for the purpose of fulfilling the Administrator’s legal obligations (Article 6(1)(c) of the DPA), among others. arising under tax law and the fulfillment of the Administrator’s legitimate interests (Article 6(1)(f) RODO), including but not limited to. (i) transfer of data to the payment operator in connection with the provision to the Administrator of the service of making available the infrastructure for handling payments over the Internet, handling and settlement of payments made by patients over the Internet using payment instruments, verification of the due performance of contracts concluded with the Administrator, in particular, ensuring the protection of the interests of payers in connection with complaints filed by them, (ii) to analyze the quality of services provided by the Administrator by directing surveys requesting information, (iii) to establish, assert or defend against claims, (iv) to offer services provided by the Administrator, which shall be for the period necessary for their realization, and thereafter, for the period and to the extent required by generally applicable law.

    In other cases, your personal data is processed only on the basis of previously granted consent in the scope and purpose specified in the content of the consent;

  4. The Administrator shall keep your personal data confidential and secure them from unauthorized access by third parties in accordance with the principles set forth in applicable regulations;
  5. Personal data is collected when ordering services or purchasing products from https://klinikaotco.pl, using the services offered by the Administrator , as well as when
    Communication with the Administrator or its representatives;
  6. Your personal data will not be processed by automated means and will not be profiled;
  7. The recipients of your personal data are the Administrator’s employees and associates, i.e. persons with whom the Administrator cooperates for the purpose of performing professional duties, external service providers, i.e. entities whose services are used by the Administrator in processing your data, e.g. providers of ICT or payment services, including Krajowy Integrator Płatności S.A. based in Poznań (Tpay operator), as well as other independent recipients, i.e. entities processing data on behalf of the Administrator on the basis of an agreement for entrustment of personal data processing, institutions authorized to control the Administrator’s activities or entities entitled to obtain personal data on the basis of separate regulations;
  8. Your personal data will not be transferred to a third country (outside the European Economic Area) or to an international organization;
  9. You have the following rights:
    1. access to personal data concerning you, rectification (correction), completion if incomplete, deletion or restriction of processing, data portability, and receipt of a copy;
    2. to object to the processing;
    3. file a complaint with the President of the Office for Personal Data Protection against the Administrator if you believe that the processing of your data violates the law;
    4. in the case where the processing of data is based on your consent, withdrawal of consent to the processing of personal data (withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal);
  10. where the processing of personal data is based on your consent, your provision of data is voluntary. However, refusal to give your consent to the processing of your personal data may result in a refusal to perform a service or take another action. Provision of your data is mandatory if the basis for processing is a provision of law or a contract between the parties.