The controller of personal data is Medikar Care Spółka z ograniczoną odpowiedzialnością, Sp. k., ul. Sielecka 22, 00-738 Warsaw, Poland, NIP (tax payer’s ID number): 5213753312. Data protection is carried out in accordance with generally applicable regulations and data is stored on secure servers.
The term “GDPR” means the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing of Directive 95/46/EC.
We respect your right to privacy and we care about data security. For that purpose, we use a secure communication encryption protocol (SSL), among other things.
This website performs the function of acquiring information about users and their behaviour in the following ways:
By means of information that has been voluntarily entered into forms (such data is treated as confidential and is not visible to unauthorised persons).
By means of cookie files (cookies) stored on terminal devices
By means of collecting web server logs by the hosting operator Ogicom Spider Sp. z o.o. S.K.A., operating at www.ogicom.pl
Processing of personal data
This website collects information which has been provided voluntarily by the user.
This website may also save information about the parameters of a connection (time code, IP address).
Data provided in the form can constitute a collection of potential customers, registered by the Website Operator in a register kept by the Inspector General for Personal Data Protection.
Data provided in the form are processed for purposes resulting from the function of a specific form, e.g. to process a service request or a sales contact.
Data provided in the forms may be transmitted to entities providing the technical delivery of certain services – this applies in particular to the transmission of information about the holder of a registered domain to entities which are Internet domain operators, payments handling services or other entities with which the Website Operator cooperates in this area.
The recipients of your personal data can include technical, organizational and marketing service providers who facilitate the effective provision of services including health services and the purchase of medical equipment in the online store, and legal and consulting service providers.
Data controller – users
A service provider is the controller of its customers’ data. This means that if you have filled out and sent one of the forms available on www.medikarhomecare.pl, we are processing the data provided there.
A service provider is also the controller of data of persons signed upf for a newsletter and persons who have requested to receive marketing information.
Personal data is processed:
under protection of personal data regulations,
to the extent and for the purpose necessary to make and shape the content of the Contract, amend or terminate the Contract and to effectively perform the Services provided by electronic means,
to the extent and for the purpose necessary to fulfil legitimate interests (legally justified purposes), and such processing does not breach the rights and freedoms of the data subject:
to the extent and for the purpose consistent with a consent expressed by the User, if the User has signed up for the newsletter,
to the extent and for the purpose consistent with a consent expressed by the User, if the User has agreed to marketing communications.
Any data subject (if we are the controller of such data) has the right to access, rectify, delete or restrict the processing of data, the right to object and the right to file a complaint with the supervisory authority.
The person supervising the processing of personal data in the Organization of the Service Provider can be contacted electronically to the e-mail address: firstname.lastname@example.org.
We reserve the right to process User’s data after the provision of Services has ended or the consent has been withdrawn, only to the extent for the purposes of pursuing any claims before a Court, or where national or EU legislation or international law oblige us to retain data.
The Service Provider has the right to share User’s personal and other data with authorised entities under relevant provisions of law (e.g. enforcement agencies).
Personal data can be deleted as a result of the withdrawal of consent or filing of a legally allowed objection to the processing of personal data.
We have implemented data encryption and have access control in place to minimize the consequences of any data security breaches.
Personal data is processed exclusively by persons authorized by us or processors with whom we work closely.
Data controller – Patients
Data will be processed for the purpose of providing health services including keeping medical records and managing the service provision process on the following basis:
Article 6(1)(c) and Article 9(2)(h) of the GDPR* in connection with Article 25(1) of the Act on patient’s rights and patient’s rights ombudsman of 6 November 2008 and Article 10(1)(2) of the Regulation of the Minister of Health of 9 November 2015 on the types, extent and templates of medical records and the way they should be processed for the purpose of identification prior to the provision of a service, in particular the verification of data when making appointments over the phone and personally.
Article 3(1) of the Act on healthcare institutions of 15 April 2011 for the purpose of providing health services.
Article 9(2)(h) of the GDPR* in connection with Article 24(1) of the Act on patient’s rights and patient’s rights ombudsman of 6 November 2008 and the Regulation of the Minister of Health of 9 November 2015 on the types, extent and templates of medical records and the way they should be processed for the purpose of keeping and storing medical documentation.
Article 6(1)(c) of the GDPR* in connection with Article 9(3) and Article 26(1) of the Act on patient’s rights and patient’s rights ombudsman of 6 November 2008 and Article 8(1) of the Regulation of the Minister of Health of 9 November 2015 on the types, extent and templates of medical records and the way they should be processed for the purpose of revoking and archiving authorization to access medical records and providing information about health condition.
Article 6(1)(f) of the GDPR* for the purpose of pursuing the legitimate interests of the Controller, in particular telephone confirmation or cancellation of a medical appointment.
Article 6(1)(c) of the GDPR* in connection with Article 74(2) of the Act of 29 September 1994 on accounting, for the purpose of processing accounting and tax documents including: bookkeeping and invoicing for services rendered, which may result in the need for the processing of personal data.
The recipient of your personal data may be technical and organisational service providers who facilitate the provision of health services (e.g. equipment suppliers, courier companies) and providers of legal and consulting services.
The data will be stored for a period as required by law for medical records (at least 20 years) and for tax and accounting documents (5 years) and for the period of limitation for claims resulting from the civil code.
You have the right to access, amend, move and delete your personal data, and the right to restrict the processing and the right to object.
You have the right to complain to the supervisory authority if you find that the processing of personal data is in breach of the Regulation.
Your provision of personal data arises from the provisions of law and it is necessary for health services to be provided. Your refusal to provide the data will prevent us from providing health services. Entering your phone number and email address is voluntary, and failure to provide them will result in the inability to cancel an appointment when required.
The information collected include IP address, type of browser used, language, type of operating system, Internet service provider, time and date, location, and information sent to the website through the contact form.
The collected data is used to monitor and check how users interact with our websites in order to improve the functioning of the website by providing a more efficient and seamless navigation. We monitor information about users by using the Google Analytics tool, which registers user behaviour on the website.
We use the following cookies on our website:
“indispensable” cookies which enable the use of services available on the website, e.g. authentication cookies used for services that require authentication on the website;
cookies used to ensure security, e.g. used to detect authentication abuse on the website;
“performance” cookies, enabling the collection of information on how pages of the website are used;
“functional” cookies, enabling the “memorization” of settings selected by the user and personalization of user’s interface, e.g. regarding user’s selected language or region, font size, website appearance etc.;
“advertising” cookies, making it possible to provide users with advertising contents more suited to their interests.
The user can disable or restore the option of collecting cookies at any time by changing the settings in his or her web browser. Cookie management guide is available on: http://www.allaboutcookies.org/manage-cookies
Additional personal data such as email address is collected only in areas where the user has clearly consented to that by filling out a form. We retain and use the data mentioned above only for purposes necessary to perform a specific function.