LIFE sp. z o.o. spółka komandytowa
- Personal Data Administrator
LIFE sp. z o.o. spółka komandytowa, located at ul. Grzybowska 43A U8/U9, 00-855 Warsaw, is the administrator of data.
- Data Protection Officer
A Data Protection Officer has been appointed and can be contacted for all matters regarding the processing of personal data and the execution of your rights connected to the processing of data.
The Data Protection Officer may be reached at firstname.lastname@example.org
- The Categories of Data Processing
For the purposes of specialist services, we collect and process standard personal data and specific categories of data.
Your standard personal data that we process include the following: first name (names) and surname, PESEL (personal identity number), age, gender, language, date of birth, address, e-mail address, telephone number, image.
Additionally, we require specific data referring to your state of health (current and historic), in particular, but not limited to the results of your biological material analysis. Your medical records may also include genetic and biometrical data, as well as data referring to your mental condition including addictions.
- The Purposes of Processing your Personal Data and the Legal Grounds for Processing
For the purposes of rendering medical services we process your personal data within specific categories, pursuant to, primarily, Article 9 para. 1 and 2 of the Regulation 2016/697 (hereinafter referred to as GDPR). We process data of standard categories pursuant to Art. 6 para. 1 of the GDPR.
We process your personal data for the following purposes:
- to provide you coverage under a medical care contract,
- to prepare and manage your medical records,
- to settle financial obligations with you, and or entities which are expected to pay for medical services provided to you, on your behalf even if in part, including, if necessary, debt collection and submitting a court claim,
- to handle your complaints (if filed),
- to provide you materials promoting our products and services,
- to fulfil the obligation to store certain data, pursuant to special provisions of the law,
- to prepare reports, statements and statistical analyses taking into account your data,
- to fulfil obligations resulting from regulations referring to public statistics,
- to defend against legal claims connected with failing to perform or with performing an improper medical procedure,
- to pursue recourse claims against our associates, contractors, as well as an insurance company, which insures our legal liability in connection with the payment of compensation, punitive damages or benefit to you or your relatives,
- to prove the fulfilment of an obligation referring to a medical services contract concluded with you, or for you before tax authorities,
- to ensure your safety by conducting video monitoring of our facilities.
The legal basis for processing your personal data is the following:
- Medical care contract (the agreement on the basis of which a medical service has been rendered to you) – Art. 9 para. 2 (h) GDPR.
- Legitimate interest of the Personal Data Controller involving the following: direct marketing of our services (including profiling), pursuing claims, particularly referring to the medical care contract, defending against legal claims, as well as ensuring the safety of persons and property, Art. 6 para. 1 (f) GDPR.
- Legal provisions – Art. 6 para. 1 (c) GDPR.
- Consent to process common categories of personal data (should you grant it) – Art. 6 para. 1 (a) GDPR and the consent to process special categories of personal data (should you grant it) – Art. 9 Para. 2 (a) GDPR.
- Information on Profiling
On the basis of some of your personal data we conduct profiling, which is an automatic assessment of certain personal characteristics pertaining to you. The outcome of this assessment we shall hereinafter call a profile.
Profiling enables us to better choose the materials to communicate and promote our activity. Based on your profile, we will select appropriate informational and promotional materials.
We use the following data for profiling purposes: patient’s number, first name (names), surname, age, gender, language, date of birth, address, facilities visited, types of purchased products, data source and IP address.
In addition, when profiling, we take into account statistical data on the behavior on websites and mobile applications, the use of the patient portal, as well as preferences expressed on our websites and applications.
The data you provide will not be subject to automated decision-making.
- Personal Data Retention Period
Data connected to any service contracts created will be stored for the period of 5 years, commencing the end of the calendar year during which the tax payment is required.
As a general principle, data included in the medical records will be stored for the period of 20 years, commencing the end of the calendar year in which the last entry in the records was made. Exceptions to this rule are specified in the Act of 6 November 2008 on Patient’s Rights and the Patient’s Rights Spokesman.
In an case of processing data due to our legitimate interest, we shall process them until an efficient objection shall be filed.
The retention period of data processed with the support of a video monitoring system shall not exceed 30 days, unless the video recordings constitute evidence in a proceeding, or it is deemed that it may constitute as evidence. In such an instance their retention period shall be prolonged until the final termination of the proceedings.
- Personal Data Recipients
The recipients of your personal data shall be the following:
- Medical entities or entities rendering medical care activities, to enable continuation of treatment or financial settlement of the service provided.
- Entities which, on the basis of separate agreements, cooperate with us in order to ensure professional medical care.
- Service providers, ensuring technical and organizational solutions for us, enabling us to manage and provide medical care, auditors, controllers or entities legally authorized to control the medical care rendered or to control medical records.
- Legal offices and law firms supporting us.
- Your Rights
With regard to the data processing you are entitled to the following rights:
- the right to access personal data,
- the right to request correction of personal data,
- the right to request the deletion of personal data (only when we shall not be legally obliged to process them),
- the right to limit the processing of personal data in specified cases,
- the right to transfer personal data,
- the right to object to the processing, on grounds relating to a particular situation,
- the right to withdraw consent if we asked you to grant it (this does not influence the right to processing made prior to its withdrawal).
In order to execute these rights, please contact our data protection officer.
You also have the right to lodge a complaint with the supervisory authority for the protection of personal data, i.e., the President of the Office for Personal Data Protection (at ul. Stawki 2, 00-193 Warsaw).
- The Obligation of Submitting Data
Your personal data are necessary to provide you coverage under a medical care contract and to fulfil legal requirements. Processing of data is our legal obligation resulting from the accounting and tax regulations. Failure to submit them may lead to such situations as the inability to issue an invoice or a personal receipt.
Consent to the processing of personal data for specified purposes is completely voluntary.