Privacy Policy
Privacy Policy of the ODONTO Dental Clinic
1. Data Controller
ODONTO Sp. z o.o., with its registered office at ul. Hanki Czaki 2, 01-588 Warszawa, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register (KRS) under the KRS number 0000798121, Tax Identification Number NIP 525-279-79-28, National Official Business Register Number REGON 384065602 is the controller of your data.
2. Contact Information
In matters that concern the processing of personal data, you can contact us at the following e-mail address: kontakt@odonto-klinika.pl, by phone: +48 22 545 62 43, or send a letter to our registered office address.
3. Scope of Data Processing
As part of our activities, we process the following categories of your personal data:
- Identification data: name, surname, PESEL number
- Contact details: home address, telephone number, e-mail address
- Medical data: medical history, test results, X-ray scans
- Information about appointments: visit dates, service booking data
- Financial data: information on payments and their types, bank account number (if applicable)
- Technical data: IP address, location data, cookies, activity data on the clinic’s website
4. Purpose and Legal Basis of Personal Data Processing
Your personal data are processed for the following purposes:
- Provision of healthcare services – pursuant to Article 9 item 2 letter h) of the GDPR (processing necessary for the purposes of preventive medicine, medical diagnosis, treatment and management of healthcare systems)
- Registration and management of appointments – including contacting you in matters related to the provision of services, to inform you about appointment dates, remind you about upcoming appointments, pursuant to Article 6 paragraph 1 letter b) of the GDPR (processing necessary for the performance of a contract)
- Patient service and communication – notifying changes in the clinic’s activities and managing patient relationships, pursuant to Article 6 item 1 letter f) of the GDPR (legitimate interest)
- Keeping medical records – in accordance with applicable laws and regulations, pursuant to Article 9 item 2 letter h) of the GDPR
- Financial and tax settlements – pursuant to Article 6 item 1 letter c) of the GDPR (fulfilling a legal obligation)
- Direct marketing of services – distribution of information about the facility’s services, new offers or promotions is based on the patient’s consent pursuant to Art. 6 item 1 letter a) of the GDPR (patient’s consent)
- Ensuring IT security – pursuant to Article 6 item 1 letter f) of the GDPR (legitimate interest)
5. Data Recipients
Your personal data may be transferred to the following categories of data recipients:
- Entities that cooperate with the data controller in the provision of healthcare services – in the field of IT services, data retention, analytics, marketing services
- Medical service providers cooperating with the healthcare facility – to the extent necessary to perform the requested tests or consultations
- Entities authorized under the law, including public administration bodies, where mandatory provisions of the law so provide
- Entities processing personal data on our behalf under the relevant data processing agreements
- Payment service providers – for online payment processing
6. Transfer of Data to Third Countries
Your personal data shall not be transferred outside the European Economic Area (EEA), unless it is necessary for the provision of the services. Such transfer shall be done in accordance with applicable legal regulations, ensuring an adequate level of personal data protection.
7. Retention of Personal Data
Your personal data shall be stored for the period of:
- Medical data: 20 years from the date of the last entry in the medical records, in accordance with applicable regulations
- Financial data: for the retention period required according to the provisions of the tax law (5 years from the end of the tax year)
- Data processed on the basis of consent: until such consent is withdrawn
8. Data Subject Rights
You have the right to:
- Access your personal data
- Request rectification of any data which is incorrect, incomplete or inaccurate
- Request deletion of your data (“right to be forgotten”) in cases specified by law
- Restrict the processing of your data
- Transfer your data
- Object to data processing where the processing is based on the legitimate interest of the data controller
- Withdraw consent to data processing if the processing is based on consent
- Submit a complaint to the supervisory authority – the President of the Personal Data Protection Office (PUODO)
9. Cookies and Other Web Tracking Technologies
Our website uses cookies and other web tracking technologies to improve the quality of the services provided, to tailor its content to your preferences and to analyze website traffic.
10. Data Security
We make every effort to ensure that your personal data is processed securely. Appropriate technical and organizational measures have been implemented, including data encryption, IT system security and staff training, to protect your personal data against unauthorized access, loss, destruction or modification.
11. Amendments to the Privacy Policy
This Privacy Policy may be updated from time to time to accommodate changes in the legal framework or the activities of the healthcare facility. All amendments shall be posted on our website and shall be made available at the ODONTO Dental Clinic.
12. Contact
Should you have any questions or concerns regarding the processing of your personal data, please contact us using the contact details provided above.
This Privacy Policy complies with applicable laws as at the publication date and may change if the current laws and regulations are amended or updated.
This document was last revised on: 11 August 2024