phone

+48 530 266 209

calendar

Book an appointment

logo
logo
phone

+48 530 266 209

calendar

Book an appointment

PRIVACY POLICY

§1. Personal Data Controller

The controller of personal data is:
One and Only Clinic
ul. gen. Władysława Andersa 24/U2
80-175 Gdańsk, Poland
E-mail: info@ooclinic.pl

§2. Data Protection Officer

The Controller has appointed a Data Protection Officer:
Dr. Andrzej Marek Kisiel
E-mail: iod@oneandonlyclinic.pl

§3. Scope of Processed Data

The Controller processes both ordinary personal data and special category data, including:

  • first and last name,
  • contact details (e-mail address, phone number),
  • information provided in contact and registration forms,
  • medical data and health-related information,
  • identification data required by medical law,
  • IP address, statistical data, and information contained in cookies – Please review our Cookie Policy.

§4. Medical Data – Article 9 GDPR

  1. Health-related information constitutes special category data under Article 9 of the GDPR.
  2. Such data is processed solely for the following purposes:
    • providing healthcare services,
    • maintaining medical documentation,
    • fulfilling patient rights,
    • ensuring continuity of treatment.
  1. The legal basis for processing medical data is Article 9(2)(h) GDPR in connection with national legislation.
  2. Access to medical data is restricted to authorized personnel bound by confidentiality obligations.

§5. Patient Rights

  1. Patients are entitled to rights arising from the GDPR and the Act of 6 November 2008 on Patient Rights and the Ombudsman for Patient Rights.
  2. In particular, patients have the right to:
    • access their medical records,
    • obtain information about their health condition,
    • confidentiality of information relating to them,
    • object to the processing of their data for marketing purposes,
    • withdraw consent at any time (if processing is based on consent).
  3. The exercise of patient rights is carried out in accordance with applicable law.

§6. Medical Documentation

  1. The Controller maintains medical documentation in compliance with applicable legal requirements.
  2. Documentation is kept in paper or electronic form.
  3. All records are protected against unauthorized access and data loss.
  4. Access is granted only to authorized persons.

§7. Retention and Archiving Periods

  1. Medical records are stored for periods required by law, in particular:
    • 20 years – standard retention period for medical documentation,
    • 30 years – in the event of a patient’s death due to bodily injury or poisoning,
    • 10 years – for X-ray images stored outside medical records,
    • 5 years – for referrals and orders.
  2. Personal data processed for other purposes is stored for as long as necessary to achieve the purpose or until consent is withdrawn.

§8. Data Recipients

Personal data may be shared with entities cooperating with the Controller, in particular:
IT and hosting service providers, accounting and administrative support entities, and entities authorized under applicable law.

§9. Rights of Data Subjects

Individuals whose data is processed have the rights granted under the GDPR, including the right to access, rectify, restrict processing, transfer data, object, and lodge a complaint with the President of the Personal Data Protection Office (UODO).

§10. Final Provisions

This Privacy Policy is effective as of its publication on the Controller’s website and may be subject to future updates.