+48 530 266 209

Privacy Policy

1. General Provisions 

This Privacy Policy outlines the rules for processing personal data by One & Only Clinic sp. z o.o., located at Gen. Wł. Andersa 24/U1, 80-175 Gdańsk (hereinafter referred to as One & Only Clinic). The data controller is One & Only Clinic. Contact details:

Email: info@ooclinic.pl
Phone: +48 530 266 209
Mailing Address: Gen. Wł. Andersa 24/U1, 80-175 Gdańsk, Poland.

2. Definitions

Controller – The entity responsible for processing personal data.

Personal Data – Information relating to an identified or identifiable natural person.

Clinic – A medical entity providing healthcare services managed by One & Only Clinic.

Patient – A person using the Clinic’s services, including those booking appointments online or contacting the Clinic through website forms, as well as legal guardians of persons using the Clinic’s services.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

Data Protection Officer (DPO) – A person appointed by the Controller to handle matters related to personal data processing and the exercise of associated rights. The DPO can be contacted as follows:

  • By mail: Address of the Controller with the note “DPO.”
  • By email: info@ooclinic.pl

3. Purpose of Data Processing

Patients’ personal data are processed for the following purposes: enabling online appointment bookings and management, contacting patients regarding inquiries and appointment confirmations, providing medical services, including maintaining medical records, sending newsletters, promotional materials, and updates (based on patient consent), analyzing website traffic and conducting marketing activities.

4. Types of Data Collected 

  • Website Data: Name, surname, email address, phone number, appointment details (e.g., preferred dates).
  • Medical Data: Medical history, test results, health status—processed exclusively to provide medical services.
  • Technical Data: IP address, cookies, website activity data.

5. Legal Basis for Data Processing

Data processing is based on:

  • Article 6(1)(b) GDPR: Performance of a contract (medical services).
  • Article 6(1)(c) GDPR: Legal obligations (e.g., maintaining medical records).
  • Article 6(1)(a) GDPR: Patient consent (e.g., for marketing).
  • Article 6(1)(f) GDPR: Legitimate interests (e.g., marketing analysis, retargeting).

6. Data Retention Period

  • Medical Data: Stored as required by law for 20 years from the last visit to the Clinic.
  • Consent-Based Data: Stored until consent is withdrawn.
  • Other Personal Data: Retained for five years from the end of the year in which they were provided.

7. Patients’ Rights 

Patients have the right to:

  1. Object to the processing of data for marketing purposes based on the Controller’s legitimate interest.
  2. Withdraw consent for data processing.
  3. Access their personal data.
  4. Request rectification of personal data.
  5. Request deletion of personal data, except where the Controller is legally required to retain them.
  6. Request restriction of data processing.
  7. Transfer data to another controller, provided it is technically feasible.

To exercise these rights, contact the Data Protection Officer. Patients also have the right to lodge a complaint with the supervisory authority for personal data protection, i.e., the President of the Personal Data Protection Office (PUODO).

8. Recipients of Personal Data

Your data may be shared with:

  1. Entities processing data on behalf of the Controller, e.g., IT and hosting service providers, dental laboratories, courier companies (if applicable),
  2. Providers of analytical and marketing tools (e.g., Google Analytics, Facebook Pixel),
  3. Entities authorized by law,
  4. Entities authorized by the patient on explicit instruction.

9. Cookies and Tracking Technologies

The website uses cookies for: Proper website functionality, Personalizing content, Analyzing traffic, Optimizing marketing campaigns. Users can manage cookie settings in their browser or or set their cookie preferences on our website using our Cookie Policy.

10. Marketing Data Processing

Patients’ data may be used to send commercial and marketing information (newsletters) based solely on expressed voluntary consent. Patients can withdraw consent at any time by sending an email to: info@ooclinic.pl, specifying the data to be deleted.

11. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or damage.

12. Changes to the Privacy Policy

We reserve the right to amend the Privacy Policy. Changes will be published on the Clinic’s website.

13. Contact

For inquiries or requests related to personal data processing, please contact: E-mail: info@ooclinic.pl , Mailing Address: Ul. Gen. Wł. Andersa 24/U1, 80-175 Gdańsk.