phone

+48 530 266 209

calendar

Book an appointment

logo
logo
phone

+48 530 266 209

calendar

Book an appointment

STANDARDS FOR THE PROTECTION OF MINORS

§1. Legal Basis and Purpose of the Document

The Standards for the Protection of Minors have been developed based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (RODO),
  • The Act of 13 May 2016 on the Protection of Personal Data,
  • The Act of 28 July 2023 amending certain acts to ensure the protection of minors (the so-called “Lex Kamilek”),
  • Provisions of medical law and patient rights.

The purpose of this document is to ensure special protection of personal data and the safety of minors using the services of One and Only Clinic.

§2. Definitions

  1. Minor – a person under 18 years of age.
  2. Legal representative – a parent or legal guardian of the minor.
  3. Special category data – data concerning health, including medical information.
  4. Staff – any person cooperating with the Controller, regardless of the form of employment.

§3. General Principles of Minor Protection

  1. The welfare of the minor is the highest priority.
  2. Any actions involving minors must comply with the law, ethical principles, and good practice.
  3. The processing of minors’ data for marketing purposes without explicit consent from their legal representative is strictly prohibited.

§4. Rules for Processing Personal Data of Minors

  1. Personal data of minors are processed only to the extent necessary to provide medical or aesthetic services.
  2. The legal basis for processing includes:
    • consent of the legal representative (art. 6 ust. 1 lit. a RODO),
    • a legal obligation of the Controller (art. 6 ust. 1 lit. c RODO),
    • protection of the vital interests of the minor (art. 6 ust. 1 lit. d RODO).
  3. Health-related data are processed in accordance with art. 9 ust. 2 lit. h RODO.

§5. Consent of the Legal Representative

  1. Before providing any service to a minor, consent from the legal representative must be obtained.
  2. Such consent must be:
    • voluntary,
    • informed,
    • explicit,
    • capable of being documented.
  3. The Controller may request proof of the legal guardian’s identity.

§6. Security Principles

  1. Minors’ data are protected against unauthorized access.
  2. All staff are obliged to maintain confidentiality.
  3. Documentation containing minors’ data is stored securely, preventing third-party access.

§7. Response to Threats

  1. Any suspected violation of a minor’s rights or safety must be immediately reported to the Controller or Data Protection Officer (DPO).
  2. The Controller takes corrective measures and, if necessary, reports the incident to the relevant authorities.

§8. Rights of Minors and Legal Guardians

  1. Rights under the GDPR are exercised by the legal representatives of minors.
  2. The Controller ensures transparent communication and enables the exercise of these rights..

§9. Staff Training

  1. The Controller ensures regular staff training on:
    • child protection,
    • recognizing signs of abuse or neglect,
    • safe interaction with minors,
    • data protection and medical confidentiality.
  2. Training takes place:
    • before staff are permitted to work with minors,
    • periodically, at least once every two years,
    • whenever legal regulations or internal procedures change.
  3. Training participation is formally documented.

§10. Final Provisions

These standards apply to all staff members and are made publicly available on the Controller’s website.