Privacy Policy

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as "GDPR"), we are obliged to fulfill our information obligation towards persons whose personal data we process. This information takes into account the main aspects related to the processing of personal data of users of the website oslomed.pl (hereinafter also referred to as the "Website") and persons establishing contact in any other matter related to the activities of R57 Sp. z o.o. (Oslomed Medical Center).

I. General Information and Contact Details

Website: oslomed.pl

Website User Definition

A Website User is any natural person visiting the Website or using one or more services or functionalities of the Website described in this Policy.

In connection with the User's use of the Website, the Controller collects data to the extent necessary to provide individual offered services, as well as information about the User's activity on the Website.

The Controller indicates that in order to use the Website, the User should have a device with installed software enabling browsing of websites and Internet access. Access to the Website can be made using the most popular web browsers.

The Data Controller reserves the right to collect the User's IP address, which may prove helpful in diagnosing technical problems with the server, creating statistical analyses (e.g., determining from which regions we record the most visits). In addition, they may be useful in administering and improving the Website itself.

II. Purposes of Personal Data Processing

Data Processed in Connection with Website Operations

Your personal data may be processed for the purpose of:

1. Contact via the contact form on the Website
2. Analysis of data collected automatically when using the Website

Data Processed in Connection with Provided Medical Services

Your personal data may be processed for the purpose of:

1. Establishing contact and scheduling consultations
2. Developing and implementing treatment plans
3. Maintaining medical documentation
4. Identity verification via videoconference
5. Conducting correspondence or other forms of indirect communication with persons using medical services provided by the Company via email or other internet communicators
6. Fulfilling legal obligations imposed by law

Other Processing Purposes

Your data may also be processed for the purpose of:

1. Conducting correspondence or other forms of communication on any matter related to the Company's activities
2. Administering the Company's profiles on Facebook and Instagram
3. Conducting recruitment
4. Archival and evidentiary purposes
5. Providing patient medical documentation electronically

III. Detailed Description of Personal Data Processing Purposes

1) Contact via Contact Form on the Website

Legal Basis: Your consent resulting from initiating contact (Article 6(1)(a) GDPR), as well as our legitimate interest consisting in the possibility of establishing new cooperation in the scope of provided medical services (Article 6(1)(f) GDPR).

Data Processed: Name, email address, and any other data voluntarily indicated in the message.

Retention Period: Your data will be processed after the end of contact for various purposes, depending on what was the subject of correspondence. The legal basis for such processing is our legitimate purpose of archiving correspondence to demonstrate its course in the future (Article 6(1)(f) GDPR).

Voluntary Nature: Providing data is voluntary but necessary to initiate contact via the contact form.

2) Analysis of Automatically Collected Data When Using the Website

Legal Basis: Article 6(1)(f) GDPR - our legitimate interest in ensuring proper functioning of the Website and conducting statistics on its display.

Data Processed: IP address of the device from which you use the Website and data regarding your activity on the Website.

Important Note: Personal data processed in this way are not stored or archived anywhere.

3) Establishing Contact and Cooperation for Medical Services

Legal Basis: Conclusion and performance of medical service contracts between the Company and its patients (Article 6(1)(b) GDPR).

Data Processed: Name and surname, contact details (phone number, email address, residential or correspondence address), as well as data for preliminary analysis of your case and qualification for further proceedings (medical history, previous diagnoses, test results, medications taken, previous vaccinations, prognosis and hypotheses for further treatment forms, place of residence, other data voluntarily provided by you during cooperation).

Voluntary Nature: Providing personal data is voluntary but necessary to establish contact and cooperation with us.

4) Identity Verification and Contact via Videoconference

Legal Basis: Taking steps at your request before establishing cooperation with the Company (Article 6(1)(b) GDPR), as well as the legitimate interest of the Company in preventing fraud (Article 6(1)(f) GDPR).

Data Processed: Name and surname, image visible on camera, voice, and other data you provide during the videoconference.

Retention Period: Any recordings containing agreements on the content of cooperation with the Company are stored for the duration of cooperation, and after its completion are archived until claims expire. In other cases, recordings are stored for no longer than 3 months.

Voluntary Nature: Providing personal data is voluntary but necessary for us to contact you via videoconference.

5) Correspondence or Other Forms of Communication

Legal Basis: Our legitimate interest related to contact with patients (Article 6(1)(f) GDPR). If you initiate the conversation, your personal data will be processed based on consent resulting from initiating contact (Article 6(1)(a) GDPR).

Voluntary Nature: Providing personal data is voluntary but necessary to contact us.

6) Fulfillment of Legal Obligations

Legal Basis: Fulfillment of obligations imposed on the Company, provided for by law provisions, in particular accounting regulations, tax law provisions, and provisions of the Anti-Money Laundering and Counter-Terrorism Financing Act (in accordance with Article 6(1)(c) GDPR).

Data Processed: Name and surname, address data, phone number, email address, PESEL number, Tax ID (NIP), bank account number, possibly other personal data required by applicable regulations.

IV. Personal Data Retention Period

Your personal data will be processed for an appropriate time, depending on the purpose for which the personal data was collected:

Processing Purpose	Retention Period
Contact via website contact form	Duration of correspondence and after its completion, for the period of legitimate interest, but no longer than until potential claims related to correspondence expire
Identity verification via videoconference	Cooperation-related recordings: duration of cooperation + archiving until claims expire. Other recordings: max 3 months
Correspondence or communication	Duration of correspondence and after its completion, for the period of legitimate interest, but no longer than until potential claims expire
Fulfillment of legal obligations	Period of storing evidence confirming fulfillment of legal obligations, but no longer than the limitation period of these obligations

V. Sources of Personal Data

Personal data we possess comes primarily from you.

If data was not provided by you, it may come from the following sources:

1. From persons who provide your data, e.g., in correspondence
2. From public sources, in particular from data posted on publicly accessible websites, including publicly accessible registers and databases, including CEIDG (Central Registration and Information on Business), KRS (National Court Register), REGON database, etc.

VI. Personal Data Recipients

R57 Sp. z o.o. carefully selects entities with which it cooperates or whose services it uses in processing personal data, striving to ensure maximum protection for your personal data.

We do not disclose your data to third parties unless it is necessary to ensure proper processing of personal data and conducting our statutory activities. Data is or may be disclosed or entrusted to the following entities:

1) Authorized Company Employees

2) Personal Data Recipients:

• Entities cooperating with the Company (medical entities, persons performing medical professions) – disclosure of your personal data always takes place based on your voluntary consent
• Entities providing postal and courier services to the Company
• Banks (for financial settlements)
• Entities to which the Company is obliged to transfer personal data under generally applicable law
• Legal counsel and lawyers providing legal assistance services to the Company

3) Data Processors (based on data processing agreements):

• Entities that may access your personal data when providing hosting services, email delivery and other electronic communication means to the Controller, operating databases and IT systems used by the Controller
• Entities providing accounting services to the Company
• Google – due to the use of Google tools on the Website

VII. Rights Related to Personal Data Processing

As a data subject, you may exercise the following rights:

1) Right to Access Information About Data Processing

On this basis, the Controller provides the requesting person with information about data processing, including primarily purposes and legal bases of processing, scope of data held, entities to whom they are disclosed, and planned data deletion date.

2) Right to Obtain a Copy of Data

On this basis, the Controller provides a copy of processed data concerning the requesting person.

3) Right to Rectification

The Controller is obliged to remove any inconsistencies or errors in processed personal data and supplement them if they are incomplete.

4) Right to Erasure ("Right to be Forgotten")

You may request deletion of data whose processing is no longer necessary to achieve any of the purposes for which it was collected, if there is no other basis for the Controller to process this data, if an objection is submitted to the Controller's processing of personal data due to the special situation of the person whose data is processed, and the Controller has no grounds for processing this data that would override the objection, if an objection is submitted by a person whose data is processed for marketing purposes, if personal data was processed unlawfully.

5) Right to Restriction of Processing

Upon submitting such a request, the Controller ceases performing operations on personal data – except for operations to which the data subject has consented – and their storage, in accordance with accepted retention principles or until the reasons for restricting data processing cease (e.g., a supervisory authority decision is issued allowing further data processing).

6) Right to Data Portability

On this basis – to the extent that data is processed in connection with a concluded contract or expressed consent – the Controller issues to the authorized person data provided by the data subject in a computer-readable format. It is also possible to request sending this data to another entity – however, subject to technical possibilities existing both on the Controller's side and that of the other entity.

7) Right to Object to Data Processing for Marketing Purposes

The data subject may object to the processing of personal data for marketing purposes at any time, without the need to justify such objection. In practice, each person may withdraw consent to data processing for marketing purposes on the terms set out in this document.

8) Right to Object to Other Processing Purposes

The data subject may object to the processing of personal data at any time, which takes place based on the Controller's legitimate interest (e.g., for analytical or statistical purposes or for reasons related to property protection); objection in this respect should contain justification.

9) Right to Withdraw Consent

If data is processed based on expressed consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of processing carried out before consent withdrawal.

10) Right to Lodge a Complaint

If you consider that the processing of personal data violates applicable personal data protection regulations, the data subject may file a complaint with the President of the Personal Data Protection Office or the supervisory authority of their habitual residence, place of work, or place of alleged infringement concerning personal data.

VIII. Privacy Policy Changes

This Policy is continuously verified and may be updated if necessary.

Current Privacy Policy version: 1.0 dated February 1, 2024

IX. Final Provisions

When using the Website, as well as cooperating or communicating with the Company on any matter, you are obliged to comply with the law and good practices, as well as respect the personal data, copyrights, and personal rights of third parties.

The scope of the Company's activities may change and develop, and with this development, the Privacy Policy will also change. We will inform about the scope and content of these changes on the Website and perform the information obligation to an appropriate extent.