Login
Polonia Medica

Privacy policy

1. General Provisions

1.1. This Privacy Policy sets out the rules for the processing and protection of personal data of Users of the Polonia Medica Portal available at www.poloniamedica.pl.

1.2. The administrator of personal data (Data Controller) is Full company name, address, NIP/KRS, hereinafter referred to as the "Administrator".

1.3. The Administrator makes every effort to act in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

1.4. The purpose of this Privacy Policy is to explain how we collect, use, and protect Users' personal data and what rights they have.

2. Types of Collected Personal Data

2.1. Depending on how you use the Portal, we collect the following categories of personal data:

  • Identification data: name, surname, date of birth, PESEL/ID number, correspondence address;
  • Contact data: email address, phone number, address;
  • Health data (special categories): information about health, medical history, treatments received, examinations, and other data necessary to provide medical services (collected only with the User's consent).

3. Purposes and Legal Bases for Data Processing

3.1. We process personal data for the following purposes and on the following legal bases:

  • Portal operation (conclusion, performance, coordination): based on Article 6(1)(b) GDPR
  • Health data: based on Article 9(2)(a) GDPR (consent)
  • Applies to: identification, contact, and health data (with the User's consent, if necessary for the provision of medical services in accordance with the requirements of the given service).

3.2. Provision of medical services and support in organizing the stay:

  • Legal basis: Article 6(1)(b) GDPR (performance of a contract) and Article 9(h) GDPR (provision of healthcare)
  • Applies to: contact data.

3.3. Communication with the User (responses to inquiries, information about bookings):

  • Legal basis: Article 6(1)(b) GDPR
  • Applies to: identification, contact, and payment data.

3.4. Operation of the payment system on the Portal (acceptance and execution of payments for services):

  • Legal basis: Article 6(1)(b) and (c) GDPR (performance of a contract or fulfillment of a legal obligation)
  • Applies to: identification and payment data.

3.5. Analysis and statistics of Portal usage (improving functionality, optimizing UX):

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest of the Administrator)
  • Applies to: data regarding Portal usage.

3.6. Own marketing activities of the Service Provider (newsletter, information about promotions):

  • Legal basis: Article 6(1)(a) GDPR (User's consent)
  • Applies to: contact data and other data necessary for marketing activities.

3.7. Pursuing or defending against claims:

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest of the Administrator)
  • Applies to: all data necessary for legal defense.

4. Sharing Data with Third Parties

4.1. Users' personal data may be shared with the following categories of recipients:

  • Partner Facilities: only data necessary to provide the booked Service (e.g. identification and contact data, health information, only with the User's consent);
  • Payment service providers: for the purpose of processing financial transactions;
  • Entities cooperating in health tourism: transport companies, hotels, translators (only data necessary to provide a specific service and with the User's consent);
  • Public authorities: only when required by applicable law.

4.2. In each case of data sharing, we ensure that it is done only on the basis of appropriate data processing agreements and with the highest security standards.

5. Data Retention Period

5.1. Personal data is stored for the period necessary to achieve the purposes for which it was collected, as well as in accordance with applicable law (e.g. accounting, tax) or until the expiration of claims.

5.2. Data processed on the basis of the User's consent is stored until the consent is withdrawn.

6. User Rights (GDPR)

6.1. Every User has the right to:

  • access their data (Art. 15 GDPR);
  • rectify (correct) their data (Art. 16 GDPR);
  • erase data (right to be forgotten) (Art. 17 GDPR);
  • restrict processing (Art. 18 GDPR);
  • data portability to another controller (Art. 20 GDPR);
  • object to data processing (Art. 21 GDPR);
  • withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7 GDPR);
  • lodge a complaint with the supervisory authority (President of the Personal Data Protection Office), if the User believes that the processing of their personal data violates the GDPR (Art. 77 GDPR).

7. Data Security

7.1. The Administrator applies appropriate technical and organizational measures to ensure the security of processed personal data, in particular protecting it against unauthorized access, loss, destruction, or damage.

7.2. The measures used include, among others, encrypted connections (SSL certificate), regular backups, access control to data processing systems, and appropriate procedures.

8. Cookies and Similar Technologies

8.1. The Portal uses cookies and other tracking technologies for the following purposes:

  • improving the operation of the Portal;
  • personalizing content displayed to the User;
  • creating statistics on the use of the Portal;
  • marketing purposes.

8.2. Detailed information about cookies and how to manage them can be found in our Cookies Policy (if there is a separate document, otherwise expand here).

9. Contact with the Data Administrator

Any questions regarding the processing of personal data and the exercise of rights should be directed to:

  • Email address: rodo@poloniamedica.pl
  • Correspondence address: Polonia Medica, ul. Św. Rocha 31, 42-200 Częstochowa, POLAND