Szpital: tel.: +48 81 561 24 70

Przychodnia: tel.: +48 81 561 24 51

Tomografia komputerowa: tel.: +48 81 561 24 51

Telefony do szpitala i przychodni czynne od 8:00 – 15:00

Poradnia czynna pon.-pt. 10:00-16:00


Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; plgContentSieroty has a deprecated constructor in /plugins/content/sieroty/sieroty.php on line 6

Information on the processing of personal data (GDPR)

INFORMATION ON THE PROCESSING OF PERSONAL DATA (GDPR)

Pursuant to Articles 13 and 14 of the Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as GDPR) we inform that:

  1. The administrator of your personal data (hereinafter: PDA) is Ośrodek Kardiologii Inwazyjnej IKARDIA Sp. z o. o. established in Lublin, ul. Świętokrzyska 43, 20-867 Lublin, Poland; e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it., phone number: (+48) 81 561 24 70; entered into the Register of Entrepreneurs of the National Court Register by the District Court Lublin-East in Lublin located in Świdnik, 4th Commercial Department of the National Court Register, number 0000252703, NIP (TIN): 7122998983, REGON (Company Registration Number): 060116658

Contact e-mail to the Administrator's Data Protection Officer: This email address is being protected from spambots. You need JavaScript enabled to view it.

  1. Your personal data will be processed for the following purposes:
    1. managing healthcare systems and services (verification of identity and entitlement to free healthcare; reminding about, confirming or cancelling the date of a scheduled medical consultation; information concerning the necessity to prepare for a scheduled procedure; satisfaction survey;)
    2. keeping and storing medical records;
    3. verifying your authorization to access the hospital's premises and infrastructure, as part of protecting personal data against unauthorized or accidental access, alteration, loss or destruction;
    4. preventive healthcare (sending invitations to tests, educational materials, sending information about health events, etc.)
    5. marketing, with the consent of the data subject (sending promotional information);
    6. pursuing legal claims for any damage caused;
    7. exercising PDA's legitimate interests.
  1. Legal basis and categories of personal data processed

Please be advised that, in connection with the current activity of our company, we may process the following categories of your personal data:

  • Patients' data.
    We process this data to provide services related to treatment processes (e.g. diagnosis, selection of medicaments, tests, procedures) and the implementation of dedicated medical services (including post-discharge services and the provision of telemedicine services), based on the provisions of the law:  the Therapeutic Activity Act, and the Act on The Professions of a Physician and a Dentist; or based on a contract with commercial (individual) patients, for a maximum period of 30 years. We can process this data in accordance with the Act on Patient Rights and the Patient Rights Ombudsman for a maximum of 30 years, depending on the course of treatment.
  • Personal data of the Company employees
    We process this data in order to comply with legal obligations such as the Labour Code, which constitute the basis for the processing of data by our Company within the required period of up to 50 years. By obtaining appropriate consent, the Company may also use the image of employees to promote its services. In order to ensure the safety of people, as well as the property of the employees', this data can also be processed as part of on-going monitoring: video monitoring, monitoring of telephone calls and of the entrusted equipment (IT systems) both during the employment as well as for pursuing legal claims after the termination of employment.
  • Personal data processed in connection with recruitment
    In order to conduct the recruitment procedure, we process the data on the basis of your consent provided on the application document, for a period of 1 year. This commences from the moment we obtain such documents.
  • Personal data of contractors and cooperating entities
    We process this data in order to provide high quality services to our clients (patients), on the basis of a contract and in accordance with the scope of the activities specified within it. We process the personal data of contractors and cooperating persons in accordance with the provisions of the law (e.g. on the basis of the Accounting Act) for a period of 5 years, and then to defend legal claims (including their limitation periods) in administrative, civil, enforcement, criminal, and court proceedings.
  • The data of persons interested in cooperating with our Company
    We process this data in order to establish cooperation with new clients, at the request of persons interested in our offer, and only for the duration of negotiations and trade talks.
    All such data is retained with your consent and in the scope provided by you.
  • Personal data of persons present on video monitoring
    In order to provide you with security and protection of property, our facilities are equipped with a video monitoring system in the form of technical measures enabling image registration. We process this data to ensure the safety of our guests, patients, and staff, and to protect property. Such data is processed for a period of no more than 3 months, after which it is deleted. In the case where the video recordings constitute evidence in legal proceedings, the storage period of the recordings is extended until the completion of the proceedings.
  • Data of victims
    We obtain this data on the basis of written requests in the form of complaints and claims. We process this data only for the purpose of handling your claims for damage suffered and for the period related to handling the requests in accordance with the Code of Administrative Procedure and then for the period of limitation of the claims and until the end of administrative, civil, enforcement, criminal, and court proceedings, depending on the nature of a complaint.
  • Data processed for marketing purposes.
    We only process this data if you have given us your consent to do so. We can process this data to assess the effectiveness of our services in connection with the medical services provided (including health check, monitoring and reporting) and to send you commercial information about available post-treatment healthcare services, outpatient healthcare services and other such services offered by our Company.  We process this data through the media specified in the consent (providing services electronically, by e-mail and by phone) up until the time you revoke your consent. Detailed rules for electronic data processing can be found in the Administrator's Policy Regarding Privacy and the Use of Cookies.
  • Other personal data
    Our resources also include personal data our Company does not administrate; however, as sub-contractors we carry out various tasks related to the performance of our obligations and contracts, e.g. regarding summer internship and sub-contracting in the implementation of grants for the National Centre for Research and Development. We process this data for the duration of the contracts and to defend legal claims for civil, administrative, criminal and court proceedings.
  1. Extent of personal data processing
    Name, sex, date of birth and the PESEL identification number, contact details, including the address of residence or registered address, the series and number of the ID document, contact details of relatives and other data if required by applicable law or the legitimate interest of the Administrator.

5 Personal data may be transferred to the following categories of recipients:

  1. entities cooperating in the provision of medical services,
  2. entities providing services in the field of equipment maintenance and servicing, including IT,
  3. entities providing legal services,
  4. entities authorised under the law,
  5. other entities providing the Company with services necessary to meet the objectives indicated above.

As a Personal Data Administrator, we make every effort to ensure that the scope of the processed data is correct and constitutes the necessary minimum required to achieve the Company's goals and meet the legal requirements.

  1. Data retention period

Personal data contained in medical records will be processed in accordance with the requirements of art. 29 sec 1 of the Act on Patient Rights and the Patient Rights Ombudsman, 6 November 2008 (Journal of Laws of the Republic of Poland, 2017, item 1318), i.e. for a period of 20 years from the end of the calendar year in which the last entry was made, except for:

  1. medical records in the event of the death of a patient as a result of bodily injury or poisoning, which will be kept for a period of 30 years from the end of the calendar year in which the death occurred,
  2. medical documentation containing data necessary to monitor the fate of blood and its components, which will be stored for a period of 30 years from the end of the calendar year in which the last entry was made,
  3. X-ray images stored outside the patient's medical records, which will be stored for a period of 10 years from the end of the calendar year in which the image was taken,
  4. referrals for examinations or doctor's orders, which will be stored for a period of 5 years, counting from the end of the calendar year in which the health service which was the subject of the referral or doctor's order was given, and, in the cases where the service was not provided due to the patient's failure to report within the set deadline, for a period of 2 years, unless the patient has collected the referral,
  5. medical records for children up to the age of 2 that will be kept for 22 years.

Other data will be processed by the PDA on the basis of the abovementioned and other provisions of the general law during the period of the implementation of the purpose of processing, and, after that time, for periods permitted by the law.

  1. Rights of the data subject (art. 15-22 GDPR)

You have the right to:

  • access your data,
  • request rectification,
  • deletion or limitation of processing,
  • transfer the data,
  • object to data processing,
  • lodge a complaint to the supervisory body (President of the Office for Personal Data Protection), if you consider that the data are processed contrary to the legal requirements.

The exercise of the above rights by the PDA may be for a fee in cases where the applicable law provides for it.

  1. The consequences of not providing personal data

Providing personal data referred to in point 4 is voluntary, but failure to do so will result in the refusal to provide health services (except for life-threatening situations) or entry to hospital premises, including visits, as appropriate.

  1. Your personal data may be subject to profiling when using services provided electronically (details in the Privacy Policy). The data will not be processed in an automated manner, nor will it be transferred to countries outside the EU.

NOTE:

Please, be advised that due to the continuous development and improvement of services provided to you, as well as changing legal provisions, this Policy may be subject to changes.