Privacy policy

The administrator of data:

ArtLife Ltd.
with its registered office at Obrońców Wybrzeża 23, 80-398 Gdańsk
NIP (Tax Identification Number): 5832930309, KRS (National Court Register Number): 0000249525, REGON (Statistical Identification Number): 220175048

Purpose of data processing:

Implementation of health-related purposes, health prevention, medical diagnosis, provision of healthcare, management of healthcare systems and services based on EU law or the law of a member state, execution of a healthcare services agreement, ensuring continuity of services, communication with the patient, informing about medical services, archiving, billing for services, and performing auxiliary activities related to the provision of healthcare services.

Legal basis for data processing:

• Taking actions at the request of the patient or a person acting on their behalf, aimed at providing healthcare services (including establishing the patient's identity, registering the patient, providing information about scheduled visits, cancellations, or changes to appointment dates) (Article 6(1)(b) and Article 9(2)(h) of the GDPR);
• Providing healthcare services to the patient (including making a medical diagnosis, ensuring healthcare, treatment, and providing health prevention) (Article 6(1)(b) and Article 9(2)(h) of the GDPR).
• Managing and storing medical documentation (Article 6(1)(c) and Article 9(2)(h) of the GDPR);
• Implementing patients' rights (e.g., regarding authorization of other individuals to access medical documentation or to provide information about the patient's health condition) (Article 6(1)(c) and Article 9(2)(h) of the GDPR);
• Fulfilling other legal obligations imposed on the healthcare provider related to its medical activity (including maintaining accounting records and tax obligations) (Article 6(1)(c) and Article 9(2)(h) of the GDPR);
• Determining, pursuing, or defending claims (Article 6(1)(f) and Article 9(2)(h) of the GDPR);
• Realizing other legitimate interests of the healthcare provider, such as marketing of services offered by the healthcare provider and for internal administrative purposes (Article 6(1)(f) of the GDPR);
• Protection of the vital interests of patients (Article 6(1)(d) and Article 9(2)(c) of the GDPR);
• Conducting communication via electronic channels (Legal basis: Article 6(1)(a) of the GDPR).

Scope of data:

Personal data of the patient processed by the healthcare provider based on the GDPR regulation must be adequate and relevant to what is necessary for the purposes for which they are processed (e.g., data contained in medical documentation is processed for health-related purposes). In addition to medical data, data such as phone numbers or email addresses are also processed based on a contract or consent granted.

Basic principles regarding the protection of the patient's rights:

The patient has the right to access their data (according to Article 15 of the GDPR).

• The patient has the right to rectify and complete their data (according to Article 16 of the GDPR).
• The patient may request the restriction or deletion of data in the scope of the purpose for which their personal data is processed based on their consent (according to Articles 17 and 18 of the GDPR).
• The patient has the right to data portability (according to Article 20 of the GDPR).
• The patient has the right to object to further processing of their data (according to Article 21 of the GDPR).
• The patient has the right to lodge a complaint with a supervisory authority.

Profiling and automated decision-making

Based on the provided personal data, no automated decisions are made, including profiling.

Transfer of data outside the European Economic Area

The data controller does not transfer personal data outside the European Economic Area.

Data retention period

The retention period corresponds to the fulfillment of statutory obligations related to the realization of health-related purposes. In the case of additional data, the basis for processing is consent.