Who is the administrator of patient data?
The administrator of personal data is Neuron sp.z o.o., with its registered office at ul. Obrońców Helu 4, 85-799 Bydgoszcz, entered into the National Court Register under the number 0000141094, REGON 093083663, NIP 5542513141.
Who can the patient contact about issues related to the processing of his personal data?
In all matters related to the processing of personal data by Neuron sp.z o.o. the patient may contact our Data Protection Officer available at the e-mail address: firstname.lastname@example.org, or by post to the address given above with the note “IOD”
What is the source of patients’ personal data – where are they obtained from?
As a rule, most data is obtained directly from the patient.
What is the scope of processed personal data?
Personal data such as: name, surname, PESEL number, gender and date of birth are collected from an individual patient.
(in the case of people without a PESEL number) to be able to verify their identity before providing the health service. During the provision of health services, patient’s medical records are created in which all information regarding the treatment process is recorded, in particular information on the patient’s state of health. To send marketing communications, we also need an email address or phone number, we can also ask for your name – then we will be able to personalize our messages in an appropriate way. Consent to data processing for marketing purposes includes all information provided by the patient during cooperation with Neuron sp.z o.o. This can be e.g. identification data (name, surname, gender, date of birth, age, city). We ensure that we do not reach into the patient’s medical records – access to this information is only available to authorized persons who process data for the statutory purposes of our business.
What is the purpose of processing Patients’ personal data?
1.6 section 1 lit. c and art. 9 item 2 lit. h GDPR in connection from art. 25 item 1 of the Act on Patient Rights and the Patient Ombudsman
– Establishing the patient’s identity before providing the service, in particular by applying for medical care, verifying data when arranging a distance visit (e.g. by phone) as well as in our facility, at registration stations or in the doctor’s office.
2. 9 item 2 lit. h GDPR in connection from art. 24 paragraph 1 of the Act on Patient Rights and the Patient Ombudsman – As a medical entity, we are required to keep and store medical records.
3.6 clause 1 lit. c GDPR in connection from art. 9 item 3 and art. 26 section 1 of the Act on Patient Rights and the Patient Ombudsman – We implement our patient’s rights, e.g. we collect and archive statements that authorize other people to access medical records and provide information on the patient’s health.
4.6 section 1 lit. b and f RODO, as the legitimate interest of the administrator, which is patient care and more efficient graphics management. – We contact the patient at the given phone number or e-mail address to e.g. confirm the reservation or cancel the appointment of a medical consultation, remind about the consultation, inform about the need to prepare for the agreed procedure, confirm the date of the stay and the daily schedule of classes.
5.6 paragraph 1 lit. b and f RODO, as legitimate interest of the administrator, which is to improve the quality of services and their adaptation to the needs of patients. – Providing adequate medical / preventive care, which is a response to the patient’s needs and improving the quality of our services are a priority for us, so during the period of care or after the service, we can send short surveys to the patient asking for feedback so that he can inform us, what else can we do better; we ensure that we will send these surveys with such frequency and in such a way that they are not burdensome for the patient and do not violate the right to privacy; at the same time, the patient can at any time inform us that he does not want to receive such content from us – then we will block their dispatch, as requested by the patient.
6.6 section 1 lit. c GDPR in connection from art. 74 section 2 of the Accounting Act of September 29, 1994. – As a medical entity, we also keep accounting books and tax obligations – we issue, for example, invoices for services rendered by us, which may require the processing of patient’s personal data.
7.6 section 1 lit. and GDPR in from art. 172 of the Telecommunications Law in from art. 10 paragraph 2 dull. – We can direct marketing communication to the patient regarding the operations of Neuron Sp. z o.o. such as in particular offers, information on services, promotions, events organized by us. Depending on the patient’s decision, we can use an email address for this