+ 48 533 599 552
Warszaw
EN

Information Statement on Personal Data Processing

1. Data Controller

The controller of your personal data is Astra Dent Sp.z.o.o (limited liability company), ul. Świętokrzyska 20, 00-002 Warsaw. You can contact us:

  • by mail at: ul. Świętokrzyska 20, 00-002 Warsaw
  • by email: info@astradent.pl
  • by phone: +48 533 599 552

2. Purposes of Processing Your Personal Data

The controller will process your personal data for the following purposes:

  • providing and managing medical services – for this purpose, we will use your data to, among other things, verify your identity, maintain medical records in accordance with legal requirements, and contact you regarding the services provided,
  • entering into a contract with you for medical care and the provision of other dental services,
  • carrying out settlements arising from business activities,
  • handling complaints, feedback, and requests, including exercising your rights under personal data protection law,
  • providing you with information about using our services,
  • ensuring the safety of persons and property, including through video surveillance,
  • establishing, collecting, or defending against potential claims,
  • conducting research on service quality and customer satisfaction (including profiling),
  • archiving your data after the completion of services provided to you,
  • sending promotional materials regarding products and services (including profiling) – but only with your consent.

3. Legal Basis for Processing

The legal basis for processing your data:

  • providing medical assistance and services, protecting patient health, health prevention, treatment, and managing the provision of the above services (Art. 6(1)(c) GDPR and Art. 9(2)(h) GDPR), in accordance with applicable law, including: the Act on Medical Activity, the Patient Rights Act, and the Ombudsman for Patient Rights,
  • fulfillment of a service contract and entering into a medical service contract (Art. 6(1)(b) GDPR),
  • consent to the processing of personal data for the purpose explicitly stated in the consent form (Art. 6(1)(a) GDPR),
  • compliance with applicable law (Art. 6(1)(c) GDPR) regarding settlements,
  • financial, tax, and archiving purposes, including accounting,
  • the legitimate interest of the controller (Art. 6(1)(f) GDPR), consisting of:
  1. researching patients’ opinions about our services,
  2. processing submitted complaints, requests, and feedback,
  3. ensuring the safety of persons and property, including through video surveillance,
  4. in connection with legal requirements,
  5. providing information materials about using our services,
  6. establishing, collecting, and defending against claims.

If establishing, collecting, and defending against claims requires processing special categories of personal data (e.g., information about your health), we act based on Art. 9(2)(f) GDPR.

4. Data Source

Usually, we obtain your personal data directly from you. However, it may be provided by your employer or another organization within the framework of a medical subscription. In such cases, it will be necessary to provide us with your data (identification, address, and contact information) to deliver medical care according to the chosen subscription.

5. Profiling

Based on your personal data, we may carry out profiling, i.e., automatic analysis of certain personal characteristics. Below are situations in which profiling may occur:

Profiling is used to:

  • Customize communication and promotional materials according to our actions – for this, we analyze data such as patient number, first name, last name, age, gender, language, date of birth, place of residence, visited facilities, type of purchased product, and source of data.
  • Ensure the highest service standards – in certain cases, e.g., issuing referrals, your personal data may be processed using an algorithm that supports the work of the personnel providing services. We guarantee that all decisions about you are made directly by the staff providing services. If you have doubts about the assessment made by the algorithm, you have the right to request a human review and ask for an explanation of the algorithm’s operation.

6. Retention Period of Personal Data

As a rule, we will process your data:

  • for 20 years – in connection with maintaining and storing medical records – the period is counted from the date of the last entry; taking into account exceptions indicated in Art. 29(1) of the Patient Rights Act and the Ombudsman for Patient Rights.
  • for 6 years – for collecting claims or defending against them in connection with the services provided,
  • for 5 years – for accounting and tax purposes, with the period counted from the end of the calendar year in which the tax obligation arose,
  • for 5 years – in connection with recording calls on our hotline,
  • for 30 days – in connection with video surveillance,
  • until an objection is submitted or consent for data processing is withdrawn, if data was processed on this basis.

7. Recipients of Personal Data

Your personal data may be disclosed to:

  • entities authorized by law, including: medical institutions to ensure continuity of treatment and access to medical care, insurance companies, public authorities entitled to receive your data,
  • entities authorized by you;
  • entities processing data on our behalf, acting according to our instructions, to whom we entrust the provision of services such as IT and marketing;
  • companies providing legal services, if necessary for establishing, collecting, or defending against claims.

8. Rights Related to Personal Data Processing

8. You have the following rights regarding the processing of your personal data:

  1. The right to object to data processing for marketing purposes or for quality and satisfaction research, as we process your data based on our legitimate interest.
  2. The right to object to data processing due to your specific situation if data is processed for purposes other than those specified in point 1, based on our legitimate interest.
  3. The right to access your personal data.
  4. The right to request correction of your personal data.
  5. The right to request deletion of your personal data if the law does not require us to continue processing them.
  6. The right to request restriction of processing of your personal data.
  7. The right to data portability.

To exercise these rights, please contact us (contact details are provided in point 1 above).

The right to lodge a complaint with a supervisory authority:

You also have the right to lodge a complaint with the authority supervising personal data protection, which is the President of the Personal Data Protection Office.

The right to withdraw consent to personal data processing:

If your data is processed based on your consent, you have the right to withdraw this consent at any time without any negative consequences. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

9. Data Transfer Outside the European Union

To ensure the highest quality of our services, we cooperate with external providers, for example in IT. In this context, your personal data may be transferred to countries outside the European Union. In such cases, we always ensure that the transfer is based on agreements with these entities containing standard data protection clauses approved by the European Commission, or in accordance with European Commission decisions permitting such transfers.

10. Necessity of Providing Data

Providing personal data is mandatory when using medical services in accordance with the law. For other services or when entering into a contract, providing data is voluntary, but failure to provide it may prevent the provision of the service or the conclusion of the contract.

All provided information is medical confidentiality and is intended to ensure your safety. Please answer the questionnaire questions carefully. In case of difficulty answering, a question may be skipped with subsequent clarification by the doctor.

Consents the patient must mark:

I give clear and voluntary consent for the processing of my personal data indicated in the Medical Questionnaire, including special categories of data (so-called sensitive data) referred to in Art. 9 GDPR, by the Data Controller, i.e., Astra Dent Sp.z.o.o Świętokrzyska 20, 00-002 Warsaw, Poland, and I also consent to the processing of my personal data in information systems and applications used by the Controller – for the purpose of health protection, provision and management of medical services, support of the telecommunication system where medical documentation is processed, and ensuring the security of this system.

1. I have also been informed about the rules for processing my personal data, including that data is collected by Astra Dent Sp.z.o.o ul. Świętokrzyska 20, 00-002 Warsaw, Poland – the Data Controller, the purpose of collection, the voluntary nature of providing data, the right to access and correct it, and that this data may be transferred to other entities.

I know my patient rights according to the Patient Rights Charter and consent to treatment at this clinic. This consent covers the performance of all procedures prescribed and agreed with the attending physician or other clinic doctors.

In addition, I consent to:

Receiving from Astra Dent Sp.z.o.o ul. Świętokrzyska 20, 00-002 Warsaw, by email to the address provided by me, information about offers, discounts, and promotions related to services provided by Astra Dent.

Receiving from Astra Dent Sp.z.o.o ul. Świętokrzyska 20, 00-002 Warsaw, via SMS/Push notifications to the phone number provided by me, information about offers, discounts, and promotions related to services provided by Astra Dent.