Privacy Policy

This document is a collection of information about the terms and conditions of processing personal data when contacted by email, telephone or in writing or via the website, in accordance with applicable law, including the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "GDPR"). This Privacy Policy implements the information obligation under Article 13 and Article 14 of the GDPR.

  1. DEFINITION:
    1. Controller - the entity which alone or jointly with others determines the purposes and means of the processing of personal data,
    2. Personal data - information about an identified or identifiable natural person ("data subject"), whereby an identifiable natural person shall mean a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person,
    3. Processing entity - a natural or legal person, public authority, entity or other entity that processes personal data on behalf of the Controller,
    4. Policy - this Privacy Policy,
    5. Processing - an operation or set of operations which are performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, organization, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,
    6. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation),
    7. Website - the website maintained by the Controller at https://smartagingclinic.com,
    8. User - natural person visiting the website
  2. CONTROLLER
    1. The Controller of your personal data is:
      Smart Aging Clinic Sp. z o.o.
      ul. Racławicka 98
      02-634 Warszawa
      KRS: 0000479415
      NIP: 521-365-63-59
      REGON: 146901069
    2. Contact with the Controller is possible through the e-mail address iod@smartagingclinic.com or through the correspondence address: 98 Racławicka Street, 02-634 Warszawa.
  3. Contact with the Controller is possible through the e-mail address iod@smartagingclinic.com or through the correspondence address: 98 Racławicka Street, 02-634 Warszawa.
    1. The Controller has appointed a Data Protection Officer who can be contacted by e-mail at iod@smartagingclinic.pl on any matter concerning the processing of personal data.
  4. PURPOSES AND LEGAL BASIS OF PERSONAL DATA PROCESSING
    1. Personal data shall be processed for the following purposes and on the basis of the following legal bases:
      Purpose of data processingLegal basis for data processing
      Accepting and answering an inquiryArticle 6(1)(f) GDPR (legitimate interest - ensuring contact and fulfilment of requests)
      Scheduling a consultation or procedureArticle 6(1)(b) GDPR (taking action at a person's request prior to entering into a contract and performance of the contract)
      Providing health services and keeping and storing the related medical documentation, as well as performing other duties resulting from the law, including the protection against infections and ensuring epidemiological safety for people staying on the premises of the ControllerArticle 6(1)(b) GDPR (performance of a contract)
      Article 6(1)(c) GDPR (legal obligation, inter alia, the Act of 6 November 2008 on Patient Rights and Patient Ombudsman, consolidated text Journal of Laws of 2019, item 1127 as amended)
      Article 9(2)(h) GDPR (provision of health care and treatment)
      Article 9(2) (b) GDPR (performance of obligations in the field of labor law and social security) in connection with Article 207 of the Labour Code (obligation to ensure safe and hygienic working conditions at the workplace)
      Article 9(2)(i) GDPR in connection with Article 8a(5)(2) of the Act of 14 March 1985 on the State Sanitary Inspectorate (obligation to carry out activities in the public interest in the field of public health).
      Billing of services, including issuance and storage of accounting documentsArt. 6 (1) (c) GDPR (legal obligation - Accounting Act and tax law regulations)
      Conducting marketing activities (selected forms of communication such as sending newsletters may require obtaining additional consent under separate provisions of law)Art. 6 (1) (f) GDPR (legitimate interest - direct marketing of products and services offered by the Administrator)
      Providing contact with persons acting on behalf of contractors and suppliersArt. 6 (1) (f) GDPR (legitimate interest - ensuring contact with those implementing the contract or order)
      Execution of potential claimsArt. 6 (1) (f) GDPR (legitimate interest - establishing, pursuing or defending against claims)
    2. The Controller uses cookies in the online environment, which may collect certain information about individuals. The exact way of using cookies is described later in this Policy.
  5. SCOPE OF PERSONAL DATA
    1. Within the framework of realization of the above mentioned aims, the Controller can process the following personal data: name and surname, address of residence, PESEL (Personal Identification Number), date of birth, e-mail address and telephone number, as well as other personal data necessary for proper performance of the services, including healthcare services by the Controller.
    2. Providing personal data referred to in item. 5.2 Providing personal data referred to in Clause 5.1 is voluntary, however, in some cases it may turn out to be obligatory (e.g. within the scope of providing health services) or necessary for the Controller to provide certain services.
    3. In the case of processing of contact data of representatives of contractors and suppliers (e.g. representatives, persons appointed to contact within the cooperation), the source of obtaining the data may be a specific contractor / supplier who has entered into or intends to enter into cooperation with the Controller.
  6. RECIPIENT OF PERSONAL DATA
    1. The recipients of personal data shall be entities providing services to the Controller, in particular IT system providers, the entity providing accounting services and other data recipients e.g. providers of postal and courier services and other entities authorized to receive data on the basis of the law.
  7. RETENTION PERIOD OF PERSONAL DATA
    1. Personal data will be stored:
      1. in connection with the provision of health services for the period for which medical records are kept in accordance with the relevant provisions of law, i.e. for a period of 20 years from the end of the calendar year in which the last entry was made in the medical records, subject to statutory exceptions,
      2. in connection with the fulfilment of other purposes of processing for the period of performance of the services and thereafter shall be archived for the period where the applicable law prescribes for the retention of data or the period of limitation of potential claims.
    2. After the period indicated above, the personal data will be deleted or anonymized in accordance with applicable regulations.
  8. RIGHTS OF DATA SUBJECTS
    1. In relation to the processing of personal data, you have the following rights:
      1. the right of access to data content, the right to rectification of data, the right to erasure of data, the right to restrict data processing, the right to data portability,
      2. the right to object to the processing of data - in case the processing of personal data is based on the so-called legitimate interest and under the conditions specified in the provisions of the GDPR,
      3. the right to lodge a complaint to the supervisory authority (President of the Office for Personal Data Protection) in case the processing of personal data violates the provisions of the GDPR.
  9. SECURITY OF PERSONAL DATA
    1. The Controller shall conduct a risk analysis on an ongoing basis to ensure that personal data are processed securely. To that end, the Controller shall apply appropriate technical and organizational measures to protect the collected personal data against misuse, accidental or unlawful destruction, loss, alteration, disclosure or access.
    2. The Controller shall take all necessary measures to ensure that also its contractors and suppliers provide a guarantee that they apply appropriate security measures whenever they process personal data on behalf of the Controller.
  10. SOCIAL MEDIA
    1. You may share information on the Website through social media such as Facebook. This means that the information you share, including your name and preferences, will be visible to visitors to these sites. The Controller recommends that you carefully read the privacy policies of the social media entities as they relate to the processing of your personal data by these entities.
  11. COOKIES
    1. The website uses "cookies".
    2. Cookies are IT data, in particular text files, which are stored on the User's terminal equipment and are intended for use on the Website. Cookies usually contain the name of the website they come from, the time of storage on the terminal equipment and a unique number.
    3. The entity placing cookies on the User's end device and accessing them is the Controller.
    4. Cookies are used for:
      1. adapting the content of the Website to the User's preferences and optimizing the process of using the Website, in particular remembering the choice of the website language,
      2. statistics on the use of the Website.
    5. The Website uses the following types of cookies:
      1. session cookies, which remain on the user's device until the user closes the browser (deleting them from the device's operating memory),
      2. permanent, which remain on the User's device for a defined period of time or until they are deleted by the User,
      3. statistical cookies to track traffic on the Website using Google Analytics services.
    6. Web browsing software (internet browser) usually allows the storage of cookies on the User's end device by default. Users can change their settings in this respect. The Internet browser allows deleting cookies. It is also possible to block cookies automatically. Information on the use of cookies and possible configurations are available in the settings of the Internet browser.
    7. Restrictions on the use of cookies may affect some of the functionality available on the Website.
  12. UPDATE
    1. The Policy shall be reviewed on an ongoing basis and updated as necessary. The current version of the Policy has been adopted and is effective as of January 1, 2023.