Polityka prywatności

1. The controller of personal data processed within the scope and for the purposes expressly defined by the Controller is MEDICUS Sp. z o. o., with its registered office at Plac Strzelecki 24, 50-224 Wrocław, Poland, NIP: 896-10-17-023, REGON: 930957985, KRS 0000685093, (hereinafter „Controller”).

2. Data are processed for the purpose of providing services, including medical services, and in cases where it is necessary to fulfill the legally justified purposes of the Controller, in particular for direct marketing of its own products or services, or for other purposes to which the user consents, if such consent is required under applicable law. In particular, this may include consent to receive correspondence and commercial information regarding the Controller’s own products and services and those of partners cooperating with the Controller, sent electronically and by telephone. The data subject has the right to withdraw consent at any time.

3. The Controller processes data lawfully, collects it for specified, lawful purposes, and does not further process it in a manner incompatible with these purposes. Data is collected only to the extent that is adequate, necessary, and necessary in relation to the purposes for which it is processed. As part of its medical activities, the Controller processes personal data concerning health for the purposes and to the extent consistent with applicable law, with particular emphasis on the Act on Patients’ Rights and the Patient Ombudsman.

4. The Controller makes every effort to protect the processed personal data against unauthorized access by third parties and, in this regard, applies high-level organizational and technical security measures. The Controller does not disclose personal data to any unauthorized recipients, in accordance with mandatory legal provisions. The Controller may entrust another entity, by means of a written agreement, with the processing of personal data on the Controller’s behalf. Data may be disclosed only to entities authorized to receive it under mandatory legal provisions.

5. The Controller stores data for the period necessary to perform contracts and for the period specified in applicable legal provisions, and no longer than necessary for the purposes of legitimate interests pursued by the Controller or a third party, including for the purpose of pursuing claims arising from their business activity. For the purposes for which the data subject has consented to the processing of their personal data, such data are stored until the consent is withdrawn.

6. The data subject has the right to request access to their personal data from the Controller, the right to rectification, erasure, or restriction of processing, the right to object to processing in legally specified cases, and the right to data portability.

7. If the data subject has consented to the processing of their personal data for one or more specific purposes, they have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

8. Providing data for purposes related to compliance with legal obligations is mandatory. In other cases, providing personal data is voluntary; however, failure to provide data marked as necessary prevents the use of the Controller’s services. If data processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract, providing the necessary and specified scope of data is necessary.

9. In order to provide the most advantageous, tailored, and personalized offer to its Customers, Users, and Competition Participants (excluding Patients), as well as in the case of the data subject’s express consent, the Controller may use „profiling,” which is a form of automated personal data processing that involves the use of personal data to evaluate certain personal aspects of the natural person, in particular to analyze or predict aspects relating to personal preferences and interests. The data subject has the right to object at any time—for reasons relating to their particular situation—to the processing of their personal data based on profiling. The data subject has the right to object at any time to the processing of his or her personal data for direct marketing purposes, including profiling, to the extent that the processing is related to such direct marketing. The Controller does not make automated decisions in individual cases.