Heals Privacy Policy
The administrator of the personal data is Heals Sp. z o.o. Sándora Petöfiego 8 / 10, 01-917 Warsaw, Poland, KRS 0000780941,NIP 5272889763, REGON 383063446.
Respecting your rights as the rights of our Patients providing personal data to the Company and respecting the applicable legislation, including in particular: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as RODO), the Data Protection Act of 10 May 2018. (hereinafter referred to as the Data Protection Act) and other relevant data protection legislation, we as a telemedicine portal are committed to maintaining the security and confidentiality of the personal data obtained from you.
The personal data controller, in accordance with the applicable legislation, has implemented appropriate safeguards and technical and organisational measures to ensure the highest level of protection of personal data. We have implemented procedures and policies for the protection of personal data in accordance with the RODO, through which we ensure the lawfulness and reliability and transparency of data processing, as well as the exercise by you of all your rights as data subjects. We try our best to implement legal, operational and technical mechanisms to protect your data. In accordance with the law, we are prepared to cooperate with the supervisory authority in Poland, i.e. the President of the Office for Personal Data Protection.
Heals Sp. z o.o., as the Administrator of your personal data, has appointed a Data Protection Inspector (Mateusz Borowicz). Any enquiries, requests, complaints regarding the processing of personal data by the portal can be addressed to the following e-mail address mateusz.borowicz@saferodo.pl or in writing to the Administrator's address marked Personal Data Protection.
In the body of the letter concerning your personal data, please indicate:
a) Your identification data: your name or login in the system,
b) an event which has caused you to require information about your personal data,
c) a presentation of your request and, if applicable, a description of the legal basis for your request;
(d) your desired solution, in order to deal with the matter in accordance with your request.
In particular, we collect/process the following personal data of our patients on our website:
Name - in order to use the services of our website, you are asked to provide your name so that we can provide services to you and so that we can contact you as a Patient,
telephone number - is necessary to contact the Patient and to send the prescription code by sms, if you agree you can also be informed about promotions for Patients by sms;
e-mail address - we contact you by e-mail. If you become a subscriber to our Patient Newsletter, we will also send you commercial information to help you. The email address provided by our Patient Newsletter also serves as your login to the website.
device IP address - information resulting from the general rules of Internet connections, such as IP address (and other information contained in system logs) is used by the website administrator for technical and IT purposes. IP addresses may also be used for statistical purposes, including in particular the collection of general demographic information (e.g. about the region of Poland from which the service is connected).
Cookies - our website uses cookie technology in order to adapt the functioning of the website to your individual needs as our patients. As such, you may agree that the data you have entered will be remembered so that it is more convenient for you to use the service on subsequent visits to our site without having to enter your data again. The owners of other sites will not have access to this data and information. If, on the other hand, you do not agree to the personalisation of the Patient Service, we suggest that you disable cookies in your browser options according to your individual needs.
Other personal data is provided by you as a Patient of the service on a voluntary basis, but may be necessary in order to provide a service to our Patient.
Your data may be used by the portal for the following purposes, among others:
in connection with the provision of services to you by Heals Sp. z o.o., i.e. for the purpose of taking steps to conclude a contract in relation to your request, including the preparation of an offer dedicated to you, and, in the case of the conclusion of a contract between you and the service, also for the purpose of fulfilling the contract concluded, on the basis of Article 6(1)(b) of the DPA, until the object of the contract has been fully realised or until its termination or expiry;
in the case of your use of services provided for a fee, in order to comply with the legal obligations incumbent on Heals Sp. z o.o., including those under accounting and tax laws, on the basis of Article 6(1)(c) RODO in connection with the wording of these laws, for the period resulting from the provisions contained therein;
to respond to an enquiry you have made to the service - based on the necessity to pursue our legitimate interest in responding to an enquiry you have made to us, and therefore on the basis of Article 6(1)(f) RODO, until we have responded to that enquiry or until you have raised an effective objection to the processing of your data;
to carry out marketing of products and services - on the basis of the fulfilment of our legitimate interests in the form of carrying out direct marketing of products and services, i.e. Article 6(1)(f) of the RODO, however, in accordance with the provisions of Article 10 of the Act on the provision of electronic services and Article 172 of the Telecommunications Act, we need additional consent to use the communication channels provided for the purpose of carrying out marketing activities. If you are a contact person for us at our contractor then we carry out direct marketing of our products and services in the context of a business relationship between us and the company you represent also on the basis of the fulfilment of our legitimate interests in the form of carrying out direct marketing activities for products and services, thus Article 6(1)(f) RODO. As part of such a business relationship, we will, among other things, send you meeting invitations, product information, promotions and competitions, and conduct marketing research. We may process your data for this purpose until you object to the processing or until you withdraw your consent to receive marketing and information material by email;
to produce statistics and compilations to improve the effectiveness of our marketing activities and to build our business strategy - the vast majority of such statistics are produced on the basis of non-personal data or anonymised data. Where personal data is used for this purpose, the processing will be based on the necessity to fulfil our legitimate interest in carrying out analytical and statistical activities aimed at our development, and therefore on the basis of Article 6(1)(f) RODO, until you raise an effective objection to the processing of your data.
to establish a relationship, if you are a contact person for us at our contractor or potential contractor, to contact you on an ongoing basis, including the execution of contracts between us and your employer/entity you represent, to provide offers, to receive orders, to answer questions. The legal basis for the processing is our legitimate interest to be able to contact our contractors (i.e. their employees/co-workers) on an ongoing basis, based on Article 6(1)(f) of the DPA, until you have successfully objected to the processing of your data.
Your data may also be processed for the purpose of establishing, investigating or defending against possible claims that may arise in connection with the use of the services provided by Heals Sp. z o.o. or if you are a contact person for us at our contractor in connection with a contract with the entity where you work or which you represent, i.e. our contractor - if a contractual dispute arises. In this case, your data will be used on the basis of the need to pursue the service's legitimate interest in securing claims, and therefore on the basis of Article 6(1)(f) of the RODO, for the period provided for by the law on the statute of limitations for claims. After this period, your data will be irretrievably deleted from the service's database.
The use of the service requires registration, in addition, it is necessary for the Patient to consent to the processing of sensitive personal data, including personal data concerning health conditions, which are necessary for the Patient to make use of our services, provided through the service by qualified specialists covered by medical professional secrecy.
Use of the service requires the Patient to provide age information, due to the fact that the service is dedicated to adults only.
We may also require additional information from you in order, for example, to verify that you are of legal age, and we must additionally verify with your PESEL number that you are eligible to use our services as a Patient. We also do this for your comfort and the security of your personal data.
Provision of the data indicated above is necessary in the following cases:
(a) in order to use the functionalities on our website and other services used by our Patients;
b) in order to voluntarily create an account on the website, in which case we store the data you provide in our database in order to make it easier for you, as our patient, to use the services on our website for portal patients in the future,
c) for the Patient Newsletter service (subscription) - if you want to be informed about interesting events and commercial offers exclusively for our Patients, you can become a subscriber to a Newsletter dedicated to our Patients. Subscription to our Patient Newsletter is voluntary and you can unsubscribe at any time.
d) Sensitive personal data (personal data of a special category according to the RODO), so-called sensitive data, i.e. personal data concerning your health, racial and ethnic origin and genetic data, are processed by the Administrator only with the express consent of each of our Patients.
This sensitive personal data about your health, which is of particular importance to you, is processed in the event that you wish to use the functionality of the service, which allows for the collection and storage of information containing data on the state of health of our Patients - registered Users of the service, which allows you to obtain the appropriate prescription for our Patients, based on the data you have provided about your health. Personal data about your health, is particularly protected by us, and is only available to those people among the Administrator's employees/co-workers who are covered by statutory/professional secrecy, which entitles them to access the medical data of our Users and a strict circle of people who are necessary to provide services to our Patients.
Each of you, as a Patient of the service, can choose whether and to what extent you wish to use our services and share information and data about yourself as set out in the contents of our Privacy Policy.
Your personal data is processed by Heals Sp. z o.o., as Data Controller, for the purpose of performing the services provided to you, as Patients of the website, to whom we offer the services of our doctors within the framework of the website, i.e. on the basis of the relevant legal provision, i.e. Article 6(1)(b) RODO.
With regard to the processing of sensitive personal data, in particular data concerning the health of each of our Patients, the legal basis for the processing of personal data is Article 9(2)(a) of the RODO, i.e. the express consent of the Service Patient. In accordance with the principle of minimisation of our Patients' personal data, we process only those categories of personal data that are necessary to achieve the purposes referred to above.
We process personal data of our Patients for the time necessary to achieve the purposes listed in the preceding paragraph. Personal data may be processed for a longer period than indicated above only if such a right or obligation is imposed on the Administrator by specific provisions of law or if the service we provide to our Patients is of a continuous nature, e.g. subscription to the Newsletter for Patients of the portal or maintenance of an account on the website. In the case of these services for Patients, personal data are collected for the duration of the contract for electronic services extended by the period of limitation of claims related to our services for Patients of the portal, i.e. 3 years from the date of termination of these services. If a Service Patient subscribes to the Patients' Newsletter, personal data for this purpose will be collected until you withdraw your consent to send commercial, marketing information.
In the case of sensitive personal data relating to your health as our Patients - your personal data will be processed for the period of time indicated in the legislation on the retention of Patients' medical records.
The source of the Patients' data processed by Heals Sp. z o.o. is you, as the person who provided us with your data in order for our doctors to provide the service. Recipients of the data may be medical entities, i.e. medical specialists providing medical services available on the website for our Patients.
Your personal data is not transferred to a third country within the meaning of the provisions of the RODO. Only anonymised information, completely disconnected from our Patients' personal data, which allows the identification of any Service Patient, may be transferred to third countries.
We do not share personal data with third parties without the express consent of our Patient. Personal data without the consent of the data subject may be shared with entities providing medical services ordered by the Patient through the service, if this is necessary to provide a given service to our Patient. In other respects, data may be disclosed only to entities indicated by law, i.e. public authorities and administration, in particular: tax authorities, law enforcement agencies and other entities with a basis in generally applicable laws.
Personal data may be entrusted for processing to entities that process such data on behalf of our company, as the Controller of our Patients' personal data. In such a case, we, as the Administrator, enter into an appropriate personal data processing entrustment agreement with the processor. The processor shall process the personal data entrusted to us by our Patients, but shall do so only for the purposes, to the extent and for the purposes indicated in the entrustment agreement. Without the entrustment of your personal data for processing, we would not be able to carry out the activities of Heals Ltd. service to our Patients, within the framework of the website.
As Data Controller, we entrust personal data to:
a) to the entity providing hosting services for the website on which our Website operates;
(b) If necessary, to the entity providing legal services to the company running for our Patients;
(c) providers of ICT services and systems;
(d) providers of payment systems
Personal data are subject to the automatic processing necessary for its proper functioning by the Data Controller.
In accordance with the relevant provisions of the RODO, each Patient whose personal data we process, as Data Controller, has the right:
(a) access to your personal data as referred to in Art. 15 of the RODO - by providing us with your personal data you have the right to inspect and access it, this does not mean that Patients have the right to access all documents on which your data appears as these may contain confidential information, however, you have the right as a Patient of the Service to be informed of what your data is and for what purpose we process it and the right to obtain a copy of that personal data, with the first copy of the Patient's data being issued free of charge and for each subsequent copy of the data, in accordance with the provisions of the RODO we charge an appropriate administrative fee commensurate with the cost of making the copy;
(b) to correct, complete, update, rectify your personal data as provided for in Article 16 of the RODO, - if your personal data has changed, please inform us, as the Administrator, of this fact so that the data we hold is accurate and up to date. Also, if there has been no change to your personal data, but for whatever reason the data is incorrect or has been recorded by us in an inaccurate manner, please inform us in order to correct or rectify your data.
c) erasure of Patient data (right to be forgotten) as referred to in Article 17 of the RODO - you have the right to request the "erasure" of data held by us as Controller and the right to request that we, as Controller, inform other controllers to whom we have transferred your data of the need to erase your data, of course the entire procedure will be carried out in accordance with the relevant provisions of the RODO guaranteeing the protection of Patients' personal data.
You, as our Patients, can request the deletion of your personal data in particular when:
the purposes for which the personal data was collected have already been achieved and the basis for processing your personal data was solely consent, which was subsequently withdrawn and we have no other legal basis for further processing of your personal data,
you have lodged an objection based on Article 21 RODO and you consider that we do not have any overriding legal grounds to continue processing your personal data,
Your personal data has been processed unlawfully, i.e. for unlawful purposes or without any basis for processing your personal data, in which case you must have a clear legal basis for this request,
the need to delete your personal data arises from relevant legislation.
d) restriction of the processing of Patients' personal data as referred to in Article 18 of the RODO - in this case, you can apply to the Service for restriction of the processing of your personal data (until the matter is clarified, the Data Controller is then primarily entitled only to store your personal data), this is the case when, for example, you you question the correctness of your personal data or where you believe that we are processing your data without a legal basis, but at the same time you do not want us to delete the personal data, (i.e. you do not exercise the right referred to in letter c) or you have lodged an objection as referred to in letter f) or your personal data is necessary for us to establish, assert or defend claims e.g. before a court.
(e) data portability as referred to in Article 20 of the RODO - you have the right to obtain your data in a computer-readable format and the right to send that data in such a format to another controller. You only have this right if the basis for the processing of your data was the consent you gave (e.g. to subscribe to the Patients' Newsletter) and the data was processed by Heals Ltd. in an automated manner.
(f) to object to the processing of your personal data, as referred to in Article 21 of the RODO - you have the right, as a Patient of the Service, to object if you do not agree with Heals Sp. z o.o.'s processing of personal data that we have so far processed for legitimate purposes in accordance with the law,
(g) not to be subject to the profiling referred to in Article 22 of the RODO,
h) to lodge a complaint with a supervisory authority in Poland, i.e. the President of the Office for the Protection of Personal Data in Warsaw, the right under Article 77 of the RODO, if you consider that we are processing your personal data unlawfully or in any way violating your rights under generally applicable data protection legislation, including of course the rights given to our Patients by the RODO.
With regard to the right to erasure (right to be forgotten RODO), we emphasise the fact that under the provisions of the RODO you do not have the right to exercise this right if: the processing of your personal data is necessary for the exercise of your right to freedom of expression and information, the processing of your personal data is necessary for Heals Sp. z o.o. to comply with its obligations under the law, in which case we cannot delete your data, as Patients of the service, for the period necessary to comply with these obligations imposed on us by the relevant legislation, the processing of your data is carried out for the purpose of asserting, establishing or defending claims.
If you wish to exercise your data protection rights, please send an e-mail to the following e-mail address mateusz.borowicz@saferodo.pl.
Any breach of the security of the service's Patients' personal data identified by us will be appropriately and lawfully documented, and in the event of situations as defined by the provisions of the RODO or the Data Protection Act, the relevant persons and the competent authorities, e.g. the President of the Data Protection Authority, will be informed of such a breach of the data protection regulations in accordance with the law.
In matters not regulated by this Service's Privacy Policy, the relevant provisions of generally applicable law shall apply, in particular the provisions of RODO and the Polish Act on Personal Data Protection. In the event of any inconsistency between the provisions of this Privacy Policy and the aforementioned regulations, the provisions of universally applicable law shall prevail.