TERMS OF SERVICE/PRIVACY POLICY
1. General information
This Privacy Policy sets out how we care for your personal information. In order to carry out its obligations under data protection laws and to ensure real data protection, the Controller has appointed a Data Protection Officer.
Contact with the Controller is possible to e-mail address: biuro@drmartaroth.com or postal address: DR ROTH spółka z ograniczoną odpowiedzialnością, ul. Mikołaja Kopernika 15/21, 00-359 Warszawa.
2. Definitions
The terms used in the Privacy Policy shall be understood as stated below:
1. Controller: DR ROTH spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (00-359), at ul. Mikołaja Kopernika 15/21, registered in the National Court Register, kept by the District Court for the Capital City of Warsaw in Warsaw XII Economic Department under KRS number: 0001031652, NIP: 5252952636, REGON 525076590, with a share capital of PLN 5,000.00, email address: kontakt@drmartaroth.com, website address: www.drmartaroth.com.
2. Personal data: all information about an identified or identifiable natural person through one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person, including image, voice recording, contact data, location data, information contained in correspondence, information collected through recording equipment or other similar technology.
3. Policy: this Privacy Policy.
4. GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
5. Data Subject: any natural person whose personal data is processed by the Controller, such as a person who visits the Controller's website or directs an email inquiry to the Controller,
6. Processing - means an operation or a set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, viewing, using, disclosing by transmission, dissemination or otherwise making available, matching or linking, limiting, erasing or destroying.
3. Data processing by the Controller
In connection with its medical activities, the Controller collects and processes personal data in accordance with the relevant regulations, including in particular the GDPR and the data processing rules provided for therein.
The Controller ensures transparency of data processing, in particular, always informs about data processing at the time of collection, including the purpose and legal basis of processing, in particular for the purpose necessary for therapeutic diagnosis, provision of health care or health care services. The Controller shall ensure that the data is collected only to the extent necessary for the stated purpose and processed only for the period of time necessary.
When processing data, the Controller shall ensure its security and confidentiality, as well as access to information about such processing for data subjects. In the event that, despite the security measures in place, there is a breach of personal data protection (e.g., data "leakage" or loss), the Controller will inform data subjects of such an event in a manner consistent with the regulations.
4. Security of personal data
In order to ensure the integrity and confidentiality of data, the Controller has implemented procedures that allow access to personal data only to authorized persons and only to the extent necessary due to the tasks they perform. The Controller uses organizational and technical solutions to ensure that all operations on personal data are recorded and performed only by authorized persons.
In addition, the Controller shall take all necessary measures to ensure that its subcontractors and other cooperating entities also provide a guarantee of the application of appropriate security measures whenever they process personal data on behalf of the Controller .
The Controller conducts a risk analysis on an ongoing basis and monitors the adequacy of the data safeguards in place to address identified risks. If necessary, the Controller shall implement additional measures to enhance data security.
5. Purposes and legal grounds for data processing by the Controller
Conclusion of the agreement
Placing an order (purchase of goods or services) involves the processing of personal data. Provision of data marked as mandatory is required in order to accept and process the order, and failure to provide such data will result in a failure to process the order. Provision of other data is optional.
Personal data is processed:
· for the purpose of fulfilling medical obligations (e.g., health data, constituting sensitive data within the meaning of the GDPR), but only to the extent and for the purpose necessary for medical diagnosis, provision of health care, treatment or management of health care systems and services (basis - Article 9(2)(h) of the GDPR);
· for the performance of a contract (including, in particular, for the provision of medical services) only to the extent necessary to achieve the purposes of data processing. The legal basis for processing is Article 6(2)(f) of the GDPR; for data provided on an optional basis, the legal basis for processing is consent (Article 6(1)(a) of the GDPR);
· in order to carry out statutory obligations incumbent on the Administrator, arising in particular from tax and accounting regulations - the legal basis for processing is a legal obligation (Article 6(1)(a) GDPR);
· for the purpose of possible establishment and investigation of claims or defense against them - the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) to protect its rights;
· for the purposes of satisfaction surveys, in particular, by sending communications to the e-mail address with a request to give an opinion (review) or complete a satisfaction survey - the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) in maintaining high quality service and the level of satisfaction of patients/customers with the products and services offered;
· for the purposes of sending SMS or e-mail messages with information about the date of the next appointment and contacting the patient/client - the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) consisting of reminding the patient/client of the appointment date and maintaining contact with the patient/client in order to provide services.
Contact forms
The Controller provides the possibility to contact them using electronic contact forms. Using the form requires the provision of personal information necessary to contact the Data Subject and respond to the inquiry. The person may also provide other data to facilitate contact or handling of the inquiry. Provision of data marked as mandatory is required in order to accept and process the inquiry, and failure to provide such data will result in a failure to process it. Provision of other data is voluntary.
The personal data provided is processed for the purpose of identifying the sender and handling his/her inquiry sent through the form provided - the legal basis for processing is the necessity of processing for the performance of the contract/provision of services (Article 6(1)(b) GDPR).
E-mail and traditional correspondence
In the case of e-mail or traditional mail correspondence to the Controller, not related to the contract concluded with them or the sale of goods/services provided, the personal data contained in this correspondence is processed only for the purpose of communication and settlement of the matter to which the correspondence relates.
The legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting of correspondence addressed to it in connection with its treatment activities.
The Controller processes only personal data relevant to the matter to which the correspondence relates. All correspondence is stored in a manner that ensures the security of the personal data and other information contained therein and is disclosed only to authorized persons.
Telephone contact
When contacting the Controller by telephone, on matters not related to the concluded contract or the sale of goods/services provided, we may request personal data only if it is necessary to handle the matter to which the contact relates. The legal basis in such a case is the legitimate interest of the 4(Article 6(1)(f) of the GDPR), consisting of the necessity to handle a reported case related to the medical activity.
Personal data collected in such cases are processed only for the purpose for which they were collected, and the Controller shall ensure their adequate protection.
Recruitment
As part of the recruitment processes, the Controller expects the transfer of personal data (e.g., in a bio or CV) only to the extent specified in the labor laws. Therefore, more extensive information should not be provided. In the event that the applications sent contain such additional data, the Controller shall consider that the candidate consents to its processing for recruitment purposes.
Candidates' personal data are processed:
· in order to comply with legal obligations related to the employment process, including primarily the Labor Code - the legal basis for the processing is a legal obligation incumbent on the Controller (Article 6(1)(c) of the GDPR in connection with the provisions of the Labor Code);
· for the purpose of conducting the recruitment process in the scope of data not required by law, as well as for the purpose of future recruitment processes - the legal basis for processing is consent (Article 6(1)(a) GDPR);
· for the purpose of establishing or asserting potential claims or defending against such claims - the legal basis for data processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR).
Social media
The Controller processes the personal data of visitors to the Controller's profiles maintained on social media (e.g., Instagram) and those who have liked the Controller's social profiles maintained on popular social networks. The data is processed exclusively in connection with the maintenance of the profile, including for the purpose of informing Data Subjects about the Administrator's activities and promoting various events, services and products, as well as for the purpose of communicating with Data Subjects through the functionalities available on social media. Data of community members may also be processed for statistical and analytical purposes, as well as for the purpose of claiming and defending against claims. The legal basis for the Controller's processing of personal data for this purpose is its legitimate interest (Article 6(1)(f) GDPR) in promoting, protecting its own brand, and building and maintaining a brand-related community.
Data collection in business relation
In connection with its operations, the Controller also collects personal data in other cases - such as during business meetings or through the exchange of business cards - for the purposes of establishing and maintaining business contacts. The legal basis for the processing in this case is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting of networking in connection with its business.
In connection with the Controller's cooperation with business partners, including, but not limited to, business clients and suppliers, the Controller processes the contact information of persons designated as business contacts in the relationship with the Controller, such as persons responsible on the partner's side for the performance of the contract with the Controller. The Controller processes the contact information of such persons for the purpose of ongoing communication with business partners and maintaining contacts with them. The legal basis for the processing in this case is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting of communication with business partners.
Personal data collected in such cases are processed only for the purpose for which they were collected, and the Controller shall ensure their adequate protection.
Direct marketing
If a Data Subject has consented to receive marketing information via e-mail, SMS and other means of electronic communication, the Data Subject's Personal Data will be processed for the purpose of sending such information. The basis for data processing is the legitimate interest of the Controller to send marketing information within the limits of the consent given by the Data Subject (direct marketing). The user has the right to object to the processing of Personal Data for direct marketing purposes. Data will be kept for this purpose for the duration of the Controller's legitimate interest, unless the Data Subject objects to receiving marketing information.
6. Data processing in information systems
Personal data is processed in an IT environment, which means that it may also be temporarily stored and processed to ensure the security and proper functioning of IT systems, e.g. in connection with making security copies, testing changes to IT systems, detecting irregularities or protecting against fraud and attacks.
7. Information about cookies and similar techniques
The Controller uses cookies on its website. Cookies are IT data, in particular text files, which are stored on a Data Subject's terminal device and are intended, among other things, for the use of the Controller 's website. Cookies usually contain the name of the website from which they originate, the time they are stored on the end device and a unique number.
There are two main types of cookies used: "session cookies" and "persistent cookies". "Session" cookies are temporary files that are stored on a Data Subject's terminal device until they leave the website or turn off their software (web browser). "Permanent" cookies are stored on the Data Subject's terminal device for the time specified in the parameters of the cookies or until they are deleted by the Data Subject.
Web browsing software (web browser) usually allows cookies to be stored on a Data Subject's terminal device by default. Data Subjects can change their settings in this regard. The web browser allows for the deletion of the cookies. It is also possible to automatically block cookies. For details, please refer to the help or documentation of your web browser. Restrictions on the use of cookies may affect some of the functionality available on the Controller 's website.
Cookies are not used to process or store personal data, cannot be used to directly identify a Data Subject, and do not make configuration changes to the browser and telecommunication terminal device. A person can determine the conditions for the use of cookies technology themselves and can disable them at any time, using the settings of the Internet browser or the configuration of the service. This can result in the absence or improper display of most websites.
In some cases, it is possible to set the browser to ask for the Data Subject 's consent to cookies on the case by case basis. This gives the Data Subject control over cookies, but may slow down the browser.
If a Data Subject does not want to receive cookies, they can change their browser settings. We stipulate that disabling cookies necessary for authentication processes, security, maintenance of Data Subject's preferences may hinder, and in extreme cases may make it impossible to use the Controller's website.
To manage your cookie settings, please follow the instructions of your respective web browser. Failure to change the settings for cookies means that they will be placed on the Data Subject's terminal device, and thus the Controller will store information on the Data Subject 's terminal device and access it.
8 Recipients of data
In connection with the conduct of activities that require the processing of personal data, they are disclosed to external entities, including, in particular, entities providing accounting, human resources, legal services, suppliers responsible for the provision and operation of information systems and equipment, couriers.
The Controller reserves the right to disclose selected information concerning the data subject to the competent authorities or to third parties who make a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
9. Period of personal data processing
The period of data processing by the Controller depends on the type of case and the purpose of processing. The period of processing of the data specified may also result from regulations, in case they provide the basis for processing. In the case of data processing on the basis of the legitimate interest of the Controller - e.g. for security reasons - the data are processed for a period of time allowing for its realization or until an effective objection to the data processing is made. If processing is based on consent, the data is processed until the consent is withdrawn. Where the basis for processing is necessity for the conclusion and performance of the contract, the data will be processed until the contract is terminated or expires.
The period of data processing may be extended in case the processing is necessary for the establishment, investigation or defense against possible claims, and thereafter, only if and to the extent required by law. After the conclusion of the processing period, the data is irreversibly deleted or anonymized.
10. Rights related to the processing of personal data
In connection with the Controller's processing of your data, you have a number of rights:
· you can obtain information about how and to what extent we process your data and, in addition, a copy of your personal data. In case your request includes copies of data you will help us by indicating a copy of what data you would like to receive. The Controller may charge a fee for second and subsequent copies, of which you will be notified. The amount of the fee will correspond to the cost of its preparation;
· you can request rectification of your data (if it has been erroneously recorded or if it has changed), deletion (if there is no basis for the Controller to process it), or restriction of processing (if you want the Controller to process your data only to a limited extent, pending the resolution of your objection or request for rectification, and if you want the data to be stored in connection with your claims);
· you may request that your data that you have provided to us be transferred in a structured, commonly used, machine-readable format. You can independently transfer the data you receive to the administrator of your choice. In addition, if it is technically feasible, with appropriate security standards, we can do this for you at your request.
· in case the processing of your data by the Controller is carried out on the basis of a legitimate interest, you may object to such processing;
· If you believe that our processing of your data violates your rights tell us about it. We try to respond to all comments and suggestions. You also have the right to file a complaint with the supervisory authority [President of the Office for Personal Data Protection].
The request for the enforcement of the rights of data subjects, may be submitted:
in writing to the address:
· Dr. Roth Spółka sp. z o.o. Mikołaja Kopernika 15/21, 00-359 Warszawa
· via email to: kontakt@drmartaroth.com.
The request should, as far as possible, indicate precisely what the request is about, i.e. in particular:
· what right the applicant wants to exercise (e.g., the right to receive a copy of the data, the right to deletion, etc.);
· what processing the request concerns (e.g., use of a specific service, activity on a specific website, etc.);
· what processing purposes the request relates to (e.g., marketing purposes, analytical purposes, etc.).
If the Controller is unable to determine the content of the request or identify the applicant based on the notification made, it will ask the requester for additional information.
Applications will be responded to promptly, no later than within one month of their receipt. If it is necessary to extend this period, the Controller shall inform the applicant of the reasons for such extension.
The response shall be provided to the e-mail address from which the application was sent, and in the case of applications sent by post, by regular mail to the address indicated by the applicant, unless the content of the letter indicates a desire to receive feedback to the e-mail address (in which case the e-mail address must be provided).
11. Final provisions
This Policy is reviewed on an ongoing basis and updated as necessary.
If you have any problems, questions or suggestions regarding the information presented on the Website, as well as questions regarding data protection, please contact us via e-mail: kontakt@drmartaroth.com or mailing address:
DR ROTH spółka z ograniczoną odpowiedzialnością, ul. Mikołaja Kopernika 15/21, 00-359 Warszawa.
Cookie Policy
1. Definitions
1. Controller - DR ROTH spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (00-359), ul. Mikołaja Kopernika 15/21, entered in the National Court Register, maintained by the District Court for the Capital City of Warsaw in Warsaw XII Commercial Department under KRS number: 0001031652, NIP: 5252952636, REGON 525076590, with a share capital of PLN 5,000.00, email address: kontakt@drmartaroth.com, website address: www.drmartaroth.com.
2. Site- the website maintained by the Controller at the address https://www.drmartaroth.com
3. User - a natural person visiting the Site.
4. Device - an electronic device with software through which the User accesses the Site.
5. Cookies - text data collected in the form of files placed on the User's Device. Cookies collect information that facilitates the use of the website, e.g. by remembering the User's visits to the Site and the actions they perform.
§
1. Types of Cookies and the purposes for which they are used
The Controller uses cookies on its website. There are two main types of cookies used: "session cookies" and "persistent cookies". "Session" cookies are temporary files that are stored on a Data Subject's terminal device until they leave the website or turn off their software (web browser). "Permanent" cookies are stored on the Data Subject's terminal device for the time specified in the parameters of the cookies or until they are deleted by the Data Subject.
The Controller uses so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Accordingly, the Controller and other entities providing analytical and statistical services to the Controller use Cookies to store information or access information already stored on the User's Device. Cookies used for this purpose include:
· Cookies with user input (session ID) for the duration of the session (user input cookies);
· authentication Cookies used for services that require authentication for the duration of the session (authentication cookies);
· User centric security cookies, such as those used to detect authentication abuse;
· multimedia player session cookies (e.g. flash player cookies), for the duration of the session;
· persistent cookies used to personalize the user interface for the duration of the session or slightly longer (user interface customization cookies),
· Cookies used to monitor website traffic, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the User uses the Site, to create statistics and reports on the functioning of the Site). Google does not use the collected data to identify you, nor does it combine this information to enable identification. Detailed information about the scope and principles of data collection in connection with this service can be found at the link: https://www.google.com/intl/pl/policies/privacy/partners.
The Controller also uses Cookies for marketing purposes. For this purpose, the Controller stores information or accesses information already stored in the User's telecommunications Device. The use of Cookies and personal data collected through them for marketing purposes requires the User's consent. This consent can be expressed through the appropriate configuration of your browser, and can be withdrawn at any time, in particular by clearing the history of Cookies and disabling Cookies in your browser settings.
3. Cookies control
The User may at any time, on their own, change the settings for storing, deleting and accessing stored Cookies by any website.
Information on how to disable Cookies in the most popular computer browsers is available at: how to disable cookies or from one of the designated providers:
· Managing cookies in the Chrome browser
https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=pl
· Managing cookies in the Opera browser
https://help.opera.com/pl/latest/web-preferences/
· Managing cookies in the FireFox browser
https://support.mozilla.org/pl/kb/blokowanie-ciasteczek
· Managing cookies in the Edge browser
· Managing cookies in the Safari browser
https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
· Managing cookies in the Internet Explorer 11 browser
The User may at any time delete any Cookies stored to date using the tools of the User's Device through which the User accesses the services of the Website.
Services provided by third parties are beyond the control of the Controller . These entities may change their terms of service, privacy policies, purpose of data processing and ways of using Cookies at any time.
The Controller uses all possible technical measures to ensure the security of data placed in Cookies. The Controller is not responsible for the interception of this data, impersonation of the User's session or its deletion, as a result of the User's conscious or unconscious activity, viruses, Trojan horses and other spyware with which the User's device is or was infected.