Personal data protection policy

  1. This data protection policy stipulates how Pawel Sala’s IN-MED (Administrator) Psychotherapeutic and Psychiatric Clinic deals with personal data.
  2. The ‘Administrator’ processes personal data in accordance with the law, accuracy and transparency, particularly in accordance with European Parliament and Council directive (EU) 2016/679 dated 27th April 2016 regarding datapersonal protectionin accordance with processing of personal data and free flow of data and repeating directive 95/46/WE (General Data Protection Regulation, GDPR) as and the provision of national law.
  3. The Administrator provides medical services in accordance with the Act dated 15th April 2011 about medical activity (consolidated text, Journal of Laws, 2020; No. 295, as amended) and processes Personal data:
    1. Patients:
      1. for health purposes connected with providing medical services, including keeping and sharing medical records pursuant to Article 9 paragraph 2 (h) GDPR Act, andArticle 6 paragraph 1 (c) of the GDPR Act.
      2. to prevent claims and claims in the process of being made, and ensuring safety of people and property, in accordance with justified interest of the Administrator, in accordance with Article 6 paragraph 1 (f )GDPR Act.
      3. for marketing purposes and other non-listed purposes, paragraph a and b – based on the patient’s consent, in accordance with Article 6 paragraph 1 a GDPR Act.
    2. Personnel:
      1. for the purpose ofentering and carrying out an employment contract, pursuant to Article 6 paragraph 1 (b), and Article 6 paragraph 1(c) of the GDPR Act.
      2. for the purpose of health prevention or occupational health care or assessment of fitness to work – Article 9 paragraph 2 (h) of the GDPR Act.
      3. for the purpose of entering a contract or civil law agreement, pursuant to Article 6 paragraph 1 (b) and Article 6 paragraph 1(c)of the GDPR Act.
      4. to protect against claims and claims being pursued, ensuring the management of the Administrator’s company and ensuring the safety of persons and property, on the legal understanding justified by the Administrator’s interest in accordance with Article 6 paragraph 1(f) GDPR Act.
      5. to protect yourself against claims and claims being pursued, ensuring the management of the Administrator’s company and ensuring the safety of persons and property, on the legal understanding justified by the Administrator’s interest in accordance with Article 6 paragraph 1(f) GDPR Act.
    3. other persons:
      1. in the scope of concluded contracts, in order to ensure their implementation – pursuant to Article 6 paragraph 1 (b) of the GDPR Act.
      2. in order to ensure the process of management of the Administrator’s company and ensuring the security of persons and property – based on the Legitimate interest of the Administrator, in accordance with Article 6, paragraph 1 (f) GDPR Act.
      3. for other remaining purposes, based on consent of the data subject, in accordance with Article 6 paragraph 1 (a) GDPR Act,provided there are no other basis to process personal data which are listed in Article 6 or Article 9 GDPR Act.
  4. The Administrator ensures the security of personal data, including protection against their unauthorised or illegal processing or accidental loss; destruction and damage by means of:
    1. applying appropriate documentation of Personal Data processing.
    2. allowing only persons authorised bythe Administratorin writing by, as well as persons bound bypatient confidentiality in relation to medical professions (doctors, nurses), to process personal data,unless the authorisation to process personal dataresults from the provisions of applicable laws.
    3. entrusting the processing of personal data solely based on separate agreements on entrusting the processing of personal data.
    4. keeping and sharing medical records in accordance with the provisions of generally applicable laws, such as Act dated 6th November 2008 onpatient’s rights and Patient’s Rights Ombudsman (consolidated text, Journal of Laws 2020 item 849, as amended), as well as directive of Minister of Health dated 6th April 2020 pertaining kind, scope and specimen of medical documentation, as well as a method of its processing. (Journal of Laws, 2020, item 666)
    5. training of personnel in the principles of personal data processing.
    6. keeping a register of personal data processing activities.
    7. monitoring personal data breaches and keeping a register of breaches.
    8. application of technical measures for the personal protection data, in particular:
      1. building security and alarm system.
      2. anti-burglary protections in door and window joinery.
      3. the use of special cabinets and storage containers ensuring anadequate level of personal data security.
      4. Telecommunication security measures (such as limited systems access, anti-virus software, firewall, SSL certificates on the website).
  5. The Administrator is not obligedto carry out assessment of effects for personal data protection, which is written in article 35 paragraph 1 GDPR.
  6. The administrator is not obliged to appoint a data protection officer, which is referred to in Article 37 paragraph 1 GDPR.
  7. The administrator is obliged to:
    1. keeping and sharing patient’s medical records in accordance with the applicable law as well as to protect them against loss or damage.
    2. in the case of sharing medical records with a third party; it is required to accurately verify the identity with whom the information has been shared.
    3. in the case of sharing medical records in electronic form; it is required to encrypt or provide other forms of protection fromaccess by unauthorised people.
    4. using Administrator’s telecommunication equipment and systems in a mode ensuring personal data protection from the access of unauthorised parties, such as by:
      1. using individual, unique passwords,
      2. not leaving devices unattended,
      3. locking rooms where equipment where personal data is processed,
      4. switching off devices after use,
      5. not disclosing data details (log in and password) with unauthorised people,
      6. using anti-virus software of programmes such as firewall,
      7. locking rooms where personal data is stored,
      8. storing in the workplace (rooms, offices, reception, etc.) documents and other media containing personal data only in dedicated containers/cabinets/desks,
      9. the application of ‘clean desk’ principle,
      10. not to disclose personal data to people whose identity cannot be verified, or for whom there are reasonable doubts,
      11. non-disclosure of patient’s personal data in public areas of the Administrator’s premises.
  8. In the event of suspected breach of Personal Data protection, the Administrator shall immediately verify whether there has been a breach and whether the breach could be a risk to the rights and freedoms, of data subjects.In the event the breach has been confirmed, the Administrator shall immediately, but not later than within 72 hours inform the Polish Data Protection Commissioner.
  9. If a breach of the protection of personal datacould result in a high risk to the rights and freedoms of natural persons, the Administrator without delay informs the person, to whom the data applies to, about the breach, unless other circumstances indicated in Article 34(3) of the GDPR apply.

Cookies policy

The website uses cookies, which enable correct functioning of it, improving its speed and safety of website usage, while using analytical and marketing tools.

So called cookies are informatic data, in particular text files, which are stored in the Website User’s end device and designated for use in the internet service page.Cookies usually contain the name of the website they come from, length of storage on the end device and unique number.

Cookies do not have a negative effect on the device where they are stored, they do not change the settings of the software installed on the devices or their configuration.

Consent to cookies. During the first visit to the website, there is information displayed regarding using cookies. Accepting and closing this information – as well as staying on the website and further use of it – means you consent to cookies in accordance with privacy policy ruling.

You can always with draw your consent by removing cookies and changing settings of cookies in the browser.

Detailed information regarding the possibility of changing the settings of Cookies is available in the user’s browser.

Detailed information on changing Cookie settings:

Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=pl
Firefox: https://support.mozilla.org/pl/kb/ciasteczka
Internet Explorer: https://support.microsoft.com/pl-pl/help/278835/how-to-delete-cookie-files-in-internet-explorer
Opera: https://help.opera.com/pl/latest/security-and-privacy/
Safari: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
Microsoft Edge: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-Cookies

The website uses Cookies to track website statistics. The information collected is anonymous and does not allow to identify the user. For this purpose, cookies from Google LLC cookies are used using Google Analytics.