Contrast
Font
+48 664 009 388
  1. You are currently on
  2. Homepage
  3. Privacy policy

Privacy policy

Information on the processing of personal data of natural persons

In connection with the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation ‘GDPR’), Eurodiagnostic sp. z o.o. with its registered office in Krakow 31-864, ul. Zyczkowskiego 16, whose registration files are kept by the District Court for Krakow-City Center in Krakow under number 0000902024, NIP 5252386042, with share capital of PLN 36,850.00, hereby informs you about the rules for the processing of your personal data and your rights in this regard.

How do we process personal data?

As Eurodiagnostic sp. z o.o., we are the Administrator of your personal data in accordance with the regulations. This means that we are responsible for using it in a secure manner, in accordance with the agreement, if we have concluded one with you, and in accordance with applicable regulations.

For what purpose, on what basis and for how long do we process your personal data?

We use (process) your personal data for the following purposes:

  1. taking steps to enter into a contract with us:

    for the time necessary to conclude the contract, but no longer than one year from the moment we reasonably believe that the contract will not be concluded

  2. Legal basis:
    • Clients/Contractors who are natural persons and act independently – Article 6(1)(b) of the GDPR;
    • persons representing Clients/Contractors (e.g. the Client/Contractor is a legal persons) – Article 6(1)(f) of the GDPR;
  3. performance of the agreement concluded between you and us:
    • for the time necessary to perform the agreement (or other termination of the agreement) and for the period resulting from the provisions of law regarding the storage of accounting documents;
  4. Legal basis:
    • Clients/Contractors who are natural persons and act independently – Article 6(1)(b) of the GDPR
    • persons representing Clients/Contractors (e.g. when the Client/Contractor is a legal persons) – Article 6(1)(f) of the GDPR.
  5. establishing, defending and pursuing claims (legitimate interest)
    • until the expiry of the limitation period for any claims you may have against us or until the expiry of any claims we may have against you – which constitutes our legitimate interest;
  6. Legal basis: Article 6(1)(f) of the GDPR;
  7. fulfilment of our legal obligations – in particular:
    • issuing and storing accounting documents;
    • making tax settlements;
    • responding to complaints;
    • storing data for archiving purposes;
    • or the duration of such an obligation. The storage periods are specified by law – e.g. the Accounting Act;
  8. Legal basis: Article 6(1)(c) of the GDPR;
  9. proving the proper performance of the Administrator's obligations regarding the processing of personal data (e.g. providing this information)
    • for the period during which the Administrator may suffer legal consequences for failure to perform the obligation, e.g. receive a financial penalty from state authorities;
  10. Legal basis: Article 6(1)(c) and (f) of the GDPR;
  11. reating summaries, analyses and statistics for our internal needs; this includes, in particular, reporting, satisfaction surveys, marketing research, planning the development of service sales, development work in IT systems – which constitutes our legitimate interest
    • for the duration of our legitimate interest in their processing.
  12. Legal basis: Article 6(1)(f) of the GDPR;
  13. correspondence with you – to the extent resulting from its content or related to it – e.g. in matters related to the performance of a contract, taking steps to conclude a contract – for as long as the content of such correspondence is of legal significance to us, to you or to the persons on whose behalf you act (the time limits specified in points 1-6 above apply in this case), and in other cases for a period of 3 months from the last correspondence on the matter

Legal basis: Article 6(1)(b)(c)(d) and (f) of the GDPR;

Agreement

In other cases, your personal data will be processed only on the basis of prior consent within the scope and for the purpose specified in the consent.

If you consent to the use of your data, the content of this consent will specify the purpose and duration of the processing of this data. You may withdraw your consent at any time (this will not affect the lawfulness of the use of your data prior to the withdrawal of such consent).

Profiling

We do not profile your data (profiling is the automatic analysis of your personal data performed electronically – by software designed for this purpose).

What information should you provide us with?

In order to conclude the contract, we require you to provide your details on the contract form, e.g. name and surname, e-mail address, company name, business address, correspondence addresses, numbers in the relevant registers – e.g. number in the register of medical entities, tax identification number (NIP), REGON number, position held within your organisation or function performed, qualifications held, details of persons involved in the performance of the contract, bank account number. If you do not provide this information, we will not conclude the contract. In addition, we may ask for optional data that does not affect the conclusion of the contract.

Providing data when concluding a contract is not a statutory requirement.

Who do we share your data with?

We transfer your data to:

  1. entities processing data on our behalf, participating in the performance of our activities:
    • operating our ICT systems or providing us with IT tools;
    • subcontractors supporting us, e.g. in providing the services you have ordered, handling correspondence or in the client service process;
    • entities providing us with advisory, consulting, auditing and accounting services;
  2. other data administrators who process data on their own behalf:
    1. podmiotom prowadzącym działalność pocztową lub kurierską;
    2. podmiotom prowadzącym działalność płatniczą (banki, instytucje płatnicze) – w celu dokonania realizacji zapłaty, zwrotów na Państwa rzecz;
    3. entities conducting postal or courier activities.

Data from other sources

  1. if you pay via, for example, a bank or payment institution, we will obtain information about the account from which you made the payment, the institution where you made the payment, or the account to which we made the payment and the institution to which we made the payment. We will process this data in order to verify that the payment has been made correctly, to record and settle it, and, if necessary, to make refunds (basis: Article 6(1)(b) and (c) of the GDPR), to establish, pursue and defend claims (basis: Article 6(1)(f) of the GDPR);
  2. We may also obtain your data from publicly available registers (e.g. register of medical entities, CEIDG, KRS), records, etc. for the purposes described above (conclusion/performance of a contract – including verification of the information provided by you, performance of statutory settlement/archiving obligations, pursuit of claims by us or defence against claims by you or third parties, marketing, correspondence with you);

In such cases, the scope of data processed will be limited to data publicly available in the relevant registers.

  1. We may obtain your personal data from entities where you are employed or which you represent. In such cases, the scope of data processing includes information necessary to handle cooperation and contact with the contractor.

Your rights

You may submit a request to us (regarding personal data) for:

  1. correction (rectification) of incorrect data or completion of data;
  2. removal of data processed without justification;
  3. restriction of processing (suspension of data operations or non-deletion of data – depending on the request submitted);
  4. access to data (including information about the data we process, the purposes of processing, data recipients or categories of recipients) and a copy of the data;
  5. transfer of data to another data administrator or to you.

You may exercise these rights by submitting a request to the addresses indicated at the end of this notice or by any other means.

To ensure that you are entitled to submit a request, we may ask you to provide additional information to verify your identity.

The scope of each of these rights and the situations in which they can be exercised are determined by law. Which rights you can exercise will depend, for example, on the legal basis for our use of your data and the purpose of its processing. This means that in some cases we may refuse to comply with your request. In such cases, we will explain the reasons for our decision and provide you with the legal basis for it. In any case, we will immediately provide you with the necessary explanations and assistance in exercising your rights.

Right to object

In specific situations, you may object at any time to our processing of your personal data if the basis for the use of the data is our legitimate interest or public interest. In such a situation, after considering your request, we will no longer be able to process the personal data covered by the objection on this basis, unless we demonstrate that there are:

  1. important legitimate grounds for processing the data which, according to the law, are considered to override your interests, rights and freedoms, or
  2. grounds for establishing, pursuing or defending claims.

 

Complaint

You have the right to file a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the law.

Contact and information

Correspondence Address: ul. Szeligowskiego 8/98, 20-883 Lublin, adres: e-mail: kontakt@eurodiagnostic.pl

Contact with the Data Protection Officer:
Piotr Harańczyk
e-mail: iod@eurodiagnostic.pl

pl en