Personal Data Protection / GDPR

Phone registration: +48 91 326 26 91

Phone registration:

+48 91 326 26 91

Phone registration:

+48 91 326 26 91

Personal Data Protection

Hospital in Kamień Pomorski Sp. z o.o.

In accordance with Article 13 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons
in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "GDPR"), we inform you that:

  1. The administrator of your personal data, including special categories of personal data, is the Hospital in Kamień Pomorski Sp. z o.o. with its registered office at ul. Wolińska 7b, 72-400 Kamień Pomorski. Written contact via traditional mail to the address of the Hospital in Kamień Pomorski Sp.
    z o.o., ul. Szpitalna 10, 72-400 Kamień Pomorski, tel. +48 91 326 26 90, +48 91 326 26 91, +48 91 326 26 92, email: sekretariat@szpitalkamien.pl
  2. In matters concerning the processing of personal data, you can contact the Data Protection Officer at the email address: iod@szpitalkamien.pl or by sending correspondence to the Administrator's address.
  3. Your data is processed by the Administrator for the purpose of conducting medical activities, in particular for the provision of medical services, granting health benefits, and maintaining the required legal medical documentation.

 

  1. The data subject to processing includes:

 

  1. THE PATIENT – in the form of the patient's first name, last name, first names and last names of the patient's parents, the patient's gender, PESEL number (and if not available, passport number or other identity document), the patient's residence address, the patient's date of birth, the patient's phone number (if available), the patient's email address (if available), health data of the patient, citizenship of the patient – only if the patient does not have Polish citizenship;
  2. LEGAL REPRESENTATIVE, LEGAL GUARDIAN, ACTUAL GUARDIAN OF THE PATIENT – in the form of first name, last name, residence address, phone number (if available), email address (if available), in the case of patients – newborn children, also the PESEL number of the newborn's mother, in the event of the need to issue a certificate or medical leave – also PESEL, data
    of the employment of the applicant's legal representative and legal guardian, in the case of requesting access to medical documentation, also other provided contact data;
  3. PERSON AUTHORIZED TO ACT ON BEHALF OF THE PATIENT – in the form of first name, last name, residence address, phone number (if available), and in the case of granting authorizations at least for receipt/access to medical documentation – also other provided contact data;

 

  1. The patient's personal data may be obtained:

 

  1. directly from the patient or from other entities, including from a person acting on behalf of the patient who is a legal representative, legal guardian, actual guardian, or a close person to the patient – in person, through the e-registration system, or by phone;
  2. from other entities providing health services, in connection with the right to access medical documentation, if it is
    necessary to ensure continuity of health services;
  3. from official, publicly available sources maintained by public authorities,
  4. directly from third parties, e.g., the Patient Rights Ombudsman, the National Health Fund, the Ministry of Health, the Social Insurance Institution, National Consultants, Social Welfare Centers, Children's Homes, Care and Educational Facilities, Courts, Police, Prosecutor's Office, in the course of proceedings conducted by these entities.

 

  1. According to the Act of November 6, 2008, on Patient Rights and the Patient Rights Ombudsman, data contained in medical documentation will be stored:

 

  1. for a period of 20 years, counting from the end of the calendar year in which the last entry was made in the medical documentation;
  2. in the case of X-ray images stored outside your medical documentation, for a period of 10 years, counting from the end of the calendar year in which the image was taken;
  3. in the case of referrals for examinations or doctor's orders, for a period of 5 years, counting from the end of the calendar year in which you received the health service subject to the referral or doctor's order, or 2 years, counting from the end of the calendar year in which you were issued a referral – if the health service was not provided due to your failure to appear at the scheduled time, unless the referral was collected by you;
  4. in the case of the patient's death due to bodily injury or poisoning, for a period of 30 years, counting from the end of the calendar year in which the death occurred.
  5. in the case of medical documentation containing data necessary for monitoring the fate of blood and its components, for a period of 30 years, counting from the end of the calendar year in which the last entry was made;
  6. in the case of medical documentation concerning children until the age of 2, for a period of 22 years.

 

  1. The collected personal data, including in particular the Patient's data, may be verified by the Administrator in the EWUŚ system (Electronic Verification of Entitlements of Beneficiaries) and other official registers and records maintained by public authorities.

 

  1. The legal bases for processing personal data by the Administrator are:

 

  1. the consent of the data subject or their legal representative, legal guardian, or de facto guardian – art. 6 sec. 1 lit. a) GDPR;
  2. necessity for the protection of vital interests of the data subject or another natural person, when the data subject is physically or legally incapable of giving consent – in accordance with art. 6 sec. 1 lit. d) and art. 9 sec. 2 lit. c) GDPR;
  3. fulfillment of a legal obligation incumbent on the Administrator, in particular verification/determination of identity before providing a service/medical benefit – in accordance with art. 6 sec. 1 lit. c) GDPR,
  4. fulfillment of obligations and exercising specific rights by the Administrator towards the data subject in the field of labor law, social security, and social protection – art. 9 sec. 2 lit. b) GDPR,
  5. fulfillment of the obligation to ensure health prevention or occupational medicine to assess the employee's ability to work, medical diagnosis, provision of healthcare, treatment, ensuring social security, managing health care systems and services – in accordance with art. 9 sec. 2 lit. h) GDPR;
  6. fulfillment of the obligation to maintain accounting records and tax obligations – in accordance with art. 6 sec. 1 lit. c) GDPR;
  7. contacting for informational purposes, e.g. to confirm or change/cancel a medical consultation appointment, informing about ways to prepare for the scheduled procedure – in accordance with art. 6 sec. 1 lit. b);
  8. ensuring the possibility of pursuing potential claims – in accordance with art. 6 sec. 1 lit. b) GDPR.

 

  1. The recipients of personal data collected during hospitalization are: National Health Fund, Social Insurance Institution, Patient Rights Ombudsman, Ministry of Health, State Sanitary Inspection, persons authorized to information about the patient's health status, patient’s proxy. In special cases: Courts, Prosecutor's Office, and Police, as well as insurance companies.
  1. The period of processing personal data collected during hospitalization is defined by art. 29 of the actof November 6, 2008on patient rights and the Patient Rights Ombudsman.
  2. The person whose personal data is processed during hospitalization has the right to access the content of their data, the right to rectification, the right to object, deletion, restriction of processing, the right to data portability, or the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  3. You have the right to lodge a complaint with the President of the Personal Data Protection Office at ul. Stawki 2 00-193 Warsaw, if you believe that the processing of personal data violates the provisions of GDPR.
  4. The obligation to provide your personal data arises from currently applicable legal provisions, i.e. art. 25 sec. 1 of the act of November 6, 2008 on patient rights and the Patient Rights Ombudsman, art. 20 of August 27, 2004, the act on healthcare services financed from public funds, and art. 4 sec. 3 point 1 of the act of April 28, 2011 on the information system in health protection. The consequence of refusing to provide your personal data may be the refusal to provide medical services, except in life-threatening situations or health risks for the patient, which require immediate medical assistance (art. 15 of the act of April 15, 2011 on medical activity).
  5. Your data will not be subject to automated decision-making, including profiling.
  6. Your personal datawill not be transferred or is not planned to be transferred to third countries or international organizations.

 

The information obligation of the data Administrator regarding correspondence

 

In accordance with art. 13 sec. 1 and sec. 2of the Regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "GDPR"), we inform you that:

 

  1. Your personal data will be processed for the purpose of considering the submitted to Hospital in Kamień PomorskiCompany Limited liability correspondence based on Article 6(1)(e) of the GDPR. If the correspondence concerns actions before the conclusion of the contract or the execution of the contract, the data will be processed for the purpose of concluding and executing the contract, based on Article 6(1)(b) of the GDPR. If the sent correspondence concerns the administrator taking actions based on legal provisions, the data will be processed to fulfill the legal obligation imposed on the administrator, based on Article 6(1)(c) of the GDPR. In the case of correspondence sent for purposes other than those specified above, the data will be processed based on Article 6(1)(a) of the GDPR, i.e., the consent given for the purpose of providing a response.
  2. The recipients of your personal data are or may become entities to whom data processing has been entrusted under a contract, including IT service providers, as well as public authorities and entities entitled under separate regulations.
  3. Personal data will not be transferred nor is there any plan to transfer data to third countries or international organizations.
  4. Your personal data will be stored until the matter for which they were collected is resolved, and subsequently – in cases where required by the provisions of the Regulation of the Prime Minister of January 18, 2011, regarding office instructions, uniform material lists of documents, and instructions regarding the organization and scope of operation of company archives – for the period specified in those regulations.
  5. You have the right to request from the administrator access to your personal data, their rectification, restriction of processing, or to object to processing, as well as in the case of data processed based on consent, the right to delete data and the right to withdraw consent at any time, provided that the withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.
  6. You have the right to lodge a complaint with the President of the Personal Data Protection Office at ul. Stawki 2 00-193 Warsaw, if you believe that the processing of personal data violates the provisions of the GDPR.
  7. Providing personal data is voluntary, however, their provision is necessary for the realization of the above-mentioned purposes,and in the case of not providing data, the correspondence will not be processed.
  8. Your data is not subject to automated decision-making, including profiling.

 

Information obligation of the data administrator regarding monitoring

 

According to Article 6(1)(f) of the Regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "GDPR"), we inform you that:

  1. In the area of the Hospital in Kamień Pomorski Ltd., video monitoring is conducted, only with recorded footage.
  2. Monitoring is carried out to ensure the safety of patients, including supporting medical supervision over patients in life-threatening or health-threatening conditions, as well as ensuring the safety of staff and property of the Hospital located on the premises of the Hospital, ensuring the possibility of addressing complaints, ensuring the possibility of identification and determining the causes of accidents, and identifying perpetrators of unlawful acts.
  3. Monitoring operates around the clock.
  4. Monitoring covers two main entrances to the Hospital, the reception, and the Internal Medicine Department near the elevator and the Nursing and Therapeutic Facility near the elevator, as well as part of the corridor inside the Nursing and Therapeutic Facility.
  5. Monitoring is conducted in accordance with the applicable legal provisions in this regard, particularly with respect for the intimacy and dignity of the patient.
  6. Your personal data will be registered in electronic form in the form of images from video monitoring and stored for no longer than 30 days.
  7. If an event occurs in the monitored area that can be classified as undesirable or even a crime, of which the Administrator of Personal Data becomes aware during the data retention period, a copy of the recorded images will be prepared and stored for the needs of the authorities conducting the investigation - until the legally valid conclusion of the proceedings. After this time, the recorded images obtained from the monitoring containing personal data will be destroyed unless separate regulations provide otherwise.
  8. If you believe that the processing of your personal data violates the provisions of the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office.
  9. Access to monitoring is granted only to authorized individuals among the employees and collaborators of the Hospital and entities authorized by law or by contract, e.g., the Information System Administrator, the company providing security and property services, and maintenance services. These individuals are obliged to maintain confidentiality, meaning that data from the monitoring must not be made public in any case.
  10. Your data is not subject to automated decision-making, including profiling.
  11. Your personal data will not be transferred, nor is there any plan to transfer data to third countries or international organizations.

                                                                                 

Data Controller

 

We invite you to familiarize yourself with information about GDPR rights for patients.

on the websiterododlapacjenta.pl

Phone registration +48 91 326 26 91

Night and holiday healthcare from 6:00 PM to 8:00 AM

and around the clock on public holidays.

+48 91 326 26 91

 

Nursing and Rehabilitation Facility:

Ward registration - (9:00 AM - 2:00 PM) +48 729 058 364

Nurse's station - +48 729 058 366

Online registration: rejestracja@szpitalkamien.pl

Portal for online registration: epacjent.szpitalkamien.pl

Secretariat: +48 91 835 63 91

sekretariat@szpitalkamien.pl

Personal Data Protection - GDPR