In the interest of safety of the personal data of our clients and in view of the governing laws, Non-public Healthcare Cytogenetic Laboratory KARIOGEN provides the policy regarding the data storing and processing.
- The data controller is the Non-public Healthcare Cytogenetic Laboratory KARIOGEN located in Kraków, ul. Wieniawskiego 64, entered into the Register of Health Establishments by Malopolska Voivod, under the number: 12-01927.
- The DPO shall keep the register of processing data and can be contacted via mail at:
Bogusława Krzykwa NZOZ Pracownia Cytogenetyczna KARIOGEN 31-436 Kraków ul. Wieniawskiego 64.
- Personal data categories that we process rely on the Law concerning diagnostic examination. We receive the personal data from the doctors referring for the examination and firms, for which we execute examinations and to which we are bound by the confidentiality agreement. We process: name and surname, Social Security number, ID number. In the event of a person not having the Social Security number: address, phone number, purpose of the examination, diagnose of the disease and relevant medical documentation.
- Legal grounds for processing of personal data
Personal data is processed in order to provide the medical services in the area of laboratory diagnostics. The legal bases are: Article 9 para. 2 lit. h GDPR, in conjunction with national provisions: the Act of 15.04.2011 on medicinal activities (Journal of Laws of 2018, item 160, as amended), the Act of 06.11.2008. on patient rights and the Ombudsman for Patient Rights (Journal of Laws of 2017, item 1318, as amended) and the Act of 27.07.2001 on laboratory diagnostics (Journal of Laws of 2016, item 2245). The basis of data processing, to the extent necessary in preserving and protecting patient’s interest, is Art. 6 section 1 letter D GDPR.
- The purpose of personal data processing
Personal data are processed due to the management of Non-public Healthcare Cytogenetic Laboratory KARIOGEN, offering medical service, especially in the area of laboratory diagnostics, as well as, providing the medical documentation, required by the Law.
- Access to the data is given to the entity processing data in Non-public Healthcare Cytogenetic Laboratory KARIOGEN, with your knowledge and permission, as well as, competent state authorities that will requests for access to personal data and persons authorized by you.
- The period of personal data processing
Non-public Healthcare Cytogenetic Laboratory KARIOGEN is required to store the medical documentation for at least 20 years. The data processed for the purpose of accounting is stored for 5 years. After the time period defined, paper documentation is shredded, and digital documentation deleted.
- According to GDPR, every person concerning the personal data has a right to:
- The right to object to data processing
- The right to withdraw consent
- The right to request the restriction of the processing of personal data
- The right to access your own personal data
- The right to request the deletion of personal data
Non-public Healthcare Cytogenetic Laboratory KARIOGEN as a medical entity is obliged to store the medical documentation in the period of time, stated in the Act on Patient Rights and Patient Rights Ombudsman. You are entitled to the right of filing a complaint to the supervising agent of the President of the Office of the Personal Character Data Protection, ul. Stawki 2, 00-193 Warszawa.