Privacy policy

 

I. Definitions

  • Controller – within the meaning of Article 4 (7) GDPR means the data controller, i.e. the entity that alone or jointly with others determines the purposes and means of the processing of personal data. Whenever the Privacy Policy refers to the Controller it shall mean GTA. 
  • GTA, Service Provider, We, Us – Global Teleclinic & Assistance spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, ul. Twarda 18, 00-105, entered in the Register of Entrepreneurs kept by the National Court Register, XII Commercial Division of the National Court Register under KRS number: 842659, NIP (Tax ID): 5272927966, being a registered healthcare provider entered in the register of healthcare providers under number 000000247151. 
  • Platform – means the online platform available at the following address https://global-teleclinic.com. 
  • Privacy Policy – this Policy. 
  • Terms and Conditions – the Terms and Conditions of electronic service provision available on the Platform. 
  • User, You – any natural person visiting the Platform or using one or more of the services or functions described in the Privacy Policy. 
  • Capitalised terms not defined in the Privacy Policy shall have the meaning given to them in the Terms and Conditions. 

II. Controller and Data Protection Officer

The Controller of your personal data is GTA, which you can contact: 

We have appointed a Data Protection Officer. This is the person you can contact with regard to all matters concerning the processing of your personal data and the exercise of your rights in relation to data processing. You can contact the Officer as follows: 

III. Purposes, legal basis and duration of data processing 

Your personal data is or may be processed for the following purposes: 

  1. for the purposes necessary for the performance of the Medical Services Agreement in accordance with the Terms and Conditions or to take action at your request prior to the conclusion of the Medical Services Agreement (Article 6(1)(b) GDPR). Personal data will be retained for the duration of the agreement and thereafter for the period of limitations for possible claims under generally applicable law. 
  2. for the purpose of providing services electronically (including mediating the provision of Laboratory Test Services) – on the basis of the Agreement concluded between the Patient and the Service Provider (Article 6(1)(b) GDPR). Personal data will be stored for the duration of the provision of services in accordance with the Terms and Conditions, but no longer than until the expiry or termination of the Agreement for the provision of electronic services or for the period of limitations for claims, and with regard to complaints, personal data will be stored for the period of handling the complaint, but no longer than until the final resolution of the complaint. 
  3. in order to comply with legal obligations, arising in particular from the Act on Patients’ Rights and the Patients’ Ombudsman, as well as tax or accounting regulations – on the basis of the Service Provider’s legal obligations set out in generally applicable law (Article 6(1)(c) GDPR). Personal data will be processed for the period resulting from the generally applicable legal provisions. 
  4. for the purposes necessary to establish, assert and defend claims relating to the Service Provider’s business or the provision of Medical Services – on the basis of the Provider’s legitimate interest in asserting and defending its claims (Article 6(1)(f) GDPR). Personal data will be stored for the duration of the Agreement and thereafter for the period of limitation for claims under the relevant legislation. 
  5. in the scope necessary for the purposes of preventive health or occupational medicine, medical diagnosis, provision of healthcare, treatment or management of healthcare systems and services, on the basis of the provisions of generally applicable law, in particular the Act on Patients’ Rights and Patients’ Ombudsman and the Act on Medical Activities (Art. 9(1)(h) GDPR). Personal data will be kept for the period specified by generally applicable legal provisions, in particular the Patients’ Rights Act, according to which the healthcare entity is obliged to keep the patients’ medical records for at least 20 years. 
  6. to respond to your messages – on the basis of the Service Provider’s legitimate interest in responding (Article 6(1)(f) GDPR). Personal data will be processed until the message (enquiry) is answered or until an effective objection to the processing is raised. 
  7. for the purpose of fulfilling the newsletter agreement – on the basis of the agreement concluded between the User and the Service Provider (Article 6(1)(b) GDPR). Personal data will be retained for the duration of the agreement and thereafter for the period of limitations for possible claims under generally applicable law. 
  8. to carry out marketing of our own products and services – on the basis of pursuing our legitimate interests in carrying out direct marketing of our own products and services, i.e. Article 6(1)(f) GDPR, whereby, in accordance with the provisions of Article 10 of the Act on Electronic Service Provision and Article 172 of the Telecommunications Act, we require additional consent for the use of the communication channels provided for the purpose of carrying out marketing activities. We may process data for this purpose until you object to the processing or until you withdraw your consent to receive marketing and informational materials electronically. 

VI. Personal data recipients

The recipients of your personal data, for which the Service Provider is the Controller, will be: 

9. Persons providing Teleconsultations, 

10. Diagnostyka sp. z o.o., 

11. as well as external entities providing supportive IT systems, providing services related to the Service Provider’s day-to-day operations (accounting, taxation, law) – by virtue of relevant data processing contracts and ensuring that the aforementioned entities apply technical and organisational measures ensuring adequate protection of personal data. 

In addition, personal data may be disclosed to entities authorised to obtain them under applicable law, e.g. supervisory authorities, law enforcement agencies or courts. Personal data will not be transferred by the Service Provider outside the European Economic Area (EEA). Personal data may be transferred outside the European Economic Area as part of the Service Provider’s use of services of entities providing IT solutions and systems, which may store personal data on servers located outside this area. Such a transfer may be based on a decision of the European Commission declaring an adequate level of protection (Article 45(1) GDPR) or the application of appropriate legal safeguards, which are in particular standard contractual clauses for the protection of personal data approved by the European Commission (Article 46(2)(c) GDPR). If the European Commission does not issue a decision finding an adequate level of protection or if adequate legal safeguards are not provided, personal data may be transferred to a country outside the EEA on the basis of one of the grounds listed in Article 49(1) GDPR. The data subject shall have the right to obtain a copy of the personal data and to be informed of the place of disclosure of data transferred to third countries. 

V. Profiling

Personal data processed by the Service Provider will be subject to profiling. The Controller carries out profiling on the basis of personal data, i.e. automatic assessment of certain personal factors concerning the User. Profiling is carried out in order to adapt the commercial or marketing service of the Service Provider to the User, including communication with the recipients of the services offered by the Service Provider. User data is not processed in a fully automatic manner without human intervention. 

VI. Cookies Policy

Cookies 

The Service Provider uses cookies (i.e. small text files sent to the User’s device that identify the User in a way necessary to simplify or cancel a given operation) or other similar technologies to collect information related to the Users’ use of the Platform. 

Types of cookies and similar technology used by Us 

We divide all cookies according to the length of time they are installed in the User’s browser into: 

  • Session cookies – this is temporary information stored in the browser’s memory until the browser session ends, i.e. until the browser is closed. They are necessary for the correct operation of certain functions. 
  • Permanent cookies – are permanent files that are deleted automatically after a certain period of time, which can vary depending on the type of file. You can delete these cookies at any time using the security settings of your browser. 

The following cookies are used on the Platform based on their purpose: 

  • Essential cookies – Our use of essential cookies is necessary for the proper functioning of the Platform. These files are installed in particular for the purpose of remembering login sessions, as well as for setting privacy options. 
  • Analytical cookies – These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our Platform. They help determine which pages are the most and least popular and to see how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If the User does not allow the use of these cookies, we will not know when they have visited our Platform. 
  • Functional cookies – These cookies enable the Platform to provide greater functionality and personalisation. These may be set by Us or by external providers whose services have been added to the Platform. If the User does not allow the use of these cookies, some or all of these services may not function properly. 

Deleting / disabling cookies 

Analytical and functional cookies are used on the Platform on the basis of the User’s consent given by selecting the appropriate option when visiting the Platform for the first time, adjusting the cookie choices via the cookie settings panel or by configuring the browser settings accordingly. Your consent to the use of analytical and functional cookies is voluntary. Before giving your consent to the use of cookies, you will be informed of the purposes for which cookies are used and of the possibility to change your cookies settings at any time. The user can withdraw their previously given consent to the use of cookies and change their cookies settings. To do so, you will need to change your browser’s cookies settings. These settings can be changed, in particular, in such a way as to block automatic cookies support in the settings of the Internet browser or to receive a notification every time they are saved on the website user’s device. Detailed information about the possibility and methods of using cookies is available in the settings of your software (web browser). 

VII. Rights of data subjects 

The personal data subject has: 

  • Right of access (Article 15 GDPR), i.e. to request information from the Controller about the processing of their personal data, i.e. to confirm whether the personal data of the data subject is being processed. If data about the person is processed, they are entitled to access it, to obtain a copy of it and to be provided with the following information: the purposes of the processing, the categories of personal data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data are stored or the criteria for determining it, the person’s rights in relation to the processing of their personal data, the possibility of lodging a complaint with a supervisory authority, the source of the personal data if not obtained directly from the data subject, and profiling and automated decision-making; 
  • Right of rectification (Article 16 GDPR), i.e. if a person becomes aware that their personal data processed by the Controller is inaccurate, outdated or incomplete, they have the right to request its immediate rectification or supplementation; 
  • Right to erasure (Article 17 GDPR) i.e. a person may request the erasure of their personal data, whereby, if the person has consented to the processing of personal data, the request for erasure will have the same effect as withdrawal of consent; 
  • Right to restrict the processing of data (Article 18 GDPR) i.e. to request the cessation of processing except for storage, in situations where: 
    12. the data subject questions the accuracy of the personal data; 
    13. the data subject challenges the lawfulness of the processing of personal data by the Controller; 
    14. the Controller no longer needs the data, but they are needed by the data subject to establish, assert or defend their claim, 
    15. the data subject has objected to the processing and the objection has been accepted by the Controller; 
  • Right to data portability (Article 20 GDPR) which means the right to receive the personal data provided to the Controller in a structured format, for general use, readable by a specific device, so that it can be transmitted directly to another entity, provided that this is technically possible; 
  • Right to object to processing (Article 21 GDPR) which means the right of the data subject to object to the use of their personal data for purposes related to direct marketing of products and services, as well as other marketing activities carried out by the Controller sent by email or text message). The objection does not result in the deletion of the data, but only in the discontinuation of their use by the Controller for marketing purposes. 
  • Right to withdraw consent which means that in cases where the processing is based on given consent, the data subject has the right to withdraw given consents for specific purposes of the processing, at any time. Withdrawal of consent does not affect the lawfulness of processing carried out up to the time of withdrawal; 
  • Right to lodge a complaint with the relevant supervisory authority. If the data subject believes that data is being processed illegally, they have the right to lodge a complaint with the competent supervisory authority: Office for Personal Data Protection: Urząd Ochrony Danych Osobowych Stawki 2, 00-193 Warsaw, tel. 22 531 03 00 ]nkancelaria@uodo.gov.pl 

VIII. Changes to the Privacy Policy 

The provisions of the Privacy Policy may be amended or updated, so we recommend monitoring changes regularly. We will inform you of any changes or additions by posting the relevant information on the Platform. Last modification: 13.10.2022