RODO (GDPR)

GDPR (General Data Protection Regulation)

The administrator of your personal data is the Gabinet Fizjoterapii Got Ur Back Mateusz Pawlukiewicz, located at ul. Maków 17, 40-750 Katowice; NIP 9542782245. For correspondence regarding the processing of your personal data, please contact us at: pawmat93 at gmail.com.

Scope and Purpose of Personal Data Processing

Your personal data is processed for the purpose of providing you with healthcare services within the framework of the services provided by Got Ur Back. The personal data we process includes: first name, last name, gender, date of birth, PESEL number (or document number confirming identity if PESEL is unavailable), residential address, in the case of minors or incapacitated patients, or those lacking full capacity to make conscious decisions, also the name and surname of their legal or factual guardian, as well as health data and services provided to you. We may also process your email address and phone number for contact purposes.

We maintain medical documentation for you, which contains all information related to your health and the services provided. This is essential for diagnosis and for properly managing your treatment process.

The legal basis for processing your personal data by the Administrator is Article 9(2)(h) of the GDPR, which concerns the processing of special categories of personal data.

Categories of Recipients of Personal Data

Recipients of the shared data include entities processing the data on behalf or with the authorization of the Administrator. This includes in particular providers of IT solutions for electronic medical documentation and online booking system services, as well as subcontractors for healthcare services. These entities are obligated to maintain the confidentiality of personal data contained in medical documentation. Additionally, your personal data may be shared with entities authorized to receive it under applicable laws, including relevant judicial authorities. If you request an invoice, your personal data may also be shared with the tax office.

Data Transfer to Third Countries

Personal data will not be transferred outside the European Economic Area.

Data Processing Time

In accordance with the Patient Rights and the Patient Ombudsman Act, your data will be processed by the Administrator for a period of 20 years, counting from the end of the calendar year in which the last entry was made. Additionally, personal data may be processed by us for the purpose of claiming compensation for a period determined by civil law regulations and for tax purposes for 5 years from the end of the calendar year in which the tax obligation arose. After the above-mentioned periods, your data will be deleted or anonymized.

Information About Your Rights

In connection with the processing of your personal data by the Administrator, you have a number of rights, which we are obligated to ensure you can exercise. You may exercise your rights by submitting a written request to us.

Remember that you have the right to:

  1. Access your data (Article 15 GDPR) – You have the right to request confirmation whether we process your personal data, and if so, you have the right to:
    • Access your personal data.
    • Obtain information about the purposes of processing, categories of processed data, recipients or categories of recipients of such data, the planned period of data storage or criteria for determining this period, rights available to you under GDPR, and the right to lodge a complaint with the supervisory authority.
    • Obtain a copy of your personal data.
  2. Rectification of your data (Article 16 GDPR) – You have the right to rectify and complete the personal data you have provided. Regarding other personal data, you have the right to request rectification (if inaccurate) and completion (if incomplete).
  3. Erasure of your data (Article 17 GDPR) – You have the right to request the deletion of personal data not forming part of medical documentation. However, personal data related to medical documentation must be retained for compliance with legal obligations. You may request the deletion of personal data if:
    • Your personal data is no longer necessary for the purposes for which it was collected or processed;
    • You have objected to the use of your data for marketing purposes;
    • Your personal data is being processed unlawfully.
    Despite the request for deletion, we may retain certain personal data to establish, pursue, or defend claims, as well as to comply with legal obligations. This applies, in particular, to personal data including your name, surname, email address, and application history.
  4. Restriction of processing (Article 18 GDPR) – You have the right to request a restriction on the use of your personal data in the following cases:
    • When you contest the accuracy of your personal data – we will limit its use for the time necessary to verify its accuracy, but not for longer than 7 days;
    • When processing your data is unlawful, and instead of deleting the data, you request its restriction;
    • When your personal data is no longer necessary for the purposes for which it was collected or used, but it is necessary for you to establish, pursue, or defend claims;
    • When you object to the use of your data – the restriction applies for the time necessary to assess whether, due to your specific situation, the protection of your interests, rights, and freedoms outweighs the interests we pursue in processing your personal data.
  5. Objection to processing (Article 21 GDPR) – You have the right to object at any time to the processing of your personal data when we process it based on legitimate interest. If your objection is justified and we have no other legal basis for processing your data, we will delete the data you objected to.
  6. Filing a complaint with the supervisory authority (Article 77 GDPR) – If you believe your right to data protection or other rights granted to you under GDPR have been violated, you have the right to file a complaint with the President of the Personal Data Protection Office (Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa).

How long will we fulfill your request? If you request the exercise of any of the above rights, we will fulfill your request or deny it immediately, but no later than one month after receiving it. However, if the request is complex or numerous, we may need an additional two months to fulfill it, and we will inform you about this in advance.

Got Ur Back
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.