Table of Contents
- Privacy PolicyCentrum Zdrowia BIOMED
- 1. Glossary
- 2. Controller's details
- 3. Scope and sources of personal data
- 4. Purposes and legal bases for data processing
- 5. Recipients of data
- 6. Transfer of data outside the EEA
- 7. Data retention periods
- 8. Cookies
- 9. Data security
- 10. Amendments to the Privacy Policy
Please read this Privacy Policy carefully before using this website. By using this website, you agree to this Privacy Policy; otherwise, you must leave this website immediately.
Privacy Policy
Centrum Zdrowia BIOMED
At Centrum Zdrowia BIOMED, we respect your privacy and understand that by entrusting us with information about yourself, you are placing your trust in us.
Therefore, we would like to clearly explain how we process your personal data.
This Policy describes how and when we collect personal data, the purposes for which we use it, to whom we disclose it, how long we retain it, and the rights you have in connection with the processing of your data.
This document has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the applicable provisions of Polish law.
1. Glossary
In this Policy, we use several terms that may require explanation:
Controller - Hanna Ormańczyk, conducting business under the name Centrum Zdrowia BIOMED Hanna Ormańczyk, with its registered office in Gdańsk, at ul. Rajska 14, 80-850 Gdańsk, Tax Identification Number (NIP): 6040236462, REGON: 524272193.
Patient / User - a person using the Centre's services or visiting the website www.centrumzdrowiabiomed.com
Personal data - any information that makes it possible to identify a natural person, such as their first name, surname, PESEL number, email address or health data.
Processing of personal data - any operation performed on data, such as collecting, storing, transferring or deleting it.
Processor - an external entity that processes data on behalf of the Controller, such as a booking system provider or payment operator.
Newsletter - a service involving the sending of email messages containing information about news, services and events.
Cookies - small files stored on the user's device that enable the website to function correctly and allow its use to be analysed.
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
Consent - a voluntary and informed indication of a person's wishes regarding the processing of personal data for a specific purpose.
Profiling - automated processing of data for the purpose of tailoring services or content to the user's preferences.
2. Controller's details
The controller of personal data is:
Centrum Zdrowia BIOMED Hanna Ormańczyk
ul. Rajska 14, 80-850 Gdańsk
email: infocentrumzdrowiabiomed@gmail.com, tel. +48 880 110 060
Centrum Zdrowia BIOMED is a healthcare provider entered in the Register of Entities Performing Medical Activities.
3. Scope and sources of personal data
We process data that you provide to us voluntarily or that is necessary for the provision of medical services, including:
first name, surname, PESEL number, date of birth and residential address;
telephone number and email address;
health data, appointment history, test results and recommendations;
billing data, such as a Tax Identification Number (NIP), bank account number and invoice details;
technical data connected with the use of the website, such as an IP address and cookies.
4. Purposes and legal bases for data processing
Your personal data is processed for the following purposes:
4.1. Provision of healthcare services
maintaining medical records, providing consultations, diagnostics and therapy;
Legal basis: Article 6(1)(c) and Article 9(2)(h) of the GDPR.
4.2. Online appointment booking
handling online appointment bookings using:
the Calendesk system;
the ZnanyLekarz.pl platform.
For appointment booking purposes, these systems act as data processors in accordance with Article 28 of the GDPR.
If you use an account on ZnanyLekarz, ZnanyLekarz is the data controller within this scope.
Legal basis: Article 6(1)(b) of the GDPR - performance of a contract.
4.3. Online payments
On our website, you can purchase gift vouchers for services provided by Centrum Zdrowia BIOMED.
Payments are processed through the Przelewy24 system, operated by PayPro S.A., with its registered office in Poznań at ul. Pastelowa 8, 60-198 Poznań. To process a payment, we provide the operator with the data necessary to complete the transaction, including your first name, surname, email address, telephone number, payment amount and order number.
The legal basis for processing this data is Article 6(1)(b) of the GDPR - processing necessary for the performance of a contract, namely the purchase of a voucher. Detailed information about the principles governing the processing of personal data by Przelewy24 is available in its privacy policy: https://www.przelewy24.pl/polityka-prywatnosci.
4.4. Contact and handling enquiries
responding to questions submitted through a form, by email or through social media;
Legal basis: Article 6(1)(b) and (f) of the GDPR - performance of a contract / legitimate interest.
4.5. Newsletter and marketing communications
sending email and SMS messages containing information about news, services and events;
Legal basis: Article 6(1)(a) of the GDPR - consent, as well as Article 10 of the Act on the Provision of Electronic Services and Article 172 of the Telecommunications Law.
4.6. Reviews and satisfaction surveys
Centrum Zdrowia BIOMED may process patients' personal data in order to assess the quality of the services provided and measure patient satisfaction.
For this purpose, we may contact you after an appointment, for example by email or SMS, to request feedback about the appointment or invite you to participate in a short survey.
The legal basis for processing data within this scope is Article 6(1)(f) of the GDPR, namely the Controller's legitimate interest in ensuring a high standard of care and continuously improving the services offered.
The Centre may also use the services of external entities specialising in collecting patient reviews.
These entities process data exclusively on behalf of Centrum Zdrowia BIOMED, pursuant to appropriate data processing agreements, and only to the extent necessary to collect and provide the reviews.
Where a patient's review is published, for example on the website or on social media, the data is processed on the basis of the patient's voluntary consent, which may be withdrawn at any time, in accordance with Article 9(2)(a) of the GDPR.
4.7. Social media
operating Centrum Zdrowia BIOMED profiles on Facebook and Instagram for the purpose of communicating with patients and promoting services;
Legal basis: Article 6(1)(f) of the GDPR - legitimate interest.
With regard to data collected by the platforms themselves, Meta Platforms Ireland Ltd. is the controller, while the Centre and Meta act as joint controllers of statistical data in accordance with Article 26 of the GDPR.
4.8. Website analytics and security
using analytical and marketing tools, such as Google Analytics and Meta Pixel;
Legal basis: Article 6(1)(f) of the GDPR - statistics and security, and Article 6(1)(a) of the GDPR - consent to cookies.
5. Recipients of data
Data may be disclosed to:
healthcare professionals, associates and medical laboratories;
entities providing hosting, booking, payment, accounting, marketing and IT services;
system operators;
public authorities where required by law.
All entities process data on the basis of a data processing agreement in accordance with Article 28 of the GDPR.
6. Transfer of data outside the EEA
Some data, such as cookies and statistical data, may be transferred to third countries, primarily the United States, in connection with the use of Google and Meta services.
Such transfers take place in accordance with the European Commission's adequacy decision concerning the EU-US Data Privacy Framework or on the basis of Standard Contractual Clauses (SCCs).
7. Data retention periods
We retain personal data only for as long as it is genuinely necessary, in accordance with applicable law and the principle of data minimisation.
The retention period depends on the type of data and the purpose for which it was collected.
Medical data (patient medical records)
Your medical records are retained for 20 years from the date of the last entry. In certain cases, for example where a patient dies as a result of bodily injury or poisoning, the records must be retained for 30 years. X-ray images stored separately from the medical records are retained for 10 years.
These periods arise directly from the Act on Patients' Rights and the Commissioner for Patients' Rights.
Financial and billing data
Information required for accounting or tax purposes, such as data from invoices, bills and payment confirmations, is retained for 5 years. This is an obligation arising from tax regulations.
Data relating to appointment bookings and contact
Data provided when booking an appointment, such as your first name, surname, telephone number and email address, or submitted through the contact form, is retained for 2 years from the date of the appointment or the most recent contact. This allows us, for example, to confirm previous arrangements or respond to questions concerning services provided in the past.
Data used for marketing and newsletter purposes
If you have subscribed to the newsletter or consented to marketing communications, your data, such as your email address and telephone number, will be retained until you withdraw your consent. You may do so at any time, for example by clicking the unsubscribe link in an email or writing to us at info@centrumzdrowiabiomed.pl.
Survey and review data
Data collected as part of satisfaction surveys or reviews of our facility is retained for up to 2 years so that we can analyse and improve the quality of our services.
Technical data and cookies
Data collected automatically through cookies, such as information about how you use the website, is retained until consent is withdrawn or the cookies are deleted from the user's browser.
8. Cookies
Our website uses cookies for the following purposes:
ensuring that the website functions correctly (essential cookies);
analysing traffic and compiling statistics (analytical cookies);
tailoring content and advertisements (marketing cookies).
When you first visit the website, a banner is displayed that allows you to select cookie categories.
Consent is voluntary and may be withdrawn at any time.
9. Data security
We apply appropriate technical and organisational measures to protect personal data against loss, unauthorised access and disclosure.
Access to data is restricted to authorised persons who are required to maintain confidentiality.
10. Amendments to the Privacy Policy
This Policy may be updated in the event of changes to legal regulations or data processing activities. The current version of the Policy is always available at: