Privacy Policy

Introduction

  • 1.1

    The administrator of personal data is RIKOTA Sp. z o.o., with its registered office at ul. Stefana Okrzeja 12/U2, 03-710 Warsaw, NIP 1133070129. KRS 0000989661, hereinafter referred to as RIKOTA.

  • 1.2

    This privacy policy establishes the principles for the processing of personal data by RIKOTA and informs data subjects of their rights.

  • 1.3

    The purpose of this policy is to ensure the confidentiality, integrity, and availability of patients’ personal data, as well as compliance with data protection legislation. This policy applies to all patients’ personal data.

Purposes and basis for data processing

  • 2.1

    RIKOTA processes personal data for the purpose of providing medical services, including diagnostics and dental treatment, as well as for fulfilling legal obligations related to medical activities.

  • 2.2

    The legal basis for data processing is a contract concluded with the patient or the patient’s legal representative, the fulfillment of legal obligations, as well as the patient’s consent to data processing for a specific purpose.

  • 2.3

    The policy applies to persons who process personal data and other protected data, regardless of the form of their employment relationship with RIKOTA or the organizational and legal form that connects RIKOTA with that person. In particular, these may be persons working under an employment contract, interns, apprentices, volunteers, and persons performing tasks on the basis of a civil law contract concluded with RIKOTA, as well as employees and associates of third parties with whom a contract has been concluded, according to which the above-mentioned persons have access to protected information, including personal data.

Consent to the processing of personal data

  • 3.1

    Each RIKOTA patient consents to the processing of their personal data for the purpose of providing medical services and maintaining medical records as required by law.

  • 3.2

    Personal data is processed in a lawful, fair, transparent, and understandable manner for the data subject.

  • 3.3

    Personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a manner that is incompatible with those purposes. Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

  • 3.4

    Personal data is processed in such a way as to provide appropriate safeguards, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Scope of personal data processed

  • 4.1

    RIKOTA processes the following categories of patients’ personal data:
    – identification data (first name, last name, personal identification number, ID number),
    – contact details (home address, email address, phone number),
    – medical data (medical history, test results, diagnoses, medical recommendations),
    – other data necessary for the provision of medical services or arising from legal obligations.

  • 4.2

    The premises in which the Personal Data Controller carries out its economic activities must be covered by video surveillance to the extent necessary, namely: waiting rooms; reception; dental offices; X-ray rooms; sterilization rooms; the area immediately in front of the entrance to the premises.
    Video surveillance recording is carried out and is necessary in order to:
    – ensure the safety of staff and patients;
    – protect property;
    – ensure the confidentiality of information, including special categories of personal data contained in specific medical documents;
    Surveillance recordings are stored for 3 months. After this period, the recordings are destroyed. The Administrator has access to the surveillance recordings. Surveillance recordings may be viewed and analyzed only if the Administrator determines that an incident related to the security of personal data has occurred and if it is necessary to achieve the purpose for which the data is collected.

Period of personal data processing

  • 5.1

    Patients’ personal data is processed by RIKOTA for the period necessary to fulfill the purposes for which it was collected, as well as to fulfill legal obligations.

  • 5.2

    The controller transfers data to third parties in accordance with the provisions of generally accepted legislation, in particular: social insurance institutions, tax inspectorates, the State Labor Inspectorate, general courts, the police, and the prosecutor’s office, and entrusts the processing of personal data to another entity on the basis of a concluded agreement.

Personal data security

  • 6.1

    RIKOTA uses appropriate technical and organizational measures to protect the personal data it processes from unauthorized access, loss, damage, or destruction. Only authorized persons have access to personal data, and any data processing is carried out in accordance with applicable law.

  • 6.2

    Security measures:
    – Physical security, such as locks and alarm systems.
    – Antivirus software and firewalls.
    – Authentication and authorization mechanisms, such as passwords and access cards.

  • 6.3

    Any person who processes personal data for the purposes of RIKOTA is required to familiarize themselves with the content of the Policy and strictly adhere to its provisions. Persons who process personal data do so on the basis of a permit issued by the Administrator.

  • 6.4

    Employee responsibilities:
    Every RIKOTA employee must comply with the data protection policy.

  • 6.5

    Data Protection Officer:
    The Data Protection Officer is responsible for performing data protection tasks.
    The controller is also responsible for implementing appropriate procedures and safeguards to ensure compliance with data protection laws and monitoring compliance, informing staff about relevant laws, policies, and internal procedures, taking appropriate measures in the event of a breach or suspected breach of data protection procedures, reviewing the adequacy of data protection policies, rules, and procedures, and reassessing and evaluating risks where necessary.

Rights of the data subject

  • 7.1

    In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data, each patient has the right to:
    – access their personal data;
    – correct their personal data;
    – delete their personal data;
    – restrict the processing of their personal data;
    – transfer their personal data;
    – object to the processing of their personal data.

Processing of personal data for marketing and statistical purposes

  • 8.1

    RIKOTA guarantees that patients’ personal data will be processed solely for the purpose of providing medical services and maintaining the necessary medical records. At the same time, each patient may consent to the processing of their personal data for marketing and statistical purposes. Data will be provided to other entities only in cases provided for by law.

Direct marketing

  • 9.1

    Any patient who consents to the processing of their personal data for marketing purposes may receive marketing content (commercial information) via telecommunications terminal equipment and automatic calling systems, email, SMS, and other forms of electronic communication, including information about promotions and special offers related to RIKOTA.

Changes to the Privacy Policy

  • 10.1

    RIKOTA reserves the right to make changes to this Privacy Policy at any time. Any changes will be published on the website https://www.rikota.com.pl/

  • 10.2

    In matters not covered by this document, the provisions of special laws, RODO, shall apply.

RIKOTA
Address
Contacts

clinic@rikota.com.pl
+48 22 230 49 99

Follow us
RIKOTA Ukraine
Privacy Policy
Loyalty program terms and conditions
Visa

© RIKOTA stomatologia. All rights reserved.