Data Security and Protection of Personal Data

Data Protection

In accordance with the General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons concerning the processing of personal data and the free movement of such data, repealing Directive 95/46/EC – Oviklinika Sp. z o.o. Sp. k., headquartered at 31 Połczyńska Street, Warsaw, serves as the Data Controller.

Oviklinika Sp. z o.o. Sp. k. has appointed a Data Protection Officer (DPO) to ensure compliance with data protection regulations, oversee information security policies, and update our data protection documentation.

In conducting its activities, Oviklinika Sp. z o.o. Sp. k. processes patients’ personal data for the following purposes:

• safeguarding health, delivering medical services, managing service provision, and treatment,
• providing services related to medically assisted reproduction and a reproductive cell and embryo bank,
• handling requests and inquiries submitted through various channels (e.g., telephone, contact form, email),
• contacting patients concerning service provision, including obtaining feedback on services provided,
• conducting business-related financial transactions,
• managing complaints, if any are submitted,
• archiving data following legal requirements,
• ensuring the security of people and property (video monitoring of the facility),
• maintaining high service standards (recording phone calls).

Our patients’ personal data is processed solely within the scope necessary to achieve these purposes.

The legal basis for processing the obtained data includes:

• the Act of November 6, 2008, on Patient Rights and the Patient Ombudsman,
• agreements with patients/clients for service provision,
• the legitimate interests pursued by the data controller.

We do not share data with other entities except those authorized by law. Oviklinika Sp. z o.o. Sp. k. does not intend to transfer data to third countries or international organizations.

Data will be retained no longer than necessary, as specified by applicable legal provisions: the Act of November 6, 2008, on Patient Rights and the Patient Ombudsman.

Patients have the right to:

• information regarding the purpose, scope, and method of personal data processing,
• access to their personal data, correction, and updating,
• information on sharing personal data with entities specified by law.

Rules for providing access to medical records are defined by Polish law.

For inquiries regarding information security policies, please contact us at: iodo@oviklinika.pl.

Information Clause on Call Recording

According to Article 13(1) and (2) of the General Data Protection Regulation (GDPR), we inform you that:

Dear Sir/Madam, the Data Controller of your personal data obtained via call recording is Oviklinika Sp. z o.o. Sp. k., hereinafter referred to as the “Controller.” You may contact the Controller at 31 Połczyńska Street, Warsaw, 01-377, by calling (022) 112 56 00, or through our appointed Data Protection Officer, Ms. Barbara Kostecka, via email at: iodo@oviklinika.pl.

Personal data is jointly administered by an entity within the Angelius group, Provita Sp. z o.o., located at 13D Fabryczna Street, Katowice, 40-611, concerning the relevant matter. Contact can be made in writing to the address: 13D Fabryczna Street, Katowice, 40-611, by calling 32 783 73 00, or through their appointed Data Protection Officer, Ms. Barbara Kostecka, via email at: iodo@angelius.org.

Your data is processed to enhance security, maintain high telephone service standards, and evaluate call quality in case of disputes. Personal data processing via call recording encompasses all incoming and outgoing calls to Oviklinika Sp. z o.o. Sp. k.

Your personal data is processed solely to achieve the above purposes and is handled within the legitimate interests of the Controller. We do not disclose your data to other recipients except those authorized by law.

The Controller does not intend to transfer your data to third countries or international organizations.

Your data will be stored for no longer than three months, after which it is automatically deleted. If recordings serve as evidence in legal proceedings or if the Controller learns that they may serve as such evidence, the retention period is extended until the case’s final resolution.

You have the right to request from the Controller access to your data, rectification, updating, or restriction of processing. Rules governing access to employment records are specified by Polish law.

You also have the right to lodge a complaint with a supervisory authority concerning the processing of your data by the Controller.

Based on your personal data, the Controller will not make automated decisions about you, including decisions resulting from profiling*.

*Profiling means any automated processing of personal data to evaluate specific personal aspects of an individual, particularly to analyze or predict aspects of that person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.