Privacy policy

The controller of your personal data is LNA SANTÉ ORIGIN SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Warsaw at ul. Hajoty 49, 01-821 Warsaw.

You can contact the Data Controller by email at: info@originpolska.com or in writing at the company’s address: ul. Hajoty 49, 01-821 Warsaw.

The Controller has appointed a Data Protection Officer, who can be contacted in all matters related to the processing of personal data and the exercise of rights connected with data processing – by email: info@originpolska.com or in writing at: ul. Hajoty 49, 01-821 Warsaw.

The legal basis for processing your personal data is:

• your prior consent to the processing of your personal data;
• the necessity of processing for the performance of a service agreement and for communication with you in connection with that agreement;
• the necessity of processing for the purposes of the legitimate interests pursued by the Controller, including the provision of information about the organisation, its products, or services.

In the case of the provision of medical services, the legal basis for processing personal data, including special category data (relating to health), is Article 9(2)(h) of the GDPR in connection with:

• the provision of healthcare services;
• maintaining medical records;
• fulfilling legal obligations, in particular those arising from the Act on Medical Activity and the Act on Patients’ Rights and the Ombudsman for Patients’ Rights.

Data may also be processed for the purposes of settlements with the National Health Fund (NFZ), issuing e-prescriptions, e-referrals, e-sick notes, and using healthcare information systems (including P1, eWUŚ, ZUS, IKP).

The Controller processes standard personal data, including: first and last name, PESEL (Polish national identification number), ID document series and number, date of issue and issuing authority, tax identification number, bank account number, registered address, residential address, correspondence address, email address, phone number, nationality, country of residence and tax residence, date and place of birth.

In connection with its medical activities, the Controller also processes special categories of data, i.e. health-related data, information contained in medical records, test results, medical recommendations, genetic data, biometric data (if collected), information about medications taken, medical history, and other data necessary for diagnosing and treating the patient.

Your personal data will be processed using both electronic systems and paper-based methods for the purpose of providing medical services, in compliance with the principles of confidentiality and medical secrecy. Data may also be temporarily stored and processed as part of backups, system security measures, and security audits.

Data may be disclosed to:

• authorised employees of the Controller,
• doctors, nurses, and other medical staff in connection with the provision of healthcare services,
• other healthcare providers for the purpose of continuing treatment,
• entities processing data on behalf of the Controller (e.g. IT support, diagnostic laboratories, invoicing service providers),
• the National Health Fund (NFZ), the Social Insurance Institution (ZUS), public administration bodies, courts, and other authorised authorities – where required by law.

Personal data will be processed for the period required by law – in particular:

• medical records will be stored for 20 years from the date of the last entry, in accordance with the Regulation of the Minister of Health;
• data processed on the basis of consent – until the consent is withdrawn;
• financial data – in accordance with accounting and tax regulations;
• data processed for evidentiary purposes – until the expiry of the limitation period for claims.

You have the following rights:

• the right to access your data, including medical records,
• the right to rectify your data,
• the right to restrict processing,
• the right to request erasure of your data (unless it concerns medical records or legal obligations),
• the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO),
• the right to withdraw consent (if the processing is based on consent),

the right to designate a person authorised to receive medical information and documentation

The Controller does not make decisions about you based solely on automated processing of personal data, including profiling.

The Controller does not transfer personal data outside the European Economic Area unless the patient uses services that require such a transfer – in such cases, the transfer is carried out in accordance with the rules set out in the GDPR.

Personal data processed in connection with the provision of healthcare services is subject to medical confidentiality, and any individuals with access to such data are obliged to maintain that confidentiality. The Controller has implemented appropriate technical and organisational measures to protect the data against unauthorised access, loss, destruction, or disclosure.

You have the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office, if you believe that the processing of your personal data by the Controller violates the provisions of the General Data Protection Regulation (GDPR).

Supervisory authority:
President of the Personal Data Protection Office
ul. Stawki 2, 00-193 Warsaw
Phone: +48 22 531 03 00
www.uodo.gov.pl

Dear Sir or Madam,

By completing the “Request an Offer” form, you are providing us with your personal data. We take great care to ensure its security and process it in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

1. Personal Data Controller and Data Protection Officer Contact Details

The controller of your personal data is LNA SANTE ORIGIN Sp. z o.o. with its registered office at ul. Hajoty 49, 01-821 Warsaw.

If you have any questions regarding the processing of your personal data, you can contact us via email at:

info@originpolska.com

or by phone at:

+48 22 10 26 700

LNA SANTE ORIGIN Sp. z o.o. has appointed a Data Protection Officer. Any matters related to personal data protection may be addressed to the Data Protection Officer via email at:

amiernowska@originpolska.com

2. Purpose and legal basis for data processing

Your personal data is processed for the following purposes:

• Responding to your enquiry and preparing and presenting a personalised rehabilitation offer (including programme details and pricing conditions);
• Establishing and maintaining contact in connection with your interest in our services.

The legal basis for processing your data is:

• Article 6(1)(b) of the GDPR – taking steps at the request of the data subject prior to entering into an agreement;
• Article 6(1)(f) of the GDPR – the Controller’s legitimate interest in conducting correspondence, handling enquiries, and offering services to potential clients.

3. Categories of data processed

We process the data provided in the form, including: first name, last name, contact details (email address, phone number), as well as health-related information (such as the type of illness and preferred rehabilitation programme), necessary for preparing a personalised offer.

4. Data recipients

Your personal data may be shared with entities with whom the Controller cooperates for the purposes described above. These include, among others: IT service providers, providers of analytical and marketing services, operators of ICT systems, as well as other subcontractors providing services essential for the proper operation of our business.

5. Transfer of data to third countries or international organisations

We inform you that your personal data will not be transferred to third countries (i.e. outside the European Economic Area) or to international organisations.

6. Data retention period

Your personal data will be stored for the period necessary to respond to your enquiry and prepare the offer. Afterwards, the data may be retained until the expiry of any potential legal claims or for the period required by other legal provisions if cooperation is established.

7. Your rights

You have the right to:

• Access your personal data, i.e. to obtain information about which data we process and to receive a copy of it.
• Rectify (correct) your data, if it is incomplete or inaccurate.
• Erase your data (the so-called “right to be forgotten”), in specific circumstances.
• Restrict the processing of your data, in cases provided for under the GDPR.
• Data portability, i.e. to receive your data in a structured, commonly used, machine-readable format.
• Object to the processing of your data, if the processing is based on the legitimate interests of the Controller (Article 6(1)(f) GDPR).
• Lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office – if you believe that your data is being processed in breach of the GDPR.

Please note that if the data were processed on the basis of your consent (which does not apply in the case of this form), you would have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

8. Automated decision-making and profiling

We inform you that your personal data is not subject to automated decision-making or profiling within the meaning of the GDPR.

9. Voluntary provision of data

Providing your data is voluntary but necessary for the purpose of processing – namely, to respond to your enquiry and present a personalised offer. Without the required data, we will not be able to contact you or prepare a service proposal.

By clicking the “Apply” button or by directly submitting your application documents to the email address: rekrutacja@originpolska.com, you consent to the processing of your personal data by LNA SANTÉ Origin Sp. z o.o., with its registered office in Warsaw at ul. Hajoty 49.

Purpose of data processing: Your data is processed for the purpose of carrying out the recruitment process for the position you are applying for.

Legal basis for data processing:

• At your request: we process data necessary to take steps prior to entering into an agreement.
• Based on our legitimate interest: we process your first name, surname, date of birth, contact details, education, qualifications, and employment history.
• Based on your consent: sending documents that include, for example, your image or interests is treated as consent to process that data.

Providing your data is voluntary, but necessary to take part in the recruitment process. Without it, we will not be able to consider your application.

Your rights: You have the right to access your data, rectify it, request its erasure, restrict processing, transfer your data, and object to its processing. You also have the right to lodge a complaint with the President of the Personal Data Protection Office.

Data sharing: Your data may be shared with our recruitment management systems and IT service providers (including hosting services).

Data retention period: Your data will be processed for a period of one (1) year unless you give consent for it to be used in future recruitment processes.

Contact: If you have any questions about how your personal data is processed or would like to exercise your rights, please contact us at amiernowska@originpolska.com.