GDPR Information Clause

The controller of your personal data is:
ELMAR SPÓŁKA Z O.O., ul. Centralna 33A, 45-940 Opole, Poland, NIP: 7543251709

You can contact the Data Controller:

• by e-mail: gabinet@mikrostomart.pl,
• by phone: +48 570 270 470,
• in writing to the registered office of the Controller.

Data provided by you in connection with a dental services contract will be processed for the purpose of concluding and performing that contract (including assessment of oral health, diagnosis, treatment planning, maintaining medical records, providing dental services, etc.) — the legal basis for processing is the necessity of processing for the performance of a contract to which you are a party (Art. 6(1)(b) GDPR).

In addition, your data will be processed to fulfil the Controller's obligations arising from:

• a) protection of health, provision of medical services, management of such services and treatment — the Act of 6 November 2008 on Patient Rights and the Patient Ombudsman;
• b) maintaining and storing medical records — Art. 9(2)(h) GDPR in conjunction with Art. 24(1) of the Patient Rights Act and the relevant Ministry of Health Regulation;
• c) receiving and archiving your declarations authorising other persons to access your medical records and providing them with information about your health — Art. 6(1)(c) GDPR in conjunction with Art. 9(3) and Art. 26(1) of the Patient Rights Act and § 8(1) of the Ministry of Health Regulation;
• d) contacting you at the telephone number or e-mail address provided, e.g. to confirm a reservation or cancel a consultation appointment, remind you about a consultation — Art. 6(1)(b) and (f) GDPR, as a legitimate interest of the Controller in providing patient aftercare and more efficient appointment management;
• e) fulfilment of tax obligations — including issuing invoices for services provided by the Controller, which may involve the processing of your personal data — Art. 6(1)(c) GDPR in conjunction with Art. 74(2) of the Accounting Act of 29 September 1994.

Your data may also be processed for the purpose of pursuing claims related to the contract concluded with you or defending against such claims — the legal basis for processing is the necessity of processing for the legitimate interest of the Controller, which is the ability to pursue and defend against claims (Art. 6(1)(f) GDPR).

Your data may be transferred to entities processing personal data on behalf of the Controller, on the basis of a contract concluded with the Controller and solely in accordance with the Controller's instructions (e.g. accounting office, hosting company, software provider, etc.). Data may also be transferred to courts, public administration bodies, mediators and other public and private entities — if this is necessary for the proper provision of services by the Controller to you.

Your data will not be transferred to recipients located outside the European Economic Area.

You have the right to:

• a. access your data and the right to request their rectification, erasure, and restriction of processing.
• b. To the extent that the processing of your personal data is based on the legitimate interest of the Controller, you have the right to object to the processing of your personal data (in particular to processing for direct marketing purposes, including profiling — in such case the objection is binding on the Controller).
• c. To the extent that the processing of your personal data is based on consent, you have the right to withdraw it, noting that withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
• d. To the extent that your data is processed for the purpose of concluding and performing a contract or processed on the basis of consent — you also have the right to data portability, i.e. to receive from the Controller your personal data in a structured, commonly used, machine-readable format, which you may then send to another data controller.
• e. You also have the right to lodge a complaint with a supervisory authority responsible for data protection (in Poland: the President of the Office for Personal Data Protection) if you consider that the processing is carried out in a manner inconsistent with the law. To exercise the above rights, please contact the Controller.

In connection with the processing of your personal data, decisions concerning you will not be made in an automated manner (without human involvement).

Providing personal data in connection with dental services is voluntary but necessary to ensure proper healthcare by the Controller.