GDPR

Information about personal data processing

We invite you to read the following document on how we process personal data.

What does GDPR mean?

  • GDPR is a commonly used abbreviation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ( known as the General Data Protection Regulation).
  • GDPR not only imposes information obligations and data security related to us, but also indicates the rights that apply to you. This document serves to present information about how we process your personal data.

Who is the Data Controller of your personal data?

  • Data Controller is Healthup S.A with its registered office in Warsaw at the street Twarda 18 (00-105 Warszawa) registered in the National Court Register under the number KRS 0000520152, with share capital of 9 000,00 PLN (fully paid), NIP 5252593396, statistical identification number Regon: 147381608.
  • If you have any questions please contact with data protection officer – Mr Michał Skalmierski: [email protected]

How do we process your personal data?

  • We collect personal data directly from you.

  • The scope of the data varies depending on the purpose of the processing and is always indicated when you provide us with specific personal data.

  • If the legal basis for processing is to give consent, its granting is always voluntary. If it is necessary, we always inform you about it when it is given. You can withdraw your consent at any time. It’s free. If you withdraw your consent, we have the right to ask you about the reason for the withdrawal of consent, but you do not have to provide an answer.

 

The purpose of processing Legal basis Processing time Recipients of data
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract Art. 6 sec. 1 pt. b GDPR Processing time depends on the duration of activities leading to the conclusion of the contract or the duration of the contract (original purpose), and after its termination or if it was not concluded, the processing is only continued for the purpose of establishing, investigating or defending legal claims ( secondary purpose). Recipients may only be authorized employees or our associates who provide services related to customer service or IT support.

Handling related queries

with the implementation of services

Art. 6 sec. 1 pt. f GDPR Processing time depends on the time of handling queries (original purpose), and after their completion, processing is carried out only for the purpose of storing information in the scope of establishing, investigating or defending legal claims (secondary purpose). Recipients may only be authorized employees or our associates who provide services related to customer service or IT support.

Complaint handling

Art. 6 sec. 1 pt. b GDPR Processing time depends on the time of handling complaints and complaints (original purpose), and after their completion, processing is carried out only for the purpose of storing information regarding the establishment, investigation or defense of legal claims (secondary purpose). Recipients may only be authorized employees or our associates who provide services related to customer service or IT support.

Archive documentation for the establishment, exercise or defence of legal claims

Art. 6 sec. 1 pt. f GDPR We store data for the period provided for by law in the scope of pursuing claims. After this period, the data is deleted unless the proceedings are conducted and the period is extended until the end of the final court judgment. Recipients may only be authorized employees or our associates who provide services related to legal services or IT support.

Archive documentation for the purposes of tax settlements and fulfillment of the legal obligation

Art. 6 sec. 1 pt. f GDPR We store data for the period provided for by law in the scope of the implementation of tax obligations or other specific provisions, if they are imposed on us, and require a specific method of data processing and retention (in this case, we inform you at the stage of obtaining data which regulations oblige us to specific processing and in what time). Recipients may only be authorized employees or our associates who provide services related to customer service and accounting or IT support.

Actions based on granted consent

Art. 6 sec. 1 pt. a GDPR The data is processed until the consent is withdrawn. However, after you withdraw your consent, we have the right to only store information about when the consent was granted, by whom, what actions were based on this consent and when the consent was revoked (this information is processed for the purpose of establishing, investigating or defending legal claims). Recipients may only be authorized employees or our associates who provide services related to customer service or IT support.

Recruitment

Art. 6 sec. 1 pt. a GDPR The processing time depends on two factors. First of all, you can withdraw your consent during the recruitment process – in this case, we will remove all information about the application immediately. Secondly, if you do not withdraw your consent and recruitment is finished, we process information about who applied, at what position and at what time, and what were the results of recruitment for the period necessary to establish, investigate or defend legal claims (especially regarding the possibility of suspecting possible discrimination ). Recipients may only be authorized employees or our associates who provide services related to the employment processes or IT support.

What rights do you have?

  • Every data subject has the right to access personal data, rectify, delete or limit their processing, the right to objection, the right to transfer data, the right to lodge a complaint with a supervisory authority.

  • If you have any questions please contact with data protection officer – Mr Michał Skalmierski: [email protected]

Is the data transferred outside the European Economic Area?

  • If the data is transferred outside the European Economic Area, we always inform about it at the stage of obtaining data. For example, such information (if there is a transfer) can be found in the content of the contract or regulations or the content of consent.