GDPR
At Luxdentica, we believe that trust begins with transparency. That’s why we’ve gathered the most frequently asked questions from our patients — to help you understand every step of your dental journey.
Information on the processing of patient’s personal data at the Luxdentica Dentistry Center.
Who is the data controller?
The controller of your personal data is NZOZ Centrum Stomatologii LUXDENTICA Dariusz Wilisowski, with its registered office at ul. Lubostroń 22g/7, 30-383 Kraków, and Luxdentica Sp. z o. o. with its registered office at ul. Lipska 4/9 and 10, 30-721 Kraków.
Who will answer questions related to the processing of personal data?
You can contact the Personal Data Protection Officer, Julia Szablowska, by writing to the following address: biuro@personal-data.pl
What is the scope of personal data processed?
We need the following information from you: first name, last name, PESEL number, gender, and date of birth (for individuals without a PESEL number), address, and relationship (for individuals registered by a family member). We may also receive your email address and phone number, but this information is not necessary to provide medical services.
When you receive healthcare, we create your medical records, which record all information related to your treatment process, particularly information about your health. We collect this information when necessary to make a diagnosis and properly manage your treatment.
What is the scope of personal data processed?
1) Establishing the patient’s identity before providing the service, verifying data when making an appointment remotely or on-site: at the reception or in the doctor’s office.
Article 6 paragraph 1 letter c and Article 9 paragraph 2 letter h of the GDPR in connection with Article 25 point 1 of the Act on Patients’ Rights and § 10 paragraph 1 point 2 of the Regulation of the Minister of Health of 9 November 2015 on the types, scope and templates of medical documentation and the method of its processing.
2) Maintaining and storing medical records.
Article 9 paragraph 2 letter h of the GDPR in connection with Article 24 paragraph 1 of the Act on Patients’ Rights and the Regulation of the Minister of Health of 9 November 2015
on the types, scope and templates of medical documentation and the method of its processing.
3) Receiving and storing declarations authorizing other persons to access medical records and provide them with information about their health condition.
Article 6 paragraph 1 letter c of the GDPR in connection with Article 9 paragraph 3 and Article 26 paragraph 1 of the Act on Patients’ Rights and § 8 paragraph 1 of the Regulation of the Minister of Health of 9 November 2015 on the types, scope and templates of medical documentation and the method of its processing.
4) Contact at the telephone number or email address provided by the patient, for example to confirm the reservation, cancel the consultation, or inform about the need to prepare for the scheduled procedure or examination.
Article 6 paragraph 1 letters b and f of the GDPR.
5) Maintaining accounting reports, issuing invoices or bills and fulfilling tax obligations.
Article 6 paragraph 1 letter c of the GDPR in connection with Article 74 paragraph 2 of the Accounting Act of 29 September 1994.
6) Pursuing claims related to business activities.
Article 6 paragraph 1 letters b and f of the GDPR, as the so-called legitimate interest of the controller, which is the pursuit of our claims.
7) For scientific research purposes.
Article 6(1)(a) and Article 9(2)(a) of the GDPR.
8) For marketing purposes.
Article 6(1)(a) of the GDPR.
9) For the purposes of enabling the use of the “I like LUXDENTICA” program
Article 6(1)(f) of the GDPR
When you receive healthcare, we create your medical records, which record all information related to your treatment process, particularly information about your health. We collect this information when necessary to make a diagnosis and properly manage your treatment.
What are the consequences of not providing personal data?
Using our services is entirely voluntary, however, as a healthcare provider, we are legally obligated to maintain medical records. Failure to provide your data may result in the refusal to book an appointment or provide healthcare services. We also have a legal obligation to process your data for accounting purposes. Failure to provide your data may result in the inability to issue an invoice or bill.
If you provide us with your telephone number or email address, this is done on a voluntary basis – failure to provide them will not result in a refusal to provide health services, but you will not receive confirmation of the visit from us, nor will you be able to cancel it by e.g. text message.
How long will the data be processed?
If you are our patient and we have created your medical records, we will keep your medical records for a period of 20 years from the end of the calendar year, with the following exceptions:
- in the event of the patient’s death as a result of bodily injury or poisoning – 30 years;
- X-ray images stored outside the patient’s medical records – 10 years;
- referrals for tests or orders – 5 years or 2 years (if the health service was not provided due to the patient’s failure to report on the agreed date, unless the patient received a referral);
- medical records relating to children up to 2 years of age, which are kept for a period of 22 years.
If we processed data for the purpose of pursuing claims arising from our business activity, we process the data for this purpose for the limitation period for claims arising from the provisions of the Civil Code.
We process all data processed for accounting and tax purposes for 5 years from the end of the calendar year in which the tax liability arose. After these periods, your data is deleted or anonymized.
To what entities may personal data be transferred?
- other healthcare entities, prosthetic workshops and laboratories cooperating to ensure continuity of treatment and access to healthcare;
- service providers providing technical and organizational solutions that enable the provision and management of health services;
- providers of ICT and IT services, software providers, diagnostic and dental equipment providers;
- courier and postal companies;
- providers of legal and advisory services and support in the pursuit of due claims;
- persons authorized to exercise patient rights.
When using external software or medical equipment services, your personal data may be transferred outside the European Economic Area. Such transfers may only occur on the basis of a contract or other legal instrument that incorporates standard data protection clauses adopted by the European Commission.
