PRIVACY POLICY - Teczka Pacjenta - Twoje Centrum Dokumentacji Medycznej

INFORMATION ABOUT THE POLICY

Here we describe how we process personal data of users of the mobile application Health Folder and what rights and opportunities are available to these people. This policy is the implementation of the obligation specified in Article 13(1) and (2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR).

WHO WE ARE

We are a capital company conducting various projects in the IT field. Detailed company data can be found below:

Pragmatic Coders Limited Liability Company with its registered office in Krakow, address: Aleja 29 Listopada 20, postal code 31-401, entered into the register of entrepreneurs of the National Court Register under the number KRS: 0000601571, whose registration files are kept by the District Court for Krakow – Downtown in Krakow – XI Economic Department of the National Court Register, NIP: 6772398603, share capital: PLN 7,500

In terms of GDPR provisions, we are the data controller for the personal data of users of the mobile application Health Folder. In all matters, you can contact us electronically by sending a message to the email address: kontakt@healthfolder.pl, as well as in writing to the above address of our headquarters.

WHAT DATA WE PROCESS AND ON WHAT BASIS

In connection with the use of the Health Folder mobile application, we process the following personal data: Contact information given to us in connection with the User’s account registration and related communication, such as first and last name or email address. Health-related information that has been shared with us by users, such as blood test results. We process personal data for the purposes of: Providing services within the functionality of the Health Folder mobile application and related communication, management, administration, and fulfilling legal obligations, Realizing a legitimate legal interest. We process personal data on the basis of: Consent given also by voluntarily providing information for the purposes of processing indicated above – Article 6(1)(a) of the GDPR, Necessity to perform a service contract or to take action on request, of the person concerned before the conclusion of such a contract – Article 6(1)(b) of the GDPR, Necessity to comply with legal obligations – Article 6(1)(c) of the GDPR, Necessity for the purposes of realizing a legitimate legal interest – Article 6(1)(f) of the GDPR. A legitimate legal interest includes, among other things, the pursuit or defense against legal claims and any data processing associated with the achievement of the processing objectives indicated above. In the case of a request for personal data, we separately inform the person concerned whether the provision of personal data is a statutory or contractual requirement or a condition for concluding a contract, and whether the person concerned is obliged to provide them and what are the possible consequences of not providing data.

WHERE AND HOW WE PROCESS DATA AND TO WHOM WE ENTRUST THEM

Personal data that we process may be transferred to our partners to the extent necessary for the proper performance of the service, i.e.: Adalo Inc. – providing us with programming tools and databases, Microsoft Corp. – providing us with programming tools, The personal data we process is stored electronically on our own devices and external servers of our partners. Ultimately, we do not intend to transfer personal data outside the European Economic Area. However, temporarily, at the initial stage of the Application’s operation, such data may be located on the servers

of our partners in the United States. The transfer of such data takes place on the basis of Article 46 of the GDPR, i.e. with the provision of appropriate safeguards. To obtain a copy of these safeguards or to provide safeguards, you can contact us in the manner indicated above.

PROCESSING TIME

The time in which we process personal data depends on the basis of processing. In the case of processing based on: Consent – it is the time until it is withdrawn, Necessity to perform a service contract or to take action on request, of the person concerned before the conclusion of such a contract – it is the time necessary to take the requested actions or to fulfill all obligations arising from the contract, Necessity to comply with legal obligations – it is the time necessary to fulfill these obligations, Necessity for the purposes of realizing a legitimate legal interest – it is the time of existence of a legitimate legal interest; in the case of a legal interest consisting in pursuing and defending against claims related to a concluded service contract, it is the time necessary for the pursuit and defense against such claims. After the expiry of the time indicated above, the data that we process will be destroyed or deleted.

DATA SECURITY

We make every effort to prevent the data we process from being disclosed to unauthorized persons. We continuously analyze the risk in order to ensure that personal data are safe and their processing complies with the GDPR and other generally applicable legal provisions. All entities to which we entrust the processing of personal data guarantee the use of appropriate data protection and security measures required by law.

RIGHTS OF THE PERSON WHOSE DATA WE PROCESS

Persons whose personal data we process have the right to request information about the processing of data, obtain their copies, rectify, delete, transfer and limit processing, and also withdraw consent to processing. In the case of processing data solely based on a legitimate interest, the person whose data we process has the right to object to such processing. If it is found that the processing of personal data violates the applicable regulations regarding the protection of personal data, the person whose data we process can submit a complaint to the President of the Office for Personal Data Protection. All necessary information about how to submit such a complaint can be found here: www.uodo.gov.pl.

Using the Health Folder app does not currently involve processing any cookies or tools that perform similar functions.

POLICY CHANGES

We constantly verify the correctness of this policy and may change it at any time. Unless otherwise results from the changes introduced, they come into effect at the time of publication. The last policy update took place on May 17, 2023.

CONSENT

I consent to the processing of my medical data by Pragmatic Coders sp. z o.o. based in Krakow (KRS: 0000601571) for the purposes of providing services of the Health Folder mobile application.