PRIVACY POLICY IN THE HEALTHCARE SECTOR
The purpose of this Privacy Policy is to inform patients, individuals, service users and other persons (hereinafter referred to as "the individual") who interact with Ginekologija Mišo Rajić, Mišo Rajić s.p. (hereinafter referred to as "the organisation") about the purposes and legal bases for, and the rights of individuals with respect to, the processing of personal data carried out by our organisation.
We process personal data in accordance with European legislation, applicable Slovenian legislation on personal data protection (Personal Data Protection Act) and sectoral legislation that provides us with the legal basis for processing personal data in the field of healthcare:
- Healthcare Database Act (HHDA),
- Patients' Rights Act (PRA),
- Health Care Act (ZZDej),
- Medical Service Act (ZZdrS),
Occupational Safety and Health Act (ZVZD-i), - Health Care and Health Insurance Act (ZZVZZ),
- Compulsory health insurance rules,
- Medicines Act (ZZdr-2),
- Health Inspection Act (HIA).
Any changes to this document will be published on our website. By using this website, you acknowledge that you have read and understood the entire contents of this Privacy Policy.
THE CONTROLLER OF THE PERSONAL DATA:
Gynaecology Mišo Rajić, Mišo Rajić s.p. Ukmarjeva ulica 6, 1000 Ljubljana
E-mail: info@gmr.si
Telephone: 070 780 718
Website:
https://www.gmr.si
DATA PROTECTION OFFICER
Mišo Rajić
Ukmarjeva ulica 6, 1000 Ljubljana
E-mail: info@gmr.si
Telephone: 070 780 718
Website:
https://www.gmr.si
PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA
The organisation collects and processes your personal data on the following legal bases:
the processing is necessary for compliance with a legal obligation to which the controller is subject:
the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of measures at the request of such data subject prior to the conclusion of the contract:
the processing is necessary for the legitimate interests pursued by the controller or a third party:
the data subject has consented to the processing of his or her personal data for one or more specified purposes;
processing is necessary to protect the vital interests of the data subject or of another natural person.
FOR THE EXERCISE OF A HEALTH ACTIVITY
For the purpose of carrying out healthcare activities, the organisation processes patients' personal data on the basis of the law. On these grounds, we process the following personal data of patients: name and surname, address of residence, telephone, date of birth, post and place of residence, e-mail address, EMN
The legal basis for the processing of data is the law
The data shall be kept for the period prescribed by law. In this respect, some data are only kept for a certain period of time and some data must be kept permanently.
ORDERING HEALTH SERVICES
Patients must be able to order services electronically, by post, by telephone and in person at the surgery, in accordance with the legislation. For the purpose of electronic ordering of a patient for a health service, the organisation processes the following data: name and surname, e-mail address and contact telephone number.
The legal basis for processing data is the law and the patient's consent. Personal data is kept for 5 years in accordance with the law.
FOR THE IMPLEMENTATION OF THE CONTRACT
In cases where an individual enters into a contract with an organisation, this constitutes the legal basis for the processing of personal data. We may process personal data for the purpose of concluding and performing a contract, such as the sale of goods and services, participation in various programmes, etc.
If the data subject does not provide personal data, the organisation cannot conclude the contract, nor can the organisation provide the service. On this basis, we process only and exclusively those personal data necessary for the conclusion and proper performance of the contractual obligations. The legal basis for the data processing is the contract, the completed and signed health questionnaire.
The retention period is until the purpose of the contract has been fulfilled or until 6 years after the termination of the contract, except in cases where there is a dispute between the individual and the organisation in relation to the contract.
In such a case, the organisation shall keep the data for 10 years after the final decision of the court, arbitration or court settlement or, in the absence of litigation, for 5 years from the date of amicable settlement of the dispute.
FOR THE PURPOSE OF INFORMING INDIVIDUALS BY EMAIL
The organisation may, by virtue of carrying out a lawful activity, inform customers, clients and service users of its services, events, training, offers and other content by sending an email to their email address. The individual may at any time request the discontinuation of such communications and processing of personal data, and may cancel the receipt of such communications, either as a request by email or by regular mail to the address of the organisation.
The legal bases for processing data are legitimate interest and consent.
The data will be processed until the cancellation of the receipt of communications, or until the withdrawal of consent, or until the purpose of the processing is fulfilled. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
TO PREVENT ABUSE
We process personal data on the basis of legitimate interest where this is strictly necessary to prevent abuse. On the basis of legitimate interest, we process personal data after the contractual relationship has ended, during the period when legal claims under the contract can be asserted.
VIDEONADZOR
Ginekologija Mišo Rajić, Mišo Rajić s.p. provides video surveillance. Video surveillance (cameras are installed inside the organisation and in front of the entrance to the organisation) is used to monitor entrances and exits to and from the premises (based on Article 77 of ZVOP-2.),
Video surveillance is also carried out for the purpose of protecting individuals (users, employees and visitors) and the property of the organisation (on the basis of legitimate interest as defined in Article 6(i)(f) of the General Regulation, in conjunction with Articles 76 et seq.
ZVOP-2). Video surveillance is carried out within certain work areas where it is strictly necessary for the security of persons or property or for the protection of classified information or business secrets. Video surveillance will assist us in detecting, handling or resolving incidents, incidents, crimes, claims for damages or other claims. We do not carry out video surveillance in a way that would have a particular processing impact. Neither does video surveillance allow for unusual further processing, such as transfers to third country entities, the possibility of audio intervention in the event of live monitoring of events. Video surveillance allows live monitoring by an authorised person.
For information on video surveillance, please contact the organisation's telephone number or email address. The rights of individuals are described in this Privacy Policy. Further questions can also be addressed to the Data Protection Officer
PROCESSING ON THE BASIS OF CONSENT OR. CONSENT
If the organisation does not have a legal basis based on the law, a contractual obligation, a legitimate interest or the protection of the life of the individual, it may ask the individual for consent or assent. In this way, it may also process certain personal data of an individual for the following purposes where the individual has given his or her consent:
residential address and email address: for information and communication purposes:
photographs, videos and other content relating to the individual (e.g. posting images of individuals on the organisation's website):
for the purposes of documenting activities and publicising the work and events of the organisation:
other purposes for which the individual consents.
If the data subject has given his or her consent to the processing of personal data and at some point no longer wishes to do so, he or she may request the interruption of the processing of personal data by sending a request by e-mail or by regular mail to. The withdrawal of consent shall not affect the lawfulness of the processing on
on the basis of consent prior to its withdrawal. Upon receipt of a revocation or a request for deletion, the data shall be deleted within 15 days at the latest. The organisation may also delete the data before revocation where the purpose of the processing of the personal data has been achieved or where required by law.
Exceptionally, an organisation may refuse a request for erasure on the grounds set out in the General Regulation: exercise of the right to freedom of expression and information, compliance with a legal obligation to process, grounds of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the exercise or defence of legal claims.
PROCESSING IS NECESSARY FOR THE PROTECTION OF THE VITAL INTERESTS OF THE INDIVIDUAL
The organisation may process the personal data of the data subject insofar as this is necessary for the protection of his or her vital interests. In urgent cases, the organisation may search for the personal data of an individual, check whether that person exists in its database, examine the individual's medical history, prescribed medicines and products, or contact the individual or his/her relatives, without the organisation needing the individual's consent. The above applies only where it is strictly necessary to protect the vital interests of the individual.
USERS OF PERSONAL DATA, DATA OUTPUT AND AUTOMATED DECISION-MAKING
Data users include the contract processors we hire to carry out certain processing of personal data on our behalf. We work mainly with: an accounting service, IT system maintainers, a building security company, a social network provider, online advertising (Facebook, Instagram), service contractors, medical laboratory service providers. The data subject has the right to request information on which (external) users have been provided with personal data concerning the data subject. In the case of a minor child, this may be requested by the legal guardian or parent.
INFORMATION ON TRANSFERS OF PERSONAL DATA TO A THIRD COUNTRY
We do not export personal data to third countries (countries outside the EU and Iceland, Norway and Liechtenstein) and international organisations, except in the case of social media use, where the data may be exported to the USA, in which case the relationship with the US contract processors is governed by standard contractual clauses adopted by the European Commission and/or binding corporate rules approved by the EU.
We do not use automated decision-making or profiling.
SHOWCARDS
Our website works with the help of cookies, which are important for the provision of online services and are used to store information about the state of each web page, to help us collect statistics about users and website traffic, etc., The website uses essential cookies, which are uploaded immediately, but for all other cookies we need your consent, which you can change at any time. Cookies stored by the browser can be deleted by the individual.
List of cookies we use:
DATA PROTECTION AND DATA ACCURACY
The organisation is responsible for information and infrastructure security (premises and application system software). Our IT systems are protected by, among other things, antivirus and firewall protection. We have put in place appropriate organisational and technical security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and against other unlawful and unauthorised forms of processing. In the case of transfers of special categories
personal data, we provide it in encrypted and password-protected form. It is the individual's responsibility to ensure that their personal data is provided securely and that the information provided is accurate and authentic.
PATIENTS' RIGHTS
The Patients' Rights Act sets out the rights a patient has as a healthcare user with all healthcare providers and the procedures for exercising these rights when they are violated. It also sets out the duties that patients have in relation to these rights.
Patients' rights under the Patients' Rights Act in relation to the protection of personal data are: the right to access to medical records; the right to privacy and protection of personal data; the right to address violations of patients' rights; and the right to free assistance in exercising patients' rights.
A patient who believes that a health care procedure has violated rights that he or she has the right to request appropriate treatment. If the individual wishes to exercise any of the above rights, he/she may send a request by email or regular mail to the address of the organisation.
THE RIGHTS OF THE INDIVIDUAL WITH REGARD TO THE PROCESSING OF HIS OR HER PERSONAL DATA
The data subject shall have the right to request access to and rectification or erasure of personal data concerning him or her, or the restriction of processing relating to him or her, as well as the right to object to processing and the right to data portability. The data subject's request shall be treated in accordance with the provisions of the General Regulation.
All of the above rights and any questions you may have can be exercised by sending a request to us. We will respond to each request without undue delay and no later than one month after receipt of the request. This time limit may be extended by up to two additional months, taking into account the complexity and number of requests. You will be informed of this, together with the reasons for the delay. Exercising your rights is free of charge, but we may charge you a reasonable fee if the request is manifestly unfounded or excessive, in particular if it is repetitive. In this case, we will inform you of the reasons for the refusal and of your right to appeal to the supervisory authority. In case of doubt as to your identity, we may request from you additional information that we need to establish your identity.
You may exercise your right to lodge a complaint with the supervisory authority by contacting the Information Commissioner of the Republic of Slovenia at Dunajska 22, 1000 Ljubljana (e-mail: gp.ip(a)ip-rs.si, website: www.ip-rs.si).
The Privacy Policy is valid from 1.6.2023.
Mišo Rajić s.p.
Ogrinova ulica 26, 1291 ŠKOFLJICA,
Registration number: 8291365000
Tax ID: 23100796
Information pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter referred to as GDPR):
| Title: Mišo Rajić s.p. Address: 6 Ukmarjeva Street, Ljubljana |
| Mišo Rajić M: 070 780 718 |
|
|
|
|
| the healthcare provider and authorised persons; the data shall not be exported to third countries |
| dental records permanently; medical records and inventories for 10 years after the patient's death; other basic medical records for 15 years, in accordance with the purpose of the processing |
|
|
| for the purposes of providing a healthcare service on the individual's behalf, following a declaration of consent |
| Individual |
Information on the right to withdraw consent where processing is based on consent: you may withdraw your consent at any time by sending a request to the address of the processor, the contact details of which are set out under point 1. Information on the right to lodge a complaint with the supervisory authority: you can lodge a complaint with the Information Commissioner (address: Dunajska 22, 1000 Ljubljana, e-mail: gp.ip@ip-rs.si phone: 01/230-97-30, website: www.ip-rs.si). | |