Data confidentiality and customer’s privacy protection is our priority. Therefore, for the sake of the security of your data and respecting the applicable laws, Medicover Sp. z o. o. established a policy setting out rules on how to collect, process and use personal data:
Medicover Sp. z o. o. processes personal and sensitive data on the basis of law, including:
1. Act of 29 August 1997 on Protection of Personal Data
2. Regulation of the Minister of Internal Affairs and Administration of 29 April 2004 regarding personal data processing documentation and technical and organizational conditions which should be fulfilled by devices and computer systems used for personal data processing
3. Act of 6 November 2008 on Patients’ Rights and the Ombudsman for Patients’ Rights
4. Act of 15 April 2011 on medical activity.
In accordance with art. 24 paragraph. 1 of the Act of August 29, 1997 on the protection of personal data we inform you that your personal data administrator is Medicover Sp. z o. o., based in Warsaw 00-807, Al. Jerozolimskie 96.
In Medicover Sp. z o. o., the duties of supervising the proper processing of customer data belongs to the Information Security Administrator, who in turn is appointed by a resolution of the Administrator of Personal Data.
The process of managing information security is one of the processes of the Quality Management System build according to ISO 9001 requirements implemented in Medicover Sp. z o. o.
The process of information security has been built based on the requirements of ISO 27001: 2013 and supplemented by the requirements of the Polish law regulating the processing and protection of personal and medical data.
The management of Medicover provides full support for the Information Security Management System and declares that all Medicover employees regularly undertake familiarisation courses on the existing rules of information security and protection of personal and medical data. In addition, all Medicover employees are authorized by the Administrator of Personal Data to process personal data and therefore are obliged to follow the Security Policy Guidelines and the Information System Management Manual.
The efficiency and effectiveness of the implemented Information Security Management System are reviewed quarterly and annually by verifying the compliance of the ISMS with the international standards and regulatory requirements, and a full independent audit of the ISMS is performed each year.
Particular emphasis is placed on controlling the access to personal data and medical information, as well as to the systems processing that data.
Each employee has an individual access profile, modelled in accordance with the”need to know” principle, which means that the processing of data and information is restricted to individuals working in positions for which access to such data / information has been defined as legitimate and resulting from the duties of that employee.
Your submitted personal details are processed for the following purposes: contact, provision of additional information about the offered products, marketing of our products, provision of medical services, health services management, financial and statistical.
Providing personal information in contact questionnaires on the Company’s web sites is always voluntary, and the data processing is done only with the consent of the user.
At the same time we would like to inform you that in accordance with Article 32 of the Act of 29 August 1997 on the protection of personal data, you are entitled to:
– information about the purpose, scope and manner of processing of the personal data,
– access your personal data,
– change that data,
– requesting cessations of the data processing for marketing purposes,
– receiving information about sharing personal data with entities specified by law.
The implementation of these rights is possible via the Customer Service Department.
Updating personal data in terms of your address of residence, email address and contact telephone number is possible at any time using the Medicover OnLine platform.
Remaining data can be changed at the reception of any of the Medicover Centers. Changing that data can only be done by an authorized Medicover employee with the authorization of changes by the Customer (certified by Customer’s hand signature on the form).
When you visit our website, it automatically records information about your activity, including among others: IP address, browser type, operating system type. That data is used only for administrative and statistical purposes.
Personal data transfers and other communication with our servers is encrypted and takes place using SSL (Secure Socket Layer). Servers that store personal data are owned by Medicover Sp. z o. o. and are protected against unauthorized access.
Our website may use “cookies”, which are used to identify a user’s session when using our site. “Cookies” do not contain any personal information and ensure the correct operation of the application.
In order to block the transfer of this type of files you need to set up your browser appropriately, but take note that some features of the site may not work afterwards.
Medicover Sp. z o. o. does not disclose personal data to third parties without the consent of the data subject, unless obliged by law to disclose the results to government entities (including ZUS, police, court and prosecution offices).
Chairman of the Board of Medicover Sp. Z.o. o. Information Security Administrator