Privacy Policy

This Privacy Policy is an expression of care for the rights of those who visit the website and use the services offered through it. It also fulfils the information obligation arising from Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L119 of 4.05.2016, p. 1) (hereinafter RODO).

The owner of the service attaches particular importance to respecting the privacy of service users. The data obtained within the service are particularly protected and secured against unauthorised access. The privacy policy shall be made available to all interested parties. The service has an open character.

The owner of the service assures that its overriding aim is to ensure that the privacy of persons using the service is protected at a level at least equivalent to the requirements of the applicable legislation, in particular the provisions of the RODO and the Act of 18 July 2002 on the provision of electronic services.

The owner of the website may collect personal data and data of a different nature. The collection of this data takes place, depending on its nature – either automatically or as a result of the actions of visitors to the site.

Any person using the website in any way accepts all the rules contained in this Privacy Policy. The owner of the service reserves the right to make changes to this document.

1. General information, cookies
   1. The owner and operator of the service is ARTDENT BEAUTY & CARE DENTISTRY Agnieszka Misiejuk with its registered office in Sopot, address: Władysława Jagiełły 4 lok. 2, 81-757 Sopot, entered in the Register of Entrepreneurs of the National Court Register, kept by the District Court in , Commercial Division of the National Court Register, under KRS no: , NIP number: 5422396916, REGON number: 200003216. In accordance with the provisions of the RODO, the owner of the service is also the Administrator of the Personal Data of the service users (“Administrator”).
   2. In the course of its activities, the Administrator uses cookies in such a way that it observes and analyses traffic on the website, as well as undertakes remarketing activities, however, in the course of these activities, the Administrator does not process personal data within the meaning of the RODO.
   3. The Service performs functions to obtain information about the users of the Service and their behaviour in the following ways:
      1. the website collects information automatically, which is contained in cookies.
      2. by means of data voluntarily entered by users of the website, in forms available on the website.
      3. through the automatic collection of web server logs by the hosting provider.
   4. Cookies (so-called “cookies”) are IT data, in particular text files, which are stored on the website user’s terminal equipment and are intended for the use of the website. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.
   5. During a visit to the website, data concerning the user’s visit to the website may be collected automatically, including the IP address, type of Internet browser, domain name, number of views, type of operating system, visit, screen resolution, number of screen colours, addresses of websites from which the website was accessed, time of use. This data is not personal, nor does it make it possible to identify the person using the website.
   6. The website may contain links to other websites. The owner of the service is not responsible for the privacy policies of these websites. At the same time, the owner of the service encourages the user to familiarise himself/herself with the privacy policy established by those websites. This Privacy Policy does not apply to other websites.
   7. The entity placing cookies on the website user’s terminal equipment and accessing them is the owner of the website.
   8. Cookies are used for:
      1. adapting the content of the website to the website user’s preferences and optimising the use of the website; in particular, these files allow the website user’s device to be recognised and the website to be properly displayed, adapted to the user’s individual needs,
      2. to create statistics which help us to understand how visitors use the websites, so that we can improve their structure and content,
      3. maintaining a session of the website user (after logging in), so that he/she does not have to re-enter his/her login and password on each page of the website.
   9. The following types of cookies are used within the website:
      1. “necessary” cookies to enable the use of the services available on the website, e.g. authentication cookies,
      2. security cookies, such as those used for fraud detection,
      3. “performance” cookies, which are used to obtain information about how the website’s pages are used by users of the website,
      4. “advertising” cookies, enabling the website to provide users with advertising content more tailored to their interests,
      5. “functional” cookies, allowing the website to “remember” the settings selected by the user of the website and to adapt the website to the user of the website, e.g. with regard to the selected language.
   10. The website uses two main types of cookies: “session” cookies and “permanent” cookies (persistent cookies). “Session” cookies are temporary files, stored on the end device until the user leaves the website, logs out by the service user or switches off the software (web browser). “Persistent” cookies are stored on the website user’s terminal device for the time specified in the parameters of the cookies or until they are deleted by the website user.
   11. In the vast majority of cases, web browsing software allows cookies to be stored on the website user’s terminal device by default. Users of the website are able to make changes to their cookie settings at any time they choose. These settings can be changed in the options of the web browser (software) in such a way as to prevent the automatic handling of cookies or to force the website user to be informed each time cookies are placed on their device. Detailed information on the possibility and methods of using cookies is available in the settings of your web browser.
   12. Restrictions on the use of cookies may affect some of the functionality available on the website.
   13. Cookies placed on the website user’s terminal equipment may also be used by advertisers and partners cooperating with the owner of the website.
2. Processing of personal data, information on forms
   1. Personal data of service users may be processed by the Administrator:
      1. where the user of the site has given their consent in the forms posted on the site, in order to take the action to which the forms relate (Article 6(1)(a) of the RODO), or
      2. where the processing is necessary for the performance of a contract to which the service user is a party (Article 6(l)(b) RODO), where the service enables the conclusion of a contract between the Administrator and the service user.
   2. The service processes personal data which are exclusively voluntarily provided by service users. The Administrator shall process the personal data of the service users only to the extent necessary for the purposes set out in point 1(a) and (b) above and for the period necessary to fulfil those purposes, or until the service user withdraws consent. The service user’s failure to provide data may, in certain situations, result in an inability to fulfil the purposes for which the data is necessary.
   3. The following personal data of the site user may be collected as part of the forms provided on the site or for the purpose of executing contracts that can be concluded on the site: name, surname, address, e-mail address, telephone number, login, password.
   4. The data contained in the forms, provided to the Administrator by the user of the service, may be provided by the Administrator to third parties, cooperating with the Administrator in connection with the fulfilment by the Administrator of the purposes set out in points 1 a and b above.
   5. The data provided in the forms posted on the website are processed for the purposes resulting from the function of the specific form; in addition, they may also be used by the Administrator for archiving and statistical purposes. The data subject’s consent is expressed by unchecking the appropriate box on the form.
   6. The user of the service, where the service has such functionalities, by ticking the appropriate box in the registration form, may refuse or consent to receive commercial information by means of electronic communication, in accordance with the Act of 18 July 2002 on electronic provision of services (Journal of Laws of 2002, No. 144, item 1024 as amended). Where a service user has consented to receive commercial information by means of electronic communication, they have the right to revoke such consent at any time. The right to revoke the consent to receive commercial information is exercised by sending a relevant request by e-mail to the service owner’s address, together with the service user’s first and last name.
   7. The data provided in the forms may be forwarded to entities technically providing certain services – in particular, this concerns the forwarding of information on the holder of the registered domain to entities being the operators of the Internet domain (in particular the Scientific and Academic Computer Network of j. b. r. – NASK), services handling payments or other entities with which the Administrator cooperates to such extent.
   8. The personal data of service users is stored in a database in which technical and organisational measures have been applied to ensure the protection of the processed data in accordance with the requirements set out in the relevant legislation.
   9. In order to prevent re-registration of persons whose participation in the service has been terminated due to unauthorised use of the service, the Administrator may refuse to delete personal data necessary to block the possibility of re-registration. The legal basis for the refusal is Article 19(2)(3) in connection with Article 21(1) of the Act of 18 July 2002 on the provision of electronic services (i.e. 15 October 2013, Journal of Laws of 2013, item 1422). Deletion of personal data of service users by the Administrator may also be refused in other cases provided for by law.
   10. In cases provided for by law, the Administrator may share some of the website users’ personal data with third parties for the purpose of protecting the rights of third parties.
   11. The Administrator reserves the right to send all users of the service electronic letters with notifications about important changes in the service and changes to this Privacy Policy. The Administrator may send commercial e-mails, in particular advertisements and other commercial information, provided that the service user has given his/her consent. Advertisements and other commercial content may also be attached to incoming and outgoing letters from the system account.
3. The rights of service users regarding their personal data.

In accordance with Articles 15 – 22 of the RODO, each service user has the following rights:

1. Right of access to data (Article 15 RODO)

The data subject shall be entitled to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed and, if this is the case, he or she shall be entitled to obtain access to it. In accordance with Article 15, the Controller will provide the data subject with a copy of the personal data being processed.

2. Right to rectification of data (Article 16 RODO)

The data subject shall have the right to request from the Controller the immediate rectification of personal data concerning him or her which are inaccurate.

3. The right to erasure (“right to be forgotten”) (Article 17 RODO)

The data subject has the right to request from the Controller the immediate erasure of personal data concerning him or her, and the Controller is obliged to erase the personal data without undue delay if one of the following circumstances applies:

1. personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
2. the data subject has withdrawn the consent on which the processing is based
3. the data subject raises an objection under Article 21(1) to the processing and there are no overriding legitimate grounds for the processing
4. Right to restrict processing (Article 18 RODO)

The data subject has the right to request the Controller to restrict processing in the following cases:

1. When data is incorrect – in time to correct it
2. The data subject has raised an objection under Article 21(1) to the processing – until it is established whether the legitimate grounds on the part of the Controller override the grounds of the data subject’s objection.
3. The processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead the restriction of its use.
4. Right to data portability (Article 20 RODO)

The data subject shall have the right to receive, in a structured, commonly used machine-readable format, the personal data concerning him or her which he or she has provided to the Controller, and shall have the right to have that personal data sent to another controller without hindrance from the Controller to whom the personal data was provided. The data subject has the right to request that the personal data be sent by the Controller directly to another controller, insofar as this is technically possible. The right referred to in this paragraph shall not adversely affect the rights and freedoms of others.

6. Right to object (Article 21 RODO)

Where personal data is processed for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.

The above-mentioned rights of service users may be exercised against payment in cases where the relevant legal provisions so provide.

In the event of a breach of the above rights, or if a service user finds that their personal data is being processed by the Administrator contrary to applicable law, the service user has the right to lodge a complaint with a supervisory authority.

4. Server logs
   1. In accordance with the established practice of most websites, the website operator stores http requests directed to the website operator’s server (information about certain website user behaviour is subject to logging at the server layer). The resources viewed are identified by URLs. The exact list of information stored in the web server log files is as follows:
      1. the public IP address of the computer from which the request came,
      2. the name of the client station – identification via http protocol if possible,
      3. the service user name given during the authorisation (login) process,
      4. the timing of the enquiry,
      5. http response code,
      6. the number of bytes sent by the server,
      7. the URL of a page previously visited by the user of the website (referer link), in the event that the website was accessed via a link,
      8. information about the service user’s web browser,
      9. information on errors that occurred during the execution of the http transaction.

The above data are not associated with specific visitors to pages available on the website. In order to ensure the highest possible quality of the website, the operator occasionally analyses log files to determine which pages within the website are visited most frequently, which web browsers are used, whether the structure of the pages contains errors, etc.

2. The logs collected by the operator are stored for an indefinite period of time as support material for the proper administration of the website. The information contained in these files will not be disclosed to any entity other than the operator or entities related to the operator personally, financially or contractually. On the basis of the information contained in these files may be generated statistics to assist in the administration of the service. The summaries containing such statistics do not contain identifying characteristics of visitors to the website.

RODO – Information on the processing of personal data

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter RODO), the Controller of your personal data is: ARTDENT Beauty & Care Dentistry Agnieszka Misiejuk, ul. W. Jagiełły 4/2 81-757 Sopot.

The Data Protection Officer is Ms Agnieszka Misiejuk, who can be contacted by e-mail at sekretariat@artdent-sopot.pl or by post at the above address with the reference “DPO”.

When we process the personal data you provide

1. E-mailing an enquiry

By using the form on http://www.artdent-sopot.pl/kontakt you consent to the processing of any information contained therein. The provision of this data is voluntary and it will be used for the purpose of dealing with your enquiry. In justified cases (submission of complaints or requests) we may use the data provided to contact you.

This data will be kept for a period of one year.

2. Electronic registration

By using the form on http://www.artdent-sopot.pl/kontakt, you consent to the processing of any information contained therein. Provision of this data is voluntary and will be used for the purpose of arranging an appointment.

This data will be stored until you withdraw your consent to its processing.

After the first visit, the personal data provided in the registration form will be processed for the efficient management of the health services provided and to comply with the legal obligations imposed on Buda Stomatologia by the national legislation listed below.

3. Provision of health services

In the case of the use of health services provided by ARTDENT Beauty & Care Dentistry Agnieszka Misiejuk, your personal data is processed on the basis of Article 6(1)(c) and Article 9(2)(h) of the RODO. The provision of personal data in this regard is a legal requirement resulting in particular from the provisions of the Act on Patients’ Rights and Patients’ Rights Spokesman and other provisions determining the manner of conducting and accounting for the conducted medical activity. Failure to provide personal data will prevent the provision of services. Your personal data will be processed as part of your medical records for a period of 20 years or any other period required by law, in particular the Act on Patients’ Rights and the Ombudsman for Patients’ Rights.

The personal data you provide in terms of your email address and telephone number will continue to be processed on the basis of the consent you have given (Article 6(1)(a) RODO) for the purpose of making and cancelling appointments, informing you of any delays. In this case, the provision of personal data is voluntary and the consent given can be withdrawn at any time. The withdrawal of consent does not affect the compatibility with the processing carried out by the Administrator prior to its withdrawal. In this regard, your personal data will be processed until the services provided to you are completed and billed, or until your consent is withdrawn.

4. Conclusion of contracts for the provision of health services

If you are contracted for the provision of healthcare services, your personal data will be processed for the performance and settlement of the contract concluded. In this case, the provision of the requested personal data is mandatory.

The data relating to the concluded contract and the data collected for the purpose of settling it will be processed for the period required by law for at least 5 years calculated from the first day of the year following the year in which the contract was settled. This period may be longer in the event of a possible claim by one of the parties to the contract.

5. Video surveillance

ARTDENT Beauty & Care Dentistry Agnieszka Misiejuk also conducts video surveillance of its premises to ensure the safety of patients, employees and premises. Its records will not be kept for more than 20 days.

6. Withdrawal of consent to process personal data

You can withdraw your consent, given for the processing of your personal data, by sending an e-mail to sekretariat@artdent-sopot.pl stating:

“I withdraw my consent to the processing of my personal data with regard to my e-mail address (please specify e-mail address) or telephone number (please specify telephone number).” or in person at the premises of ARTDENT Beauty & Care Dentistry Agnieszka Misiejuk.

Withdrawal of consent may be submitted by the owner of the personal data. ARTDENT Beauty & Care Dentistry Agnieszka Misiejuk reserves the right to verify the identity of the person withdrawing consent in order to ensure the correct exercise of rights.

7. Sharing of personal data

Personal data collected may be shared:

• to doctors or dental technicians working with ARTDENT Beauty & Care Dentistry Agnieszka Misiejuk for the purpose of providing health services and diagnostics;
• IT system suppliers and cooperating entities to perform technical activities to ensure the security of these systems;
• to postal service providers in accordance with the Postal Law for the purpose of handling traditional mail;
• banks when settlements need to be made;
• entities contracted by ARTDENT Beauty & Care Dentistry Agnieszka Misiejuk to provide accounting and legal services.

 Any disclosure of personal data shall be carried out in accordance with applicable law and only when necessary for the performance and settlement of the services provided, while ensuring the confidentiality of the personal data processed.

8. Rights of owners of personal data

In connection with the processing carried out, you have the right to request:

• access to their personal data in accordance with the provisions of the RODO to the extent of processing not involving medical records, and on the basis and principles set out in the Act on Patients’ Rights and Patients’ Ombudsman to the extent of medical records kept,
• rectify your personal data,
• to restrict the processing of your personal data,
• delete their personal data in cases permitted by law.

You also have the right to lodge a complaint with the President of the Data Protection Authority.