Application privacy policy

Warsaw Aesthetic Application Privacy Policy of 23.01.2024

This Privacy Policy specifies the general conditions, rules and manner concerning the provision of services and the use of Warsaw Aesthetic, provided by Chirurgia Plastyczna sp. z o.o. sp. k. with its registered office in Warsaw, ul. Waflowa 7A Street 02-971, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000743985, NIP: 9512467450, REGON: 38095887500000 and Dr Szczyt Chirurgia Plastyczna sp. z o.o. sp. k. with its registered office in Warsaw, ul. Królewicza Jakuba 37, 02-956, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000760437, NIP: 9512474272, REGON: 3819194690000.

§ 1.

Definitions

The terms used in this Privacy Policy have the following meaning:

1. Application – a software available for mobile devices, provided to the User by Chirurgia Plastyczna sp. z o. o. sp. k. and Dr Szczyt Chirurgia Plastyczna sp. z o. o. sp. k., aiming to enable communication between the Healthcare Entity and the User, in particular within the scope of the Functionalities;

2. Healthcare Entity – entities providing the Application to the User, i.e. Chirurgia Plastyczna sp. z o.o. sp. k. with its registered office in Warsaw, ul. Waflowa 7A 02-971 entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000743985, NIP: 9512467450, REGON: 38095887500000 and Dr Szczyt Chirurgia Plastyczna sp. z o.o. sp. k. with its registered office in Warsaw, ul. Królewicza Jakuba Street 37 02-956, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000760437, NIP: 9512474272, REGON: 3819194690000;

3. User – an individual with full legal capacity who has downloaded and installed the Application on a mobile device and activated an account;

4. Inactive User – an individual with full legal capacity who has downloaded and installed the Application on a mobile device, but has not activated the account and uses the Functionalities for the Inactive Users. The Inactivated User can activate their account at any time while using the Application; upon Activation of the account the Inactive User becomes the User;

5. Privacy Policy – this Privacy Policy dated 23.01.2024;

6. Functionalities – all functionalities in the Application that enable communication between the User and the Healthcare Entity, in particular the ones enabling appointment scheduling in the Healthcare Entity, monitoring earlier consultation dates, appointments for surgeries or treatments, monitoring, including changes to, the dates of the surgeries or treatments, submission of the results of examinations to the Healthcare Entity by the User and to the User by the Healthcare Entity, summary of consultations the User have had with the Healthcare Entity,

submission of post-surgical recommendations on post-surgical/post-treatment wound care to the User by the Healthcare Entity, as well as post-surgical recommendations concerning physiotherapy, submission of post-operative photographs by the User to the Healthcare Entity, online consultations with a nurse, a physiotherapist or an attending physician, sending reminders about consultation dates or surgery/treatment appointments, confirming, cancelling or rescheduling consultations, surgeries/treatments, sending reminders about the next treatment in a cycle/package and about recommended treatments

“supplementary” to a surgery, also informational and marketing functionalities, i.e. submission of information on the recommended aesthetic medicine treatments and special offers by the Healthcare Entity to the User, provision of links to articles on aesthetic medicine treatments available on the Healthcare Entity’s website, to the terms and conditions of implant warranty, to photo galleries, etc. to the User by the Healthcare Entity;

7. Functionalities for Inactive Users – the functionalities in the Application available to Inactive Users, in particular the access to the Healthcare Entity’s data, the ability to make appointments for consultations in the Healthcare Entity;

8. Account – a personalised collection of resources and rights within the Application, assigned to the User or the Inactive User;

9. Account activation – the actual action carried out by the Inactive User in order to gain access to the Functionalities;

§ 2.

General provisions

1. The Privacy Policy specifies in particular:

1) the general conditions, rules and manner concerning the provision of services and the use the Application;

2) the Functionalities and the Functionalities for the Inactive Users;

3) technical requirements necessary for the proper functioning of the Application;

4) account activation methods;

5) the terms and conditions for conclusion and rescission of the agreement on the use of the Application.

2. In order to start using the Application the User and the Inactive User are required to read and accept the Privacy Policy. Before the User and the Inactive User start using the Application, they are required to read and accept the Privacy Policy.

3. The use of the Application is free of charge. The costs related to being connected to the Application via the Internet or other means of data transmission shall be borne by the User/the Inactive User.

4. The use of the Application is based on an agreement concluded electronically by an individual with full legal capacity and the Healthcare Entity. The conclusion of the agreement referred to in the preceding sentence shall be made by downloading and installing the Application on a mobile device and accepting the Privacy Policy by the person referred to in the preceding sentence.

5. The Inactive User and the User may terminate the agreement referred to in paragraph 4 and delete the Account at any time. Termination of the agreement shall take the form of a unilateral declaration of the Inactive User/the User submitted via the form provided in the Application, or in writing sent to the Healthcare Entity’s address.

§ 3.

Scope of use of the Application functionalities

1. As part of the Application, the Healthcare Entity allows individuals who have downloaded and installed the Application on a mobile device to create an Account. The natural persons referred to in the preceding sentence may use the Application as the Users or the inactive Users.

2. The Inactive User, until the Account Activation, once logged in the Application, can use the Application only within the scope of the Functionalities for the Inactive Users, i.e. they gain access to the following:

1) the Healthcare Entity’ data,

2) the ability to schedule a single appointment for a consultation with the Healthcare Entity,

3) the ability to reschedule the consultation with the Healthcare Entity three times,

4) the ability to contact the reception at the Healthcare Entity,

5) information on the treatments, the personnel and the services offered by the Healthcare Entity.

3. Once logged in to the Application, the User can use all Application functions,

i.e. in particular within the scope of the Functionalities:

1) scheduling appointments for consultations in the Healthcare Entity,

2) monitoring earlier consultation dates,

3) making appointments for surgeries or treatments,

4) monitoring, including changes to, the dates of surgeries or treatments,

5) submission of test results by the User to the Healthcare Entity and by the Healthcare Entity to the User,

6) summarising the consultations the User have had with the Healthcare Entity,

7) submission of post-surgical recommendations on post-surgical/post-treatment wound care, as well as post-surgical recommendations concerning physiotherapy to the User by the Healthcare Entity,

8) contact with the Healthcare Entity’s personnel,

9) sending post-operative photographs to the Healthcare Entity,

10) online consultations with a nurse, a physiotherapist or an attending physician,

11) receiving reminders about consultation dates or surgery/treatment dates,

12) confirming, cancelling or rescheduling a consultation, surgery/treatment,

13) receiving reminders about the next treatment in a cycle/package, as well as the recommended treatments, “supplementary” to a surgery,

14) receiving information on the recommended aesthetic medicine treatments, aesthetic medicine special offers, links to articles on aesthetic medicine treatments available on the Healthcare Entity’s website, to the terms and conditions of implant warranty, to photo galleries, etc.

The use of the functions referred to in section 3 is possible after Activation of the Account by the Inactive User.

§ 4.

Creation and Activation of the Account

1. Once an individual with full legal capacity has downloaded and installed the Application on a mobile device and accepted the Privacy Policy, they can create the Account. In order to create the Account, the person referred to in the preceding sentence shall indicate their first name and surname, as well their e-mail address and password, and shall confirm the e-mail address by assigning the activation code, sent by the Healthcare Entity to the indicated e-mail address, to the Application. Once these activities are completed, the person referred to in the preceding sentence becomes the Inactive User and gains access to the Functionalities for the Inactive Users.

2. The account is activated

directly at the registered office of the Healthcare Entity selected by the User, i.e. ul. Królewicza Jakuba 37, 02-956 Warszawa (Dr Szczyt Chirurgia Plastyczna sp. z o.o. sp. k.) or ul. Waflowa 7A, 02-971 Warszawa (Chirurgia Plastyczna sp. z o.o. sp. k.), after presenting an ID to an employee of the Healthcare Entity, upon written consent for the provision of services in an electronic form within the Application, consent for the transfer and sharing the information concerning health condition and medical records via the Application.

3. Consent for sharing medical records via the Application is limited – depending on the Inactive User’s choice – with one Healthcare Entity, i.e. Dr Szczyt Chirurgia Plastyczna sp. z o.o. sp. k. or Chirurgia Plastyczna sp. z o.o. sp. k. The User may consent for sharing the health information or medical records with another Healthcare Entity at any time; in order to it, the User shall give their consent the form referred to in section 3.

4. Once the Account is activated, as specified in section 3, the Inactive User becomes the User and gains access to the Functionalities.

§ 5.

Technical conditions necessary for the Application to function

1. The application is available in the updated version offered in the mobile app stores, depending on the mobile device:

a) using iOS 13.x or later

b) using Android with API 21 support or later

2. The Application does not work on mobile devices where third-party applications cannot be installed.

3. The Application requires Internet connection. The Application does not work on mobile devices which cannot be connected to the Internet.

4. The Application does not use cookies.

§ 6.

Application Instructions

1. The Inactive User or the User logs into the Application with a login and password that they had created. The Inactive User/the User is obliged to refrain from sharing the login and password with third parties. The Healthcare Entity shall not be liable for the consequences of the Inactive User’s/the User’s decision to share the login or the password with a third party, or for the consequences of the Inactive User/the User’s failure to properly secure access to the mobile device on which the Application is installed.

2. The Healthcare Entity enables a password reminder procedure – in order to do it, the Inactive User/the User is required to provide an e-mail address. The Healthcare Entity will send a temporary password to the Inactive User’s/the User’s email address, which will be active for 24 hours.

§ 7

Data privacy statement concerning the users who use the Application within the scope of the activities carried out by Chirurgia Plastyczna sp. z o.o. sp. k.

1. The Controller of your Personal Data is Chirurgia Plastyczna Spółka z ograniczoną odpowiedzialnością Spółka komandytowa with its registered office in Warsaw (02 – 971) ul. Waflowa 7A, KRS 0000743985, NIP: 9512467450.

2. The Personal Data are shared with the Controller in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (OJ of the EU.L of 2016. No. 119/1, hereinafter referred to as the “GDPR”).

3. The Controller processes your personal data:

1) first name, surname, PESEL number, as well as contact information (phone number, e-mail address) – the legal basis for the processing of the personal data is Article 6(1)(b) of the GDPR, i.e. the necessity to process the aforementioned personal data to perform the agreement on the provision of services within the scope of the use of the Application;

2) health and age data – the legal basis for the processing of personal data is Article 9(2)(a) and (h) of the GDPR, i.e. Your consent to the processing of your data and the necessity to process them for the purposes of preventive medicine, i.e. the use of the Application within the scope of medical services.

4. Your personal data, including the data referred to in Article 9 of the GDPR, may be shared only with the entities entitled to obtain them on the basis of applicable regulations, as well as with the entities participating in the provision of services by the Controller.

5. Your personal data, including the data referred to in Article 9 of the GDPR, may be shared only with the entities entitled to obtain them on the basis of applicable regulations, as well as with the entities participating in the provision of services by the Controller.

6. The Controller expects the possibility of sharing your personal data such as: first name, surname, phone number and email address with the entities operating in the area of cosmetology or dental medicine, and related to the Controller (or their partners) personally or by equity. Provision of the personal data to these entities is subject to your prior consent, the lack of which, however, does not affect the possibility of using other services provided by the Controller or the scope of your personal data protection.

7. Your personal data will not be transferred to a third country or an international organisation.

8. You are entitled to:

– obtain access to the personal data processed by the Controller (Article 15 of the GDPR),

– request rectification of personal data concerning you which are inaccurate (Article 16 of the GDPR),

– request the Controller to immediately erase personal data concerning you (Article 17 of the GDPR),

– request the Controller to restrict the processing of personal data concerning you (Article 18 of the GDPR),

– portability of personal data concerning you (Article 20 of the GDPR),

– object to the processing of personal data, if it is based on Article 6(1)(e) or (f) (Article 21 of the GDPR).

9. With regard to the processing of the personal data based on your consent, you have the right to withdraw your consent at any time. However, withdrawal of the aforementioned consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

10. You have the right to lodge a complaint with the competent supervisory authority, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, if you recognise that the processing of personal data concerning you violates the provisions of the GDPR.

11. Your provision of personal data is voluntary, but necessary for the Controller to undertake activities related to the provision of the services.

12. Your personal data will be processed for the period arising from applicable regulations or until the limitation period for claims expires, i.e. for 20 or 30 years.

§ 8

Data privacy statement concerning the users who use the Application within the scope of the activities carried out by Dr Szczyt Chirurgia Plastyczna sp. z o.o. sp. k.

1. The Controller of your Personal Data is Dr Szczyt Chirurgia Plastyczna Spółka z ograniczoną odpowiedzialnością Spółka komandytowa with its registered office in Warsaw (02-956) ul. Królewicza Jakuba 37, KRS no: 0000760437, NIP: 9512474272.

3. The Controller processes your personal data:

1. first name, surname, PESEL number, as well as contact information (phone number, e-mail address) – the legal basis for the processing of the personal data is Article 6(1)(b) of the GDPR, i.e. the necessity to process the aforementioned personal data to perform the agreement on the provision of services within the scope of the use of the Application;

2. health and age data – the legal basis for the processing of personal data is Article 9(2)(a) and (h) of the GDPR, i.e. Your consent to the processing of your data and the necessity to process them for the purposes of preventive medicine, i.e. the use of the Application within the scope of medical services.