Personal Data Administrator
The personal data administrator for individuals using the services provided by 4.CARE within the meaning of Article 4 point 7 of the GDPR is ZDRO TECH, with its registered office at ALEJA JANA PAWŁA II 43A / 37B, 01-001 WARSAW, NIP: 5273121900, REGON: 529213539, registered in the Register of Entrepreneurs of the National Court Register under KRS number: 0001117795, registration court: DISTRICT COURT FOR THE CAPITAL CITY OF WARSAW IN WARSAW, XIII COMMERCIAL DEPARTMENT OF THE NATIONAL COURT REGISTER, with a share capital of 5000 PLN, hereinafter referred to as "ZDRO TECH."
Zdro Tech has appointed a Data Protection Officer, who also serves as a contact point for users. The Data Protection Officer can be contacted electronically at contact@zdro.tech or by traditional mail at ALEJA JANA PAWŁA II 43A / 37B, 01-001 WARSAW with the note "Data Protection Officer."
Zdro Tech adheres to the principles of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure, or unauthorized access to personal data processed in connection with its business activities.
Zdro Tech processes personal data only to the extent necessary for the provision of services to the individuals concerned. Providing personal data by the user is voluntary but necessary to use the services provided by Zdro Tech.
Scope of Personal Data
Zdro Tech processes the following scope of personal data:
Professional Users
- Name and surname, company name, and NIP and REGON numbers, business address or residential address, email address, and contact phone number, professional/scientific title, specializations, license number, image, date of birth, medical certificates.
Patients and Other Non-Professional Users
- Last name and first name(s), date of birth, gender, residential address or registered address, PESEL number, phone number, email address, health data.
Zdro Tech may process personal data beyond the scope indicated above if it is necessary for the proper provision of services to the individual concerned or is justified by the user's consent or applicable legal regulations.
Purpose and Legal Basis for Personal Data Processing
Zdro Tech processes personal data for the following purposes:
- Concluding and fulfilling contracts and providing services electronically through telecommunication systems, based on the concluded contract (Article 6(1)(b) GDPR).
- Preparing commercial offers and marketing, which is a legitimate interest of Zdro Tech (Article 6(1)(f) GDPR) or based on prior consent (Article 6(1)(a) GDPR).
- Handling complaint processes and accounting related to issuing and receiving settlement documents, based on the obligation imposed on Zdro Tech under applicable law (Article 6(1)(c) GDPR).
- Archiving data for the potential establishment, exercise, or defense of legal claims or to demonstrate facts, and contacting via phone or email, which is a legitimate interest of Zdro Tech (Article 6(1)(f) GDPR).
- Sending technical information about the functioning of Zdro Tech telecommunication systems and services used by the user, which is a legitimate interest of Zdro Tech (Article 6(1)(f) GDPR).
- For the provision of electronic consultations with a doctor, Zdro Tech may process sensitive data concerning health. The processing of sensitive data is based on the consent given by the individual concerned (Article 9(2)(a) GDPR).
- Creating statistics and summaries to improve the effectiveness of marketing activities and build a business strategy (Article 6(1)(f) GDPR).
Data Recipients. Transfer of Data to Third Countries
The recipients of personal data processed by Zdro Tech may be entities cooperating with Zdro Tech when it is necessary to fulfill a contract concluded with the individual concerned. These may also include subcontractors whose services Zdro Tech uses, such as accounting firms, law firms, IT service providers (including hosting services).
Personal data of patients may be shared with or obtained from public entities such as ZUS or the Ministry of Health to verify the right to health services provided from public funds (eWUŚ system) or to exchange data between Zdro Tech systems and the Internet Patient Account and related services.
Personal data of professional users in the form of a business card presenting an offer may be shared with Zdro Tech business partners.
Zdro Tech may be required to disclose personal data based on applicable legal regulations, in particular, to disclose personal data to authorized state bodies or institutions.
Technical Data and Cookies
Zdro Tech collects and processes technical information such as the IP address of the device and uses cookie technology to tailor the functioning of the service to the individual needs of users. Cookies may be used to remember data entered by the user, facilitating the use of the service on subsequent visits. Owners of other sites do not have access to this data. The user can disable cookies in the web browser settings. Detailed information on cookies is available on a separate page dedicated to the cookie policy.
Automated Data Processing
Personal data is subject to automated processing by Zdro Tech to the extent necessary for the operation of the service.
Period of Personal Data Storage
Zdro Tech stores personal data:
- For the duration of the contract and after its termination to pursue claims, fulfill legal obligations, but not longer than the limitation period in accordance with the Civil Code.
- On settlement documents for the period specified by tax law.
- For marketing purposes for 10 years or until consent for data processing is withdrawn or an objection is raised.
- For other purposes for one year unless consent for processing is withdrawn earlier and there is no other legal basis for processing.
Personal data of patients processed in connection with health services are stored for the period specified in the Act of November 6, 2008, on Patient Rights and the Patient's Rights Ombudsman.
Rights of the Data Subject
Every data subject has the right to:
- Access – to obtain confirmation from the administrator whether their personal data is being processed and to access it (Article 15 GDPR).
- Obtain a copy of the data – the first copy is free, subsequent copies may be chargeable (Article 15(3) GDPR).
- Rectification – to request the correction of inaccurate or incomplete data (Article 16 GDPR).
- Deletion of data – to request the deletion of data if the administrator has no legal basis for processing it (Article 17 GDPR).
- Restriction of processing – to request the restriction of data processing in specific cases (Article 18 GDPR).
- Data portability – to receive the data in a machine-readable format and request its transfer to another administrator (Article 20 GDPR).
- Object – to object to the processing of data for reasons related to their particular situation, including profiling (Article 21 GDPR).
- Not to be subject to profiling – the right not to be subject to decisions based solely on automated data processing, including profiling, that have legal effects or similarly significantly affect the person (Article 22 GDPR).
- Lodge a complaint with the President of the Personal Data Protection Office in Warsaw.
To exercise these rights, the individual should contact the administrator using the provided contact details and inform them of the right they wish to exercise.
Reporting Violations
Any identified case of personal data security breach will be properly and lawfully documented, and if the situations specified in the GDPR or the Data Protection Act occur, the relevant individuals and appropriate authorities, such as the President of the Personal Data Protection Office, will be informed of such a breach.
Data Breach Notification
In the event of a personal data breach that may result in a high risk of violating the rights or freedoms of individuals, the Administrator will, without undue delay, notify the data subject and the appropriate supervisory authority of such a breach in accordance with the provisions of Articles 33 and 34 of the GDPR. The notification will include a description of the nature of the breach, possible consequences, and the remedial measures taken.
Cookie Policy
Purpose for Using Cookies
Cookies are used to tailor the content of pages to user preferences and to optimize their use. They also help to create anonymous statistics that help understand how websites are used.
What We Use Cookies For
Zdro Tech uses cookies to:
- Tailor website content to users' needs.
- Optimize the use of online services.
- Maintain user sessions (after logging in).
- Collect data on site usage, which helps improve its structure, navigation, and content.
- Avoid repeatedly presenting the same content to the same user.
- Present content tailored to user interests.
- Serve advertising content through partner systems outside of Zdro Tech websites.
- Support users and ensure their security while browsing the site.
What Types of Cookies Does Zdro Tech Use?
We use two types of cookies:
- Session cookies – allow remembering the choices made, used, for example, during logging in. They remain on the device until logging out, leaving the page, or closing the browser.
- Persistent cookies – stored on the device for a time specified in the cookie parameters or until they are deleted.
Depending on the purpose of the cookies, we use the following types:
- Necessary for the operation of the service and applications – allow you to use our services, e.g., authentication cookies.
- Cookies used for security, e.g., used to detect abuse.
- Performance cookies – collecting information on how websites are used.
- Functional cookies – allowing the "remembering" of settings chosen by the user.
- Advertising cookies – delivering advertising content tailored to interests.
- Statistical cookies – used to count website statistics.
How to Change Browser Settings Regarding Cookies
Web browsers by default allow cookies to be stored on the end device. The user can withdraw consent to the use of cookies by changing the browser settings. Failure to make changes means that the information may be placed and stored on the end device.
Through the web browser, the user can manage cookies:
- Accept cookies, which allows full use of the options offered by websites.
- Manage cookies on a per-site basis.
- Set different settings for different types of cookies.
- Block or delete cookies.