MediClub Privacy Policy

Medistore
MediClub Privacy Policy

Table of content

Privacy Policy of Medicover sp. z o.o.

Data privacy and the protection of the privacy of the users of the MediClub Website are one of our priorities. Therefore, in order to ensure the security of your data and to respect the applicable legal regulations, Medicover sp. z o.o. has established a policy setting out the principles for the collection, processing and use of personal data.

The purpose of this Privacy Policy of the MediClub Website (hereinafter: “Privacy Policy”) is to explain how we handle information about you. Terms and phrases used in this Policy shall have the following meaning:

Personal data – in accordance with Article 4(1) of the GDPR, mean any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly;
Processing – in accordance with Article 4(2) of the GDPR, means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
Controller – within the meaning of Article 4(7) of the GDPR, shall mean the data controller, i.e. the entity which, alone or jointly with others, determines the purposes and means of the processing of personal data. Any time, this Policy refers to the Controller this shall be understood to mean Medicover sp. z o.o. that alone determines the purposes and means of the processing of personal data;
Website – the website operated by Medicover sp. z o.o., available at mediclub.pl, where the Account on the MediClub Website can be registered to use the Electronic Service in accordance with the Rules.
Rules – rules of the MediClub Website, available at mediclub.pl.

Please read this Privacy Policy if you want to know how we obtain and use your personal data.

The terms used in this Privacy Policy shall have the same meaning as defined in the Rules.

WHAT DATA CAN WE PROCESS?

The scope of personal data that we will process may vary depending on the service you use. We may obtain your personal data in the following way:

While using our services provided electronically, via the Website, and when contacting us using the contact details provided on the Website: In order to use some of the functionalities offered on our websites, you will have to be logged in or registered.

Some functionalities and services do not require logging in, but in order to access them, it is necessary to send relevant forms.

We can also obtain your data when you contact us, using the contact details provided on the Website.

Automatically, when you use the Website:

During your visit to our websites and while using the Website, information about your visit and activity are automatically collected, especially your IP address, domain name, browser type, and type of operating system. More information in the section on cookies (see: Polityka Cookies Medicover).

As part of the activities undertaken outside the Website, we may also process other personal data relating to you. Links below include detailed information on the processing of your data by Medicover sp. z o.o.

The processing of personal data by Medicover sp. z o.o. on social networks:

The processing of personal data by Medicover sp. z o.o. in relation to the provision of health care services and medical care.

The processing of personal data by Medicover sp. z o.o. in relation to operating the Best Doctors (Ranking Lekarzy) website:

a) processing of personal data of physicians

b) processing of personal data of patients

The processing of personal data by Medicover sp. z o.o. in relation to recruitment activities.

The processing of personal data by Medicover sp. z o.o. in relation to marketing and communication activities.

The processing of personal data by Medicover sp. z o.o. in relation to business cooperation.

PROCESSING OF PERSONAL DATA ON THE WEBSITE

1. Data Controller and Data Protection Officer

The Controller of your personal data collected in the process of registration and use (as a MediClub member) of the Website is Medicover sp. z o.o. with its registered office in Warsaw (00-807), Al. Jerozolimskie 96 (hereinafter referred to as Medicover).

You can contact us:

by post to the following address: Client Service Department, Medicover sp. z o.o., Al. Jerozolimskie 96, 00-807 Warszawa;
via the contact form at www.medicover.pl;
by e-mail, to: dok@medicover.pl;
by telephone, at: 500 900 500.

We have appointed the Data Processing Officer. The Data Processing Officer is a person you may contact with respect to all matters pertaining to the processing of personal data and exercising rights related to the processing of data. The inspector can be contacted in the following way:

by post to the following address: Data Protection Officer

Medicover sp. z o.o.

Al. Jerozolimskie 96

00-807 Warszawa

via email: IOD@medicover.pl

Ms. Monika Sobczyk is currently serving as the Data Protection Officer.

2. What data do we collect and how do we use them?

Any time we ask you to provide any personal data, we will inform you exactly about the conditions of their processing.

We may collect data relating to you through forms or in relation to the functioning of your account on the website. We may also obtain your personal data if you write to us or call us using the contact details provided on the website or in this Privacy Policy.

Your data may be used by Medicover, inter alia, for the following purposes:

concluding the contract for the provision of the Electronic Service (registration of the Account on the MediClub Website – legal basis: point (b) of Article 6(1) of the GDPR);

The Account is registered automatically, which constitutes fully automated decision-making within the meaning of point (a) of Article 22(1) of the GDPR, by the Website provider. This decision is made based solely on providing correct registration details.

using the service provided by electronic means (legal basis – point (b) of Article 6(1) of the GDPR) which, in accordance with the Rules, comprises:

viewing the Website content;
Account registration;
logging into the Account;
resetting the Account password;
viewing and changing the Account elements, including the User profile (within the scope specified for the User Account);
viewing the Platform content as a Registered User;
the possibility to place an Order under a Paid Contract, as a Registered User, without the need to provide all the data during the purchase process;
the possibility to add (on the Account) details of other persons in order to facilitate placing Orders in the Online Store for these persons;
viewing the history and status of the Orders placed (on the Account);
the possibility to remove the Account (terminate the Contract for the Electronic Service);
the possibility to receive notifications (via e-mail or text messages, notifications on the website or in the web browser – so-called Web Push notifications) on Benefits, as well as notifications aimed at improving the health care awareness.

if you use paid services or those financed from public funds subject to reimbursement, in order to fulfil a legal obligation to which Medicover is subject, including those resulting from accounting and tax acts, pursuant to point (c) of Article 6(1) of the GDPR in conjunction with provisions of these acts, for the period resulting from the provisions contained therein;
to answer your question to Medicover, including related to complaints made in accordance with the Rules – based on the need to pursue our legitimate interests in the form of answering the question addressed to us, i.e. pursuant to point (f) of Article 6(1) of the GDPR, until an answer to this question is provided, or until an effective objection to the processing of your data is submitted;
to communicate with you, including using the web push technology – based on the need to pursue our legitimate interests in the form of establishing and maintaining contact with you as our client or user of our website, i.e. pursuant to point (f) of Article 6(1) of the GDPR, whereas due to the need to use the Cookies technology in order to ensure the correct functioning of this communication option, in accordance with Article 173 of the Telecommunications Law, we need an additional consent to use the Cookies technology. Data to this end can be processed by us until objecting to their processing or withdrawing consent to use the Cookies technology (see: our Cookies Policy of Medicover);
for the purposes of marketing of our own products and services – based on the need to pursue our legitimate interests in the form of direct marketing of own products and services, i.e. pursuant to point (f) of Article 6(1) of the GDPR, whereas in accordance to Article 10 of the Act on the provision of services by electronic means and Article 172 of the Act – Telecommunications Law, we need an additional consent to use the specified communication channels in order to conduct marketing activities. Data to this end can be processed by us until objecting to their processing or withdrawing consent to receiving marketing and information materials by electronic means (marketing messages should be distinguished from providing notifications on Benefits in accordance with the Rules – legitimate interests of the service Provider/it is possible to opt out of receiving the notifications at any time by deleting an account on the MediClub Website, i.e. terminating the contract for using the Website);
to create statistics and summaries that will be used by us to improve the effectiveness of our marketing activities and build a business strategy – the vast majority of such statistics are created based on non-personal data or anonymised data. In the event that personal data will be used for this purpose, their processing will take place based on the need to pursue our legitimate interests in the form of analytical and statistical activities for the purpose of our development, i.e. pursuant to point (f) of Article 6(1) of the GDPR, until an effective objection to the processing of your data is filed.

Your data may also be processed for the establishment, exercise or defence of potential legal claims that may arise in connection with the use of services provided by Medicover. In such the case, your data will be used based on the need to pursue legitimate interests of Medicover in the form of securing the claims, i.e. pursuant to point (f) of Article 6(1) of the GDPR, for the claim limitation period as provided by the law. After that period, your data will be irreversibly removed from the database of Medicover.

In the case of the Website User providing details of another person (e.g. to order a product or a service), such data shall be processed based on point (f) of Article 6(1) of the GDPR, i.e. a legitimate interest pursued by the Controller. In this case, the User should confirm (prior to providing another person’s data) that this person does not object thereto.

3. Who may have access to your personal data?

Your data may be transferred to external entities to the extent necessary to achieve the above-mentioned purposes of their processing. These are entities cooperating with Medicover, i.e. law and tax offices, entities providing debt recovery services and entities providing services to Medicover based on separately concluded entrustment agreements (e.g. hosting provider, entities providing IT or accounting services).

Recipients of data may also include:

providers of Benefits in accordance with the Rules, selected by the User if the confirmation of the MediClub Website Account registration is necessary to use the Benefit;
Partners of the Website Provider selected by the User, operating online stores if the User benefits from the possibility to place an order as a registered MediClub member when making purchases in the online store.

Your data may also be transferred to entities authorised to access them in accordance with the provisions of generally applicable law (e.g. the police).

In addition, if you give your consent to or request it, Medicover may also disclose your personal data to other entities authorised by you.

Recipients of data may be based in a country outside the European Economic Area (EEA), but in this case, Medicover will ensure an appropriate level of security to ensure protection of the data subject. Data may be transferred to countries outside the EEA in relation to, e.g.:

activities on social networking sites and the use of plugins and other tools from these sites (including Facebook, Twitter);
using analytical tools and tools for anonymized tracking of user behaviour, in particular Google Analytics, Hotjar, SALESmanago.

4. Other information

Providing personal data is voluntary, however, it is required to conclude a contract with Medicover or it may be required by law – always depending on the service and scope of services provided to you by Medicover. We will always inform you, in an appropriate information clause, whether disclosure of personal data to Medicover is voluntary or required.

Your personal data will be used for the automated decision-making, including for profiling. This means that based on personal data relating to you that we have and information on the products you purchase or services you use, or cookies saved on your device, we will be able to draw conclusions pertaining to your preferences and interests that can be used to build your marketing profile, our marketing strategy and further development. Based on the profile built, we will be able to better adjust our messages to your expectations, which means that you will receive less useless information and product offers you are not interested in. In each case, profiling is aimed at assessing (and communicating) whether the process is necessary to provide service (in this case, point (b) of Article 6(1) of the GDPR provides a legal basis) or is related to the provision of the service. In the second case, depending on the assessment, the processing of data may be based on a legitimate interest of the Controller (with an option to object, inter alia, adjusting the notification content to the User’s preferences) or the consent. In each case, the Supplier shall provide clear information about a legal basis for profiling. Profiling shall not be based on or result in the processing of data pertaining to the health status without an explicit consent of the User or existence of legal regulations.

YOUR RIGHTS

You have the following rights related to the processing of personal data:

right to object to the processing of data for marketing purposes, as we process your data for marketing purposes based on our legitimate interest;
right to object to the processing of data due to special situation, when we process your data for marketing purposes based on our legitimate interest;
right to withdraw your consent (granting your consent shall be always voluntary and the consent can be withdrawn at any time/the withdrawal of your consent shall not affect the lawfulness of the processing based on the consent before its withdrawal);
right of access to your personal data;
right to request rectification of your personal data;
right to request erasure of your personal data, only when we are not obliged by legal regulations to process them;
right to request restriction of the processing of your personal data;
right to personal data portability, i.e. the right to receive from us personal data concerning you, in a structured, commonly used and machine-readable format. You can transmit those data to another data controller or request us to transmit these data to another controller. However, we will transmit these data, only where technically feasible;
right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision in the case of automated decision-making.

In order to exercise the aforementioned rights, please contact us or our Data Protection Officer. Detailed information on exercising your rights is available here->>

You also have the right to lodge a complaint to a supervisory authority competent for the protection of personal data, i.e. the President of the Personal Data Protection Office.

Regardless of the right you have based on the GDPR, if you do not want to use the Website as a Registered User (MediClub member), including to receive notifications from the Account, you may delete the Account at any time by using the Account functionality or submitting the request to this end toe-mail address: mediclub@mediclub.pl.

DATA SECURITY

We undertake to protect your personal data in accordance with applicable regulations, in particular not to disclose them to third parties and to process them only for the purposes specified in this Privacy Policy.

Personal data are protected against their unauthorized disclosure, takeover by an unauthorized person, destruction, loss, damage or alteration, and the processing in breach of universally applicable legal regulations. We use appropriate security measures to protect your data. These include internal controls of collected data, storage and processing procedures, and physical and IT security measures to protect against unauthorised access to systems where we store personal data. The transmission of personal data and communication with our servers is encrypted and takes place using the SSL (Secure Socket Layer) protocol. Access to personal data processed by Medicover is protected against unauthorised persons.

Medicover sp. z o.o. reserves the right to amend the content of the Privacy Policy in the event of amendments to the Polish law or the implementation of new technological and IT solutions.

Download the MediClub Privacy Policy