This Procedure is an integral part of the Internal Regulations of BERSENEVA MEDICAL CENTER LLC, the Rules for the provision of services (if any), the Public Agreement for the provision of medical services by BERSENEVA MEDICAL CENTER LLC, which is concluded with the Customer when ordering and/or paying for medical services through the website of BERSENEVA MEDICAL CENTER LLC.
This Procedure also applies to the personal data of children if the ordering of a medical service is carried out by their legal representative (in particular, a father or mother in respect of their child, a guardian or trustee in respect of an incapacitated person or a person with limited legal capacity, other cases provided for by the current legislation of Ukraine).
References in this Procedure to the “Medical Center” or “Clinic” shall mean the LIMITED LIABILITY COMPANY “BERSENEV MEDICAL CENTER” (legal entity registered on 12.11.2009, legal entity identification code 36799183).
This Procedure clarifies the following provisions:
– what is the personal data of a patient, legal representative and other person who has applied to the Medical Center for services
– what personal data is collected;
– how and for what purpose personal data is used;
– to whom personal data may be transferred;
– how the confidentiality of personal data is protected;
– how the client can contact the Medical Center and whom to contact if he/she has any questions regarding the processing of his/her personal data.
The Medical Center undertakes to take all necessary measures aimed at
– preventing the misuse of personal data of clients that become known to the Medical Center;
– processing of personal data of clients in accordance with the requirements of the current legislation of Ukraine and exclusively legal grounds for such processing.
If the Client refuses to provide his/her personal data as provided for in this Procedure, the Medical Center shall refuse to register such Client for a medical service and provide such services due to the lack of legal grounds.
If the Medical Center controls the methods of collecting personal data of clients and determines the purpose of processing personal data, the Medical Center is the “personal data controller” within the meaning of the Law of Ukraine “On Personal Data Protection” dated June 01, 2010 No. 2297-VI.
The Medical Center processes personal data of clients only if, but not exclusively
– the client has given consent to the processing of personal data;
– processing is necessary for the purpose of concluding or performing a Public Agreement for the provision of medical services or providing other services to the client.
The Medical Center may update the Procedure from time to time, including if required by the legislation of Ukraine. In this regard, the Medical Center emphasizes the need for clients to visit its official website to update the information.
TERMS AND CONCEPTS USED IN THE PROCEDURE
The term patient shall mean an individual who has applied to the Medical Center for a medical service/assistance (including making an appointment for a medical service through the official website of the Medical Center) and/or to whom such a service is provided. When the terms patient, legal representative, other persons are mentioned simultaneously, the term “client” is used.
Personal data is any information of a personal nature that allows a third party to identify an individual (data subject).
Personal data, the processing of which carries a special risk for personal data subjects. Such data include personal data containing information about racial origin, political or religious views, trade union membership, health, sexual life, biometric or genetic data.
Personal data subject is an individual whose personal data is processed.
Personal data owner is an individual or legal entity that determines the purposes and means for processing personal data and is primarily responsible for their processing.
Personal data manager is an individual or legal entity that processes personal data for the owner on the basis of instructions (directions, orders) of the owner.
Processing of personal data means any action or set of actions, such as collection, registration, accumulation, storage, adaptation, modification, updating, use and dissemination (distribution, sale, transfer), depersonalization, destruction of personal data, including with the use of information (automated) systems.
LEGISLATION GOVERNING THE PROCESSING OF PERSONAL DATA
The processing of personal data of clients is carried out in accordance with the requirements of the Law of Ukraine “On Personal Data Protection”. In terms of legal regulation, the Procedure covers relations related to the processing of personal data in video surveillance systems at the Medical Center and its adjacent territory.
PURPOSE OF PERSONAL DATA PROCESSING
The Medical Center provides medical services and other services in Ukraine. The Medical Center needs personal data of patients, legal representatives and other persons who have applied for services to provide quality, timely medical services and other services, including, but not limited to
– pre-order medical services;
– make changes to the order;
– process the order of the service and contact the client in case of problems with the order (for example, to send a message if the order has not been completed);
– inform the client about the place, date and time of the medical service, methods of preparation for diagnostic procedures and provide other important information about the order of the medical service;
– ensure that the client receives the ordered medical service;
– notify the client of any changes (for example, in case of changes in the date or time of medical service provision due to the doctor’s illness, breakdown of medical equipment, etc;)
– provide the client with a full range of services;
– to be able to familiarize the client with all special offers of medical services, including access to loyalty programs, etc.; to provide consulting assistance before, during and after the provision of medical services; to provide information support;
– process customer complaints and suggestions;
– improve services, including through surveys on satisfaction with these services.
The Medical Center may send push notifications, Skype, Viber, WhatsApp and other messages to clients using various OTT applications, SMS messages, messages of another type/method of transmission in order to inform the client about medical services and to find out the wishes regarding the quality of service during the service at the Medical Center.
At the same time, to send commercial (marketing) messages to the client, we obtain a separate consent of the client, which can be withdrawn at any time.
The Medical Center asks clients to provide only the personal data that is necessary to provide the medical service chosen by the client, receive a newsletter or respond to a special request/claim. At the same time, if the client decides to provide additional personal data, the Medical Center will also be able to process it with the required level of protection.
PERSONAL DATA PROCESSED BY THE MEDICAL CENTER
|
Service of the Medical Center
|
Personal data processed
|
Legal basis for processing
|
|
Ordering a medical service
|
1) appeal
2) name, patronymic
3) surname
4) date of birth
5) e-mail address
6) phone number/s
7) sex
8) health information
9) name of the legal entity, identification code of the legal entity (when paying on behalf of the legal entity).
|
Client’s consent;
fulfillment of a public contract
on the provision of medical services
|
|
Online registration
|
1) name, patronymic
2) surname
3) date of birth
4) e-mail address
5) phone number/s
6) date of registration.
|
Client’s consent;
fulfillment of a public contract
on the provision of medical services
|
|
Creating and managing participation in loyalty programs, other
|
1) name, patronymic
2) surname
3) date of birth
4) e-mail address
5) phone number/s
6) information about the medical services provided (for the calculation of bonuses, points, etc.).
|
Client’s consent;
fulfillment of a public contract
on the provision of medical services
|
|
Send commercial (marketing) messages
|
1) name, patronymic
2) surname
3) date of birth
4) e-mail address
5) phone number/s
6) information about the medical services provided (for the calculation of bonuses, points, etc.).
|
Client’s consent;
fulfillment of a public contract
on the provision of medical services
|
|
Appeals, complaints, claims
|
1) date of application, receipt of medical services
2) name, patronymic
3) surname
4) date of birth
5) information on health status, medical examination results, etc.
6) e-mail address
7) phone number/s
8) information on health status
9) other personal data provided by you.
|
Client consent, legitimate interests
|
|
Various questions to the general e-mail
|
1) name, patronymic
2) surname
3) information on health status, medical examination results, etc.
4) e-mail address
5) phone number/s
6) other personal data provided by you.
|
Client consent, legitimate interests
|
|
Customer posts, messages, comments, questions in social media addressed to the Medical Center, as well as comments under the Medical Center’s publications or about the Medical Center in social media.
|
1) link to the profile in social networks
2) nickname
3) language of appeal
4) correspondence
5) other personal data provided by you.
|
Client consent, legitimate interests
|
|
Visit the Medical Center’s website
|
1) IP address
2) the Medical Center’s website uses cookies and similar technologies.
|
Client consent, legitimate interests
|
In addition to the above, the Medical Center may process any other personal data that will be voluntarily provided by the client to the Medical Center.
If the storage of personal data of clients is not necessary for the provision of services by the Medical Center and is not required by law, we will delete it.
PERSONAL DATA, THE PROCESSING OF WHICH CARRIES A SPECIAL RISK FOR PERSONAL DATA SUBJECTS
The Medical Center collects special categories of data about clients, tries to minimize their use and processes them with extreme caution.
In the course of providing services to clients, the Medical Center may process personal data that help determine the state of physical and/or mental health of the client. Such information refers to special or sensitive personal data in accordance with the current legislation of Ukraine.
If you do not allow us to process any personal data, including the processing of which poses a risk to personal data subjects, this may mean that we will not be able to provide you with the medical services you have requested/ordered from us.
The Medical Center, when conducting video surveillance, notifies the personal data subject of the fact of video surveillance by placing a corresponding warning. Such warnings are located in public places for proper visual perception by the subject of personal data before the processing of his/her personal data in video surveillance systems, in particular at the entrance to the Medical Center.
The warning contains the following elements:
– a warning about the fact of video surveillance;
– the name and details of the owner of the personal data base – the Medical Center that conducts video surveillance;
– the purpose of video surveillance, which is formulated in this Procedure;
– contact information for submitting a reasoned request to change or destroy personal data of the personal data subject.
PROTECTION OF PERSONAL DATA OF CHILDREN
The Medical Center recognizes the importance of special protection of children’s personal data. The Medical Center’s website is not intended and is not directly oriented to be used by children. Among the clients there are parents with children who order services for children in order to receive medical services. In this case, the Medical Center receives and processes personal data of children for the relevant purpose. At the same time, parents or other persons ordering the relevant services for children are responsible for the relevance (correctness) of the data and the possibility of providing services to the child. In the process of ordering a medical service, the person ordering the service represents the legitimate interests of the child.
ORDERING MEDICAL SERVICES ON BEHALF OF ANOTHER PERSON
If the order of medical services is made on behalf of another person(s), such individual is obliged to obtain their consent to order medical services in advance, warning them about the transfer of their personal data to the Medical Center, and accordingly inform them of their personal data. Such an individual shall be responsible for the relevance (correctness) of this data. In the process of ordering a service, such an individual represents the legitimate interests of such a person. This also means that such individual shall inform the person about the terms of ordering the service and the terms of this Procedure.
PLACE OF STORAGE OF PERSONAL DATA
The Medical Center has a large database of personal data stored on its own servers located in Ukraine.
TRANSFER OF PERSONAL DATA TO THIRD PARTIES
The Medical Center, when interacting with all other persons (legal entities, citizens) that are not related to the Medical Center, does not transfer, provide for temporary disposal/use, or sell the received personal data. Exceptions to this rule are cases provided for by the current legislation of Ukraine, the need to transfer personal data solely for the purpose of complying with the current legislation of Ukraine. Such transfer of personal data does not require the personal permission of the data subject to be transferred, or in the event of certain circumstances listed below.
Informing public authorities. This procedure takes place within the framework of the Law, and is associated with lawsuits, at the stage of pre-trial investigation, as well as in other cases requiring the collection of evidence or observance of the legal rights of the Medical Center. Such statutory cases include, among other things, measures aimed at preventing, investigating illegal activities and stopping illegal actions of third parties.
Other cases of informing. The Medical Center reserves the right to transfer personal data of individuals in cases and in accordance with the procedure established by the current legislation of Ukraine in order to protect and defend its rights, ensure the safety of the Medical Center and its clients.
The official website has the right to use, share with third parties and disclose for marketing and strategic purposes as follows
– aggregated information
– impersonal information;
– statistics on the services provided.
In such cases, the identification of the site’s customers using aggregated and / or impersonal information or statistics is completely excluded.
When accessing other services through the links posted on the Medical Center’s website, clients should allow for the possibility of using their personal data by operators of third-party services that are guided by their own privacy policies.
TECHNICAL, ORGANIZATIONAL AND OTHER MEANS OF PERSONAL DATA PROTECTION
For the purpose of secure storage of personal data of clients, the Medical Center has implemented technical and organizational measures to protect personal data from unauthorized or unlawful processing and from unintentional loss, destruction or damage.
The Medical Center adheres to the principle of minimizing personal data. The Medical Center processes only the information about clients that is necessary for the provision of medical services, or information that the client consented to provide in excess of the necessary processing. In addition, the Medical Center has configured all interfaces of the official website and applications for the provision of services so that the maximum possible confidentiality is maintained, the settings of which can be adjusted by the client at his/her discretion.
When transferring personal data to the Medical Center’s contractors and government agencies, the Medical Center always uses the most secure and proven ways to transfer such data in the manner and on the basis provided for by the requirements of the current legislation of Ukraine.
TIME OF PROCESSING (STORAGE) OF PERSONAL DATA
The Medical Center shall retain personal data of clients for longer than is necessary to fulfill the purpose for which it is processed or to comply with the requirements established by law.
To determine the appropriate storage period, the Medical Center determines the nature and category of personal data, the purpose for which it processes this personal data, and whether the Medical Center can achieve these purposes by other means.
The maximum period for processing personal data at the Medical Center is
– for information contained in medical records drawn up in outpatient settings – from 5 years from the date of the last visit to the Medical Center by the client;
– for information contained in medical records drawn up in inpatient settings – from 25 years from the date of the last visit to the Medical Center by the client;
– personal data contained in accounting and financial documents – 3 years from the date of submission of tax returns for the period in which the relevant transaction took place (for example, payment for services received), submission of tax returns for the period in which the relevant transaction took place (for example, receipt of medical services). The specified processing time complies with the provisions of the Tax Code of Ukraine regarding the retention periods for documents related to the calculation and payment of taxes and fees.
The Medical Center may subsequently minimize the personal data of clients that it uses. In this case, the Medical Center will be able to use this information for statistical or other purposes without further notice to the client, as such information ceases to be personal data.
COOKIES AND OTHER TRACKING TECHNOLOGIES
Cookies are small text files that are stored by websites on a customer’s computer or mobile devices at the moment the customer starts using them. In this way, the website will remember for a certain period of time the actions that the client has taken, including so that the client does not need to re-enter this data. Cookies by themselves do not identify an individual user, but only identify the computer or mobile device used by the client.
Cookies and other tracking technologies on the Medical Center’s website may be used in various ways, for example, for the purpose of operating the website, analyzing traffic or for advertising purposes. Cookies and other tracking technologies are used, in particular, to improve the quality and efficiency of our services.
Please be advised that some Internet browsers can be configured to refuse cookies and other tracking technologies. At the same time, the client should understand that if he disables some cookies, the functionality of the Medical Center’s website may be limited and he will not be able to take advantage of all its benefits, including the possible incorrect operation of some services.
RIGHTS OF PERSONAL DATA SUBJECTS IN ACCORDANCE WITH THE LEGISLATION OF UKRAINE
The rights of personal data subjects to process personal data in accordance with the legislation of Ukraine:
– to know about the sources of collection, location of their personal data, the purpose of their processing, location or place of residence (stay) of the owner or manager of personal data or to give a corresponding order to obtain this information to persons authorized by him/her, except in cases established by law;
– receive information about the conditions for granting access to personal data, including information about third parties to whom his/her personal data is transferred;
– to have access to their personal data;
– receive a response on whether his/her personal data is processed or stored no later than thirty calendar days from the date of receipt of the request, except in cases provided for by law, and receive the content of such personal data
– to submit a reasoned request to the personal data controller with an objection to the processing of their personal data;
– to submit a reasoned request to change or destroy their personal data by any owner and manager of personal data, if this data is processed illegally or is unreliable;
– to submit a reasoned request to the owner of personal data with an objection to the processing of their personal data;
– to make a reasoned request to change or destroy their personal data by any owner and administrator of personal data, if this data is processed illegally or is unreliable;
– to protect their personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision, as well as to protect against the provision of information that is inaccurate or discrediting the honor, dignity and business reputation of an individual;
– file complaints against the processing of their personal data to the Ukrainian Parliament Commissioner for Human Rights or to the court;
– apply for legal remedies in case of violation of the legislation on personal data protection;
– to make reservations about the restriction of the right to process their personal data when giving consent;
– withdraw consent to the processing of personal data;
– to know the mechanism of automatic processing of personal data;
– to be protected against an automated decision that has legal consequences for him/her.
Withdrawal of consent to the processing of personal data.
If the Medical Center processes personal data of clients on the basis of consent to the processing of personal data (in particular, for the purposes of marketing mailings), further processing can be terminated at any time. It is enough to withdraw consent to such processing. For security reasons, the Medical Center has the right to request an identity document from clients.
WHO YOU CAN CONTACT TO PROTECT YOUR PERSONAL DATA
Personal data protection authority in Ukraine
The administrative body for personal data protection in Ukraine is the Department for Personal Data Protection of the Secretariat of the Ukrainian Parliament Commissioner for Human Rights. The client has the right to file complaints or suggestions with this authority if he or she believes that his or her rights have been violated in connection with the processing of personal data.
If you have any questions, comments, complaints or suggestions regarding the protection and processing of personal data, the client may contact the Medical Center using the contact information provided on the official website.
It is mandatory for the client to indicate the following information in all correspondence: name, surname, e-mail address, as well as detailed questions, comments, complaints or requests.
In addition, the client may refuse to receive information (marketing) mailings through the Medical Center’s website by filling out a special form.
I agree to the terms and conditions
Procedure for processing personal data
“BERSENEV MEDICAL CENTER” LTD.
