ORTHOPODO

Center & Academy

by Oksana Holovko

Book an appointment

Privacy Policy

Privacy Policy

Orthopodo Center & Academy by OKSANA HOLOVKO

1. Data Controller Details

The controller of your personal data is:

OKSANA HOLOVKO Ortopodo center & academy

al. Aleja Wincentego Witosa 31 lok. 215

00-710 Warsaw, Poland

NIP (Tax ID): 5213983199

REGON (Business ID): 523059161

In this document, the controller is hereinafter referred to as the “Controller”.

Contact regarding personal data protection:

  • Mailing address: as above, with the note “Personal Data”

  • E-mail: kontakt@ortho-podology.com

  • Phone: +48 789 914 070

2. Scope of the Privacy Policy

This Privacy Policy applies to:

  • the use of medical, podiatry, and orthopedic services provided by the Controller in the stationary clinic,

  • booking appointments (by phone, via instant messengers, or the online booking system, if implemented),

  • using the Controller’s profiles on social media (including Instagram, Facebook),

  • contact with the Controller via:

    • contact forms on the website (if any),

    • electronic mail (e-mail),

    • telephone,

    • instant messengers (e.g., WhatsApp, Telegram),

  • other forms of contact involving the processing of personal data.

3. Definitions

For the purposes of this Policy:

  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

  • Personal data – any information relating to an identified or identifiable natural person.

  • Patient / Client – a person using the Controller’s services or contacting the Controller.

  • Service – the Controller’s website and other online communication channels (e.g., forms, messengers).

4. Categories of Processed Personal Data

Depending on the situation, the Controller may process the following categories of data:

  • Identification data: first name, last name, PESEL number (if required by law), identity document details (in exceptional cases).

  • Contact data: phone number, e-mail address, residential or correspondence address (if necessary).

  • Health / Medical data (special category of data): information regarding the health of feet, nails, posture, pain ailments, past diseases and injuries; test results (including computer foot diagnostics, pedobarography, imaging tests, consultation descriptions); information about recommended and applied treatment, orthopedic insoles, anatomical footwear, rehabilitation.

  • Visit details: date, time, and place of the visit; type of service performed; billing information (payment type, amount, status).

  • Voluntarily provided data: information sent in the content of e-mails, messages in instant messengers, contact forms, etc.

  • Technical and statistical data (online): IP address, device and browser data, cookies and similar technologies.

5. Purposes and Legal Grounds for Data Processing

The Controller processes personal data for the following purposes:

5.1. Provision of medical, podological, and orthopedic services

  • Purpose: booking appointments, maintaining documentation, diagnosis, planning and implementing therapy, monitoring results, selecting insoles and footwear.

  • Legal basis: Art. 6(1)(b) GDPR (performance of a contract); Art. 6(1)(c) GDPR (legal obligation, e.g., keeping medical records); Art. 9(2)(h) GDPR (processing of special categories of data for healthcare/medical purposes).

5.2. Registration and organization of visits

  • Purpose: setting the appointment date, confirmation of booking, rescheduling, cancellation, SMS/e-mail reminders.

  • Legal basis: Art. 6(1)(b) GDPR (steps at the request of the data subject prior to entering into a contract); Art. 6(1)(f) GDPR (legitimate interest – organizing clinic work).

5.3. Ongoing contact

  • Purpose: responding to inquiries sent via forms, e-mail, phone, social media, and messengers; providing information about the offer.

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest – communicating with interested parties).

5.4. Settlements, accounting, and taxes

  • Purpose: issuing bills/invoices, accounting records, archiving tax documents.

  • Legal basis: Art. 6(1)(c) GDPR (compliance with tax and accounting legal obligations).

5.5. Pursuit of claims and defense against claims

  • Purpose: potential establishment, exercise, or defense of legal claims.

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller).

5.6. Marketing activities (if conducted)

  • Purpose: presentation of services, news updates, patient education (e.g., newsletter, SMS, social media).

  • Legal basis: Art. 6(1)(a) GDPR (consent); Art. 6(1)(f) GDPR (legitimate interest – direct marketing of own services).

5.7. Statistical and analytical purposes (online)

  • Purpose: analysis of website use, improvement of functionality, website security.

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR (consent for cookies).

6. Voluntary Data Provision

Providing data is voluntary but often necessary to schedule and conduct a visit, prepare individual diagnostics/insoles, or issue accounting documents. Failure to provide data may result in the inability to book an appointment or perform the service.

7. Data Retention Period

  • Visit and service data: for the duration of cooperation, and then for the limitation period of potential claims (generally up to 6 years), or as required by medical records regulations.

  • Accounting and tax data: for the period required by tax and accounting laws (generally 5 years from the end of the tax year).

  • Data based on consent: until consent is withdrawn or the purpose is achieved.

  • Data based on legitimate interest: until an effective objection is filed or claims expire.

8. Data Recipients

Personal data may be transferred to:

  • Entities cooperating with the Controller (IT support, hosting, booking systems, orthopedic laboratories/studios).

  • Accounting office, legal and tax advisors.

  • Online tool providers (SMS systems, newsletters).

  • Public authorities – only within the scope of legal obligations.

The Controller generally does not transfer data outside the European Economic Area (EEA).

9. Rights of Data Subjects

You have the right to:

  1. Access your data and receive a copy.

  2. Rectify (correct) your data.

  3. Erasure (“right to be forgotten”) – in specific cases.

  4. Restrict processing.

  5. Data portability.

  6. Object to processing based on legitimate interest or for direct marketing.

  7. Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

To exercise these rights, contact the Controller (details in point 1). You also have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw.

10. Automated Decision-Making and Profiling

The Controller does not make decisions based solely on automated processing, including profiling, which produces legal effects concerning you.

11. Data Security

The Controller applies appropriate technical and organizational measures to protect data against accidental or unlawful loss, destruction, unauthorized access, or disclosure.

12. Social Media

The Controller processes user data on Instagram and Facebook to maintain profiles, interact with followers, and respond to comments based on legitimate interest (Art. 6(1)(f) GDPR). Detailed health data should not be sent via social media.

13. Cookies and Analytical Tools

The Service may use cookies for technical, statistical, and marketing purposes. Detailed information is available in the separate Cookie Policy.

14. Changes to the Privacy Policy

This Policy may be updated due to changes in law or the Controller’s processing methods. The current version will always be available at the clinic and on the website.

15. Contact Details

OKSANA HOLOVKO Ortopodo center & academy

al. Aleja Wincentego Witosa 31 lok. 215

00-710 Warsaw, Poland

e-mail: kontakt@ortho-podology.com

phone: +48 789 914 070