Privacy & Data Processing Policy

Data Controller
The Data Controller for the system is Polmedi sp. z o.o., registered at ul. Kasztelańska 62, 60-316 Poznań, Poland. The company is listed in the Register of Entrepreneurs maintained by the District Court Poznań – Nowe Miasto i Wilda, 8th Commercial Division of the National Court Register under KRS number 0000660331, REGON: 366420320, NIP: 7773276707. Hereinafter referred to as the Controller.

Data Security
We take the privacy of our users seriously. The system uses secure, encrypted (SSL) connections. Hosting services are provided by ZETO Poznań S.A., a data center with decades of experience in managing sensitive information.

Sensitive Data
Sensitive data may include biometric data or information about a patient’s health or sexuality. To access online consultations, the patient must provide explicit consent for joint data processing by both the Controller and the medical Consultant. This consent can be withdrawn at any time.

Joint Data Controllers
Medical consultants using the system and the Controller are bound by a joint data processing agreement, strictly for the purpose of providing wound care consultations via the platform.

Data Protection Measures
We maintain a high standard of data protection suited to the nature of the data and the risks involved. Personal data is safeguarded against unauthorized access, theft, misuse, damage, or destruction. Only authorized personnel are allowed to process the data, and records of such access are maintained.

User Consent & Data Scope
By registering in the system, the patient explicitly agrees to the processing of personal data, including health-related data. The data collected includes:

  • Name and surname

  • Address

  • Contact information (phone, email)

  • IP address

  • Age, weight, gender

  • Health status (e.g., diabetes-related information)

All data is provided voluntarily by the patient during registration or consultations.

Data Record
Personal data is stored in a database titled “Personal Data Processed by the System.”

Confidentiality Obligation
Both the Controller and the Consultant are legally obliged to maintain strict confidentiality of patient information, in accordance with Article 13 of the Polish Act on Patient Rights and the Patient Ombudsman (Journal of Laws 2017, item 1318 with amendments).

Regulatory Compliance
The Controller continuously adapts its data processing policies to comply with current legislation, including the General Data Protection Regulation (GDPR), effective as of May 25, 2018.

Purpose of Data Processing
Patient data is processed to:

  • Enable remote wound care consultations through the system

  • Ensure proper performance of the services offered by the Consultant

  • Enter into, modify, or terminate a contract with the patient

  • Provide the highest quality of service
    In this scope, we may process name, email address, phone number, and tax identification number (NIP).

Health Data Use
Health-related information is processed exclusively by the Consultant for diagnostic and treatment purposes within the system.

Patient Rights
Providing data is voluntary. Patients have the right to:

  • Modify or delete their data

  • Limit processing

  • Object to data processing

  • Transfer data to another Consultant or outside the system

  • Exercise the "right to be forgotten"

Data Retention
Personal data is stored during the period of system use. Archived data is retained for five (5) years from the first login unless the user requests deletion.

Data Deletion Requests
Patients may request data deletion ("right to be forgotten") directly via the system’s messaging feature. The Controller will delete all data without delay.

Data Transfer Between Consultants
When a patient changes their Consultant within the system, all related data is transferred automatically to the new Consultant.

Right to Information
The Controller is obligated to inform the patient of their rights, and such information may be provided in writing upon request.

Data Protection Officer
Our appointed Data Protection Officer is Marcin Cieślak.
📧 Email: m.cieslak@polmedi.com
📞 Phone: +48 602 220 693

Regulatory Authority
Users have the right to file a complaint with the national data protection authority:
Personal Data Protection Office (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland

Certificates

ISO 13485
Download
Scroll to top