Medistica. Badania Kliniczne – by-laws


  • Each user of the website simultaneously consents for acceptance of by-laws.
  • All contents published on the website constitute an exclusive property of the website. It is prohibited to copy and distribute contents presented on the website in part or in their entirety, without a written consent of the website owner.
  • Use of the website is equivalent to the approval of the policy of privacy.


1. Details of administrator:

Co-administrators of your personal data are Mirosław Szlachcic and Ewa Szlachcic, acting as Osteomed s.c. Mirosław Szlachcic, Ewa Szlachcic. Each of administrators is fully responsible for meeting obligations arising from a general data protection regulation, hereinafter referred to as GDPR.

Contact with administrators is possible via:

  • mail: ul. Kazimierza Wielkiego 57/IV, 30-074 Kraków,
  • telephone: 12 423 40 43,
  • e-mail:

2. Data Protection Inspector’s Personal Data

Co-administrators appointed a Personal Data Inspector, who can be contacted by sending a mail to the e-mail address:

3. Basics and purposes of data processing

Data of persons visiting a website

By visiting our website, in case of the lack of changed internet browser settings, you leave us information about yourself using cookies. Cookies can be deleted from your browser history, and if you do not wish for them to be registered at your device, you can change your preferences in the setting of the browser you are using.

Additionally, on our website we have placed a plug-in to the social network – Facebook, which  sends information on visiting our website to that administrator, whose registered office is located outside the European Economic Area. Detailed information on a method of using personal data by Facebook can be found in the privacy policy of the portal. Facebook belongs to entities which certified themselves within the Privacy Shield program– a decision of the European Commission confirming the adequate level of personal data protection within the data transfer to the USA.

Data left in contact forms

We are facilitating contact with the Administrator by a tab called contact and contact forms. We process data left in those locations:

  • in order to reply to a question connected with a scope of rendered services and the offer of the Administrator, i.e. in legally justified interest pursuant to art. 6 section 1 letter f of GDPR,
  • in order to make an appointment, pursuant to art. 9 section 2 letter h of GDPR,
  • in other cases, in order to reply to questions asked via a contact form, i.e. in the legally justified interest pursuant to art. 6 section 1 letter f of GDPR.

Patients’ Data

We do not process our Patients’ data via our website. Wishing to make information on the method of data processing as available as possible, below we publish information on a method of our Patients’ data processing:

  • for health purposes, i.e.:
    1. medical diagnosis and treatment, including keeping of medical documentation and providing healthcare, management of healthcare systems and services, including patient’s registration and administration service of appointments, pursuant to art. 9 section 2 letter h of GDPR in conjunction with art. 3 section 1 of the Medical Activity Act and art. 24 of the Patient’s Rights Act and The Patient’s Rights Ombudsman,
    2. for providing social security and management of systems and services of social security, and especially issuing medical certificates, pursuant to art. 9 section 2 letter h of GDPR, in conjunction with art. 54 of the Act on Financial Benefits from Social Security in the event of illness and maternity or other applicable regulations from the scope of social security laws,
  • for facilitation of a contact with a patient, in connection with effective proceeding of a process of treatment and booking of appointments, pursuant to art. 9 section 2 letter h of GDPR,
  • for performance of provisions of an agreement to perform medical services to the benefit of patients, pursuant to art. 6 section 1 letter b of GDPR,
  • for implementation of the legally justified interest meaning establishment, inquiry or protection from your or third party’s claims, pursuant to art. 6 section 1 letter f GDPR, pursuant to the granted consent:
    1. for marketing purposes, i.e. receiving sales information via electronic mail, as well as by telephone,
    2. for purposes connected with implementation of clinical trials,
    3. for other purposes indicated in the contents of the consent expressing clause, pursuant to the granted consent, i.e. art. 6 section 1 letter a and art. 9 section 2 letter a GDPR.

Data of persons authorized to obtain information on a Patient or obtaining documentation

We received personal data of persons authorized to inquire about a Patient or to obtain information, i.e. their name, surname and address of residence, from our Patient, who authorized these persons to inquire about this Patient’s condition or to review the medical records. We process them pursuant to art. 6 section 1 letter c of GDPR (general personal data protection), for a period of 20 years from the last appointment of this Patient in order to establish the right to inquire about a Patient’s health or to review medical records.

4. Data recipients

Personal data recipients are other entities offering medical and diagnostic services, IT services suppliers, especially e-mail and servicing operators, marketing company, legal counsellors (in special cases), insurance companies, appropriate institutions (e.g. National Healthcare Funds, Social Insurance Institution) and our staff.

5. Duration of data processing

  1. data collected via a contact form will be processed for a period of one month from the date of leaving information,
  2. data contained in medical documentation will be stored for a legally required period of time, which in most cases currently amounts to 20 years, counting from the end of the calendar year when the last entry was made,
  3. data being a basis to establish, pursue or defend from claims will be processed until the date of expiration of claims,
  4. data will be processed for marketing purposes until the date of withdrawal of consent.

6. Rights connected with personal data processing

  1. right to complain to the President of the Data Protection Agency or other appropriate supervisory body,
  2. right to withdraw the granted consent, what will have no impact on legality of data processing, performed prior to the withdrawal of consent,
  3. right to demand from us access to personal data, their correction, deletion or restriction of processing,
  4. right to object in relation to data processing based on a legally justified interest.

7. Obligation to disclose data

Disclosure of data, connected with a registration for an appointment is fully voluntary and a refusal will have an effect of failure to register for an appointment. Disclosure of data processed on a basis of the granted consent is also voluntary. Disclosure of data necessary for performance of medical services is a statutory requirement, and a refusal of their disclosure prevents performance of healthcare services.

8. Automated decision-making and profiling

Disclosed data will not be subjected to automated decision-making or profiling.