Privacy Policy
Last updated: 03/2026
Data controller
The controller of personal data is:
AN MEDICA Sp. z o.o.
RPWDL: 000000258902
NIP (Tax ID): 525 293 50 75
REGON: 523907778
Phone: +48 537 677 773
The controller is a healthcare provider operating in accordance with applicable Polish law.
Purpose and scope of processing
We process personal data only to the extent necessary to fulfil medical, organisational and legal purposes.
Contact and initial medical assessment
Data provided in the contact form or during a phone conversation is processed in order to:
- respond to your inquiry,
- carry out an initial assessment for treatment,
- assess indications for inpatient care.
Art. 6(1)(b) GDPR (steps prior to entering into a contract)
Art. 9(2)(h) GDPR (provision of health care)
Provision of healthcare services and medical records
If treatment is undertaken, we process data in order to:
- diagnosis,
- treatment,
- ensuring medical safety,
- keeping medical records.
Art. 6(1)(c) GDPR (legal obligation)
Art. 9(2)(h) GDPR (health care)
Medical records are kept for the period required by law.
Settlements and tax obligations
Data is processed in order to:
- issue accounting documents,
- meet tax obligations,
- pursue potential claims.
Art. 6(1)(c) GDPR
Art. 6(1)(f) GDPR
Technical and marketing data (cookies)
The website uses cookies, including:
- necessary cookies,
- analytics cookies (Google Analytics 4),
- marketing tools (Meta Pixel, Twitter Pixel, Snapchat Pixel).
Consents are managed through the CookieYes system.
Art. 6(1)(a) GDPR (consent)
Special category data (health data)
Information concerning health, addiction treatment and mental disorders constitutes special category data and is subject to enhanced protection.
We do not disclose information about treatment to third parties without a legal basis or explicit consent, except in situations provided for by law, for example where life is at risk.
Medical staff are bound by professional confidentiality.
Data recipients
Data may be shared with:
- medical staff to the extent necessary for treatment,
- entities processing data under data processing agreements, such as hosting, IT and analytics providers,
- entities authorised under the law.
We do not sell personal data.
Transfer of data outside the EEA
We use tools such as:
- Google Analytics 4
- Google Search Console
- Meta Pixel
- Twitter Pixel
- Snapchat Pixel
As a result, data may be transferred outside the European Economic Area in accordance with mechanisms provided for under the GDPR, for example on the basis of standard contractual clauses.
Data retention periods
- Data from contact forms - up to 24 months or until the matter is concluded.
- Medical records - in accordance with the law.
- Accounting data - in accordance with tax regulations.
- Marketing data - until consent is withdrawn.
Rights of the data subject
You have the right to:
- access your data,
- rectify your data,
- restrict processing,
- erase data to the extent permitted by law,
- data portability,
- withdraw consent,
- object to processing.
Complaints may be lodged with the President of the Personal Data Protection Office (UODO) in Poland. If you are located in another EU country, you may also contact your local data protection authority.
Data security
We apply appropriate technical and organisational measures to protect personal data, including:
- restricted access to records,
- access rights control,
- IT system safeguards,
- confidentiality procedures.
Contact regarding personal data
For matters related to the protection of personal data, please contact us:
Phone: +48 537 677 773
AN MEDICA Sp. z o.o.