Privacy Policy
This page explains what data may be processed, for what purpose, on which legal basis, and for how long it may be retained.
Key points
- Controller - Konrad Wasylewski operating Wasylewski Clinic.
- Scope - Website, contact form, correspondence, booking, and sending records for consultation.
- Main purposes - Replying to enquiries, arranging consultations, securing the website, and handling optional third-party content consent.
- Profiling - No automated decision-making or marketing profiling.
Wasylewski Clinic
Konrad Wasylewski
ul. Krężnicka 184, 20-518 Lublin
Zygmunta Krasińskiego 58/LU3, 01-755 Warszawa
Highlights
- Contact and consultations - We process the information submitted through the contact form, email, phone calls, and consultation planning.
- No first-party advertising tracking - As of the latest update, the website does not run its own Google Analytics, Meta Pixel, or remarketing tools.
- External content only after consent - Google Maps and the ZnanyLekarz widget are loaded only after optional cookies are accepted.
What data may be processed
- name, email address, phone number, and the content of your message;
- administrative information required to arrange a consultation or second opinion;
- health data and medical records if you choose to send them;
- technical website data such as IP address, browser data, timestamps, and basic security logs;
- the privacy setting stored locally under the key wasylewski-cookie-consent-v1.
Purposes and legal bases
- replying to your enquiry and handling pre-contract communication - Article 6(1)(b) GDPR;
- website security, anti-abuse measures, and defence of legal claims - Article 6(1)(f) GDPR;
- legal obligations arising from medical, tax, or accounting laws - Article 6(1)(c) GDPR;
- optional third-party content such as Google Maps and ZnanyLekarz - Article 6(1)(a) GDPR;
- health data needed to assess a medical problem or prepare a consultation - Article 9(2)(h) GDPR.
Recipients and transfers
Contact form data is handled by the website hosting infrastructure and the administrator email mailbox. Data may also be shared with IT support, online booking, messaging, and file-transfer providers. Some technology providers may process data outside the EEA using GDPR-compliant transfer mechanisms.
Your rights
- access to data and a copy of data;
- rectification;
- erasure where legally permitted;
- restriction of processing;
- objection to processing based on legitimate interests;
- withdrawal of consent where consent is the legal basis;
- a complaint to the Polish supervisory authority.
Standard retention periods
- Contact form message or email - For as long as needed to handle the matter and afterwards for claim defence or legal compliance.
- Records sent for consultation - For as long as required to review the case, arrange the consultation, and continue the medical or administrative workflow.
- Technical logs - For the period resulting from hosting, email, and website security settings.
- Privacy settings - Until the choice is changed, browser data is cleared, or the provider-side setting expires.