+359 899 130 550 Address Monday - Friday: 08:00 - 19:00
EN
Search
Няма намерени резултати
MC Markovs
Appointment Results
Appointment Results
EN
Menu

Privacy policy

PATIENT PRIVACY POLICY IN MEDICAL CENTER MARKOVS EOOD

20 Bademova Gora St., Strelbishte district, Triaditsa district, Sofia 1404

 

I. GENERAL

This policy defines the basic principles by which MEDICAL CENTER MARKOVS EOOD, Sofia (Administrator) processes the personal data of PATIENTS and indicates the responsibilities of the departments and employees during the processing of personal data.

 

The users of this document are all employees, permanent or temporary, and all contractors who work on behalf of MEDICAL CENTER MARKOVS EOOD, Sofia.

 

The main purpose of this policy is to define the relevant legislation and to describe the actions that MEDICAL CENTER MARKOVS EOOD must take in order to achieve compliance with the requirements. Adherence to this policy guarantees to the maximum extent the protection of natural persons in connection with the processing of personal data of patients, customers, staff and other types of contractors of MEDICAL CENTER MARKOVS EOOD.

 

II. APPLICABLE LEGISLATION

The obligations of MEDICAL CENTER MARKOVS EOOD as Administrator of personal data arise on the basis of the following normative documents:

  • Constitution of the Republic of Bulgaria;
  • General Regulation for the Protection of Personal Data (Regulation (EU) 2016/679) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with the processing of personal data and on the free movement of such data and for the repeal of Directive 95/46/EC)
  • Personal Data Protection Act;
  • Electronic Communications Act;
  • Regulations for the activities of the Commission for the Protection of Personal Data and its administration;
  • Ordinance No. 1 of January 30, 2013 on the minimum level of technical and organizational measures and the permissible type of personal data protection;
  • Instruction No. 1 of December 21, 2016 on the circumstances in which enterprises providing public electronic communication services notify users of breaches of the security of personal data, the form and manner of notification at the national level.

 

III. DEFINITIONS /according to the General Regulation/

Personal Data means any information relating to an identified natural person or an identifiable natural person ("data subject"). These are most often name, identification number, social security number, address, telephone number, e-mail, etc.

 

Processing of personal data means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission , distribution or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed.

 

Personal data administrator means a natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of this processing are determined by Union law or the law of a Member State, the controller or the special criteria for its determination may be established in Union law or in the law of a Member State.

 

Personal data processor means a natural or legal person, public body, agency or other structure that processes personal data on behalf of the controller.

 

IV. LEGALITY OF THE PROCESSING OF PERSONAL DATA

  • Processing is lawful if at least one of the following conditions is met:
  • The data subject has consented to the processing of his personal data for one or more specific purposes;
  • The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to the conclusion of a contract;
  • Processing is necessary to comply with a legal obligation that applies to the controller;
  • The processing is necessary to protect the vital interests of the data subject or another natural person;
  • The processing is necessary for the performance of a task of public interest or in the exercise of official powers that have been granted to the controller;
  • The processing is necessary for the purposes of the legitimate interests of the controller or a third party, except when such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, in particular when the data subject is a child.

 

V. ADMINISTRATOR OF PERSONAL DATA

For the purposes and use of this policy, MEDICAL CENTER MARKOVS EOOD, 20 Bademova Gora Street, Strelbishte quarter, Triaditsa district, Sofia 1404, is the Administrator of personal data.

 

The responsibility for ensuring appropriate processing of personal data is borne by everyone who works for or with MEDICAL CENTER MARKOVS EOOD, Sofia and has access to the personal data processed by it. The persons who have access to the personal data in the MEDICAL CENTER MARKOVS EOOD, Sofia are: doctors, midwives, nurses, medical secretaries (refers to non-medical persons who work under the supervision of a medical person and assist in the registration and filling in of regulatory documents such as referrals, certificates, sick lists, etc.), accountants (if an invoice has been issued to the individual).

 

VI. PERSONAL DATA PROTECTION OFFICER

The Data Protection Officer is the main point of contact for employees and liaises with all staff members on data protection matters.

Our Data Protection Officer can be contacted directly here:

Website: https://www.markovs.bg/

E-mail: office@markovs.bg

Phone: 0899 130 550

Position in the organization: The Data Protection Officer (DPO) reports directly to the Manager of MEDICAL CENTER MARKOVS EOOD, Sofia.

 

VII. SUPERVISOR

The Supervisory Authority is the Commission for Personal Data Protection.

The Commission for the Protection of Personal Data is an independent state body that protects individuals in the processing of their personal data and in providing access to such data.

Contacts: Address: Sofia 1592, Prof. Tsvetan Lazarov" 2

Center for information and contacts - tel. 02/91-53-518

Reception - working hours 9:00 a.m. - 5:30 p.m.

Email: kzld@cpdp.bg

Website: www.cpdp.bg

 

VIII. COLLECTION, PROCESSING AND SHARING OF PERSONAL DATA

Personal data are used and processed only with express permission from the Management of MEDICAL CENTER MARKOVS EOOD, Sofia. MEDICAL CENTER MARKOVS EOOD, Sofia decides whether to carry out the data protection impact assessment for each data processing activity, according to the Data Protection Impact Assessment guidelines.

 

According to Art. 6, para. 1, b. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46 / EC on the processing of personal data data is lawful when it is necessary to comply with a legal obligation that applies to the controller.

 

MEDICAL CENTER MARKOVS EOOD, Sofia processes personal data of patients on a legal basis according to:

HEALTH LAW

LAW ON MEDICAL FACILITIES

Including their by-laws, especially the various Ordinances that have been issued on the basis of these two laws.

 

In order to fulfill its legal obligations MEDICAL CENTER MARKOVS EOOD, Sofia collects and processes the following personal data without the need for declared consent:

TIN, THREE NAMES, MOBILE PHONE, TOWN, GENDER, DATE OF BIRTH,

+ medical information

+ in cases where health insurance status is necessary (applies to patients who are funded by the National Health Insurance Fund).

 

IF IT IS NECESSARY TO ISSUE A DOCUMENT FOR TEMPORARY INABILITY TO WORK (Sick Card):

  • Workplace
  • Profession
  • Position
  • Address

 

Where it is required to correct, amend or destroy personal data records, the Controller shall ensure that such requests are processed within a reasonable time.

 

Personal data are processed and used only for the purposes for which they were originally collected. The data collected and processed may be provided to third parties in compliance with the provisions of the law. Depending on the specific patient and his insurance and illness, MEDICAL CENTER MARKOVS EOOD, Sofia may provide the collected personal data to the following third parties who are administrators of personal data, and with whom MEDICAL CENTER MARKOVS EOOD, Sofia has concluded agreements, namely:

  • National Health Insurance Fund /NHOK/
  • National Insurance Institute /NOI/
  • Representatives of the Judiciary and the Prosecutor's Office
  • Medical Audit Executive Agency /IAMO/
  • NHIS – National Health Information System

 

If in the course of the treatment it is necessary to carry out specialized laboratory tests, the data is also shared with partner laboratories with which MEDICAL CENTER MARKOVS EOOD has a contract and which are also administrators of personal data. In these cases, the patient is explicitly informed.

 

IX. TYPES OF PERSONAL DATA

MEDICAL CENTER MARKOVS EOOD, Sofia is registered under the MEDICAL FACILITIES LAW and as such collects from the subjects of personal data both "ordinary" and "special (sensitive)" personal data:

  • National citizen identifier (TIN, LNCH or other)
  • Patient names
  • Date of birth or age
  • Insurance number (in the case of a private insurer or payer), European Health Insurance Card (EHIC) number and identifiers of equivalent regulations
  • Insurer (in terms of private insurer or payer)
  • Populated place
  • Address (only in cases where this is necessary for issuing or completing normative documents, samples of the National Health Insurance Scheme, Hospital Certificate, etc.)
  • Profession, workplace (only in cases where the issuance of a Sick Card is necessary)
  • Email for feedback
  • gender
  • Medical record: medical diagnosis, medical history, objective condition, therapy, medical diagnostic and imaging studies
  • Medical documentation - according to medical standards

 

X. STORAGE PERIOD OF PERSONAL DATA

The period of storage of the personal data of the patients is determined on the basis of the HEALTH LAW, Section V, as well as in the Medical Standards. The general medical file is kept for a minimum of 5 /five/ years according to the HEALTH LAW.

Video recordings are stored for no more than 30 days in accordance with the PRIVATE SECURITY ACTIVITY LAW.

Personal data from online forms for booking an appointment for a period of no more than 60 /sixty/ days.

 

XI. PRINCIPLES OF PERSONAL DATA PROCESSING

  • Processing is based on your consent
  • The processing is necessary to comply with our legal obligation - Obligations of the medical institution to provide the personal data of the patients to various authorities - e.g. Executive Agency "Medical Audit", RZI, DZOF, NHIF, etc.
  • The processing is necessary to protect your (vital) interests (or the interests of another person) - MEDICAL CENTER MARKOVS EOOD, Sofia keeps a health record (file) for all patients for the purpose of better future treatment and diagnosis
  • Storage of personal data for the collection and preparation of statistical data for medical purposes after anonymization of patients' personal data
  • The processing of your data is necessary for the performance of a contract with you or our intention to enter into a contract (if so, enter information about the contract)
  • The processing is necessary to carry out tasks in the public interest

 

XII. RIGHTS OF THE DATA SUBJECT

Every subject has the right to:

  • Transparent information, communication and conditions for the exercise of data subject rights
  • Information provided when collecting personal data from the data subject
  • Information provided when the personal data comes from the data subject
  • Right of access of the data subject
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Obligation to notify when correcting or deleting personal data or restricting processing
  • Right to data portability
  • Right to object and automated individual decision-making
  • Automated individual decision-making, including profiling

 

XIII. BASIC PRINCIPLES IN THE PROCESSING OF PERSONAL DATA

Integrity and transparency

The principles of fair and transparent processing require that the data subject be informed of the existence of a processing operation and of its purposes. The principles of good faith and transparent processing are related to the obligation of MEDICAL CENTER MARKOVS EOOD as an administrator to provide information.

 

Limitation of objectives

MEDICAL CENTER MARKOVS EOOD undertakes to collect personal data for specific, explicitly specified and legitimate purposes, and personal data must not be further processed in a manner incompatible with these purposes.

 

Minimized data

Personal data must be relevant, relevant and limited to what is necessary in relation to the purposes for which it is processed.

 

Accuracy

The accuracy of the personal data and their maintenance in an up-to-date form are monitored. Take all reasonable measures to ensure the timely deletion or correction of inaccurate personal data, given the purposes for which they are processed.

 

Storage Limitation

MEDICAL CENTER MARKOVS EOOD stores personal data in a form that allows the identification of the data subject for a period no longer than is necessary for the purposes for which the personal data is processed. Personal data may also be stored for longer periods, insofar as they will be processed solely for archiving purposes, for statistical purposes, with the application of appropriate technical and organizational measures provided for in the Regulation, in order to guarantee the rights and freedoms of the subject of the data.

 

Accountability

MEDICAL CENTER MARKOVS EOOD guarantees compliance with the basic principles of accountability described in the Regulation by ensuring that the processing of personal data is carried out in accordance with the rules of the Regulation.

 

Integrity and confidentiality

MEDICAL CENTER MARKOVS EOOD processes personal data in a way that guarantees an appropriate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures.

 

XIV. PROVIDING INFORMATION

Provision of information in written form when collecting personal data from the data subject

 

MEDICAL CENTER MARKOVS EOOD provides the data subject with information including identification of the administrator, purposes of processing, recipients of personal data, storage period, etc., in a short, understandable and easily accessible form, in clear and simple language. The information is provided in writing or when appropriate, by electronic means. If the data subject has requested it, the information may be given verbally, provided that the identity of the data subject is proven by other means. The information is provided free of charge.

 

In the event that it intends to further process the personal data for a purpose other than that for which it was collected, MEDICAL CENTER MARKOVS EOOD provides the data subject with information about this other purpose before this further processing.

 

Providing information in writing when the personal data does not come from the data subject

 

When personal data related to a given data subject is not received by the data subject, MEDICAL CENTER MARKOVS EOOD provides the data subject with information including identification of the controller, purposes of processing, recipients of personal data, storage period, etc. in a short, understandable and easily accessible form, in clear and simple language. The information shall be provided in writing or otherwise, including, where appropriate, by electronic means. If the data subject has requested it, the information may be given verbally, provided that the identity of the data subject is proven by other means. MEDICAL CENTER MARKOVS EOOD provides the information:

Within a reasonable time after receiving the personal data, but at the latest within one month, taking into account the specific circumstances in which the personal data are processed;

  • If the data is used to contact the data subject, at the latest when making the first contact with that data subject; or
  • If disclosure to another recipient is intended, at the latest when the personal data is disclosed for the first time. The information is provided free of charge.

 

When MEDICAL CENTER MARKOVS EOOD intends to further process the personal data for a purpose other than that for which it was collected, it provides the data subject prior to this further processing with information about this other purpose.

 

XV. ACCESS TO PERSONAL DATA

In its capacity as an administrator, MEDICAL CENTER MARKOVS EOOD provides access to natural persons to their personal data.

 

MEDICAL CENTER MARKOVS EOOD shall provide, within one month of receiving a request from the data subject, confirmation as to whether personal data related to the data subject is being processed.

 

When personal data are transferred to a third country or an international organization, the data subject has the right to be informed of the appropriate safeguards under Article 46 of the Regulation in relation to the transfer.

 

MEDICAL CENTER MARKOVS EOOD provides a copy of the personal data that is being processed. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. When the data subject submits a request by electronic means, the information shall be provided in a widely used electronic form whenever possible, unless the data subject has requested otherwise.

 

The deadline for providing the above information is one month from receipt of the request from the data subject, but may be extended by two months. MARKOVS MEDICAL CENTER EOOD informs the data subject of any such extension within one month of receiving the request, indicating the reasons for the delay. If the controller does not act on the data subject's request, the controller shall notify the data subject without delay and at the latest within one month of receiving the request of the reasons for not taking action and of the possibility of filing a complaint with a supervisory authority and seeking of legal protection. The information is provided free of charge.

 

XVI. CORRECTION OF PERSONAL DATA

MEDICAL CENTER MARKOVS EOOD corrects without undue delay (within one month) the inaccurate personal data related to it at the request of the data subject. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by adding a declaration. The deadline can be extended by two months. MARKOVS MEDICAL CENTER EOOD informs the data subject of any such extension within one month of receiving the request, indicating the reasons for the delay. If MEDICAL CENTAR MARKOVS EOOD does not take action on the data subject's request, it shall notify the data subject without delay and at the latest within one month of receiving the request of the reasons for not taking action and of the possibility of submitting a complaint to a supervisory authority and seeking legal protection. Correction is free of charge.

 

XVII. DELETION OF PERSONAL DATA

MEDICAL CENTER MARKOVS EOOD deletes personal data related to the data subject without undue delay (within one month) at the request of the data subject. The deadline can be extended by two months. MEDICAL CENTER MARKOVS EOODinforms the data subject of any such extension within one month of receiving the request, indicating the reasons for the delay. If MEDICAL CENTER MARKOVS EOOD does not take action on the request of the data subject, the administrator shall notify the data subject without delay and at the latest within one month of receiving the request of the reasons for not taking action and of the possibility of submitting a complaint to a supervisor authority and seeking legal protection. Deletion is free of charge.

 

MEDICAL CENTER MARKOVS EOOD deletes the data only if any of the following grounds apply:

  • The data subject objects to the processing pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing of personal data for direct marketing purposes;
  • Personal data has been processed unlawfully;
  • The personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State that applies to the controller; – the personal data were collected in connection with the provision of information society services to a child.

 

XVIII. LIMITATION OF PERSONAL DATA PROCESSING

 

Restriction of processing means marking stored personal data in order to limit their processing in the future. MEDICAL CENTER MARKOVS EOOD undertakes to limit data processing within one month at the request of the data subject. The deadline can be extended by two months. MEDICAL CENTER MARKOVS EOOD informs the data subject of any such extension within one month of receiving the request, indicating the reasons for the delay. If MEDICAL CENTER MARKOVS EOOD does not take action on the request of the data subject, the administrator shall notify the data subject without delay and at the latest within one month of receiving the request of the reasons for not taking action and of the possibility of submitting a complaint to a supervisor authority and seeking legal protection. Limitation is free of charge.

  • The restriction should be carried out when one of the following conditions applies, namely:
  • The accuracy of the personal data is disputed by the data subject, for a period that allows the controller to verify the accuracy of the personal data;
  • The processing is unlawful, but the data subject does not wish the personal data to be deleted, but instead requests the restriction of its use;
  • The administrator no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims;
  • The data subject has objected to the processing pursuant to Article 21(1) of the Regulation pending verification that the legitimate grounds of the controller override the interests of the data subject.
  •  

When processing is restricted, such data are processed, with the exception of their storage, only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural person or for important grounds of public interest for the Union or a Member State. When a data subject has requested the restriction of processing, the administrator shall inform him before the cancellation of the restriction of processing.

 

Notification of correction or deletion of personal data or restriction of processing

 

MEDICAL CENTER MARKOVS EOOD undertakes to communicate any rectification, deletion or limitation of processing to any recipient to whom the personal data has been disclosed, unless this is impossible or requires disproportionately large efforts. MEDICAL CENTER MARKOVS EOOD informs the data subject about these recipients if the data subject so requests.

 

XIX. ENSURING THE PORTABILITY OF PERSONAL DATA

MEDICAL CENTER MARKOVS EOOD undertakes to provide the personal data of the data subject which concern him and which have been provided to him by the data subject, in a structured, widely used and machine-readable format, when the processing is based on consent in accordance or of a contractual obligation and the processing is carried out in an automated manner.

 

MEDICAL CENTER MARKOVS EOOD undertakes to transfer the data within one month at the request of the data subject. The deadline can be extended by two months. MEDICAL CENTER MARKOVS EOOD informs the data subject of any such extension within one month of receiving the request, indicating the reasons for the delay. If MEDICAL CENTER MARKOVS EOODdoes not take action on the request of the data subject, the controller shall notify the data subject without delay and at the latest within one month of receiving the request of the reasons for not taking action and of the possibility of submitting a complaint to a supervisor authority and seeking legal protection. The transfer is free of charge.

 

XX. TERMINATION OF PERSONAL DATA PROCESSING

MEDICAL CENTER MARKOVS EOOD undertakes to terminate the processing of personal data in the following cases listed below, unless it proves that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

  • The processing is necessary for the performance of a task of public interest or in the exercise of official powers that have been granted to the controller; 
  • or
  • The processing is necessary for the purposes of the legitimate interests of the controller or a third party, except when such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, in particular when the data subject is a child.

 

MEDICAL CENTER MARKOVS EOOD undertakes to stop the processing of personal data for the purposes of direct marketing when the data subject objects to processing for the purposes of direct marketing.

 

XXI. PROVIDING INFORMATION

A. Regarding the right to object to the processing of personal data

MEDICAL CENTER MARKOVS EOOD provides information to the data subject about the subject's right to object to the processing of personal data at the latest at the time of the first contact with the data subject, which information is provided by notification in a clear manner and separately from any other information.

 

B. Regarding the right to object to the processing of personal data for direct marketing purposes

MEDICAL CENTER MARKOVS EOOD notifies the data subject of the existence of the right to object to the processing of personal data for direct marketing purposes. MEDICAL CENTER MARKOVS EOOD undertakes to provide information about the subject's right to object to the processing of personal data for the purposes of direct marketing at the latest at the time of first contact with the data subject, which information is provided by notification in a clear manner and separate from any other information. MEDICAL CENTER MARKOVS EOOD undertakes to stop the processing of personal data for the purposes of direct marketing when the data subject objects to processing for the purposes of direct marketing.

 

XXII. ENSURING PROCESSING SECURITY BY IMPLEMENTING TECHNICAL AND ORGANIZATIONAL MEASURES

MEDICAL CENTER MARKOVS EOOD implements appropriate technical and organizational measures to ensure and be able to prove that the processing of personal data is carried out in accordance with the Regulation. These measures are reviewed and, if necessary, updated.

Such measures are:

  • Pseudonymization and encryption of personal data;
  • Ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • Ability to promptly restore availability and access to personal data in the event of a physical or technical incident;
  • A process of regular testing, assessment and evaluation of the effectiveness of technical and organizational measures in order to guarantee the security of the processing;
  • Data minimization: only personal data that is necessary for each specific purpose of the processing is processed. This obligation refers to the volume of personal data collected, the degree of processing, the period of their storage and their accessibility. In particular, such measures ensure that by default, without intervention by the individual, personal data is not accessible to an unlimited number of individuals;
  • Cooperation with the supervisory authority for the protection of personal data in fulfilling the obligations arising from the regulation;
  • Limiting the number of persons who have access to the data.

 

XXIII. PROCESSING OF PERSONAL DATA ON BEHALF OF MEDICAL CENTER MARKOVS EOOD.

When the processing is carried out on behalf of MEDICAL CENTER MARKOVS EOOD, MEDICAL CENTER MARKOVS EOOD undertakes to use only processors of personal data that provide sufficient guarantees for the application of appropriate technical and organizational measures in such a way that the processing takes place in accordance with the requirements of Regulation and to ensure the protection of the rights of data subjects. The data processor may not include another data processor without the prior specific or general written permission of the controller. In the case of a general written consent, the data processor always informs the controller of any planned changes to include or replace other data processors, thereby giving the controller the opportunity to challenge these changes.

 

The processing by the processor of personal data is governed by a contract or by another legal act, which is binding for the processor of personal data vis-à-vis the controller, and which regulates the subject and duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of subjects of data and the duties and rights of the administrator.

 

XXIV. COOPERATION WITH THE SUPERVISORY AUTHORITY

MEDICAL CENTER MARKOVS EOOD and the personal data processor undertake to cooperate with the supervisory authority in the performance of its duties.

 

In the event of a breach of personal data security, MEDICAL CENTER MARKOVS EOOD, without undue delay and when feasible — no later than 72 hours after becoming aware of it, undertakes to notify the breach of personal data security the supervisory authority, unless there is a possibility that the breach of the security of personal data will create a risk to the rights and freedoms of natural persons. The notification to the supervisory authority shall contain the reasons for the delay where it is not submitted within 72 hours. The personal data processor shall notify the controller without undue delay after becoming aware of a personal data breach.

 

MEDICAL CENTER MARKOVS EOOD undertakes to document any personal data security breach, including the facts related to the personal data security breach, its consequences and the actions taken to deal with it. 

 

XXV. DATA SUBJECT NOTIFICATION OF PERSONAL DATA BREACH

When the breach of personal data security is likely to create a high risk for the rights and freedoms of natural persons, MEDICAL CENTER MARKOVS EOOD undertakes to notify the data subject of the breach of personal data security without undue delay.

 

XXVI. COMPENSATION FOR DAMAGES SUFFERED

MEDICAL CENTER MARKOVS EOOD or the processor of personal data undertake to indemnify all damages that a person may suffer as a result of data processing that violates the Regulation.

 

XXVII. PERFORM AN IMPACT ASSESSMENT

Where a certain type of processing, in particular where new technologies are used, and given the nature, scope, context and purposes of the processing, is likely to pose a high risk to the rights and freedoms of natural persons before the processing is carried out, MEDICAL CENTER MARKOVS EOOD evaluates the impact of the planned processing operations on the protection of personal data. An assessment may consider a set of similar processing operations that pose similar high risks. When carrying out a data protection impact assessment, the controller requests the opinion of the designated data protection officer.

 

Home Phone Address Appointment Results