Data protection

Medical center “Lorna” summary of personal data processing policy

General provisions

This policy describes how the health care institution Medical Center “Lorna” (hereinafter referred to as MC (Medical Center)) manages patients’ data.

MC is the controller of patient’s personal data, therefore the role of the Data Protection Officer is exercised by the responsible MC employee. You can contact responsible person by sending e-mail:

The policy regulates purposes and reasons of patients’ personal data is handled by the MC, the provision of the patients’ personal data to the third parties, the terms of data retention, and the patients’ rights relating to the processing of their personal data by the MC.

The terms used in this policy for the processing of personal data correspond to the terms used in the contract that the patients concluded with the MC for the provision of healthcare services, as well as the terms used in the legislation, including the terms used in April 27, 2016 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

By giving MC your personal data, you agree to the terms of this policy and the terms and conditions of your personal data processing specified in the rules.

If the data subject wishes to have detailed information about his personal data processed or if he has questions or requests related to the processing and storage of personal data, he must contact the MC by sending e-mail to or handling a written request to the responsible employee or sending it by post to MC.

Administration of patients’ personal data

The MC administrates the patients’ personal data provided by the patient to the MC, including specific health-related data.

The MC may also process personal data of the Patients which may be obtained from other sources: in the cases provided by law, from other health care institutions, territorial sickness funds, Center of Registers, research laboratories, hospitals, insurance companies with which the patients have signed contracts.

In order to perform the contract with the Patient, as well as to provide appropriate services, when the Patient is referred to MC partners – other healthcare institutions or laboratories, under the conditions provided for in the contract for the provision of personal health care services, the MC from these institutions may receive the Patient personal data that is necessary for the provision of services or payment for the services provided.

Pacients’ personal data processing objectives

The MC patients’ personal data is processed to:

  • conclude and execute a contract with the Patient;
  • provide healthcare, including data transmission to laboratories, where research is required for the provision of services;
  • implement the MC statutory duties, including providing emergency medical assistance, answering patient complaints, and similar;
  • carry out the duties and rights of the MC in relation to use of the state electronic health care information system;
  • administer patients’ feedback on services provided, respond to patients’ requests that they submit by phone or e-mail, mail, and also online;
  • register patients, including reminding patients of their visit time;
  • contact the patient when it is necessary for the provision of services, execution of a contract withthe patient and either to ensure the patient’s interests and the proper quality of service (for example, inform the patient about the changed procedure time, research results, payment of services, etc.);
  • contact the patient for the provision of health insurance;
  • assess the quality of the services provided;
  • evaluate the MC website and registration of electronic services, as well as to analyze the patents’habits while searching on the MC website;
  • implement direct marketing campaigns when the patient has given a separate agreement for this particular purpose.

Basis of pacients’ personal data processing

MC patient’s personal data can be managed on the following reasons when:

  • the patient agreed to process his or her personal data;
  • the patient independently enrolled electronically and agreed to process his or her personal data;
  • the processing of the data is necessary in order to protect the vital interests of the patient;
  • the processing of data is necessary in order to bring, execute or defend legal requirements;
  • the processing of data is necessary in order to provide health care or to manage healthcare systems in accordance with applicable legislation.

The basics of data management are indicated in April 27, 2016 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (repealing article 9 paragraph 2 (a), (c), (f), (h) of Directive 95/46/EC (General Data Protection Regulation)).

Patients’ rights

Taking into account the restrictions established by law and under the conditions established therein, the Patient has the right:

  • request MC to have access to his or her personal data;
  • require MC to correct incorrect, inaccurate or incomplete data;
  • require the erasure of personal data or the restriction of their processing (right to be forgotten) when it has a legal basis;
    disagree with the processing of his data;
  • apply to the MC administration for the transfer of patient personal data that he himself provided to the MC and which is processed in electronic format, to transfer data the patient and/or other data controller.

When the patient’s data is processed in violation of the requirements of the legislation, the patient has the right to submit a complaint to the State Data Protection Inspectorate.

When the patient’s personal data is processed on the basis of specific agreement – the patient has the right to cancel the given agreement by submitting an application to the MC using the contact details provided in this policy and or in any other agreements signed by patient.