Privacy policy

1. The administrator of personal data is Scanunit Helsingborg Västra Tallgatan 32, 252 29 Helsingborg (hereinafter: “Administrator”)
2. The Administrator can be contacted in writing at the following address: Scanunit Helsingborg Västra Tallgatan 32, 252 29 Helsingborg or by e-mail at:
3. Any inquiries or requests will be dealt with without undue delay, but no later than within 7 days of receipt.
4. This privacy policy contains detailed information on the purposes for which Patient data is processed and the legal basis on which it is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) and national law.
5. The Patient’s personal data are processed in accordance with the following provisions on the protection of personal data:
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU No. 119, p. 1) – otherwise known as “GDPR”, applicable from May 25, 2018, together with new national regulations.
6. The Administrator is committed to ensuring the appropriate manner of collecting, using and protecting the Patient’s personal data. This privacy policy describes:
a) types and purposes of collecting personal data;
b) how to access and update the Participant’s personal data.
7. In order to provide services to the Patient, i.e. conclude a contract and undertake treatment, the Patient must provide data. In the remaining scope (in particular for the purpose of data processing by the administrator for marketing purposes), providing data is voluntary.
8. The administrator asks for personal data, including name and surname, address, e-mail address, telephone number, date of birth and PESEL number.
9. Data may be transferred to entities processing personal data at the request of the Administrator, among others: IT service providers, marketing agencies and other entities with which the Administrator has concluded an agreement to entrust data processing – these data are processed by these entities only in accordance with the Administrator’s recommendations. Data may also be transferred by the Administrator to entities authorized to obtain them under applicable law, e.g. law enforcement authorities if the authority submits a request on an appropriate legal basis. Data may be transferred to public authorities in order to fulfill the legal obligations imposed on the Administrator, such as Tax Offices, etc., or to entities providing legal, accounting, advisory and support services to the Administrator in order to pursue due claims and provide accounting services.
10. Personal data is processed for the following purposes:

Purpose of personal data processingLegal basis and data storage period
Conclusion and performance of a contract with the Patientart. 6 section 1 letter b GDPR
For the duration of the contract, and after its termination until the claims deadlines expire, a maximum of 5 years.
Consideration of complaints and 6 section 1 letter b GDPR
For 5 years after settling the complaint.
Pursuing claims or defending against legal claimsart. 6 section 1 letter f GDPR
For the duration of the proceedings regarding the claims pursued, i.e. until their final conclusion, and in the case of enforcement proceedings until the final satisfaction of the claims pursued.
Archiving documents, i.e. contracts and settlement documentsArt. 6 section 1 letter c GDPR
For periods specified by law.
Conducting marketing activities without the use of electronic means of communicationArt. 6 section 1 letter a GDPR
Until an objection is raised, or a maximum of 5 years from the date of consent.
Conducting marketing activities using electronic means of communicationArt. 6 section 1 letter a GDPR
Until an objection is raised, or a maximum of 5 years from the date of consent.
Keeping StatisticsArt. 6 section 1 letter f of the GDPR,
perform statistical and analytical analyzes enabling the verification of activities carried out by Medessence and improving the functioning of the website

11. If the processing of personal data is based on consent, the Patient may withdraw it at any time. To withdraw consent, please send an e-mail to If the processing of personal data was based on consent, the Administrator has the right to process personal data until it is withdrawn. Withdrawal of consent does not affect the lawfulness of existing processing.
12. Providing any personal data is voluntary and depends on the Patient’s decision. However, in some cases, providing specific personal data is necessary to meet the Patient’s expectations regarding the use of services.
13. Due to the processing of personal data by the Administrator, the Participant has the right to:

  • request from the Administrator access to your personal data,
  • request the Administrator to correct your personal data,
  • request the Administrator to delete your personal data,
  • request the Administrator to limit the processing of your personal data in the situation and on the terms specified in Art. 18 GDPR or to delete them in accordance with Art. 17 GDPR,
  • object to the processing of your personal data in accordance with Art. 21 section 1 GDPR,
  • transfer your personal data in accordance with Art. 20 GDPR,
  • submit a complaint to the President of the Personal Data Protection Office.

14. The processing of personal data is necessary for the purposes of managing the account or reservations, providing access to the services that the Patient wishes to purchase and providing support in relation to any services and possible reimbursement of costs.
15. The Administrator applies appropriate security measures to protect personal data against accidental loss and unauthorized access, use, change and disclosure.
16. The Patient’s personal data will be stored for as long as necessary for the purposes specified in the Regulations and/or to meet legal and regulatory requirements. After this period, personal data will be deleted. If, after this period, data is needed for legitimate analytical, historical or other purposes, we will take appropriate steps to anonymize it.
17. The patient has the right to request a copy of his or her personal data held by the Administrator. The Patient may request a copy of the patient’s documentation via or by writing to the Administrator.
18. If any of the information held by the Administrator is incorrect, he should be notified.
19.The Administrator will update or delete the data, unless there is an obligation to retain it for the purposes of conducting business or compliance with the law.
20. The patient may also contact the Administrator in case of any reservations regarding the method of collecting, storing or using personal data. The Administrator strives to finally resolve complaints, but if the Patient is dissatisfied with the response, he or she may submit a complaint to the supervisory authority responsible for the protection of personal data.
Please note that before taking action on a request or complaint, the Administrator may require verification of the Patient’s identity and require further information to verify the authority to submit the request or complaint on behalf of another person.
21. In connection with running the website, the so-called cookies. They can be read by Google and Facebook.
22.Two types of cookies are used:

  • session cookies, which are deleted from its hard drive after the browser session ends or the computer or mobile device is turned off
  • persistent cookies, which are stored in the memory of the computer or mobile device until they are manually deleted by the User using appropriate tools in the web browser or they expire.

23. In connection with running the website, cookies are used for the following purposes:

  • provision of services;
  • ensuring security, i.e. user authentication
  • adapting the presented website content to user preferences and optimizing the use of websites
  • conducting surveys;
  • creating statistics that help understand how users use the website, which allows improving their structure and content;
  • influencing the processes and efficiency of using the website
  • using the social function.

24. Storing cookies or obtaining access to them by the Administrator does not cause any configuration changes in the user’s telecommunications end device and the software installed in this device.
25.The website may place a cookie in the browser if the browser allows it. Importantly, the browser only allows a website to access cookies placed by that website, not files placed by other websites.
26. The Patient’s web browser allows the use of cookies on his device by default, so on his first visit he is asked to consent to the use of cookies. However, if the Patient does not wish to use cookies when browsing the website, he or she may change the settings in the web browser – completely block the automatic handling of cookies or request notification each time cookies are placed on the device. You can change the settings at any time.
27. Disabling or limiting the use of cookies may cause difficulties in using the website, e.g. the need to log in on each subpage, longer loading time of the website, limitations in using the functionality, limitations in liking the page on Facebook, etc.
28. The administrator uses plug-ins of the social networking site, operated by Facebook Inc. (1601. California Ave, Palo Alto, CA 94304, USA). The plug-in is displayed on the website and connected to the browser. The Facebook server will therefore receive information about which website the user has visited. If the user is logged in to Facebook when visiting the Administrator’s website, Facebook will automatically connect information about his or her activity on our website with the user’s personal Facebook account. Therefore, when you visit a website with an active plug-in, a connection to the Facebook servers is established. More information about the purpose and scope of data use by Facebook, as well as your rights and options regarding changing user privacy settings can be found at:
29. This Privacy Policy and the Administrator’s liability do not apply to the practices of third parties relating to privacy and the processing of personal data. Any information provided through your use of a feature provided by a third party is subject to the applicable third party’s privacy policy and not to this Privacy Policy. The administrator has no control over the third party’s use of information received using their functions and is not responsible for them.
30.The Administrator reserves the right to change security and data protection measures due to technological progress or changes in legal regulations. In such a case, the provisions of the Privacy Policy will be updated.
31. To the extent not regulated by this Privacy Policy, personal data protection regulations apply.
34. This Privacy Policy is valid from July 15, 2018.

Online contact