Under Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“General Data Protection Regulation”, “GDPR”):

1. The Controller of your personal data is Port Lotniczy Poznań-Ławica Sp. z o.o., with its registered office at the address: ul. Bukowska 285, 60-189 Poznań, entered in the register of business operators of the National Court Register kept by District Court Poznań–Nowe Miasto i Wilda w Poznaniu, 8th Commercial Law Division under number KRS 0000003431, NIP (tax ID) 781-15-33-610, REGON (statistical ID) 630981266, phone: +48 618492343, www.poznanairport.pl

2. The contact details of our Data Protection Officer are as follows:
e-mail: [email protected] , phone: +48 61 849 22 32, or directly at the address given above.

3. Your personal data will be processed under a) Article 6(1)(c) GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject) in order to provide medical services and ensure healthcare as part of the Controller’s legal obligation under the Aviation Law of 3 July 2002, the Medical Activity Act of 15 April 2011 and the Act of 6 November 2008 on patient rights and the Patient Ombudsman; b) Article 6(1)(d) GDPR (processing is necessary in order to protect the vital interests of the data subject or of another natural person) in order to ensure the security of people and property at the airport premises; c) Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child) to enforce civil-law claims or to defend against such claims, if they arise; d) Article 9(2)(h) (processing is necessary for the provision of healthcare) in order to keep medical records.

4. We may share your data with: a) institutions and bodies authorized to obtain the data under applicable laws; b) medical entities to ensure the continuity of treatment; c) persons authorized in connection with the exercise of patient rights; d) providers of legal and consulting services who support us in exercising our claims/defending our rights (in particular law firms); e) persons authorized by us – our staff or business partners who need access to those data to be able to perform their duties.

5. Your personal data processed to keep medical records will be stored for 20 years counting from the 1 January of the year following the year when the matter was finally resolved. Data processed in order to exercise claims or defend rights will be processed for the period of the statute of limitations as set out in the Civil Code. All data processed to ensure the security of people and property will be stored for 30 days after they were obtained.

6. You have the right to access your data, the right to rectification, erasure (unless the Controller is legally obliged to process them further), restriction of processing and the right to data portability. You also have the right to object to the processing based on our legitimate interests. You can exercise the above rights by contacting the Data Protection Officer at the e-mail address [email protected] or by sending a letter to our registered office. If you find that your personal data are processed in violation of applicable laws, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

7. The provision of your data is voluntary, however, it is necessary in order to pursue the above objectives. If you do not provide the data, we may not be able, or it may difficult for us, to provide medical services and healthcare.