Home
About us
Personal data processing policy

Personal data processing policy

Annex 1 to the order of the 1st City Clinical Hospitaldated 11/14/2021 No. 822

Policy

regarding the processing of personal data of a healthcare institution

«1st City Clinical Hospital»

CHAPTER 1

GENERAL PROVISIONS

This Policy regarding the processing of personal data (hereinafter referred to as the Policy) was prepared in accordance with the requirements of the Law of the Republic of Belarus dated May 7, 2021 No. 99-Z “On the Protection of Personal Data” (hereinafter referred to as the Law) and determines the procedure for processing personal data by the health care institution “1st city clinical hospital" and measures to ensure the protection and security of personal data taken by Operators.

1.2. The Policy applies to all processes of processing personal data that Operators receive about the subject of personal data.

1.3. The purpose of this Policy is to ensure adequate protection of personal data from unauthorized access and disclosure, respect for the rights and freedoms of a citizen when processing his personal data, including ensuring the protection of rights to privacy, personal and family secrets.

1.4. In pursuance of the requirements of paragraph 4 of Art. 17 of the Law The Policy is published in the public domain on the Internet information and telecommunications network on the Operator’s website: https://www.1gkb.by/.

1.5. This Policy uses the following basic terms and their definitions:

blocking of personal data - termination of access to personal data without deleting it;
Internet resource – website, website page, web portal, forum, blog, chat, application for a mobile device and other resources connected to the Internet;
personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing;
depersonalization of personal data - actions as a result of which it becomes impossible, without the use of additional information, to determine the ownership of personal data to a specific subject of personal data;
personal data processing is any action (operation) or set of actions (operations) with personal data performed using automation tools or without their use, including collection, systematization, storage, modification, use, depersonalization, blocking, dissemination, provision, deletion of personal data;
operator – healthcare institution “1st City Clinical Hospital”;
personal data – any information related to an identified individual or an individual who can be identified;
provision of personal data - actions aimed at familiarizing with the personal data of a certain person or group of persons;
dissemination of personal data - actions aimed at disclosing personal data to an indefinite circle of persons;
the subject of personal data is an individual in respect of whom personal data is processed;
deletion of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

Other terms and their definitions used in this Policy are used in the meanings defined by law.

CHAPTER 2

REGULATORY LEGAL ACTS OF THE REPUBLIC OF BELARUS, LOCAL LEGAL ACTS AND OTHER DOCUMENTS, IN ACCORDANCE WITH WHICH THE POLICY OF PROCESSING PERSONAL DATA FROM THE OPERATOR IS DETERMINED

2.1. The Operator's data processing policy is determined in accordance with the following regulatory legal acts:

The Constitution of the Republic of Belarus;
The Labor Code of the Republic of Belarus;
Law of the Republic of Belarus dated 05/07/2021 No. 99-Z "On Personal Data Protection";
Law of the Republic of Belarus dated 07/21/2008 No. 418-Z "On the Population Register";
Law of the Republic of Belarus dated 11/10/2008 No. 455-Z "On Information, Informatization and information Protection";
Law of the Republic of Belarus dated 05/28/2021 No. 114-Z "On Amendments to Laws on Labor Relations";
Other regulatory legal acts of the Republic of Belarus and regulatory documents of authorized state authorities.

2.2. In order to implement the provisions of the Policy, the Operator develops relevant local legal acts and other documents, including:

Regulation "On the processing and protection of personal data from the Operator" (Appendix 2);
register of Operator's personal data processing (Appendix 3);
the list of Operator positions that have access to personal data processed by the Operator (Appendix 4).

CHAPTER 3

BASIC PRINCIPLES OF PERSONAL DATA PROCESSING

3.1. The processing of personal data is carried out on the basis of the following principles:

it is carried out with the consent of the subject of personal data, except in cases established by law;
It is limited to achieving specific, pre-stated legitimate goals. Processing of personal data that is incompatible with the originally stated purposes of their processing is not allowed;
the content and volume of the processed personal data must correspond to the stated purposes of their processing. The processed personal data should not be redundant in relation to the stated purposes of their processing;
when processing personal data, their accuracy, sufficiency, and, if necessary, relevance in relation to the stated purposes of processing are ensured;
It should be transparent. For these purposes, the subject of personal data, in cases provided for by Law, is provided with relevant information regarding the processing of his personal data;
personal data is stored in a form that allows you to determine the subject of personal data for no longer than the purposes of personal data processing require, unless the period of personal data storage is established by law, an agreement to which the subject of personal data is a party.

3.2. Personal data is subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by law.

CHAPTER 4

PURPOSES OF PERSONAL DATA PROCESSING

4.1. The purposes of processing personal data by the Operator are:

ensuring compliance with the legislation of the Republic of Belarus;
carrying out its activities in accordance with the constituent documents of the Operator;
processing of messages and requests received from the personal data subject;
communication with personal data subjects;
conducting personnel work and organizing the accounting of the Operator's employees, including attracting and selecting candidates to work for the Operator;
maintaining individual (personalized) records of insured persons;
maintaining military records;
accounting and tax accounting;
accrual and transfer of wages, assignment and payment of benefits;
filling in and submitting required reporting forms to government agencies and other authorized organizations;
processing of personal data for the purpose of assigning pensions;
implementation of civil law relations;
providing personal data subjects with information about the Operator's activities, about the development of new websites and servers by operators;
sending notifications, commercial offers, advertising and informational messages to personal data subjects;
the Operator conducts promotions, surveys, interviews, and testing on the Operator's websites and servers;
evaluation and analysis of the Operator's servers, control and improvement of the quality of the Operator's services;
informing about the operation of the Operator's websites;
registration and maintenance of accounts on the Operator's websites and servers;
implementation of the access regime;

CHAPTER 5

CATEGORIES OF PERSONAL DATA SUBJECTS AND THE LIST OF PERSONAL DATA PROCESSED BY THE OPERATOR

5. The Operator may process personal data of the following categories of personal data subjects.

5.1. Candidates for employment with the Operator:

last name, first name, patronymic;
sex;
citizenship;
date and place of birth;
contact information;
information about education, work experience, qualifications;

5.2. Employees and former employees of the Operator:

surname, proper name, patronymic (including previous surnames, first names and (or) patronymics in case of their change);
date, month, year of birth;
place of birth;
information about citizenship (citizenship), including previous citizenship, other citizenship;
type, series, number, ID document code, date of issue, name (code) of the authority that issued it;
address and date of registration at the place of residence (place of stay), address of actual residence;
work, home (landline) and mobile phone numbers or information about other communication methods;
details of the social insurance certificate;
details of the marriage certificate;
information on marital status, family composition and close relatives processed in accordance with the legislation of the Republic of Belarus;
information about employment;
information about military registration and details of military registration documents;
information about education (when and which educational, scientific and other organizations he graduated from, numbers of documents on education (training), specialty according to the document on education, qualification);information about the academic degree;
information about foreign language proficiency, including the level of proficiency;
employee's photo;
information contained in the employment contract (contract), additional agreements to the employment contract (contract), in the annexes thereto;
information about the presence or absence of a criminal record - only candidates for employment (applicants) - in cases specified by law;
information about state awards, other awards and insignia;
information about retraining and (or) advanced training;
the results of a medical examination (examination) of an employee for fitness to perform work duties; information on labor and social leave;
salary information, bank account details for the transfer of wages and social benefits;
other personal data necessary to ensure the implementation of the processing purposes specified in paragraph 8 of this Policy.

5.3. Family members (relatives) of the Operator's employees:

last name, first name, patronymic;
degree of kinship;
year of birth;
other personal data provided by employees in accordance with the requirements of labor legislation.

5.4. Clients and contractors of the Operator (individuals):

last name, first name, patronymic;
date and place of birth;
details of the identity document;
the address of registration at the place of residence;
contact information;
individual taxpayer number;
current account number;
other personal data provided by clients and contractors (individuals) necessary for the conclusion and execution of contracts.

5.5. Representatives (employees) of the Operator's clients and counterparties (legal entities):

last name, first name, patronymic;
details of the identity document;
contact information;
current position;
other personal data provided by representatives (employees) of clients and contractors necessary for the conclusion and execution of contracts.

CHAPTER 6

BASIC RIGHTS AND OBLIGATIONS OF THE OPERATOR

6.1. The Operator has the right to:

to receive reliable information and (or) documents containing personal data from the subject of personal data;
request information from the personal data subject about the relevance and reliability of the personal data provided;
if the personal data subject withdraws consent to the processing of personal data, continue processing personal data without the consent of the personal data subject if there are grounds specified in the Law;
if necessary, to achieve the purposes of processing personal data, transfer them to third parties in compliance with the requirements of the law;
independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by Law and normative legal acts adopted in accordance with it, unless otherwise provided by Law.

6.2. The Operator is obliged to:

to explain to the personal data subject his rights related to the processing of personal data;
to obtain the consent of the personal data subject to the processing of personal data, except in cases provided for by Law and other legislative acts;
to ensure the protection of personal data during their processing; to provide the subject of personal data with information about his personal data, as well as about the provision of his personal data to third parties, except in cases provided for by Law and other legislative acts;
to make changes to personal data that are incomplete, outdated or inaccurate, except in cases where a different procedure for making changes to personal data is established by legislative acts or if the purposes of processing personal data do not imply subsequent changes to such data;
to terminate the processing of personal data, as well as to delete or block them (to ensure the termination of the processing of personal data, as well as their deletion or blocking by an authorized person) in the absence of grounds for processing personal data provided for by Law and other legislative acts;
notify the authorized body for the protection of the rights of personal data subjects of violations of personal data protection systems immediately, but no later than three working days after the Operator became aware of such violations, except in cases provided for by the authorized body for the protection of the rights of personal data subjects;
to modify, block or delete false or illegally obtained personal data of a personal data subject at the request of the authorized body for the protection of the rights of personal data subjects, unless another procedure for making changes to personal data, blocking or deleting them is established by legislative acts;
to comply with other requirements of the authorized body for the protection of the rights of personal data subjects on the elimination of violations of the legislation on personal data;
perform other duties provided for by Law and other legislative acts.

CHAPTER 7

BASIC RIGHTS AND OBLIGATIONS OF THE PERSONAL DATA SUBJECT

7.1. The subject of personal data has the right to:

to receive information regarding the processing of his personal data;
to receive information from the Operator about the provision of your personal data to third parties on the terms defined by Law;
revoke consent to the processing of personal data;
express the condition of prior consent when processing personal data in order to promote goods (works, services) on the market;
to appeal to the authorized body for the protection of the rights of personal data subjects or in court against illegal actions or omissions of the Operator in the processing of his personal data;
require the Operator to:
- changes to his personal data if the personal data is incomplete or outdated;
- free termination of the processing of his personal data, including their deletion, in the absence of grounds for processing personal data provided for by Law and other legislative acts;
- to receive any clarifications on issues of interest related to the processing of his personal data by contacting the Operator via e-mail;
- exercise of other rights provided for by the legislation of the Republic of Belarus.

7.2. The subject of personal data is obliged to:

provide the Operator with reliable information about yourself;
inform the Operator about the clarification (updating, modification) of your personal data.

Persons who have provided the Operator with false information about themselves or information about another personal data subject without the latter's consent are liable in accordance with the legislation of the Republic of Belarus.

CHAPTER 8

RESPONSIBILITY

8.1. Persons guilty of violating the Law of the Republic of Belarus dated 05/07/2021 No. 99-Z "On the protection of personal data" bear responsibility provided for by legislative acts.

8.2. Employees and other persons guilty of violating this Policy, as well as the legislation of the Republic of Belarus in the field of personal data, may be brought to disciplinary and material responsibility in accordance with the procedure established by the Labor Code of the Republic of Belarus, and may also be brought to civil, administrative and criminal liability in accordance with the procedure established by the legislation of the Republic of Belarus.

CHAPTER 9

FINAL PROVISIONS

9.1. The Operator and other persons who have gained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by Law.

9.2. The security of personal data processed by the Operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of legislation in the field of personal data protection.

9.3. This Policy comes into force from the date of its approval.

9.4. Issues related to the processing of personal data that are not fixed in this Policy are regulated by law.

Home
About us
Personal data processing policy

Personal data processing policy

Annex 1 to the order of the 1st City Clinical Hospitaldated 11/14/2021 No. 822

Policy

regarding the processing of personal data of a healthcare institution

«1st City Clinical Hospital»

CHAPTER 1

GENERAL PROVISIONS

1.2. The Policy applies to all processes of processing personal data that Operators receive about the subject of personal data.

1.5. This Policy uses the following basic terms and their definitions:

blocking of personal data - termination of access to personal data without deleting it;
Internet resource – website, website page, web portal, forum, blog, chat, application for a mobile device and other resources connected to the Internet;
personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing;
depersonalization of personal data - actions as a result of which it becomes impossible, without the use of additional information, to determine the ownership of personal data to a specific subject of personal data;
personal data processing is any action (operation) or set of actions (operations) with personal data performed using automation tools or without their use, including collection, systematization, storage, modification, use, depersonalization, blocking, dissemination, provision, deletion of personal data;
operator – healthcare institution “1st City Clinical Hospital”;
personal data – any information related to an identified individual or an individual who can be identified;
provision of personal data - actions aimed at familiarizing with the personal data of a certain person or group of persons;
dissemination of personal data - actions aimed at disclosing personal data to an indefinite circle of persons;
the subject of personal data is an individual in respect of whom personal data is processed;
deletion of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

Other terms and their definitions used in this Policy are used in the meanings defined by law.

CHAPTER 2

REGULATORY LEGAL ACTS OF THE REPUBLIC OF BELARUS, LOCAL LEGAL ACTS AND OTHER DOCUMENTS, IN ACCORDANCE WITH WHICH THE POLICY OF PROCESSING PERSONAL DATA FROM THE OPERATOR IS DETERMINED

2.1. The Operator's data processing policy is determined in accordance with the following regulatory legal acts:

The Constitution of the Republic of Belarus;
The Labor Code of the Republic of Belarus;
Law of the Republic of Belarus dated 05/07/2021 No. 99-Z "On Personal Data Protection";
Law of the Republic of Belarus dated 07/21/2008 No. 418-Z "On the Population Register";
Law of the Republic of Belarus dated 11/10/2008 No. 455-Z "On Information, Informatization and information Protection";
Law of the Republic of Belarus dated 05/28/2021 No. 114-Z "On Amendments to Laws on Labor Relations";
Other regulatory legal acts of the Republic of Belarus and regulatory documents of authorized state authorities.

2.2. In order to implement the provisions of the Policy, the Operator develops relevant local legal acts and other documents, including:

Regulation "On the processing and protection of personal data from the Operator" (Appendix 2);
register of Operator's personal data processing (Appendix 3);
the list of Operator positions that have access to personal data processed by the Operator (Appendix 4).

CHAPTER 3

BASIC PRINCIPLES OF PERSONAL DATA PROCESSING

3.1. The processing of personal data is carried out on the basis of the following principles:

it is carried out with the consent of the subject of personal data, except in cases established by law;
It is limited to achieving specific, pre-stated legitimate goals. Processing of personal data that is incompatible with the originally stated purposes of their processing is not allowed;
the content and volume of the processed personal data must correspond to the stated purposes of their processing. The processed personal data should not be redundant in relation to the stated purposes of their processing;
when processing personal data, their accuracy, sufficiency, and, if necessary, relevance in relation to the stated purposes of processing are ensured;
It should be transparent. For these purposes, the subject of personal data, in cases provided for by Law, is provided with relevant information regarding the processing of his personal data;
personal data is stored in a form that allows you to determine the subject of personal data for no longer than the purposes of personal data processing require, unless the period of personal data storage is established by law, an agreement to which the subject of personal data is a party.

3.2. Personal data is subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by law.

CHAPTER 4

PURPOSES OF PERSONAL DATA PROCESSING

4.1. The purposes of processing personal data by the Operator are:

ensuring compliance with the legislation of the Republic of Belarus;
carrying out its activities in accordance with the constituent documents of the Operator;
processing of messages and requests received from the personal data subject;
communication with personal data subjects;
conducting personnel work and organizing the accounting of the Operator's employees, including attracting and selecting candidates to work for the Operator;
maintaining individual (personalized) records of insured persons;
maintaining military records;
accounting and tax accounting;
accrual and transfer of wages, assignment and payment of benefits;
filling in and submitting required reporting forms to government agencies and other authorized organizations;
processing of personal data for the purpose of assigning pensions;
implementation of civil law relations;
providing personal data subjects with information about the Operator's activities, about the development of new websites and servers by operators;
sending notifications, commercial offers, advertising and informational messages to personal data subjects;
the Operator conducts promotions, surveys, interviews, and testing on the Operator's websites and servers;
evaluation and analysis of the Operator's servers, control and improvement of the quality of the Operator's services;
informing about the operation of the Operator's websites;
registration and maintenance of accounts on the Operator's websites and servers;
implementation of the access regime;

CHAPTER 5

CATEGORIES OF PERSONAL DATA SUBJECTS AND THE LIST OF PERSONAL DATA PROCESSED BY THE OPERATOR

5. The Operator may process personal data of the following categories of personal data subjects.

5.1. Candidates for employment with the Operator:

last name, first name, patronymic;
sex;
citizenship;
date and place of birth;
contact information;
information about education, work experience, qualifications;

5.2. Employees and former employees of the Operator:

surname, proper name, patronymic (including previous surnames, first names and (or) patronymics in case of their change);
date, month, year of birth;
place of birth;
information about citizenship (citizenship), including previous citizenship, other citizenship;
type, series, number, ID document code, date of issue, name (code) of the authority that issued it;
address and date of registration at the place of residence (place of stay), address of actual residence;
work, home (landline) and mobile phone numbers or information about other communication methods;
details of the social insurance certificate;
details of the marriage certificate;
information on marital status, family composition and close relatives processed in accordance with the legislation of the Republic of Belarus;
information about employment;
information about military registration and details of military registration documents;
information about education (when and which educational, scientific and other organizations he graduated from, numbers of documents on education (training), specialty according to the document on education, qualification);information about the academic degree;
information about foreign language proficiency, including the level of proficiency;
employee's photo;
information contained in the employment contract (contract), additional agreements to the employment contract (contract), in the annexes thereto;
information about the presence or absence of a criminal record - only candidates for employment (applicants) - in cases specified by law;
information about state awards, other awards and insignia;
information about retraining and (or) advanced training;
the results of a medical examination (examination) of an employee for fitness to perform work duties; information on labor and social leave;
salary information, bank account details for the transfer of wages and social benefits;
other personal data necessary to ensure the implementation of the processing purposes specified in paragraph 8 of this Policy.

5.3. Family members (relatives) of the Operator's employees:

last name, first name, patronymic;
degree of kinship;
year of birth;
other personal data provided by employees in accordance with the requirements of labor legislation.

5.4. Clients and contractors of the Operator (individuals):

last name, first name, patronymic;
date and place of birth;
details of the identity document;
the address of registration at the place of residence;
contact information;
individual taxpayer number;
current account number;
other personal data provided by clients and contractors (individuals) necessary for the conclusion and execution of contracts.

5.5. Representatives (employees) of the Operator's clients and counterparties (legal entities):

last name, first name, patronymic;
details of the identity document;
contact information;
current position;
other personal data provided by representatives (employees) of clients and contractors necessary for the conclusion and execution of contracts.

CHAPTER 6

BASIC RIGHTS AND OBLIGATIONS OF THE OPERATOR

6.1. The Operator has the right to:

to receive reliable information and (or) documents containing personal data from the subject of personal data;
request information from the personal data subject about the relevance and reliability of the personal data provided;
if the personal data subject withdraws consent to the processing of personal data, continue processing personal data without the consent of the personal data subject if there are grounds specified in the Law;
if necessary, to achieve the purposes of processing personal data, transfer them to third parties in compliance with the requirements of the law;
independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by Law and normative legal acts adopted in accordance with it, unless otherwise provided by Law.

6.2. The Operator is obliged to:

to explain to the personal data subject his rights related to the processing of personal data;
to obtain the consent of the personal data subject to the processing of personal data, except in cases provided for by Law and other legislative acts;
to ensure the protection of personal data during their processing; to provide the subject of personal data with information about his personal data, as well as about the provision of his personal data to third parties, except in cases provided for by Law and other legislative acts;
to make changes to personal data that are incomplete, outdated or inaccurate, except in cases where a different procedure for making changes to personal data is established by legislative acts or if the purposes of processing personal data do not imply subsequent changes to such data;
to terminate the processing of personal data, as well as to delete or block them (to ensure the termination of the processing of personal data, as well as their deletion or blocking by an authorized person) in the absence of grounds for processing personal data provided for by Law and other legislative acts;
notify the authorized body for the protection of the rights of personal data subjects of violations of personal data protection systems immediately, but no later than three working days after the Operator became aware of such violations, except in cases provided for by the authorized body for the protection of the rights of personal data subjects;
to modify, block or delete false or illegally obtained personal data of a personal data subject at the request of the authorized body for the protection of the rights of personal data subjects, unless another procedure for making changes to personal data, blocking or deleting them is established by legislative acts;
to comply with other requirements of the authorized body for the protection of the rights of personal data subjects on the elimination of violations of the legislation on personal data;
perform other duties provided for by Law and other legislative acts.

CHAPTER 7

BASIC RIGHTS AND OBLIGATIONS OF THE PERSONAL DATA SUBJECT

7.1. The subject of personal data has the right to:

to receive information regarding the processing of his personal data;
to receive information from the Operator about the provision of your personal data to third parties on the terms defined by Law;
revoke consent to the processing of personal data;
express the condition of prior consent when processing personal data in order to promote goods (works, services) on the market;
to appeal to the authorized body for the protection of the rights of personal data subjects or in court against illegal actions or omissions of the Operator in the processing of his personal data;
require the Operator to:
- changes to his personal data if the personal data is incomplete or outdated;
- free termination of the processing of his personal data, including their deletion, in the absence of grounds for processing personal data provided for by Law and other legislative acts;
- to receive any clarifications on issues of interest related to the processing of his personal data by contacting the Operator via e-mail;
- exercise of other rights provided for by the legislation of the Republic of Belarus.

7.2. The subject of personal data is obliged to:

provide the Operator with reliable information about yourself;
inform the Operator about the clarification (updating, modification) of your personal data.

CHAPTER 8

RESPONSIBILITY

8.1. Persons guilty of violating the Law of the Republic of Belarus dated 05/07/2021 No. 99-Z "On the protection of personal data" bear responsibility provided for by legislative acts.

CHAPTER 9

FINAL PROVISIONS

9.3. This Policy comes into force from the date of its approval.

9.4. Issues related to the processing of personal data that are not fixed in this Policy are regulated by law.

1ST CITY CLINICAL HOSPITAL

Personal data processing policy

Personal data processing policy

Find us on social media

Evaluate the quality of services

Find us on social media

Evaluate the quality of services