Privacy Policy

Data Controller

The data controller for this website is the operator of NFZ Terminy. For privacy-related inquiries, please contact us at [email protected].

What We Collect

NFZ Health Navigation does not collect, store, or process any personal data. We do not require registration, login, or any personal information to use this service.

Anonymous Analytics

If you accept cookies, we use Google Analytics 4 to collect anonymous usage data: which specialties are searched, which facilities are viewed, and which phone numbers are revealed. This data cannot identify you personally and is used solely to improve the service.

Legal Basis for Processing

We process anonymous analytics data on the basis of legitimate interest (GDPR Art. 6(1)(f)) to improve the quality and usability of our service. Analytics cookies are only set after you provide explicit consent. You may withdraw consent at any time by clearing your browser cookies.

Cookies

We use the following cookies:

• cookie_consent — stores your cookie preference (accept or reject). Expires after 1 year.
• _ga, _ga_* — Google Analytics cookies for anonymous usage statistics. Only set if you accept analytics cookies. Expire after 2 years.

You can change your cookie preferences at any time using the cookie consent banner displayed on the site. Alternatively, you may clear your browser cookies and revisit the site to see the banner again.

Data Source

All healthcare queue data is sourced from the NFZ (National Health Fund) public API at api.nfz.gov.pl. We display this data as-is without modification. We sync data daily into our database, but pages are served from a weekly cache — the data shown on any given page may lag the live NFZ API by up to 7 days. Always call the facility to confirm an appointment.

Your Rights

Under the GDPR (Articles 15-22), you have the right to: access your personal data, rectify inaccurate data, erase your data, restrict processing, data portability, and object to processing. Since this service does not collect or store any personal data, these rights do not practically apply. However, you may exercise any of these rights by contacting the data controller at [email protected]. You also have the right to reject analytics cookies at any time via the cookie consent banner.

Third-Party Services

We use the following third-party services that may process data on our behalf: Hetzner (website hosting, Germany/EU), Cloudflare (CDN and DDoS protection, global edge network), Sentry (error tracking and monitoring, EU Germany), and Google Analytics (anonymous usage analytics, USA with EU-US Data Privacy Framework). The database is self-hosted on our Hetzner server (Germany/EU). These services process only technical or anonymized data necessary for the operation and improvement of this website. No personal data is shared with these providers.

Supervisory Authority

You have the right to lodge a complaint with the Polish supervisory authority for data protection: Urzad Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, Poland. Website: https://uodo.gov.pl.

International Data Transfers

If you accept analytics cookies, Google Analytics may transfer anonymized usage data to servers located in the United States. Google LLC participates in the EU-US Data Privacy Framework and uses Standard Contractual Clauses to ensure adequate data protection for international transfers.

Data Retention

Cookie consent preference (cookie_consent) is stored for 1 year. Google Analytics cookies (_ga, _ga_*) expire after 2 years. Anonymous search logs (containing no personally identifiable information) are retained indefinitely to improve service quality.