Privacy and security policy
NVICTA Sp. z o.o., registered office in Gdańsk (80-172), Trzy Lipy Street 3 (INVICTA) the owner of Medipoint.pl System, applies security measures on the highest level to ensure maximal protection of personal and medical data while using Patient Portal, Partner Portal and Physician Portal which constitute an integral part of the Medipoint.pl System. Information submitted this way are secured by 128-bit SSL encryption. SSL certificate has been issued by the Certification Authority GeoTrust Extended Validation SSLCA. Additionally, we use a tunnel-encrypted VPN connection. The solution is based on individual certificate issued by INVICTA.
In order to log in the Medipoint.pl System, it is necessary to have a login and password assigned while creating the account. System forces change of password each 30 days to further minimize the risk of unauthorized access to confidential data of the account’s owner.
Principles related to setting the password to User’s account for all access portals (B2B Portals) include the guidelines laid down in the Regulation of the Minister of Internal Affairs and Administration of 29 April 2004.
Password should consist of at least 8 characters and should contain at least:
one special character, one uppercase letter, one lowercase letter, one digit.
Three wrong attempts to log in to the user account result in blocking it for 30 minutes. New password (changed by the User or entered while recovering the account) is verified with the password history.
Access to accounts is secured also by means of CAPTCHA technique. While creating an account, the user is asked to enter the content read from the image displayed on the Portal. This ensures that the accounts are created only by people (protection against bots).
Transmission encryption (SSL - Secure Socket Layer)
SSL (Secure Socket Layer) is the software operating on the server which uses encrypting protocols. It allows for secure exchange of information between the server and the computer, eliminating the possibility of unauthorized access. In web browsers (e.g. Mozilla Firefox), the information that SSL protocol is used by the site is indicated by the symbol of locked padlock displayed at the address bar where https prefix is additionally shown. You can check the authenticity of a certificate by double clicking on the padlock symbol. After clicking on the padlock, check whether security certificate was issued for Portal’s address by GeoTrustExtended Validation SSL CA and whether it is valid.
VPN - Virtual Private Network
VPN is a tunnel through which the network traffic flows between partners’ systems and the Server of INVICTA through the Internet so that the network nodes are transparent to packages transmitted. Transmitted data are additionally encrypted to provide higher level of security.
Portals operating within the Medipoint.pl System do not automatically gather any information, except for information contained in cookies.
Web cookies (the so-called “cookies”) are computer data, in particular text files, which are stored in terminal equipment of the user and are intended for the use of web pages. Cookies usually contain the name of web page from which they come, storage period in terminal equipment and unique number.
The Medipoint.pl System owner – INVICTA places cookies on terminal equipment of the user and obtains access to them.
Cookie files are used to:
- to adapt the contents of the Medipoint.pl System Portal (web) to user preferences and to optimize the use of websites; in particular, these files allow to identify user’s device and to appropriately display the website adjusted to individual needs;
- to create statistics which help to understand how Portal users use websites which in turn allows to improve their structure and contents;
- to maintain user session (after logging in) due to which the user does not have to re-enter the login and password on each subpage of the Medipoint.pl System.
Two basic types of cookies are used within the Portals of Medipoint.pl System: session cookies and persistent cookies. Session cookies are temporary files which are stored in terminal equipment of the user until logging out, leaving the website or switching the software off (web browser). "Permanent" cookies are stored in the terminal equipment of a user for the time specified in the parameters of cookie files or until they are removed by the user.
The following types of cookies are used within the Portals of Medipoint.pl System:
- “essential” cookies enabling the use of the services available within the Portals, e.g. authentication cookies used for services of the Portal which require authentication;
- cookies used to ensure security, e.g. the ones used to detect abuses related to authentication in the Portals;
- “performance" cookies, enabling the collection of information about how to use the websites of Medipoint.pl System;
- “functional” cookies, allowing to “remember” settings selected by the user and personalization of the interface, e.g. in terms of language selected.
In many cases, the software used to browse websites (browser) allows by default to store cookies in user’s terminal equipment. The users of Medipoint.pl System Portals may change their cookie settings at any time. These settings can be changed in particular in such a way to block automatic handling of cookies in web browser settings or to be informed about their presence on user’s device. Detailed information about the possibilities and ways of handling cookies are available in the software (web browser) settings.
Cookies placed in terminal device of the user may be also used by partners cooperating with the owner of Medipoint.pl System.
More information about cookies are available in the "Help" menu of web browser.
Technical requirements necessary to use Medipoint.pl System Portals
The following requirements must be met to correctly use the service through the website:
- Web browser with support for CSS2 ( Cascading Style Sheets) - Mozilla Firefox, Google Chrome, Opera;
- Minimal resolution: 1024x768 or higher.
Few simple tips
- Remember about using anti-virus software and firewall. Make sure to update them.
- Use only legal software. Follow the instructions provided by the manufacturer of the operational system and web browser as well as update these programs.
- When logging in to the system use only the link provided by INVICTA or enter the address of our website medipoint.pl on your own in the browser bar.
- Never use Internet search engines to find login page. The results found may lead to false pages or to pages with viruses.
- Before logging in check whether connection with INVICTA is secured with SSL protocol (the icon of locked padlock in the address bar). The page medipoint.pl is secured with SSL Certificate issued by the Certification Authority GeoTrust Extended Validation SSL CA. Before you log in to the site, check whether browser bar with website address entered is in green, otherwise please stop the logging process and immediately report the problem. This may be the attempt of attack or of impersonating the Medipoint.pl System.
- All portals of INVICTA Sp. z o.o., which are involved in the processing of personal data or on which there is any logging system, have information exchange transactions secured by SSL Certificates which may always be checked by clicking on green address bar in the browser.
- Employees of INVICTA will never ask about passwords or logins required to log in to the Medipoint.pl System. If such situation took place, immediately report the problem by using the contact form.
Few simple rules
- You can set password to log in the System on your own, you can change it in the System.
- While entering login and password make sure that no one is looking.
- Security primarily depends on you.
- Use safe, complex passwords in accordance with the standard required by the Medipoint.pl System.
- Do not anywhere write down the password for logging.
- The System will remind you about the necessity to change password.
- After logging in to the Medipoint.pl System, do not leave the computer.
- After completing the work with the System, log out and close the browser.
- If you notice any additional fields to enter the password or any irregularities while logging in, e.g. lack of green address bar or if the site seems suspicious - do not make further attempts to login. Immediately report the problem.
- Remember that your computer should have all necessary safeguards to protect against viruses, Trojans and other malware - update the software according to the manufacturer's instructions.