Introduction – General Provisions
The purpose data protection policy is to clarify and regulate the processing of personal data of the users of www.medicavera.pl. We appreciate your trust and thus take utmost care to protect your data against unauthorized access. Your personal data and information are protected using the highest standards possible and thanks to technical security systems and additional authorisation processes. This applies both to the transfer of data and its storage on our servers.
Medicavera Sp. z o.o. Dahlhausen Group, the operator of the website available at www.medicavera.pl, is the Data Administrator, i.e. the entity deciding how your personal data will be used.
Users’ personal data are processed in compliance with the principles provided for in the RGDP, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (general regulation on data protection, hereinafter “RGDP”), as well as those provided for in the Polish Personal Data Protection Act (RODO), its implementing acts and the Act on the provision of electronic services of 18 July 2002. (Journal of Laws [Dz.U.] of 2002, No. 144, item 1204, as amended).
In order to meet the statutory requirements, the Administrator selects and applies appropriate technical and organizational measures to ensure the protection of the processed data and protects the data against unauthorized access and processing in violation of applicable laws.
1. Legal basis for data processing
1. The following purposes constitute the legal basis for the processing of personal data by the Administrator:
1.1. registration of an account with the service is Article 6(1)(a) of the RGDP, i.e. the User’s explicit consent to the processing of such data,
1.2. necessary to fulfill the Administrator’s legitimate interests, including marketing activities and advertising campaigns of the Administrator’s products or services by electronic means or by telephone, on the basis of a separate consent given in accordance with Article 6(1)(a) of RGDP, i.e. the User’s express consent to the processing of such data provided by the forms placed on the website.
2. The Administrator processes personal data voluntarily provided by Users and automatically collected data on the manner of using the Service (including tools used to use the Service) in accordance with Article 6 paragraph 1 letter f of the RGDP, i.e. for legally justified purposes implemented by the Administrator, and in particular for the purpose of direct marketing of the Administrator’s products or services, as well as to optimize, streamline and personalize the Service functions, and to create statistics. The Administrator shall ensure that such processing does not violate the rights and freedoms of data subjects.
3. Personal data provided voluntarily by the User are not combined with automatically collected data on the manner of using the Service by this User. The Administrator informs that due to technical reasons such a connection may sometimes occur, however, in such a situation the combined data will be processed by the Administrator only due to legally justified purposes realized by the Administrator, and in particular in order to optimize, improve and personalize the Service functions and to create statistics for the Administrator’s internal needs.
4. With separately expressed consent of the User, his personal data may be processed in order to send him electronically commercial information about the Administrator’s Services. You have the right at any time to request that you stop sending commercial communications by electronic means or that you stop using your telephone number for direct marketing purposes.
5. The data processed for the purposes of Registration in the service will be processed until the possible removal of the service account (which will result in termination of the contract for the provision of Electronic Services).
6. Data processed for the Company’s marketing purposes by electronic means or by telephone will be processed until the possible withdrawal of relevant consents.
7. Personal data for the purposes of contact with the Administrator will be processed during the period of this contact, and later will be archived for a period of 3 years from the end of the contact, which is justified by the need to reconstruct the content of such contact in connection with the investigation of potential claims.
8. Data processed in connection with the assertion of possible claims as well as for archiving purposes will be processed for 3 years after the end of the contract.
2. Purpose, scope of data collection and recipients of data
1. The purpose, scope and recipients of data processed by the Administrator result from the User’s consent or legal regulations and are specified in detail as a result of actions taken by the User on the Website or in other channels of communication with the User.
2. The Administrator shall take special care to protect the interests of the data subjects, and in particular shall ensure that the data collected by the Administrator are processed:
2.1. in accordance with the law, fairly and transparently to the data subject (‘lawfulness, fairness and transparency’),
2.2. for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (‘purpose limitation’),
2.3. adequately and within the limits of what is necessary for the purposes for which they are processed (‘data minimisation’),
2.4. the personal data are processed in accordance to the rules and, when necessary, updated (‘correctness’),
2.5. in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed (‘retention restriction’),
2.6. in a way that ensures adequate security of personal data, including protection against unlawful or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organisational measures (‘integrity and confidentiality’).
3. The user provides the following personal data:
– during the process of registration in the Service: e-mail address, name, surname, address and telephone number.
5. Potential purposes of collecting Users’ personal data by the Administrator:
5.1. creating a User’s account on the Website,
5.2. marketing activities of its own products and services (in electronic or telephone form), with the separate consent of the User,
5.3. marketing activities of products and services of the Administrator’s partner (in electronic form or by telephone), with the User’s separate consent,
5.4. building and implementation of rankings with acceptance of the regulations of a given event,
5.5. implementation of promotion campaigns with acceptance of the regulations of a given event,
5.6. preparation and implementation of conferences and trainings with acceptance of the regulations of a given event.
6. Personal data is collected on this website only to the extent technically necessary. Under no circumstances will the data collected be sold or transferred to third parties for purposes other than those described in this document.
Possible recipients of Users’ personal data:
• employees and associates of the Administrator,
• entities entitled to receive them under the applicable law,
• company or person on the basis of relevant agreements, i.e. agreements on entrusting data, inter alia, for the purpose of archiving, destruction, storage, delivery, implementation of commercial services to maintain relations with Users on behalf of the Administrator or the Administrator’s commercial partners.
Entities entrusted with the processing of personal data under a separate agreement are obliged to observe the principles of confidentiality and security of personal data, in particular not to disclose data to unauthorised persons, and to apply physical and technical security measures adequate to the manner of processing such data. At the User’s request, the Administrator shall provide the User with detailed information about the entity to whom he has entrusted the processing of data, the scope of the entrusted data and the date of their transfer. Moreover, in this mode, the Administrator also provides access to current and detailed information on the technical means used or made available by the Administrator to prevent unauthorised persons from obtaining and modifying personal data sent by the User electronically.
We collect personal data as part of the process of inquiries, registration of access to a personal account, newsletter subscription or other commercial information. In addition, we save further non-personal data in order to continuously improve our offer. In our Server Log Files we store information that your browser automatically transmits to us for technical reasons. This is the following information:
• Browser type/version
• Operational system
• URL (previously visited page)
• Host (IP address)
• Server query time
The personalised recording of the aforementioned data does not take place. This data is not combined with other data sources, including your personal data. After visiting our website, your IP address will be deleted immediately.
If it is possible to determine the scope of the personal data provided on our website, please check which of them you wish to disclose to us. The data in the fields marked as mandatory fields are necessary for us to process your enquiry or to process your order. The provision of other data, in particular data processed for the marketing of goods and services and the provision of commercial information, is voluntary and is used to optimise our offer, including service and, if necessary, for statistical purposes.
As part of the ordering process, we conduct a regular quality assessment by, among other things, taking into account personal data using scientifically recognised mathematical processes.
3. Newsletter and other commercial information
Our Newsletter and other commercial information will be sent to you after you have given your consent to send it to your e-mail address. Providing your e-mail address and confirming your consent to receive commercial information by clicking on the link you receive to the e-mail address provided by you, is considered as your consent:
• to send commercial information, including the Newsletter;
• to process personal data within the scope of the e-mail address provided by www.medicavera.pl for purposes related to sending the Newsletter and commercial information.
Of course, at any time you have the opportunity to access and correct your data and to opt out of storing your e-mail address for the purpose of sending the Newsletter and other commercial information to your e-mail address, without incurring any additional costs at the same time. In order to resign from the Newsletter and other commercial information sent to the e-mail address provided, please use the link at the end of each Newsletter. Registered users may resign from the Newsletter and other types of commercial information by phone, e-mail or via the contact form on the website www.medicavera.pl .
Thanks to the functionality of our Newsletter, we can automatically track what content of our Newsletter is of particular interest to our customers. We use the results of the quasi anonymous analysis only for the purpose of improving our offer. The exact assignment of the results to a person does not take place. You have the right to object to the analysis of your data in order to improve the offer by sending a short message on our e-mail address.
4. User rights
1. Every person to whom personal data relate shall have the right:
1.1. – access to data,
1.2. – rectification of data,
1.3. – deletion of data,
1.4. – restrictions on data processing,
1.5. – the right to object to the processing of data,
1.6. – the right to lodge a complaint to the supervisory authority.
2. Cancellation or objection in respect of the processing of personal data shall be effected by sending an e-mail to the following address: firstname.lastname@example.org
3. After revoking the consent or objection, the User’s personal data will not be used for these purposes anymore. The User may change/supplement his/her personal data by sending an e-mail application to the following address: email@example.com
4. In case of any irregularities in relation to data processing by the Administrator, the User has the right to lodge a complaint with the President of the Office for Personal Data Protection.
5. Contact with the person supervising the processing of personal data in the Administrator’s organization is possible by e-mail: firstname.lastname@example.org
5. Contact with the Personal Data Administrator
2. The Administrator stores correspondence with the User for statistical purposes and for the best and quickest possible response to queries, as well as in the scope of complaints and decisions made on the basis of notifications of possible decisions on administrative interventions in the indicated data. Addresses and data collected in this way will not be used to communicate with the User for purposes other than the implementation of the request.
3. When the User contacts in order to perform given activities, the Administrator may again request the User to provide personal data, including personal data, e.g. in the form of name, surname, e-mail address, etc.in order to confirm the identity of the User and enable feedback on the matter. The above applies to the same data, including personal data, which were previously provided by the User and the User agreed to process. The provision of such data is not mandatory, but may be necessary to perform actions or obtain information of interest to the User.
6. Safety measures we take to protect your data
a.) Our technical standards
Your data is transferred using SSL (Secure Socket Layer) with a 256-bit key. This technology offers the highest level of security and is therefore also used, for example, by banks to protect online banking data. The transmission of encrypted data can be identified by displaying the encrypted keys or key symbols in the lower status bar of your browser.
1. The Administrator shall apply appropriate technical and organizational measures to ensure the security of the protection of the Personal Data being processed, appropriate to the risks and category of data being protected, and in particular shall protect the data against unauthorised disclosure, takeover by an unauthorised person, processing in violation of applicable regulations and change, loss, damage or destruction.
2. Taking into account our technical know how, the cost of implementation and the nature, scope, context and objectives of the processing and the risk of any violation of the rights or freedoms of natural persons with varying degrees of probability and seriousness of threat, the Administrator shall implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, but not limited to, where appropriate:
2.1. encryption of personal data,
2.2. the ability to continuously ensure the confidentiality, integrity, availability and resilience of processing systems and services,
2.3. the ability to rapidly restore the availability of and access to personal data in case of an accident,
2.4. in case of physical or technical incident,
regularly testing, measuring and evaluating the effectiveness of technical and organisational measures to ensure the security of processing.
7. Cookies policy
- adapting the content of the website to the individual needs and preferences of the User,
- maintaining the session of the logged in User so that on particular subpages of the Service there is no need to log in again,
- resenting advertisements adjusted to the User’s preferences,
- creation of analyses, reports and statistics concerning the ways of using the website by the Users,
- popularization of the online store through Facebook.
Cookies are available to the Administrator. Cookies placed on your terminal device may also be used by Google Inc. in the USA (Google Analytics provider) and Facebook Inc. in the USA.
External Cookies are used in accordance with the privacy policies of the entities from which they originate.
Cookies and the information stored in or accessed by them do not alter the configuration of the device and the software installed on that device.
If the User does not change the default settings for cookies in his or her browser, the cookies will be placed in his or her terminal device and used in accordance with the rules set by the provider of the browser. Thus, Cookies may be stored in the User’s terminal device and the Administrator may access the information contained in these files.
Information on how to manage cookies in each browser can be found on the pages dedicated to each browser:
Internet Explorer: http://support.microsoft.com/kb/196955/pl
8. Social Plugins
The so-called “Social Plugins” are a technology that allows you as a user to disclose certain content with a direct connection to social network participants. In our shop we offer you Facebook Inc. (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA). “Share button” on Facebook and “Tweet button” on Twitter (Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107). Both plugins are used to transfer the IP address of the last page displayed on the user’s browser (Facebook / Twitter) to the provider by clicking on it. In addition, product information is also transferred. We will not transfer your personal data that you provide on www.medicavera.pl or that you have saved on Twitter or Facebook.
9. Your right to information and the right to object
Your trust is very important to us. For this reason, we will answer any questions you may have about the processing of your personal data during our business hours. You have the right to obtain information about the data stored with us, its origin and recipients, as well as about the purpose, scope and methods of processing. If you wish to obtain information about the data stored with us, please contact our data protection department (e-mail: email@example.com ). We are also obliged to correct, save and delete data at your request, unless other statutory provisions (e.g. statutory data storage obligations) provide otherwise.
If you have any questions or want to exercise your right to object or resign from receiving the Newsletter together with other commercial information, please contact us.
Tel.: 91 421 00 32
(from fixed-line telephone the prices are fixed as for a call to a mobile phone number. Calling from a mobile phone you’ll be charged according to the prices of your operator)
Your personal data may also be processed automatically, including in the form of profiling. The consequence of profiling will be the assignment of a profile to a given person for the purposes of analysis or anticipation of User preferences, behaviour, attitudes and adaptation of information provided to a User via the Service.