Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as GDPR), please be informed as follows:
- The Controller of your personal data is as follows: Zakłady Farmaceutyczne Polpharma S.A. with its registered seat in Starogard Gdański, Pelplińska 19 Str., 83-200 Starogard Gdański, registered into the Register of Entrepreneurs of the National Court Register (KRS)by District Court in Gdańsk, VII Division under number 127044, (“Controller”).
- You can contact the Controller in writing – at the above address.
- The Controller has appointed a Data Protection Officer, whom you can contact in all matters regarding personal data protection, by writing to: Data Protection Officer, ul. Bobrowiecka 6, 00-728 Warszawa, at the e-mail address: firstname.lastname@example.org, or by telephone: + 48 22 364 63 11.
[Purpose and legal basis for the processing of personal data]
- Your personal data, that you have provided directly to us, will be processed for the following purposes:
- marketing, purposes related to the Controller’s own products or services, via communication channels to which you have consented – pursuant to Article 6(1)(a) of GDPR, i.e. on the basis of your voluntary consent;
- planning of marketing activities and managing of the said marketing activities – for the Controller’s internal purposes – pursuant to Article 6(1)(f) of GDPR, i.e. for the purpose of legitimate interest pursued by the Controller, being the optimisation of the marketing activities related to the Polpharma Group’s products or services promoted by the Controller, as well as the keeping of records of the undertaken marketing activities;
- arrangements, pursuance or defence of any legal claims between you and the Controller – pursuant to Article 6(1)(f) of GDPR, i.e. for the purpose of legitimate interest pursued by the Controller, being the possibility of pursuing or defending legal claims.
- You will be subject to automated decision-making, including decisions based on profiling. Profiling is done on the basis of the collected data, such as, in particular: information obtained from cookies, including transmission data and location data.
- Your personal data may be disclosed to IT service providers, entities providing advice, accounting and legal services, repair and maintenance services, courier companies for the purpose of service provision.
- Your personal data may be made available to entities and authorities entitled to process such data under applicable laws.
- Your personal data may be transferred outside the European Economic Area (a third country) in connection with the activities undertaken in social networks and the use of tools provided by social networks, the use of analytical tools for analytical analyses, including anonymised tracking of user behaviours.
[Data storage duration]
- When data are processed on the basis of the given consent, personal data will be processed until such consent is withdrawn.
- When data are processed on the basis of a legitimate interest pursued by the Controller, data will be processed until the relevant data subject objects to such processing.
- After the lapse of the above period, personal data will be stored until claims (if any) become time-barred or until expiry of the data storage obligation arising from applicable laws.
- You are entitled to:
- the right of access to data regarding you, the right to clarify such data, restriction of processing, the right to submit an objection in relation to data processing;
- the right to personal data portability, i.e. the right to receive from the Controller you personal data, in a structured, commonly used and machine-readable format. You may transmit the data to another controller;
- to the extent that your data are processed on the basis of consent − the right to withdraw consent to the processing of personal data at any time by submitting your request to the e-mail address: email@example.com. Withdrawal of consent does not affect lawfulness of any processing activities carried out under consent before its withdrawal.
- In order to exercise the rights listed above, contact the Controller or Data Protection Officer (the contact details are listed above).
- Furthermore, you are entitled to submit a claim to the supervisory authority in charge of personal data protection (President of the Office for Personal Data Protection), if you think that data processing violates GDPR.
- Your personal data collected via cookies do not, in most cases, allow identification; therefore, in order to exercise the rights you are entitled to, the Controller may request that additional information be provided.
- Your personal data are processed in accordance with applicable laws, in particular GDPR.
- Cookies are computer data, in particular text files, that are stored on the final device (computer or other device by which the User makes use of the Website) and are designed for use of the Website’s pages.
- Cookies usually contain:
- name of the webpage they come from,
- their storage time on the Website User’s final device,
- individual number.
- Cookies may also be used by regular partners cooperating with the Controller.
- The information contained in cookies is collected, stored and processed in accordance with generally applicable laws.
- Apart from the information contained in cookies, the Website does not automatically collect any additional information. In particular, the Website does not automatically collect any personal data or other confidential information relating to the User.
- Cookies are used for:
- adjusting the content of the Website’s pages to the User’s preferences and optimising the use of the webpages;
- providing statistics that help us understand how the Website Users use the webpages, and enhance the webpages in terms of their construction and content;
- maintaining the Website User’s session after logging, thanks to which the User does not have to retype his/her login and password on every subpage of the Website;
- ensuring the security of the Website.
- The Website uses:
- “session” cookies of a temporary nature, which are stored on the User’s final device until the time of logging out, leaving the webpage or closing the web browser,
- “fixed” cookies stored on the User’s final device until they expire or until they are removed by the User.
- The Website uses the following types of cookies:
- “necessary” cookies, allowing the use of the services available through the Website, such as used for services that require authentication in the Website;
- cookies used to ensure safety, such as used for detecting fraud in the Website authentication.
- “efficiency” cookies, allowing to gather information about how to use the Website’s pages;
- “functional” cookies, allowing to store settings chosen by the User such as web design, etc.;
- “advertising” files, allowing to provide the User with advertising content tailored to their interests.
- Web browsers generally allow the storage of cookies on the User’s final device.
- It is possible, at any time, to change the settings of cookies on the computer or other device by which the User makes use of the Website. Changes to the settings may lead to auto-lock of cookies support in the web browser settings or informing about cookies each time the User enters the Website.
- More information about cookies and how to use them is available in the web browser menu.
- Any changes to this Policy will be made by publishing new content on the Website on a later date.
Warsaw, 25 May 2018