Privacy policy

1. Definitions

Administrator: PUROMEDICA SP. Z O.O. with its registered office in Dąbrowa, ul. Batorowska 30, entered in the Register of Entrepreneurs of the National Court Register under no. 0000908871; NIP (Tax ID) 7773322531 

Personal data/Data: all information about an identified or identifiable natural person by one or more specific factors, including the device’s IP number, location data, an online identifier and information collected via cookies or other similar technologies.

Policy: this “Privacy Policy”.

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Services: websites published by the Administrator and the online store,

User: any natural person/entrepreneur visiting the service or using one or several services or functionalities made available in the service.

Profiling: automated processing of personal data which consists in using personal data to assess certain personal factors relating to a natural person, in particular for analysis or forecasting,

In connection with using our services, we collect and process your personal data. Below you will find detailed rules and the purposes of processing your personal data.

2. Consent settings

We obtain your data such as an IP address or other identifiers and information collected via cookies or other similar technologies when you visit our services (also as a non-logged-in user). We process them for the following purposes:

  •  to provide content hosted in the service – in this case, the legal basis for processing is our legitimate interest consisting in disseminating our content (Article 6(1)(f) GDPR);
  •  for analytical and statistical purposes – in this case, the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR), consisting in analysing users’ activity and their preferences in order to improve the functionalities used and the services provided;
  • for the possible establishment, exercise or defence of legal claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) consisting in protecting our rights;
  •  for the marketing purposes of ours and other entities; the rules for processing personal data for marketing purposes are described below in the MARKETING section.

Your activity in the service, including your personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services) and via analytical scripts. We use these data primarily for purposes related to the provision of our services, for technical and administrative purposes, to ensure the security of the IT system and manage it, as well as for analytical and statistical purposes. For the above scope, the legal basis for processing personal data is our legitimate interest (Article 6(1)(f) GDPR).

Registration in the service

To create an account in the service, you are asked to provide the data necessary to create and operate the account, i.e. email address, first and last name, address and delivery address if different, phone number. In addition, to facilitate service, the user may provide additional data – such data can be deleted at any time. Providing the data marked as mandatory is required to set up and operate the account, and failure to provide them will result in the inability to set up the account.
In connection with setting up and operating the account, we process your data for the following purposes:

  •  to provide services related to maintaining and operating the account in the service – the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR), and with respect to data provided optionally – the legal basis is consent (Article 6(1)(a) GDPR);
  •  for analytical and statistical purposes – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR), consisting in analysing users’ activity in the service and how they use the account, as well as their preferences, in order to improve the functionalities used;
  • for the possible establishment, exercise or defence of legal claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) consisting in protecting our rights;
  •  for the marketing purposes of ours and other entities – the rules for processing personal data for marketing purposes are described below in the MARKETING section.

Placing orders

Placing and fulfilling an order (for goods or services) involves processing your personal data. Providing the data marked as mandatory is required to accept and handle the order, and failure to provide them will result in the order not being accepted. Providing the remaining data is voluntary.

 

Personal data are processed:

  •  for the purpose of fulfilling the order placed (including any complaints) – the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR); with respect to data provided optionally, the legal basis for processing is consent (Article 6(1)(a) GDPR);
  •  for the purpose of fulfilling statutory obligations incumbent on the Administrator, arising in particular from tax and accounting regulations – the legal basis for processing is a legal obligation (Article 6(1)(c) GDPR);
  •  for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) GDPR), consisting in analysing users’ activity in the service and their purchasing preferences, in order to improve the functionalities used;
  •  for the possible establishment, exercise or defence of legal claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) consisting in protecting our rights.

Contact forms

Using the form requires providing the personal data marked as mandatory. Failure to provide them will result in the inability to handle the request. Providing the remaining data is voluntary.
 

Personal data provided in the form are processed:

  •  to identify the sender and handle the matter described in the form – the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR);
  •  for analytical and statistical purposes – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR), consisting in compiling statistics of issues reported by users via the service, e.g. to improve its functionality.

Personalisation and tailoring of editorial content

We process your personal data to tailor editorial content, which may consist of:

  •  displaying content tailored to your interests/areas;
  •  carrying out other activities related to tailoring editorial content to your interests.

The legal basis for processing personal data for the purpose of personalisation and tailoring of content is our legitimate interest (Article 6(1)(f) GDPR).

To carry out personalisation and content-tailoring activities, in some cases we use profiling. This means that, thanks to the automatic processing of data, we assess selected factors relating to natural persons in order to analyse their behaviour or create forecasts of future behaviour.

3. Marketing

We process your personal data to carry out marketing activities, which may consist of:

  •  displaying marketing content to you independent of your preferences (including standard advertising);
  • displaying marketing content to you corresponding to your interests (behavioural advertising);
  • sending email notifications about offers or content that may be of interest to you, which in some cases contain commercial information (newsletter service);
  • conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).

To carry out marketing activities, in some cases we use profiling. This means that, thanks to the automated processing of data, we assess your selected behaviours or create forecasts of your future behaviours.
Standard advertising

Standard advertising is advertising independent of the user’s preferences. In the case of serving such advertising, personal data are processed for marketing purposes in connection with the pursuit of our legitimate interest (i.e. based on Article 6(1)(f) GDPR).
Behavioural advertising

Behavioural advertising is advertising tailored to the user’s preferences. Displaying behavioural advertising is based, among other things, on profiling, i.e. on the use of your personal data collected via cookies and other similar technologies. Profiling for marketing purposes takes place provided that you give your consent (i.e. is carried out on the basis of Article 6(1)(a) GDPR). This consent is voluntary. Consent may also be given by a clear affirmative action indicated in the message displayed during the consent-collection process. You can withdraw your consent at any time, but this does not affect the lawfulness of profiling for marketing purposes before its withdrawal.
Newsletter

We provide a newsletter service to persons who have provided their email address for this purpose. Providing the data indicated when signing up for the newsletter (email address) is voluntary, but necessary to send the newsletter.

 

Personal data are processed:

  •  for the purpose of providing the newsletter service – the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR);
  •  when sending marketing content to the user as part of the newsletter – the legal basis for processing, including profiling, is our legitimate interest (Article 6(1)(f) GDPR);
  • for analytical and statistical purposes – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) consisting in analysing users’ activity in the service, in order to improve the functionalities used;
  •  for the possible establishment, exercise or defence of legal claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR).

Direct marketing

Direct marketing carried out via, among others, email, MMS/SMS messages or by telephone requires your consent (i.e. on the basis of Article 6(1)(a) GDPR). You can withdraw your consent at any time.

4. Cookies

Cookies are small text files installed on your device. Cookies usually contain the domain name of the website they come from, the time they are stored on the end device and a unique identifier. In this policy, information regarding cookies also applies to other similar technologies used within the service.
“Service” cookies

We use so-called service cookies primarily to display content and remember logins, and to improve the quality of our services. Accordingly, together with entities providing analytical and statistical services for us, we use cookies and LocalStorage technology, storing information or accessing information already stored on your computer, phone, tablet, etc.).

Cookies used for this purpose include:

  • cookies with data entered by you (user input cookies);
  • authentication cookies used for services requiring authentication for the duration of the session (authentication cookies);
  • cookies used to ensure security, e.g. used to detect authentication abuses (user-centric security cookies);
  • “marketing” cookies

5. Period of processing personal data

The period of data processing depends on the type of service provided and the purpose of processing. As a rule, data are processed for the duration of the service or completion of the order, until withdrawal of the consent given or a successful objection or a successful request for data erasure.

The period of data processing may be extended where processing is necessary for the establishment, exercise or defence of potential claims, and after that period, only if and to the extent required by law.

6. Your rights

You have the right to: access your data and request their rectification, erasure, restriction of processing, the right to data portability to another controller, and the right to object to data processing, as well as the right to lodge a complaint with the supervisory authority for personal data protection.

To the extent that your data are processed on the basis of consent, you may withdraw it at any time by contacting us using the details provided in the service
Right to object

You have the right to object at any time to the processing of your data:

  •  for the purposes of direct marketing;
  •  on grounds relating to your particular situation, in cases where the legal basis for processing your data is our legitimate interest (e.g. our marketing, statistical, analytical purposes), i.e. where your data are processed on the basis of Article 6(1)(f) GDPR;

More information about your rights under the GDPR can be found in the transparency policy (available here), which constitutes an annex to this privacy policy.

7. Data recipients

In connection with the provision of our services, your personal data may be disclosed to external entities, in particular to providers responsible for handling IT systems used to provide services, entities such as banks and payment operators, research companies, entities providing accounting services, companies providing courier and shipping services, and marketing agencies (to the extent of marketing services).

Your data may be disclosed to competent authorities or third parties that request such information on an appropriate legal basis that gives rise to a legal obligation to provide information and in accordance with applicable law.

8. Transfer of data outside the European Economic Area

Your data will not be transferred outside the EEA.

9. Security of personal data

We ensure that personal data are processed by us in a secure manner, guaranteeing above all that only authorised persons have access to the data and only to the extent necessary due to the tasks they perform. We make sure that all operations on personal data are recorded and performed only by authorised employees and collaborators.

10. Contact details

Contact with the PERSONAL DATA ADMINISTRATOR is possible via email: office@puromedica.com or in writing at: ul. Batorowska 30, 62-070 Dąbrowa

11. Changes to the privacy policy

The Policy is reviewed on an ongoing basis and updated as necessary.