PRIVACY POLICY

This Privacy Policy defines the principles of processing Personal Data by the Personal Data Administrator, i.e. the company “POLSKI LEK” Sp. z o. o.
based in Wadowice.

I. Definitions:

Personal Data Administrator– “POLSKI LEK” Sp. z o. o. with its registered office in Wadowice, address: 34-100 Wadowice, ul. Chopina 10, entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000884381, whose registration files are kept by the District Court for Kraków-Śródmieście in Kraków, 12th Commercial Division of the National Court Register, NIP: 5213202397, REGON: 017517626, BDO: 000028717, share capital: 578 820.00 PLN.

Contact details of the Personal Data Administrator:

Correspondence address: “POLSKI LEK” Sp. z o. o., ul. Chopina 10, 34-100 Wadowice

Email address:polskilek@polskilek.pl

Personal Data– all information about a natural person identified or identifiable through one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected via cookies and other similar technologies.

GDPR– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Website –any website/social networking site/application in which this Privacy Policy is posted or linked to.

A company from the Personal Data Administrator Group– an affiliated company
with the Personal Data Administrator economically and/or capitally and/or personally.

User– any natural person visiting the Website and/or using it
from computer programs used to conduct communication (e.g. chatbots).

II. Processing of Personal Data

1. Principles of processing Personal Data

Theprocessing of Personal Data will be carried out in accordance with the provisions of the GDPR applicable in this respect.

The Personal Data Administrator applies technical and organizational measures to ensure the protection of Personal Data processing and to secure Personal Data against disclosure to unauthorized persons, takeover by unauthorized persons, processing in violation of the applicable legal provisions on the protection of Personal Data and alteration, loss or destruction.

Personal Data collected within the Website in the form of cookies may be profiled by the Personal Data Administrator in the cases indicated in point 3 letter e) below.

2. Processing of Personal Data outside the European Economic Area

In accordance with legal requirements, we inform you that due to the need to ensure the highest possible level of IT services, including the security of Personal Data, IT service providers from outside the European Economic Area (“EEA”) may have access to Personal Data. The level of protection of Personal Data outside the EEA differs from that provided by European law. For this reason, the Personal Data Controller ensures that the above-mentioned IT service providers have access to Personal Data only to the extent necessary to provide their services (including maintenance services) and while ensuring an adequate level of protection, primarily through:

a) cooperation with entities in countries for which an appropriate decision of the European Commission has been issued regarding the adequate level of protection of Personal Data;

b) use of standard contractual clauses issued by the European Commission.

In the above-mentioned case, the User has the right to obtain a copy of the information on the security measures applied by contacting the Data Protection Supervisor.

3. Purposes and legal basis for processing Personal Data and the period of processing Personal Data

The Personal Data Administrator may process Personal Data for the following purposes:

a) for the purpose of communication, identification and responding to inquiries via the contact forms indicated on the Website

In the case of contact via general e-mail addresses or telephone numbers belonging to the Personal Data Administrator, as well as in the case of using the contact form available on the Website, the Personal Data Administrator processes the Personal Data in order to enable contact and respond to the inquiry.

The legal basis for the processing of Personal Data for the above purposes is the legitimate interest of the Personal Data Controller, i.e. Article 6 paragraph 1 letter f of the GDPR. Personal Data will be processed for the period necessary to answer the question or until an objection is raised to the processing of Personal Data in the legitimate interest pursued by the Personal Data Administrator.

b) for the purpose of handling complaints

In the event of a complaint regarding products offered by the Personal Data Administrator via:

a) electronic contact forms,

b) general e-mail addresses and telephone numbers provided on the websites of the Personal Data Administrator.

The Personal Data Administrator processes Personal Data for the purpose of considering and responding to complaints.

The legal basis for the processing of Personal Data is the fulfilment of the legal obligation incumbent on the Personal Data Controller –i.e. Article 6 paragraph 1 letter c of the GDPR and the legitimate interest of the Personal Data Controller, i.e. Article 6 paragraph 1 letter f of the GDPR consisting in the pursuit by the Personal Data Controller of possible claims and the defence against such claims.

Personal Data will be processed for the period necessary to consider the complaint, the limitation period for claims arising from the complaint and the period necessary to defend against the claims of the person submitting the complaint.

c) for direct marketing purposes

The Personal Data Administrator may process Personal Data for the marketing purposes of the Personal Data Administrator, including the marketing of products from the commercial offer of the Personal Data Administrator. The processing of Personal Data for direct marketing purposes may also take place via public profiles on social networking sites, including: Facebook, Twitter, LinkedIn, TikTok, Instagram, Snapchat, Pinterest, which are administered by the Personal Data Controller. Personal Data processed in these profiles are primarily the data of persons visiting the profiles to which the Personal Data Controller has access, among others, as part of comments, likes, online identifiers or as part of any interaction between the person visiting the profile and the Personal Data Controller or the entity commissioned by the Personal Data Controller to handle the above-mentioned profiles. The purposes of processing Personal Data are to enable visitors to engage in activity on profiles, to effectively manage profiles by presenting visitors with information about initiatives, activities, events, services or products, as well as to conduct statistical and analytical activities using the capabilities provided by the providers of the above-mentioned social networking sites.

The legal basis for the processing of Personal Data for the above purposes is the legitimate interest of the Personal Data Controller in promoting the Personal Data Controller and the products it offers, as well as improving the quality of the services provided – i.e. Article 6 paragraph 1 letter f of the GDPR.

Personal Data will be processed until the legitimate interest of the Personal Data Administrator is fulfilled or until an objection is raised to the processing of Personal Data for these purposes.

In the case of processing Personal Data as part of competitions and other promotional campaigns organised on the profiles of the above-mentioned social networking sites, the principles of processing Personal Data are each time described in the regulations of the given competition or promotional campaign.

The above information constitutes only the principles of processing Personal Data by the Personal Data Administrator as part of the profiles maintained on social networking sites. The principles of processing Personal Data by the providers of the above-mentioned social networking sites are available on the websites of these providers.

In connection with the use of cookies, personal data of Website Users are processed. The principles of personal data processing in connection with the use of cookies, including the purposes of processing, are specified in III. Cookie Policy.

4. Recipients of Personal Data

Personal Data may be transferred:

a) to the extent indicated in point 3 letter a: authorised employees and associates of the Personal Data Controller, entities providing services, including maintenance services and technical support for applications, computer programs, IT systems and the Website in which Personal Data are processed, entities authorised to receive Personal Data under the provisions of generally applicable law;

b) to the extent indicated in point 3 letter b: authorised employees of the Personal Data Controller and persons authorised by the Personal Data Controller, collaborators of the Personal Data Controller, manufacturers of advertised products, Companies from the Personal Data Controller’s Group, insurers, insurance brokers, entities providing marketing services that cooperate with the Personal Data Controller and/or entities indicated by the Personal Data Controller as part of handling complaints, entities authorised to receive Personal Data under generally applicable law;

c) to the extent indicated in point 3 letter c: authorized employees and associates of the Personal Data Controller, Companies from the Personal Data Controller’s Group and their authorized employees; marketing and advertising agencies, media houses cooperating with the Personal Data Controller or a Company from the Personal Data Controller’s Group, entities that provide services to the Personal Data Controller, in particular entities providing IT services, entities providing transport, carriage, postal, courier, advisory services and supporting the Personal Data Controller in pursuing claims, in particular: law firms, tax firms, entities providing debt collection services, auditors, insurers, insurance brokers and authorized employees or associates of the above entities.

5. Personal Data Rights

The person whose data is processed has the right to:

a) access to the content of your Personal Data;

b) rectify your Personal Data;

c) delete your Personal Data;

d) restrictions on the processing of your Personal Data;

e) the right to request the transfer of your Personal Data.

The data subject has the right to lodge a complaint regarding the processing of Personal Data with the supervisory authority, which in Poland is the President of the Personal Data Protection Office.

In cases where the processing of Personal Data by the Personal Data Controller takes place for the purpose of pursuing a legitimate interest of the Personal Data Controller or a third party, the person whose data is processed may at any time object – for reasons related to his or her particular situation – to the processing of his or her Personal Data.

If the purpose of processing Personal Data is marketing, including marketing of products offered by the Personal Data Administrator, the person whose data is processed may at any time object to the processing of personal data for the purposes of such marketing.

In cases where the processing of Personal Data is based on consent, the person whose data is processed has the right to withdraw consent to the processing of Personal Data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

The above rights may only be exercised in accordance with the corresponding provisions of the GDPR.

In the event of submitting a request to exercise rights related to the processing of Personal Data, the Personal Data will be processed for the purpose of recognising the request and documenting how it was dealt with. The legal basis for processing is the legitimate interest of the Personal Data Controller consisting in the need to consider the application and ensure accountability related to its consideration – i.e. Article 6 paragraph 1 letter f of the GDPR. Personal Data will be processed for a period enabling the implementation of this interest or until an effective objection to the processing of Personal Data for the above purpose is raised.

The contact person of the Personal Data Administrator in all matters relating to the processing of Personal Data, as well as for the implementation of the above rights, is the Data Protection Inspector.

Contact details of the Data Protection Officer:

Correspondence address: Data Protection Inspector of “POLSKI LEK” Sp. z o. o., ul. Chopina 10, 34-100 Wadowice.

E-mail address: iod@polskilek.pl.

III. Cookie Policy

Cookies are used to provide services at the highest level, including those tailored to individual needs. Cookies are computer data, in particular text files, which are stored on the end device of the Service User and are intended for using websites.

Cookies are saved on the User’s end device when the User expressly consents to this. The consent does not apply to “essential cookies”, to which the User does not have to consent, as they are necessary for the proper functioning of the Website.

The User may express consent to other cookies by continuing to use the Website without changing the cookie settings and clicking the “Accept all cookies” button. If the User does not consent to the installation of any cookies other than those necessary, he or she should select the option “Allow only necessary cookies”. If the User wants to change the settings, he or she should select the “Cookie settings” option. Using this option allows the User to make a selection and consent to selected cookies.

The message regarding cookies is displayed only when you first enter the Website and is visible until you make the appropriate settings or accept cookies. You can change your cookie settings by selecting the „Cookie settings” option when using the Website.

Additionally, from the level of the web browser used by the User it is possible to independently manage cookies, including blocking or deleting them. Comprehensive information is available in your web browser settings. Limitations or exclusions of the use of cookies and other similar technologies may affect some of the functionalities available on the Website.

In addition to the Personal Data Administrator, cookies may also be placed on the User’s end device by entities cooperating with the Personal Data Administrator, including partners providing analytical services, advertisers, application developers, network advertising agencies (in this case, the cookies placed by them are so-calledthird-party cookies). The list of these entities, as well as links to the principles of their processing of personal data, is provided below:

• • • Adform A/S: Overview – Adform
    • Google: Privacy Policy – Privacy & Terms – Google

TYPES OF COOKIES

Due to the lifetime of cookies, the Service uses two basic types of cookies:

• • • • session – temporary files stored on the User’s end device until logging out, leaving the Website or turning off the software (web browser);
    • • permanent – stored on the User’s end device for the time specified in the cookie file parameters or until they are deleted by the User..

The storage period of cookies is indicated for each cookie file in the „Cookie settings” option.

Due to the purpose of cookies, the Website uses the following types:

ESSENTIAL COOKIES

The Personal Data Administrator uses necessary cookies that serve the functioning of the Website, as well as providing the User with services in connection with the use of the Website and cannot be disabled. The User does not have to consent to the storage of necessary cookies.

The legal basis for data processing in connection with the use of necessary cookies is the necessity of processing for the performance of the contract (Article 6, paragraph 1, letter b of the GDPR), in connection with the User’s use of the functionalities available on the Website.

ANALYTICAL COOKIES

The Personal Data Administrator uses analytical cookies to collect information on the number of visits and the source of traffic on the Website, which allows for determining how the User navigates the Website by maintaining appropriate statistics.

The legal basis for data processing in connection with the use of analytical cookies is the consent granted by the User, which is granted at the time of accepting the storage of files in connection with the selection of the option „Accept all cookies” or in ”Cookie settings”. The expressed consent may be withdrawn at any time by making changes to the „Cookie settings” option available at all times while using the Website.

As part of the use of analytical cookies, the Personal Data Administrator uses, among others, the Google Analytics tool provided by Google. The provider of this tool may process data collected in cookies for its own purposes, which may involve the possibility of transferring personal data outside the European Economic Area. The purpose and scope of data collection and their further processing by the Google Analytics provider, as well as the possibility of contact and information about the Users’ rights are available in the regulations and privacy policy of the above-mentioned provider, among others at the link: Privacy Policy – Privacy & Terms – Google.

MARKETING COOKIES

The Personal Data Administrator uses advertising cookies to enable the presentation of personalized content on the Website tailored to the preferences and interests of the User, as well as to personalize advertisements displayed on other pages, applications, websites. In connection with the use of advertising cookies, a profile of the User’s interests is created, which allows for a more personalized presentation of content (User profiling).

The legal basis for data processing in connection with the use of advertising cookies is the consent granted by the User, which is granted
in the same way as described above for ANALYTICAL COOKIES.

As part of the use of advertising cookies, the Personal Data Administrator uses, among others, a tool provided by Meta – Pixel Meta. This is a tool that allows you to measure the effectiveness of advertisements displayed on social networking sites provided by Meta based on the analysis of User activity on the Website. Meta may combine the collected information with other information collected in connection with the use of the Facebook social networking site and use it for purposes other than those specified by the Website Administrator. The purpose and scope of data collection and their further processing by the Meta Pixel provider, as well as the possibility of contact and information about the Users’ rights are available in the regulations and privacy policy of the above-mentioned provider, among others at the following link:

Meta Privacy Policy – Meta’s Collection and Use of User Information | Privacy Center | Manage your privacy on Facebook, Instagram, and Messenger | Facebook Privacy.

The recipients of personal data processed in connection with the use of cookies may be the following entities: entities providing services, including service and technical support for applications, computer programs, IT systems and the Website, partners of the Personal Data Administrator, as well as marketing and advertising agencies, entities providing IT solutions used in the process of collecting and handling cookies, and in justified cases, also entities supporting the Personal Data Administrator in pursuing or defending against claims.

Additional information regarding the principles of processing Users’ personal data in connection with the use of cookies, including in particular information on rights and contact options, can be found in II. Processing of Personal Data in point 5) Rights regarding Personal Data.

IV. Changes to Privacy Policy

The Privacy Policy is constantly reviewed and updated as necessary.