Administrator – Health Inn Med Sp. z o. o. with with its seat in Wrocław, Wolności 11 lok. 500, 50-071.
Personal data – means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name, identification number, location data, internet identifier or one or more specific factors determining physical, physiological, genetic, psychological, economic, cultural or social identity of a natural person.
Policy – this document
RODO (GDPR) – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC.
User – a physical person visiting the Website, the website address mentioned in point 5.
In connection with the User’s use of the website, the Administrator collects personal data to the extent necessary to provide individual services offered, as well as information on the User’s activity.
Personal data of all persons using the website (including the IP address or other identifiers and information collected via cookies or other similar technologies), are processed by the Administrator:
in order to provide services electronically to the extent that the content collected on the website is made available to users, sharing contact forms – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
for analytical and statistical purposes – then the legal basis for processing is the Administrator’s legitimate interest (Article 6 (1) (f) of the RODO), based on the analysis of Users’ activities, as well as their preferences to improve the functionalities and services provided;
in order to possibly set and enforce claims or defend against them – the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in the protection of its rights;
for marketing purposes of the Administrator
The User’s activity on the website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities regarding the IT system used to provide services by the Administrator). Information collected in the logs processed in connection with the provision of services. The administrator also processes them for technical purposes, in particular, the data can be temporarily stored and processed to ensure the security and proper functioning of IT systems, for example in connection with backups, tests of changes in information systems, detection of irregularities or protection against abuse and attacks.
The administrator provides the opportunity to contact him using electronic contact forms. Using the form requires providing personal data necessary to contact the User and reply to the request. The user may also provide other data to facilitate contact or service of the inquiry. Providing data marked as mandatory is required in order to receive and service the request, and failure to do so results in a lack of service. Providing other data is voluntary.
Personal data provided through the contact and registration forms are processed:
in order to identify the sender and handle his inquiry sent by the form provided – the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (Article 6 (1) (b) of the GDPR);
for analytical and statistical purposes – the legal basis of the processing is the legitimate interest of the Administrator (Article 6 paragraph 1 point f) of the GDPR consisting in keeping statistics of queries submitted by Users via the Website in order to improve its functionality.
The Administrator processes Users’ personal data in order to carry out marketing activities (the basis for the processing of personal data is then the legitimate interest of the Administrator (Article 6 (1) (f) of the RODO), which may include:
displaying marketing content to the User (contextual advertising).
directing e-mail notifications about interesting offers or content, which in some cases contain commercial information;
conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
In order to implement marketing activities, the Administrator uses profiling in some cases. This means that due to the automatic processing of data, the Administrator evaluates selected factors concerning natural persons in order to analyze their behavior or create a forecast for the future.
Consent to carry out marketing activities can be withdrawn at any time.
If the User has agreed to receive marketing information via e-mail, SMS and other electronic communication means, the User’s personal data will be processed for the purpose of sending such information. The basis for data processing is a legitimate interest consisting in the sending of marketing information within the limits of the consent given by the User (direct marketing). The User has the right to object to the processing of data for direct marketing purposes, including profiling. The data will be stored for this purpose for the duration of the legitimate interest of 2 years, unless the User objects to the receipt of marketing information.
Cookies are small text files installed on the User’s device browsing the Website. Cookies collect information that facilitates the use of the website – for example, by memorizing the User’s visits and activities performed by him.
cookies with data entered by the User (session ID) for the duration of the session,
authentication cookies used for services that require authentication for the duration of the session,
cookies used to ensure security, e.g. used to detect fraud in the field of authentication,
cookies used to monitor traffic on the website, i.e. data analytics, to create statistics and reports on the operation of the Website.
cookie files used to define the User’s profile in order to display him matched materials in advertising networks, in particular the Google network.
The period of data processing by the Administrator depends on the type of service provided and the purpose of the processing. As a rule, the data is processed for the duration of the service, until the consent is withdrawn or the effective opposition to the data processing is filed in cases where the legal basis for data processing is the Administrator’s legitimate interest. The data processing period may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only in the case and to the extent required by law. After the end of the processing period, the data is irreversibly deleted or anonymized.
The user has the following rights:
The right to information about the processing of personal data – in the event of such a request, the Administrator provides information about the processing of personal data, in particular about the purposes and legal grounds of processing, the scope of data held, entities to which personal data are disclosed and the planned date of their removal;
The right to obtain a copy of the data – in the event of such a request, the Administrator provides a copy of the data processed concerning the person making the request;
The right to rectification – in the event of such a request, the Administrator removes any discrepancies or errors regarding the personal data being processed, and completes or updates them if incomplete or has changed;
The right to delete data;
The right to limit processing – in the event of such a request, the Administrator ceases to conduct operations on personal data, except for operations agreed to by the data subject and their storage, in accordance with accepted retention rules;
The right to data transfer – if such a request is made, the Administrator issues the data provided by the person they concern in a format that allows them to be read by the computer. It is also possible to request that data to be sent to another entity – provided, however, that there are technical possibilities in this regard, both on the part of the Administrator and that other entity;
The right to object to the processing of data for marketing purposes – the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection;
The right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data based on the justified interest of the Administrator (eg for analytical or statistical purposes or for reasons related to the protection of property). An objection in this respect should include justification and is subject to the Administrator’s assessment;
The right to withdraw consent – if the data are processed on the basis of consent, the data subject has the right to withdraw it at any time, but this does not affect the lawfulness of the processing carried out prior to the withdrawal of the consent;
The right to complaint – in the event that the processing of personal data is found to violate the provisions of the GDPR or other provisions on the protection of personal data, the data subject may file a complaint to the President of the Office of Personal Data Protection.
The application regarding the exercise of data subjects’ rights may be submitted in writing to the following address: Health Inn Med Sp. z o. o., pl. Wolności 11 lok. 500, 50-071 Wrocław; by e-mail to the following address: firstname.lastname@example.org
An application will be answered within one month of its receipt.
In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting, legal, audit and consulting services.
The administrator conducts risk analysis on an ongoing basis to ensure that personal data is processed in a secure manner – ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by them. . The administrator makes sure that all operations on personal data are registered and made only by authorized employees and associates.
The Administrator undertakes all necessary actions, so that its subcontractors and other cooperating entities would guarantee that appropriate security measures will be applied whenever they process personal data at the request of the Administrator.
Contact with the Administrator is possible via the e-mail address email@example.com or mailing address: Health Inn Med Sp. z o. o. with its seat in Wrocław (Wolności Square 11, 500, 50-071 Wrocław