The administrator of this website is DIAGNOZUJMY spółka z ograniczoną odpowiedzialnością (hereinafter: 'the Company') with its registered office in Warsaw at Grzybowska nr 80/82, lok. 700, 00-844 Warsaw, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Department of the National Court Register, under KRS number: 0000629524, having NIP: 5272775551
and Regon: 365039670, hereinafter referred to as: DIAGNOZUJMY sp. z o.o.
Providing services within the framework of this website, DIAGNOZUJMY limited liability company, based in Warsaw, collects and stores data on the Users of the website, and uses them to perform services provided at the request of the User, or other activities to which the User has given his/her consent.
See below for a description regarding the data collected.
WHAT ARE COOKIES?
Cookie files should be understood as computer data, in particular text files, recorded and stored in the Users' terminal equipment, intended for use on the websites.
The cookies used by the Administrator are safe for the User's device, they usually contain: the name of the domain from which they come, the time of storage on the device and a unique number. It is not possible to get undesirable software or viruses in this way.
Cookies do not have the ability to retrieve any personal or confidential information from the User's device.
TENDS OF USED COOKIES
2.1. Session cookies - stored on the User's device until the end of the browser session. The information stored in them is deleted from the memory of the device at the end of the session.
2.2. Persistent cookies - are stored on the User's device for the time specified
in their parameters, or until they are deleted. The end of the session does not cause their deletion.
3.1. Custom cookies (placed by the Administrator) are used for:
a/ authentication and maintenance of the website User's session (so that the User does not have to log in to the website after going to its next page - this is how the so-called essential cookies work)
b/ optimization and improvement of the efficiency of the services provided - so-called. c/ improving functionality and reliability of the website and access to its full functionality, as well as correct configuration of selected functions - so called functional cookies which enable remembering User's selected settings
and personalizing User's interface, e.g. with regard to chosen language, font size, font size, etc. with regard to the selected language, font size, appearance of the website, etc.
d/ ensuring website security, e.g. detecting abuse of the authentication process within the Service
External cookies placed by the Administrator's Partners in order to:
b/ for advertising purposes are used to match the content of advertisements to the interests specified
based on the most frequently searched content, as well as to control the number of advertisements displayed,
REMOVAL OF COOKIES
4.1 By default, the settings of your web browsing software allow cookies to be placed on your terminal device. The User has the ability to limit or disable the access of Cookies to his/her Device using
the available functions of the Internet browser.
4.2 The User can change the default settings himself/herself using the settings of the Internet browser. These settings can be changed in such a way as to block the automatic handling of Cookies in the settings of the web browser or inform
about the placement of Cookies on the User's device each time.
4.3 Detailed information on the possibility and methods of handling Cookies are available
in the settings of the software (web browser).
in the Chrome browser
in the Firefox browser
in the Internet Explorer browser
in the Opera browser
in the Safari browser
in the Microsoft Edge browser
4.5. If you do not change your browser settings, it means that you accept the placement of Cookies on your device.
V. PROFILING AND TRAILING ON THE WEBSITE
Administrator profiles the data of Users of its website and tracks the traffic of such Users on its website, and then uses this information, among other things, for the purpose of creating so-called personalized advertising, as well as for the purpose of optimizing the website in order to increase its usability.
Administrator profiles Users' data of its website using the following tools:
- Google AdWords service,
- Google Analytics service
Profiling of Users' data using Google AdWords
Profiling of Users' data using Google AdWords is carried out using the following tools: Remarketing and Similar Recipients functions.
Both of these tools allow the Administrator to target advertising messages to Users who have already visited its website or to Users similar to them, and to prepare an appropriate message for them, e.g. about products or services in which these Users were interested when they visited the Administrator's website.
The Administrator presents below a detailed description of the operation of tools using Google AdWords, such as Remarketing and Similar Recipients.
Description of how remarketing or Similar Recipients function is used in the Administrator's online advertisements.
The Administrator uses remarketing tools to track Users' online movements and target them with personalized advertising based on their preferences and their previously disclosed need for a particular service or product that these Users have searched for on the Administrator's website. This also allows the Administrator to provide such Users with information, e.g. about existing promotions or special offers for goods or services in which the User was previously interested.
Similar users are those who have not browsed the Administrator's website, but their general characteristics are similar to those of users who have browsed the Administrator's website. Google, on the basis of the online activities performed by such users, known as similar users, categorizes them accordingly in terms of their similarity to the Administrator's users. Users who are similar to users who have visited the Administrator's website may be sent advertisements by Google for the Administrator, and this is done at the Administrator's express, separate request.
Information about how third-party providers, including Google, display the Administrator's advertisements on the Internet.
The Administrator's advertisements are displayed by third-party providers, including, among others. among others, by Google on websites such as the Google Display Network, i.e. on websites that allow the display of advertising boxes with targeted ads via Google AdWords.
An auction is held on the website of a third-party provider of advertising space.
A number of advertisers, including the Administrator, compete for space in a particular box. When fighting
for advertising space, the Administrator uses its own list of recipients, which is based on "cookies" that have been collected by the Administrator.
Resigning from cookies
Users of the Administrator's websites can opt out of Google's cookies by using the following link, which allows changing the settings of ads displayed by Google on Users' devices: https://adssettings. google.co.uk/authenticated.
Users of the Administrator's websites may also opt out of third-party vendor cookies on the Network Advertising Initiative website, using the following link: http://optout.networkadvertising.org/?c=1#!/.
The Administrator uses DoubleClick remarketing pixels. The User may opt out of DoubleClick cookies through the DoubleClick or Network Advertising Initiative website.
Profiling of User data using Google Analytics
The Google Analytics System is used by the Administrator to track traffic to its website, as well as to create market and statistical analysis, and to improve the quality of information presented on the website. In addition, using the Google Analytics System, the Administrator also creates marketing lists based on specific actions taken by the User on the Administrator's website.
The Google Analytics tool used by the Administrator stores data for a period of 50 months from the date of collection. The retention period applies to user-level and event-level data associated with cookies, user identifiers (e.g., User-ID) and ad identifiers (e.g., DoubleClick cookies, Android display ad ID and Apple ID for advertisers).
User can independently disable tracking of movements on the Administrator's website using the following device: https://tools.google.com/dlpage/gaoptout.
Consent to profiling can be revoked at any time - however, this will not affect the legality of personal data processing activities performed prior to its revocation.
Consent to profiling can be revoked by clicking on the following button: https://tools.google.com/dlpage/gaoptout. Effects of opting out of the Administrator's use of profiling cookies
to preferred language settings, filling out shopping forms, etc.). Each User may modify these settings within the framework of the Internet browser he/she is using, but then some parts of the Administrator's website will not work properly at that time.
WHERE PERSONAL DATA IS ACQUIRED
Using the http://www.evitum.pl website, Users may, by filling out special forms, provide the Administrator with their personal data such as: name, surname, telephone number, e-mail address. The Administrator may then make contact with the data subjects, and this in order to provide them with information about the terms and conditions of cooperation with the Administrator or about the Administrator's products and related services (e.g. training courses organized by the Administrator). Provision of this data is not mandatory, but it is a condition for the Administrator to establish contact with the data subject.
Additionally, from the Administrator's website, the user may be redirected to an online store operated by an authorized distributor of the Administrator's products, where, after providing certain data, the user may purchase the Administrator's products.
The Administrator may acquire personal data also outside the services as part of other activities carried out.
ADMINISTRATOR OF PERSONAL DATA
The administrator of the acquired personal data is DIAGNOZUJMY spółka z ograniczoną odpowiedzialnością (hereinafter referred to as the "Company") based in Warsaw at ul. Grzybowska nr 80/82, lok. 700, 00-844 Warsaw, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the M. St. Warsaw in Warsaw, XII Economic Department of the National Court Register, under the KRS number: 0000629524, having NIP: 5272775551 and Regon: 365039670, hereinafter referred to as DIAGNOZUJMY sp. z o.o.
BASIS FOR PROCESSING PERSONAL DATA
3.1. Provision of personal data by the User is voluntary, although failure to provide the personal data indicated in the forms necessary for the conclusion and execution of the Sales Agreement, the Delivery Agreement or the agreement for the provision of Electronic Services results in the impossibility of concluding this agreement.
3.2 The basis for the processing of the User's personal data is, in most cases, the consent of the data subject, as well as the need to perform the contract to which he/she is a party or to take action at his/her request prior to its conclusion.
3.3. In the case of data processing for the purpose of direct marketing of the Administrator's own products or services, the basis for such processing is the User's prior consent.
In the case of data processing for the purpose of direct marketing of products and services of entities cooperating with the Administrator, the basis for processing is the User's prior consent.
PURPOSE OF PERSONAL DATA PROCESSING
The data are processed only for the purposes for which they were collected with the User's consent indicated in the form.
Possible purposes for the collection of personal data of Service Recipients or Clients by the Administrator:
a/conducting commercial negotiations,
b/conclusion and execution of a sales contract, supply contract or service contract,
c/ sending newsletters,
d/ direct marketing of the Administrator's own products or services,
e/ direct marketing of products and services of entities cooperating with the Administrator,
f/ monitoring traffic on the Administrator's website,
g/ execution of marketing market research and statistical compilations.
PERSONAL DATA PROTECTION
5.1 Principles of personal data processing by the Personal Data Administrator
The Personal Data Administrator shall adhere to the following principles when processing personal data:
The principle of lawfulness, fairness and transparency of data processing, according to which data shall be processed by the Administrator lawfully, fairly
and transparently for the data subject.
Purpose limitation of data processing - data shall be collected by the Administrator for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes. Further processing for archival purposes in the public interest, for scientific or historical research, or for statistical purposes is not considered by the Administrator to be incompatible with the original purposes.
Minimization of the amount of data processing-Administration processes such amount of data as is adequate, relevant, and limited to what is necessary for the purposes for which they are processed.
Correctness of the processed data-Administrator processes only data that is correct and updated as necessary. The Administrator shall take all reasonable measures to ensure that personal data that are inaccurate in light of the purposes for which they are processed are promptly erased or rectified.
Limitation of the time period and purposes for which data may be stored-The Administrator shall store data in a form that allows identification of the data subject for no longer than is necessary for the purposes for which the data are processed. The Administrator may keep personal data for a longer period,
as long as it is for statistical purposes. At the same time, the Administrator shall implement appropriate technical and organizational measures to protect the rights and freedoms of data subjects.
Ensure processing of data with integrity and confidentiality - the Administrator shall process data in a manner that ensures adequate security of personal data,
including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organizational measures.
Accountability Principle - The Controller shall be responsible for and be able to demonstrate compliance with all the principles of personal data processing listed in items 1 - 6. The Administrator shall implement appropriate technical and organizational measures to ensure the highest level of security of the personal data processed by it, and this in accordance with the principles listed above.
DIAGNOZUJMY sp. z o.o. processes personal data using computer systems
and software to ensure the security of the processing of such personal data at the highest level (such as, among others, cyclical changes of passwords to access the systems).
DIAGNOZUJMY sp. z o.o. processes personal data outside the IT system using technical and organizational measures that ensure the highest level of security of personal data processing.
5.2 Information obligations of the Personal Data Controller
Depending on whether the Controller collects data from the data subject or in a manner other than from the data subject, the EU Data Protection Regulation imposes separate information requirements on the Controller of such data.
Information obligations of the Data Controller common to both situations where data is collected from the data subject and indirectly:
The obligation to provide the identity of the controller, the contact details and the identity and contact details of the controller's representative.
The obligation to provide the contact details of the Data Protection Officer (if one has been appointed).
The obligation to indicate the purposes of personal data processing and the legal basis for processing.
The obligation to provide information about the recipients of personal data or categories of recipients to whom the data will be transferred.
The obligation to inform about the intention to transfer personal data to a third country or an international organization, if any.
The obligation to indicate the period for which personal data will be kept, and when this is not possible, to indicate the criteria for determining this period.
The obligation to provide information about the rights of data subjects.
The obligation to provide information about the right to lodge a complaint with the supervisory authority (the full name of this authority and its address shall be provided).
The obligation to inform the data subject whether the provision of personal data is a statutory or contractual requirement or a condition for entering into a contract, and whether the data subject is obliged to provide such data and what are the possible consequences of failure to do so.
Obligations to inform about automated decision-making, including profiling
Obligations to inform about a new purpose of data processing than the one indicated in the original information:
Obligations to inform the controller when the data were not collected from the data subject (i.e. indirectly)
The controller in such a case must additionally inform the data subject,
the categories of relevant personal data being processed - that is, the type of data being processed, e.g., name, address, date of birth, etc.
the source of the data and, when applicable, whether it comes from publicly available sources.
Exemption of a controller who obtained data indirectly from the information obligation
A controller who obtained data indirectly is not obliged to fulfill the information obligation when - and to the extent that:
a) the data subject already has the information;
b) providing such information proves impossible or would require disproportionate effort; in particular, in the case of processing for archival purposes in the public interest, for scientific or historical research, or for statistical purposes;
c) the acquisition or disclosure is expressly governed by Union law or the law of the Member State to which the controller is subject, providing for appropriate measures to protect the legitimate interests of the data subject; or
d) the personal data must remain confidential in accordance with the obligation of professional secrecy under Union or Member State law, including the statutory obligation of secrecy.
Duty to communicate transparently between the Controller and the data subject (Article 12 of the EU Data Protection Regulation):
The Controller shall, in a concise, transparent, intelligible and easily accessible form, in clear
and plain language - particularly when the information is addressed to a child - provide the data subject with all the information referred to in Articles 13 and 14 of the EU Data Protection Regulation, and shall conduct all communications with him/her pursuant to Articles 15-22 and 34 of the Regulation. The information shall be provided in writing or by other means, including electronically where appropriate. If the data subject so requests, the information may be provided orally, as long as the identity of the data subject is confirmed by other means.
If the Controller has reasonable doubts about the identity of the individual making the request referred to in Articles 15-21, the Controller may request additional information necessary to confirm the identity of the data subject.
Terms for compliance with information obligations by the Controller
When obtaining personal data from a data subject, any information indicated above should be provided to the data subject at the time of obtaining the data.
When the controller obtains data indirectly, it shall fulfill its information obligation within the following time limits:
a) within a reasonable time after obtaining the personal data - within one month at the latest - taking into account the specific circumstances of personal data processing;
b) if the personal data is to be used for communication with the data subject - at the latest at the first such communication with the data subject; or
c) if it is planned to disclose the personal data to another recipient - at the latest at the first disclosure.
Duties of the Personal Data Controller when processing personal data
Taking into account the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons with different probability and seriousness of threat, the Controller shall implement appropriate technical and organizational measures so that the processing is carried out in accordance
with the EU Data Protection Regulation and to be able to demonstrate this. These measures shall be reviewed and updated once every six months.
The Controller's obligations under the EU Regulation
on the protection of personal data are, in particular:
Data protection by design and data protection by default - The Controller, in order to implement this obligation, shall implement appropriate technical
and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data minimization, and to give processing the necessary safeguards to protect the rights of data subjects in the highest possible way.
Transfer of data for processing under a written contract - if the processing is to be carried out on behalf of the controller, it shall use only such processors that provide sufficient guarantees to implement appropriate technical and organizational measures to protect the rights of data subjects.
Processing by a processor shall be carried out on the basis of a contract or other legal instrument that is governed by Union law or the law of a Member State
and binds the processor and the controller, specifies the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, the obligations and rights of the controller.
Registration of Processing Activities.
The Administrator shall be obliged to maintain a Register of Personal Data Processing Activities.
The Register of Processing Activities shall be maintained by the Administrator in electronic form and shall be updated immediately after any change in any of the information listed in lit. a - g above, but at least once every six months.
Administrator shall make the register available at the request of the supervisory authority.
Security of processing.
Administrator has implemented and applies the following technical and organizational measures to minimize the risk of a personal data breach:
pseudonymization and encryption of personal data;
capability to continuously ensure the confidentiality, integrity, availability and resilience of processing systems and services;
capability to quickly restore the availability of and access to personal data
in the event of a physical or technical incident;
regular testing, measurement and evaluation of the effectiveness of technical
and organizational measures to ensure processing security.
In assessing whether the degree of security is adequate, the Administrator shall take
particularly into account the risks involved in the processing, in particular those arising
from accidental or unlawful destruction, loss, modification, unauthorized disclosure of or unauthorized access to personal data transmitted, stored or otherwise processed.
Reporting a personal data breach to the supervisory authority.
In the event of a personal data breach, the controller shall, without undue delay as far as possible, no later than 72 hours after identifying the breach - report it to the supervisory authority, unless the breach is unlikely to result in a risk of violation of the rights or freedoms of individuals. The controller shall attach an explanation of the reasons for the delay to the notification submitted to the supervisory authority after 72 hours.
If the personal data breach is likely to result in a high risk of infringement of the rights or freedoms of individuals, the controller shall notify the data subject of such breach without undue delay.
Conduct a data protection impact assessment.
If a particular type of processing - in particular, with the use of new technologies - by its nature, scope, context and purposes is likely to result in a high risk of infringement of the rights or freedoms of natural persons, the Controller shall, prior to the commencement of processing, carry out an assessment of the effects of the planned processing operations on the protection of personal data. For similar processing operations involving a similar high risk, the Administrator may carry out a single assessment.
If the data protection impact assessment indicates that the processing would cause a high risk if the Administrator did not take measures to minimize that risk, the Administrator shall consult on the possibilities and means of processing with the supervisory authority before the processing begins.
5.4.All employees and associates of the Administrator who have access to personal data, are involved in the processing of personal data and used have been properly trained and operate under special authorizations as well as confidentiality agreements.
7.4.Personal Data Protection Officer
The Administrator has not established a Personal Data Protection Officer, as it has no such legal obligation. In matters of personal data protection you can contact the Company at the following e -mail address: [email protected] and telephone number: 510 780 191
DATA OF MINORS
By definition, all activities of the Administrator are directed to adults who can make decisions or influence their decision-making. If the legal guardians of a minor become aware of the fact that he/she has filled in the form available on the websites belonging to DIAGNOZUJMY sp. z o.o., please contact the Administrator in order to remove this data from the database, or to withdraw consent by sending an e-mail to the following e -mail address: [email protected]
TENDERING PERSONAL DATA
7.1 Entities to which the Administrator may entrust personal data are: employees, associates of DIAGNOZUJMY sp. z o.o., accounting offices, law firms, national debt registries and trusted partners of the Company. All these entities process personal data in a manner that guarantees the highest level of security of such data.
7.2 DIAGNOZUJMY sp. z o.o. does not and will not transfer data to recipients in third countries or to international organizations.
RIGHTS OF THE USER
The data subject:
a) is entitled to obtain from the controller confirmation as to whether personal data concerning him or her is being processed, and if this is the case, he or she is entitled to obtain access to it and a range of information (Article 15 of the EU Regulation on the protection of personal data),
b) has the right to request from the controller the immediate rectification of personal data concerning him or her that is inaccurate (Article 16 of the EU Regulation on Personal Data Protection ),
c) has the right to demand from the controller the immediate erasure of personal data concerning him/her in the specified circumstances (Article 17 of the EU Regulation on Personal Data Protection),
d) has the right to demand from the controller the restriction of data processing in the specified cases (Article 18 of the EU Regulation on the protection of personal data),
e) has the right to receive in a structured, commonly used machine-readable format the personal data concerning him/her which he/she has provided to the controller, and
f) has the right, in the specified cases, to send such personal data to another controller without hindrance from the controller to whom the data was provided (Article 20 of the EU Regulation on the protection of personal data ),
g) has the right to object to the processing of personal data concerning him/her (Article 21 of the EU Regulation on the protection of personal data ),
h) has the right not to be subject to a decision which is based solely on automated processing of his/her personal data, including profiling (Article 22 of the EU Regulation on the protection of personal data ).
The data controller shall allow the data subject the aforementioned rights under the terms of the EU Data Protection Regulation.
Withdrawal of consent to the processing of personal data
At any time, consent to the processing of personal data may be withdrawn by the data subject. Withdrawal of consent to data processing shall not affect the lawfulness of data processing performed by DIAGNOZUJMY sp. z o.o.. on the basis of consent before its withdrawal.
Withdrawal of consent as to the processing by DIAGNOZUJMY sp. z o.o. of data necessary for the performance of the contract, may result in the termination of business negotiations, as well as the provision of services by the Company. The Company will notify the fact referred to in the preceding sentence immediately after the withdrawal of such consent.
Consent may be withdrawn by sending an e -mail address: [email protected] an appropriate statement. The following is a sample statement:
"Acting on behalf of (name of entity) with its registered office in (address of registered office) as its (function of the person making the statement with a demonstration of his/her authority to represent the entity)/ or I - name and surname, address of residence - hereby withdraw consent to the processing by DIAGNOZUJMY sp. z o.o. my personal data".
DURATION OF PROCESSING PERSONAL DATA
DIAGNOZUJMY sp. z o.o. processes personal data for the period of time specified in a separate consent to process the data expressed by the data subject. As a general rule, however, personal data are processed by the Administrator for the duration of negotiations commercial negotiations aimed at signing a contract, and further for the duration of contract performance (including the fulfillment of obligations arising
from guarantees and warranties) or service provision, as well as for the time during which DIAGNOZUJMY sp. z o.o. is obliged to keep the sales documents (i.e., until the expiration of the statute of limitations on tax liability, with the tax liability becoming statute-barred within 5 years, counting from the end of the calendar year in which the deadline for payment of tax expired (Article 86 § 1 in conjunction with Article 70 § 1 of the Tax Ordinance Act of August 29, 1997, i.e., Dz. U. of 2017, item 201 as amended). After the expiration of the indicated time periods, the data will be anonymized by DIAGNOZUJMY sp. z o.o. and will be stored (processed) only for statistical purposes.