- GENERAL PROVISIONS
1.2. Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), the Controller of the personal data collected through this website (hereinafter referred to as the Website) is ICB Pharma Tomasz Świętosławski, Paweł Świętosławski Spółka Jawna with its registered office in Jaworzno, ul. Moździerzowców 6a (address for service: ul. Stanisława Lema 10, 43-600 Jaworzno), entered in the Register of Entrepreneurs of the National Court Register, under KRS (National Court Register) number 0000150038; NIP (Tax Identification Number): 6321797732; REGON (Polish Business Registry Number): 276916802 – hereinafter referred to as the Data Controller and the Seller.
1.3. Personal data are any information that may identify the Users, for example, name and surname, telephone number, email address and address of residence or address for delivery of materials ordered through the Website. The processing of Personal Data shall be understood as all activities and operations performed on personal data (e.g. collecting, storing or analysing data for the purpose of providing services and providing data to other entities in order to fulfil an order).
1.5. The Data Controller shall make every effort to protect the interests of the data subjects and shall, in particular, ensure that the data collected are processed lawfully, they are collected for specified and lawful purposes and they are not further processed in a way incompatible with those purposes; the data are adequate and relevant for the purposes for which they are processed and they are stored in a form which enables the identification of data subjects for no longer than it is necessary to achieve the purpose of the processing.
1.6. Due to the importance of the Users’ privacy, the Data Controller protects the Users who have decided to provide their Personal Data to the Data Controller using websites such as Facebook, email, etc.
1.7. The principles of protection and use of Personal Data by Facebook are available, for example, at https://www.facebook.com/policy.php.
- PURPOSE AND SCOPE OF DATA COLLECTION AND PROCESSING, RECIPIENTS OF DATA
2.1. In each case, the purpose, scope and recipients of the data processed by the Data Controller are based on the User’s consent or the provisions of law and are further defined as a result of actions taken by the User.
2.2. The provision of personal data is voluntary; however, failure to provide data marked as required for the provision of services will render the provision of such services impossible. Failure to provide other optional data, it may hinder the provision of the service.
2.3. The most common purposes of the collection and processing of the Personal Data of the Users by the Data Controller include:
- organising competitions, in particular selecting competition winners and awarding prizes,
- carrying out direct marketing activities related to the Data Controller’s own products or services, including promotional campaigns,
- providing services to the Users, including contacting the User also via the contact form,
- conducting surveys – only with the consent of the Users,
- sending of recruitment documents.
2.4. For other purposes, the Personal Data of the User may be processed based on the voluntarily given consent and applicable provisions of law.
2.5. Possible recipients of the Personal Data of the Users:
- third parties – for the purpose of providing services by such entities to the Data Controller, where such entities process data based on an agreement with the Data Controller and only in accordance with the instructions of the Data Controller and they are obliged to follow the principles of the protection of personal data, which is verified by ICB Pharma.
- entities authorised to obtain them under the applicable law, e.g. law enforcement authorities.
- in some cases, recipients from third countries, i.e. countries outside the European Union, e.g. if it is necessary for the provision of Services to the Users or if it depends on another legal basis. For more information on this issue, please refer to the information on the provision of particular Services.
2.6. The Data Controller may make anonymised data (i.e. data that do not identify specific Users) available to third-party service providers, trusted partners or marketing agencies to better assess the attractiveness of advertisements and services for the Users, to improve the overall quality and effectiveness of the services provided by the Data Controller or the above-mentioned entities.
2.7. The Data Controller may process the following Personal Data of the Users: name and surname, correspondence address, email address, telephone number and other data, required by the provisions of law, provided by completing application forms enabling the Data Controller to conduct advertising campaigns/organise competitions.
2.8. The provision of Personal Data may be necessary for the conclusion and performance of the Agreement for the provision of services. In each case, the scope of data necessary for the conclusion of a relevant agreement is indicated in the Terms and Conditions concerning a given service.
2.9. In the case of processing data for the purpose of direct marketing of the Data Controller’s own products or services, achieving legitimate purposes by the Data Controller shall be the legal basis for the processing.
2.10. Personal data shall be stored and processed for 5 years in cases specified in section 2.2.
- is 5 years for the situations provided for in items 2.3.a through 2.3.d.
- is 1 year for the situation provided for in items 2.3.e.
- RIGHT TO CONTROL, ACCESS AND CORRECT PERSONAL DATA
3.1. The User has the right to access and correct his/her own Personal Data.
3.2. Each person has the right to exercise his or her rights under the Personal Data Protection Act, in particular the right of access to his or her own Personal Data, the right to request their rectification, the right to request the restriction of the processing, the right to request their erasure, and the right to object to the processing of data in cases specified in the provisions of the Act.
3.3 If Personal Data is processed on the basis of consent, you may additionally exercise your right to withdraw consent to the extent that it is processed on that basis. Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.
3.4. If the Personal Data are processed based on the consent or as part of the service provided, the User may additionally exercise the right to data portability, i.e. to receive those personal data from the Data Controller in a structured, commonly used and machine-readable format. The User may transmit those data to another Data Controller.
3.5. To exercise the above rights, the User shall contact the Data Controller in accordance with Art. 6.
3.6. In the case of becoming aware of a data protection breach, the User has the right to lodge a complaint with the supervisory authority responsible for the protection of personal data.
- COMMERCIAL INFORMATION
4.1. The Data Controller is technically capable of communicating with the User remotely (e.g. by e-mail).
4.2. Commercial information related to the commercial activity conducted by the Data Controller or entities cooperating with the Data Controller may be sent only with the User’s consent, e.g. for the purpose of performing the agreement for the provision of the Newsletter service.
4.3. For the purpose of performing the agreement for the provision of the Newsletter service, Personal Data may also be processed for marketing purposes related to the products or services of entities cooperating with the Data Controller.
5.1. The websites of the Data Controller use the technology that stores and accesses information on the User’s computer or another device connected to the Internet (in particular by using cookies and LocalStorage technology) for the purpose of providing the User with maximum comfort while using these websites, including for statistical purposes and for the purpose of adjusting the presented advertising content, including the content provided by the Data Controller’s partners and advertisers, to the User’s interests.
5.2. Cookie files (the so-called cookies) are IT data, in particular text files, which are stored on the end device of the website User and allow for the use of the Data Controller’s website. Cookies usually contain the name of the website they come from, the storage time on the end device and a unique number.
5.3. The entity placing cookies on the User’s end device and accessing them is the Data Controller and advertisers and partners cooperating with the operator.
5.4. Two main types of cookies are used on the Website: “session cookies” and ”persistent cookies”. “Session” cookies are temporary files that are stored on the User’s end device until the User logs out, leaves the website or closes the software (web browser). “Persistent” cookies are stored on the User’s end device for a period set in the cookie parameters or until the cookies are deleted by the User.
5.5. The following cookies are used on the Website:
- “technical/service” cookies, which enable the use of services available on the Website, e.g. authenticating cookies used for services requiring authentication on the Website, data saved in the LocalStorage technology, which are required for the proper operation of the Website. Technical cookies are cookies:
- set by the Website and data collected from such cookies do not contain sensitive data and will not be made available to entities or persons other than those authorised under generally applicable laws and those authorised to administer the Website;
- set by the Google reCaptcha service to avoid using text fields by automated programmes/bots.
- “functional” and “statistical” cookies used to monitor website traffic, i.e. data analysis, including cookies:
- Google Analytics;
- “advertising” cookies that enable us to provide the Users with advertising content that is more tailored to their interests, including cookies placed by the following websites:
- Google Tag Manager,
- Google Ads Optimization
- Double Click
We recommend that you read the Privacy Policies of third-party companies whose cookies are used by the website:
and Reporting/Data Policy tab
- With regard to the information on User preferences collected by Google advertising network, the User may view and edit the information resulting from cookies using the following tool: https://www.google.com/ads/preferences/
- With regard to the information on User preferences collected by Facebook, the User may view and edit the information resulting from cookies using the following tool: https://www.facebook.com/policies/cookies
- With regard to the information on User preferences collected by Instagram, the User may view and edit the information resulting from cookies using the following tool: https://help.instagram.com under Policies and Reporting tab
- With regard to the information on User preferences collected by Twitter, the User may view and edit the information resulting from cookies using the following tool: https://help.twitter.com/en/rules-and-policies/twitter-cookies
- With regard to the information on User preferences collected by YouTube, the User may view and edit the information resulting from cookies using the following tool: https://policies.google.com/privacy?hl=pl
- With regard to the information on User preferences collected by LinkedIn, the User may view and edit the information resulting from cookies using the following tool: https://pl.linkedin.com/legal/cookie-policy?
5.6. The software for browsing websites (the web browser) usually enables the storage of cookies on the User’s end device by default. The Website User may change settings in this respect. The web browser enables the deletion of cookies. It is also possible to automatically block cookies. Please refer to the web browser help or documentation for more details.
The cookies of entities that are used on the Website can also be managed using consumer tools developed in many countries for self-regulatory purposes, such as the EU tool http://www.youronlinechoices.com/uk/your-ad-choices.http://www.youronlinechoices.com/uk/your-ad-choices
- CONTACT WITH THE DATA CONTROLLER
6.1. The User may, at any time, directly contact the Data Controller by sending a relevant message in writing or by email to the following address: email@example.com
6.2. The Administrator stores the correspondence with the User for statistical purposes, for the purpose of responding to queries, handling complaints and making decisions about administrative interventions relating to the designated Account on the basis of notifications in the best and quickest way possible. The addresses and data collected in this way will not be used to contact the User for any purposes other than the handling of the notification.
- SECURITY MEASURES
7.1. The Data Controller has taken technical and organisational measures to ensure the protection of the processed Personal Data appropriate to the threats and categories of data being protected and, in particular, the Data Controller protects data against disclosure to unauthorised persons, interception by an unauthorised person, processing in violation of the applicable laws, as well as against modification, loss, damage or destruction.
7.2. Entities associated with the Data Controller, third-party service providers are required to manage data in accordance with the applicable regulations as well as security and privacy protection requirements.
- FINAL PROVISIONS
8.1. The Data Controller reserves the right to change the Policy in the future, which may happen, for example, for the following important reasons:
- changes to applicable laws, particularly those relating to the protection of Personal Data, telecommunications law, services provided electronically and consumer rights, which affect our rights and obligations or the rights and obligations of the User;
- development of functions or Electronic Services dictated by the development of Internet technology, including the use/implementation of new technological or technical solutions that affect the scope of the Policy.
8.2. In each case, the Data Controller shall post information on any changes to the Policy on the website. A new version of the Policy will appear with each change with a new date.
8.3. In the case of any doubts or conflicts between the Policy and any consents given by the User, notwithstanding the provisions of the Policy, we always take actions and determine the scope of such actions on the basis of consents voluntarily given by the User or the provisions of law. This document is for general information purposes only (it does not constitute a contract or terms and conditions).
8.4. This version of the Policy is valid from 17 November 2023.