1. Definitions
Personal Data Controller
“POLSKI LEK” Sp. z o.o., headquartered in Wadowice, address: 34-100 Wadowice, ul. Chopina 10, registered in the Register of Entrepreneurs of the National Court Register under number KRS 0000884381, with registration files kept by the District Court for Kraków – Śródmieście in Kraków, XII Commercial Division of the National Court Register, NIP: 5213202397, REGON: 017517626, BDO: 000028717, share capital: 578,820.00 PLN.
Contact Details of the Personal Data Controller
Correspondence address: “POLSKI LEK” Sp. z o.o., ul. Chopina 10, 34-100 Wadowice
Email address: polskilek@polskilek.pl
Website Administrator
GRUPA MASPEX Sp. z o.o., headquartered in Wadowice, address: 34-100 Wadowice, ul. Legionów 37, registered in the Register of Entrepreneurs of the National Court Register under number KRS 0000898248, with registration files kept by the District Court for Kraków – Śródmieście in Kraków, XII Commercial Division of the National Court Register, NIP: 5512617657, REGON: 122948517, BDO: 000012154, share capital: 2,988,781,500.00 PLN.
Contact Details
Correspondence address: GRUPA MASPEX Sp. z o.o., ul. Legionów 37, 34-100 Wadowice.
Email address: maspex@maspex.com
Personal Data
All information about an identified or identifiable natural person through one or more specific factors defining their physical, physiological, genetic, mental, economic, cultural, or social identity, including the device’s IP address, location data, online identifier, and information collected through cookies or similar technologies.
GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.
Service
Any website, social media platform, or application where this Privacy Policy is published or linked.
Company from the Personal Data Controller’s Group
A company economically and/or financially and/or personally related to the Personal Data Controller.
User
Any natural person visiting the Service and/or using software programs for communication (e.g., chatbots).
2. Personal Data Processing
1. Principles of Personal Data Processing
Personal Data Processing will be carried out in accordance with applicable GDPR regulations. The Personal Data Controller applies technical and organizational measures ensuring the protection of Personal Data Processing and securing Personal Data against unauthorized disclosure, unauthorized access, processing in violation of applicable data protection laws, and alteration, loss, or destruction.
2. Processing of Personal Data outside the European Economic Area
In accordance with legal requirements, we inform you that due to the need to provide the highest level of IT services, including the security of Personal Data, IT service providers from outside the European Economic Area (“EEA”) may have access to Personal Data. The level of personal data protection outside the EEA differs from that provided by European law. For this reason, the Personal Data Controller ensures that such IT service providers have access to Personal Data only to the extent necessary for service provision (e.g., maintenance) and with appropriate safeguards, primarily by:
a) cooperating with entities in countries for which the European Commission has issued an adequacy decision regarding an adequate level of personal data protection;
b) applying standard contractual clauses issued by the European Commission.
In the cases mentioned above, the User has the right to obtain a copy of the information on the applied safeguards by contacting the Data Protection Officer.
3. Purposes and Legal Bases for Personal Data Processing and Processing Period
a) for communication, identification, and responding to User inquiries via the contact form/other contact methods
The User can contact the Personal Data Controller using the electronic contact form available on the Service or the contact details provided on the Service. Using these contact methods requires providing Personal Data necessary to communicate with the User and respond to the inquiry. The legal basis for processing Personal Data for this purpose is the legitimate interest of the Personal Data Controller in responding to inquiries – i.e., Article 6(1)(f) GDPR. The User’s Personal Data will be processed for the period necessary to respond to the inquiry or until an objection is raised against the processing of Personal Data for this purpose.
Regarding the use of cookies, the processing of Users’ Personal Data occurs. The principles of Personal Data Processing in connection with cookies, including processing purposes, are specified in Section III. Cookie Policy.
4. Recipients of Personal Data
Personal Data referred to in point 3(a) may be shared with authorized employees and collaborators of the Personal Data Controller, a Company from the Personal Data Controller’s Group responsible for responding to the inquiry, service providers, including maintenance and technical support for applications, software, IT systems, and the Service where Personal Data is processed, and entities authorized to receive Personal Data under applicable laws. The list of entities with access to Personal Data processed in connection with cookies is available in Section III. Cookie Policy.
5. Rights of Data Subjects
The data subject has the right to:
a) access their Personal Data;
b) rectify their Personal Data;
c) delete their Personal Data;
d) restrict the processing of their Personal Data;
e) request the transfer of their Personal Data.
The data subject has the right to file a complaint regarding Personal Data Processing with the supervisory authority, which in Poland is the President of the Personal Data Protection Office. In cases where the Personal Data Controller processes Personal Data based on legitimate interest, the data subject may object at any time – for reasons related to their particular situation – to the processing of their Personal Data. If Personal Data Processing is based on consent, the data subject has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
These rights can only be exercised following the applicable GDPR regulations. If a request related to the exercise of rights concerning Personal Data Processing is submitted, Personal Data will be processed to review the request and document how it was handled. The legal basis for processing is the legitimate interest of the Personal Data Controller in reviewing requests and ensuring accountability related to their consideration – i.e., Article 6(1)(f) GDPR. Personal Data will be processed for the period necessary to achieve this interest or until a valid objection to the processing of Personal Data for this purpose is submitted. The contact person at the Personal Data Controller for all matters related to Personal Data Processing, as well as for exercising the above rights, is the Data Protection Officer.
3. Cookie Policy
Cookies are used to provide services at the highest level, including in a way tailored to individual needs. Cookies are pieces of data, particularly text files, stored on the User’s end device and intended for browsing web pages. The storage of cookies on the User’s end device occurs when the User gives explicit consent. Consent does not apply to “essential cookies,” for which the User does not need to provide consent, as they are necessary for the proper functioning of the Service. The User can consent to other cookies by continuing to use the Service without changing cookie settings and clicking the “Accept all cookies” button. If the User does not consent to the installation of any cookies other than essential ones, they should select the “Allow only essential” option. If the User wants to change settings, they should choose the “Cookie settings” option. Using this option allows the User to make a selection and give consent to specific cookies.
The cookie notice appears only on the first visit to the Service and remains visible until the appropriate settings are made or cookies are accepted. The settings regarding cookies can be changed at any time by selecting the “Cookie settings” option while using the Service.
Additionally, the User can manage cookies independently through their web browser, including blocking or deleting them. Comprehensive information is available in the web browser settings. Restrictions or disabling the use of cookies and other similar technologies may affect some functionalities available in the Service. Apart from the Personal Data Controller, cookies may also be placed on the User’s device by entities cooperating with the Personal Data Controller, such as analytical service providers, advertisers, application developers, and online advertising agencies (in this case, they are known as third-party cookies). Information about these entities can be found in “Cookie settings.”
The current list of cookies used in the Service is included in “Cookie settings” under the “Details” section, specifying whether they are first-party cookies or third-party cookies.
Types of Cookies
Depending on the storage duration, the Service uses two main types of cookies:
• Session cookies – temporary files stored on the User’s end device until they log out, leave the Service, or close the web browser;
• Persistent cookies – stored on the User’s end device for a period specified in the cookie parameters or until manually deleted by the User.
The storage duration of cookies is indicated for each file in the “Cookie settings” option. Based on their purpose, the Service uses the following types of cookies:
Essential Cookies
The Personal Data Controller uses essential cookies that are necessary for the functioning of the Service and for providing the User with services related to the use of the Service. These cookies cannot be disabled. The storage of essential cookies does not require User consent. The legal basis for processing data in connection with the use of essential cookies is the necessity of processing to perform a contract (Article 6(1)(b) GDPR) related to the User’s use of functionalities available in the Service.
Analytical Cookies
The Personal Data Controller uses analytical cookies to collect information about the number of visits and traffic sources in the Service, which allows determining how Users navigate the Service through statistics. The legal basis for processing data related to analytical cookies is the User’s consent, given by accepting cookies via the “Accept all cookies” option or in “Cookie settings.” The User may withdraw their consent at any time by changing the settings in the “Cookie settings” option, available while using the Service. In the scope of analytical cookies, the Personal Data Controller uses Google Analytics provided by Google. The provider of this tool may process data collected through cookies for its own purposes, which may involve the transfer of personal data outside the European Economic Area. The purpose and scope of data collection and its further processing by Google, as well as contact details and information about the rights available to Users, are provided in the regulations and privacy policies of the company, available at: Privacy Policy – Google Privacy & Terms.
Functional Cookies
The Personal Data Controller uses functional cookies to ensure greater functionality and personalization for the User while using the Service. The legal basis for processing data related to functional cookies is the User’s consent, granted in the same manner as described above for Analytical Cookies.
Marketing Cookies
The Personal Data Controller uses marketing cookies to display personalized content tailored to the User’s preferences and interests, as well as to personalize ads displayed on other websites, applications, and platforms. The use of marketing cookies results in the creation of an interest profile for the User, allowing for more personalized content presentation (User profiling). Marketing cookies include both targeting cookies (i.e., adapting content to specific recipients) and social media cookies, which enable content sharing on social media platforms. The legal basis for processing data in connection with marketing cookies is the User’s consent, granted in the same manner as described above for Analytical Cookies. Regarding marketing cookies, the Personal Data Controller uses Meta Pixel, a tool provided by Meta, which allows measuring the effectiveness of ads displayed within Meta social media platforms based on the User’s activity in the Service. Meta may combine the collected information with other data obtained through the User’s use of the Facebook social media platform and use it for purposes other than those specified by the Personal Data Controller. The purpose and scope of data collection and its further processing by Meta, as well as contact details and information about the rights available to Users, are available in Meta’s privacy policy: Meta Privacy Policy – Data Collection and Usage in Meta.
The Personal Data Controller informs that Meta Pixel processes Users’ personal data in the Service under Meta’s policies and privacy regulations, regardless of whether the User also has an account on the Meta social media platform (e.g., Facebook).
Recipients of personal data processed in connection with the use of cookies may include: service providers, including maintenance and technical support for applications, software, IT systems, and the Service, partners of the Personal Data Controller, as well as marketing agencies, advertising entities, and IT solution providers involved in data collection and cookie management. In justified cases, personal data may also be shared with entities supporting the Personal Data Controller in pursuing or defending against claims. Additional information regarding the principles of processing Users’ personal data in connection with cookies, including rights and contact details, is available in Section II. Personal Data Processing, point 5) Rights concerning Personal Data.
4. Changes to the Privacy Policy
The Privacy Policy is continuously reviewed and updated as necessary.