Privacy Policy

The protection of your privacy is particularly important to us. For this reason, the Users of the www.kopromed.com.pl website (hereinafter referred to as the Online Store) are guaranteed the highest standards of privacy protection. Kopromed Spółka z Ograniczoną Odpowiedzialnością, as the administrator of personal data, takes care of the security of personal data provided by the Users.

Taking into account the above and in view of the requirements introduced by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L.2016.119.1 of 2016.05.04) (hereinafter referred to as GDPR) in order to ensure that the Kopromed Spółka z Ograniczoną Odpowiedzialnością has adopted this Privacy Policy.

This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users in connection with their use of the Online Store and other related websites, communications and services.

A User is any data subject who uses the Online Shop and other related websites, communications and services. (hereinafter referred to as the User).

The administrator of personal data collected in the Online Store is Kopromed Spółka z Ograniczoną Odpowiedzialnością, Kazimierza Wielkiego 4, 44-100 Gliwice, NIP: 6312627290, REGON: 241872242 (hereinafter referred to as the Administrator).

To the extent necessary to perform the agreement concluded by the User with the Administrator, as well as to the extent necessary for the Administrator to take action at the request of the User and to the extent necessary to comply with the legal obligation incumbent on the Administrator - the processing of the User's personal data takes place on the basis of the law, i.e. Article 6(1)(b) and (c) of the GDPR, without the need for the User to consent to the processing of their personal data. In the remaining scope, providing personal data by the User is voluntary. However, to the extent that the consent to the processing of the User's personal data has been given by the User only for marketing purposes, providing the User's personal data is voluntary, but the refusal to give consent or withdrawal of consent will prevent the Administrator from informing the User about new offers and discounts.

I. YOUR CONSENT

The use of the Online Store by the User means the User's acceptance that the Administrator collects, uses and shares non-personal and personal data in accordance with this Privacy Policy. However, the User has control over the manner in which their data is used and shared, which is described in detail in Section V of this Privacy Policy "User Rights".

In the case of processing personal data based on the User's consent, the User has the right to withdraw the previously given consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The Administrator informs the User about the possibility of withdrawing consent before the User gives consent.

In the event that this Privacy Policy is changed and the User continues to use the Online Store, this action is considered as consent to the current terms of the Privacy Policy.

II. PERSONAL DATA PROCESSED BY THE CONTROLLER

1. How we collect personal data
   
   1. Personal data obtained directly from the User The Administrator obtains personal data in two ways. The first way is to obtain personal data directly from the User, by:
      • sending a message by the User thanks to the contact form available in the Online Store,
      • creation of a customer account in the Online Store by the User,
      • placing an order for goods or services in the Online Store,
      • contact the Administrator for technical support, complaint or for any other purpose.
   2. Personal data obtained from other sources
      The Administrator also obtains personal data from sources other than directly from the User, i.e:p oby registering the User's use of the Online Store via cookies and other technologies and receiving error reports or usage data from the software running on the User's device,
      
      • from partners with whom the Administrator offers goods and services or conducts joint marketing activities.
2. Personal data processed by the Controller
   The scope of personal data collected by the Controller concerning Users may vary depending on the purpose of personal data processing.
   The Administrator collects, among m.in, the following personal and non-personal data:
   
   • Login name,
   • Name and surname / name of the company / name and surname of the entrepreneur or names and surnames of entrepreneurs operating in the form of a civil partnership,
   • Mailing address,
   • Phone number,
   • E-mail address,
   • TIN,
   • REGON,
   • IP address of the computer,
   • Payment data if the User makes a purchase in the Online Shop.
   • Information contained in Cookies and similar technologies regarding the User's interaction with the Administrator's Online Store.

In addition, the Administrator collects data on the content of the User's files and messages, when it is required to complete the placed order, provide the customer account service, including collecting: the subject and content of the e-mail, the text or other content of the instant message, the audio and film recording of the video message, the audio recording and transcription of the voice message received by the User or the text message dictated by the User.

The Administrator also collects information provided by the User, including opinions and ratings of goods and services and information provided for the purpose of obtaining technical support. In addition, in the case of making contact, the Administrator collects the content of the message.

III. METHOD OF DATA PROCESSING – PURPOSES OF PERSONAL DATA PROCESSING BY THE ADMINISTRATOR

The manner in which the Administrator processes personal data concerning the User depends on the scope of the User's use of the Online Store.

1. Orders, customer account (performance of the contract)
   If the User decides to place an order for goods or services presented in the Online Store, the Administrator will process the User's personal data to the extent necessary to conclude a sales contract or a contract for the provision of services and to ensure proper performance of the contract concluded with the User. If the User creates a customer account in the Online Store, the Administrator uses the User's personal data for the purpose of proper performance of the contract for the provision of electronic services, including authentication and authorization of the User's access to the customer account.
2. Communication (performance of the contract, legitimate purpose pursued by the Administrator)
   The Administrator uses the User's personal data in order to communicate with them in a personalized way. This communication consists in sending e-mails, placing notifications on websites and other means within the Online Store and the customer account service provided, including text messages and push notifications. The content communicated to the User concerns the goods and services offered, i.e. the availability of services and the manner of using them, personal data security, network updates, reminders, but also suggested offers of the Administrator. Personal data is used to help the User, solve problems and respond to their complaints. The Administrator also uses the User's personal data to enable them to comment on the Administrator's activities, Online Store, services and goods.
3. Advertising (consent, legitimate purpose pursued by the Administrator)
   The Administrator uses the User's personal data in order to offer him advertisements tailored to him, if the User has consented to such activities or in the event of a business relationship between the Administrator and the User. These advertisements concern both the offers of the Administrator and entities cooperating with him. The advertisements presented to the User are individually tailored to each User (the so-called "profiling") by using:
   
   • data provided directly by the User,
   • data collected when the User uses the Online Store,
   • information provided by third parties,
   • data from advertising technologies, such as cookies,
   • web beacons, pixels, ad tags, and mobile identifiers.
   The Administrator does not make the User's personal data available to advertisers who are third parties or advertising networks without the User's consent. However, if the User clicks on the advertisement displayed to him, the advertiser will be informed about it.
4. Improvement of the Online Shop (legitimate interest of the Controller)
   The Controller uses the User's personal data in the scope of conducting analytical and statistical activities in order to constantly improve the Online Shop, the goods and services offered by the Controller, provide better solutions, add new functions and possibilities. Personal data concerning the Users are also used by the Administrator in the field of market research, public opinion polls and economic analysis in order to constantly improve the Online Store.
5. Security (legitimate interest of the Administrator)
   The Administrator uses the User's personal data to monitor, prevent, detect and combat fraud and abuse, to protect other Users against such abuses and to ensure network and information security. In the event that there is a reasonable suspicion of a criminal offence, we will use your personal data to investigate the probable commission of a crime or other breach of this Privacy Policy by undesirable parties.
6. Pursuing claims (legitimate interest of the Administrator)
   In the event that the User decides to use the Online Store, in particular by creating a customer account, placing an order for goods or services through it, the Administrator may process the User's personal data to the extent necessary to pursue possible claims on account of the conducted business activity, as well as to analyze potential violations of the rules of use of the An online store.
7. Tax documentation (fulfilment of statutory obligation)
   If the User places an order for goods or services via the Online Shop, the Administrator will process the User's personal data to the extent necessary to keep tax documentation and settlements for executed orders.

IV. PROVISION OF PERSONAL DATA BY THE ADMINISTRATOR

Your personal data is or may be transferred to the following categories of recipients:

1. entities providing certain services in the sales process, i.e. courier / postal service providers, payment institutions intermediating in making payments by Users for orders for goods or services;
2. providers of advertising or marketing services, in the case of achieving the objective of direct marketing of the Controller's own services;
3. providers of legal and advisory services and supporting the Administrator in pursuing due claims (in particular law firms, debt collection companies);
4. entities processing personal data at the request of the Administrator, e.g. providers of technical services operating the technical infrastructure needed to run the Online Store;
5. entities authorized to obtain data on the basis of applicable law, e.g. courts or law enforcement authorities, when they make a request based on an appropriate legal basis.

V. YOUR RIGHTS

You have the right to choose about your personal data by making choices regarding the disclosure of particular personal data, including your choice of privacy settings. However, in such a situation, the User must be aware that he will not be able to fully use some of the functionalities of the Online Shop or services offered by the Administrator.

If the User wishes to exercise their rights as a personal data subject, they may contact the Administrator via an e-mail sent to kopromed@kopromed.com.pl Some of the rights as a personal data subject may be exercised by the User through the customer account in the Online Store.

1. Right of access to data
   The User is entitled to obtain confirmation from the Administrator as to whether their personal data is being processed, and if this is the case - they are entitled to obtain access to information on the details of the processing of their data, including in particular information on the purpose of the processing and the categories of data processed.
   You also have the right to request a copy of the personal data undergoing processing.
2. Right to rectification
   The User has the right to rectify personal data that is incorrect. He has the right to demand the replacement, supplementation or removal of errors, defects and misleading information in the entire data set that concerns him.
   The subject of supplementation may not be personal data that are incorrect, i.e. the User may not request the replacement or supplementation of existing data with incorrect data. If the personal data processed is incomplete, the User may provide an additional statement to supplement it. It is permissible to present such a statement in any form, also by electronic means.
3. Right to erasure (right to be forgotten)
   You have the right to request the erasure of your personal data if one of the following circumstances applies:
   
   1. the User's personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   2. You have withdrawn your consent on which the processing is based and there is no other legal basis for the processing;
   3. You object to the processing of personal data concerning you;
   4. the personal data has been unlawfully processed;
   5. the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the Controller is subject;
   6. The personal data has been collected in connection with the provision of information society services.
   The User has the right to be forgotten only if the right to delete personal data is exercised and only in a situation where the personal data concerning him or her have been made public by the Administrator.
4. Right to restriction of processing
   You have the right to restrict the processing of your personal data in the following cases:
   
   1. The User questions the correctness of the personal data – for a period allowing the Administrator to verify the correctness of this data;
   2. the processing is unlawful and the User opposes the erasure of the personal data, requesting instead the restriction of their use;
   3. The Administrator no longer needs the User's personal data for the purposes of processing, but they are needed by the User to establish, pursue or defend claims;
   4. The User has objected to the processing - until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for the User's objection.
   In the case of restriction of processing, the Administrator may process personal data, except for storage, only:
   
   1. with the consent of the User, or
   2. for the establishment, exercise or defence of legal claims, or
   3. protection of the rights of another natural or legal person, or
   4. reasons of public interest of the Union or of a Member State.
5. Right to data portability
   The User has the right to receive in a structured, commonly used format, the personal data concerning him/her, which he/she has provided to the Controller, and has the right to send this data to another controller.
   The User also has the right to request that their personal data be sent by the Administrator directly to another administrator, if it is technically possible.
6. Right to object
   The User has the right to object, on grounds relating to their particular situation, to the processing of their personal data at any time:
   
   1. in the public interest, in the exercise of public authority vested in the Controller,
   2. to processing for direct marketing purposes, including profiling, insofar as it is related to this direct marketing,
   3. for the legitimate purpose of the Administrator.
   The objection procedure and all communication are free of charge, and it is also possible to file an objection electronically.
7. Right to lodge a complaint
   The User has the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of his habitual residence, his place of work or the place of the alleged infringement.

VI. COOKIES AND OTHER TECHNOLOGIES USED BY THE CONTROLLER

The Controller uses cookies and other similar technologies to ensure optimal service of the User's visit to the Online Shop, to enable faster and easier access to information and to offer Users more and more perfect functionalities of the Online Shop, as well as for marketing and remarketing purposes (including the necessary analytical activities and compilation into marketing profiles based on the User's activity on individual subpages of the Shop Internet Network). Cookies are pieces of code that are text files corresponding to HTTP queries directed to the Administrator's server. The Online Store also uses other available technologies that allow for saving information in the browser in appropriate data stores (Session Storage, Local Storage), and are also placed in fragments of codes of analytical tools provided by other providers, which enable saving cookies in the domains of these services. The stored information or accessing it does not cause configuration changes in the User's device and the software installed on it. The information contained in cookies and similar technologies is considered personal data only in connection with other personal data available about a given User. If the User does not agree to save and receive information in cookies or similar technologies, they can change the rules regarding cookies using the settings of their web browser or using the so-called opt-out option on the website of the provider of a given technological solution. Detailed information on the technologies used by the Administrator is available in the Cookies Policy.

VII. OTHER IMPORTANT INFORMATION

1. Protection of the security of personal data
   The Administrator implements various measures to ensure the security of the User's personal data. Safe use of the services offered is ensured by the systems and procedures in place to protect against access and disclosure of data to unauthorised persons. In addition, the systems and procedures used by the Administrator are regularly monitored in order to detect possible threats. The personal data obtained by the Administrator are stored in computer systems, access to which is strictly limited.
2. Storage of personal data
   The period of storage of Users' personal data may vary due to the fact that different purposes of data processing may be specified in relation to the personal data of different Users.
   The Administrator stores personal data for such period as is necessary to achieve specific purposes, i.e.:
   
   1. in the case of analytical and statistical purposes – for the period necessary to achieve the objectives related to the effective functioning and development of the Online Store;
   2. in the case of execution of orders, provision of services to the User – for the duration of the agreement and the period of limitation of claims;
   3. for the period required by law in relation to the purpose of keeping tax documentation and settlements under executed contracts;
   4. in the case of personal data processing for marketing purposes – for the duration of the business relationship with the User, unless the User objects to the processing for these purposes beforehand;
   In each of the above cases, after the expiry of the necessary period of processing, the data may be processed only to secure the pursuit of claims or defence against them, and after this time only in the case and to the extent required by law. Users' personal data are stored in the Administrator's database, in which technical and organizational measures have been applied to ensure the protection of the processed data in accordance with the requirements set out in the applicable law. Only the Administrator has access to the database.
3. Changes to the Privacy Policy
   In order to update the information contained in this Privacy Policy and its compliance with applicable laws, this Privacy Policy may be changed. Along with the change in the content of the document, the date of its update, included at the beginning of this Privacy Policy, will be changed. However, the User will be notified of any significant change by means of information posted on the Online Store's website or directly. In order to obtain information on the method of personal data protection, the Administrator recommends the Users to regularly read these principles of the Privacy Policy.
4. Contact information
   In case of any doubts related to the issues of personal data protection or in order to obtain information regarding this Privacy Policy, the User may contact the Administrator via e-mail kopromed@kopromed.com.pl and by post to the following address: 4 Kazimierza Wielkiego Street, 44-100 Gliwice.