Privacy and Cookies Policy
1. GENERAL PROVISIONS
- The Controller of personal data collected through the Website is Maciej Kuźmiński, pursuing business activity under the name EMA SZKOLENIA MACIEJ KUŹMIŃSKI/NZOZ STOMATOLOGIA RODZINNA MONIKA I MACIEJ KUŹMIŃSCY entered into the Central Registration and Information on Business of the Republic of Poland, maintained by the minister responsible for the economy, having: the business address and address for service: ul. Szyszkowa 60, 95-020 Kraszew, Poland, Polish tax identification number NIP: 7271151890, Polish business identification number REGON: 471110086 and email address: email@example.com – hereinafter referred to as the "Controller" and who is also a Service Provider on the Website.
- Personal data on the Website are processed by the Controller in accordance with the applicable legal provisions, in particular, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as "GDPR" or "GDPR Regulation". The official text of the GDPR Regulation: https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
- The Controller shall exercise due care in order to protect the interests of persons whose personal data are processed by him, and in particular he shall be responsible for and ensure that the data collected by him are: (1) processed lawfully; (2) collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; (3) substantively correct and adequate in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of processing; and (5) processed in a way which ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures.
- Having regard for the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the GDPR Regulation and shall be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Controller uses technical measures to prevent unauthorised persons from obtaining and modifying personal data sent electronically.
2. GROUNDS FOR DATA PROCESSING
- The Controller is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given their consent to the processing of their personal data for one or more specified purposes; (2) the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; (3) the processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) the processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
3. PURPOSE, BASIS AND DURATION OF DATA PROCESSING BY THE WEBSITE
- Each time, the purpose, basis and duration, as well as recipients of the personal data processed by the Controller, result from the actions taken by a given User on the Website.
- The Controller may process personal data on the Website for the following purposes, on the following grounds and for the following duration:
Purpose of data processing Legal basis for data processing Duration of data storage Performance of a Service Contract, other contract or taking action at the request of the data subject prior to entering into a contract Article 6(1)(b) of the GDPR Regulation (performance of a contract) (b) – the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract Data shall be stored for the duration necessary for the performance, termination or otherwise expiry of the contract entered into. Providing a response to an enquiry sent to the Controller Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is necessary for the purposes arising from the legitimate interests of the Controller – consisting of the necessity to know the content of the enquiry sent by the data subject via the contact form available on the Website, and then, if necessary, respond to that enquiry The data shall be stored for the time necessary for the Controller to examine the content of the data subject’s enquiry and respond to it, but no longer than for the duration of the legitimate interest pursued by the Controller in relation to the information contained in the enquiry. Direct marketing Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is necessary for the purposes arising from the legitimate interests of the Controller – consisting in ensuring the interests and good image of the Controller, their Website and striving to sell services The data shall be stored for the duration of the legitimate interests pursued by the Controller, however, no longer than the statute of limitation of the Controller’s claims against the data subject on account of the Controller’s economic activity. The statute of limitation shall be determined by the provisions of law, in particular, of the Civil Code (the basic statute of limitation for claims related to business activities is three years).
The Controller may not process data for direct marketing purposes in the event of an effective objection by the data subject.
Running the Newsletter Article 6(1)(a) of the GDPR Regulation (consent) – the data subject has consented to the processing of their personal data for marketing purposes by the Controller The data shall be stored until the data subject withdraws their consent to further processing of their data for this purpose. Bookkeeping Article 6(1)(c) of the GDPR Regulation in conjunction with Article 86 § 1 of the Tax Ordinance, i.e. of 17 January 2017 (Journal of Laws of 2017, item 201 as amended) – processing is necessary for the fulfilment of a legal obligation incumbent on the Controller The data are stored for the period required by legal regulations ordering the Controller to keep tax books (until the expiry of the statute of limitation of tax liability, unless tax acts provide otherwise). Establishing, pursuing or defending claims that the Controller may raise or that may be raised against the Controller Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is necessary for the purposes arising from the legitimate interests of the Controller – consisting in determination, assertion or defence of claims which may be raised by the Controller or which may be raised against the Controller The data shall be stored for the duration of the Controller’s legitimate interest, however not longer than the statute of limitation of claims that may be raised against the Controller (the basic statute of limitation for claims against the Controller is six years). Using the Website and ensuring its proper functioning Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is necessary for the purposes arising from the legitimate interests of the Controller – consisting of running and maintaining the Website The data shall be stored for the duration of the legitimate interests pursued by the Controller, however, no longer than the statute of limitation of the Controller’s claims against the data subject on account of the Controller’s economic activity. The statute of limitation shall be determined by the provisions of law, in particular of the Civil Code (the basic statute of limitation for claims related to business activities is three years). Keeping statistics and analysing traffic on the Website Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is necessary for the purposes arising from the legitimate interests of the Controller – consisting of statistics and website traffic analysis in order to improve the functioning of the website and increase the range of provided services The data shall be stored for the duration of the legitimate interests pursued by the Controller; however, no longer than the statute of limitation of the Controller’s claims against the data subject on account of the Controller’s economic activity. The statute of limitation shall be determined by the provisions of law, in particular, of the Civil Code (the basic statute of limitation for claims related to business activities is three years).
4. RECIPIENTS OF DATA ON THE WEBSITE
- For the proper functioning of the Website, including the proper provision of Electronic Services by the Controller, it is necessary for the Controller to use the services of external entities (such as software providers, payment processors). The Controller shall only use the services of such processors who provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
- Personal data of the Website’s Users may be transferred to the following recipients or categories of recipients:
- entities processing electronic or credit card payments - in the case of a User who uses the electronic or credit card payment method on the Website, the Controller shall make the collected personal data of the User available to a selected entity processing the above payments on the Website at the request of the Controller to the extent necessary to process the payment made by the User.
5. PROFILING ON THE WEBSITE
- The Controller may use profiling on the Website for direct marketing purposes, but the decisions taken on its basis by the Controller do not concern the conclusion or refusal of the Service Contract or the possibility of using Electronic Services on the Website. The effect of using profiling on the Website may be, for example, reminding the User about unfinished actions on the Website, sending them a discount or a service proposal that may suit their interests or preferences, or offering better conditions in comparison with the standard offer of the Website. Despite the profiling, it is up to the individual User to decide whether they wish to use, for example, an offer or discount received in this manner.
- Profiling on the Website consists in the automatic analysis or forecast of a given person’s behaviour on the Website, or through the analysis of previous purchases or history of activities undertaken on the Website. The condition for such profiling is for the Controller to have the personal data of the data subject in order to be able to subsequently send him or her, for example, a discount code or an offer.
- The data subject shall have the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning that person or significantly affects him or her in a similar manner.
6. RIGHTS OF THE DATA SUBJECT
- Right of access, rectification, restriction, erasure or transfer – the data subject shall have the right to request from the Controller access to their personal data, their rectification, erasure ("right to be forgotten") or restriction of processing and shall have the right to object to the processing, as well as the right to transfer their data. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the GDPR Regulation.
- Right to withdraw consent at any time – the person whose data are processed by the Controller on the basis of expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation) has the right to withdraw consent at any time without affecting the legality of the processing performed on the basis of consent before its withdrawal.
- Right to lodge a complaint to the supervisory authority – the person whose data are processed by the Controller has the right to lodge a complaint to the supervisory authority in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular, the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
- Right to object – the data subject shall have the right to object at any time – on grounds relating to their particular situation – to the processing of personal data concerning them based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. The Controller shall in that case no longer be permitted to process such personal data unless the Controller demonstrates important legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
- Right to object to direct marketing – where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling, insofar as the processing is related to such direct marketing.
7.COOKIES ON THE WEBSITE
- Cookies are small information in the form of text files sent by a server and stored on the side of a person visiting the Website (e.g. on the hard disk of a computer, laptop or smartphone memory card – depending on the device used by the visitor of the Website). Detailed information on cookies, as well as the history of their creation, can be found here: https://pl.wikipedia.org/wiki/HTTP_cookie.
- Cookies that may be sent by the Website can be divided into different types, according to the following criteria:
Based on their provider:
1) own (created by the Controller’s website) and
2) owned by third parties (other than the Controller)
Based on the duration of their storage on the device of the person visiting the Website:
1) session (stored until logout or leaving the Website or switching off the web browser) and
2) permanent (stored for a specified period of time, defined by the parameters of each file or until manual removal)
Based on the purpose of their use:
1) necessary (enabling the proper functioning of the Website),
2) functional/preferential (enabling adjustment of the Website to the visitor’s preferences)
3) analytical and efficiency (gathering information on the manner of using the Website)
4) marketing, advertising and social networking (gathering information about the person visiting the Website in order to display personalised advertising to that person and to conduct other marketing activities, including on websites separate from the Website, such as social networking sites)
- The Controller may process data contained in Cookies when visitors use the Website for the following specific purposes:
- identifying Clients as logged in to the Website and showing that they are logged in (essential cookies)
- remembering data from completed forms, surveys or login data to the Website (essential and/or functional/preferential cookies)
- remembering Training Services added to the electronic shopping cart in order to place an Order (essential cookies)
- adapting the content of the Website to the individual preferences of the User (e.g. as regards colours, font size, page layout) and optimising the use of the Website (functional/preferential Cookies)
- conducting anonymous statistics presenting the manner of use of the Website (analytical and efficiency cookies)
- Checking in the most popular web browsers which Cookies (including the duration of Cookies and their provider) are sent at a given moment by the Website is possible in the following way:
- In Chrome: (1) in the address bar, click on the padlock icon on the left, (2) go to the "Cookies" tab.
- In Firefox: (1) in the address bar, click on the shield icon on the left, (2) go to the "Allowed" or "Blocked" tab, (3) click on the box "Tracking cookies between sites", "Social media tracking elements" or "Content with tracking elements"
- In Internet Explorer: (1) click the "Tools" menu, (2) go to the "Internet Options" tab, (3) go to the "General" tab, (4) go to the "Settings" tab, (5) click the "View Files" box
- In Opera:(1) in the address bar, click on the padlock icon on the left, (2) go to the "Cookies" tab.
- In Safari:(1) click on the "Preferences" menu, (2) go to the "Privacy" tab, (3) click on the "Manage site data" box
- Irrespective of the browser, using the tools available on the website, for example: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/
- The Controller may use Google Analytics and Universal Analytics services on the Website provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller keep statistics and analyse traffic on the Website. The data collected are processed as part of the above services to generate statistics that help administer the Website and analyse traffic on the Website. The data are of an aggregate nature. The Controller, using the above services on the Website, collects such data as the sources and medium of obtaining visitors to the Website and their behaviour on the Website, information on the devices and browsers from which they visit the Website, IP and domain, geographical data and demographic data (age, gender) and interests.
- It is possible for a person to easily block the release of information to Google Analytics about their activities on the Website – for this purpose, it is possible, for example, to install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
8. FINAL PROVISIONS