§ 1 General provisions

1. The Administrator of the personal data of the website users located under the domain www.medica-group.pl is MEDICA-GROUP SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (Limited liability company), with its registered office at 43/1 Mikołaja Reja Str., 76-200 Słupsk, entered in the National Register of Entrepreneurs kept by the District Court Gdańsk-Północ in Gdańsk, VIII Economic Department of the National Court Register under KRS number: 0000548311, NIP: 8393178436, REGON: 3610350590, share capital: PLN 5,000.00 paid in full (hereinafter: „Administrator").
    
2. You can contact the Administrator:
   • on our email address: sprzedaz@medica-group.pl,
   • in writing, to the Administrator's address: 43/1 Mikołaja Reja Str., 76-200 Słupsk.
      
3. The purpose of the Policy is to define the actions taken with regard to personal data collected using the Administrator website and related services and tools used by its users, as well as in the course of business activities of concluding and executing contracts not over the Internet. 
    
4. If necessary, the provisions of the present Policy may be changed. The users will be notified of changes by announcing the new content of the Policy, the individuals who have consented to the processing of data by e-mail or have provided e-mail details in the execution of contracts, will also be notified of the change by e-mail.

§ 2 Principles and grounds for processing, purposes and storage of personal data

1. Users personal data is processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act, the Personal Data Protection Act of 10.05.2018 and the Electronic Services Act of 18.07.2002.
    
2. In the case of processing of personal data on the basis of an e-mail or complaint sent by the user, such processing shall be performed on the basis of Article 6(1)(b) of the General Data Protection Regulation, according to which processing is necessary in order to take action at the request of the data subject.
    
3. If the user separate consent is obtained, his/her personal data may also be processed by the Administrator for marketing purposes, including directing commercial information electronically to the e-mail address indicated by the user (Article 6(1)(a) of the General Data Protection Regulation).
    
4. If the Administrator concludes and performs a sales or service agreement, the other party is required to provide the data necessary for the conclusion of the agreement (which is a contractual requirement and, in terms of tax numbers, also a statutory requirement), and for this purpose the Administrator processes personal data (Article 6 (1)(b) of the General Data Protection Regulation).
    
5. When conducting research and analysis to improve the performance of available services (e.g., tracking tools), Article 6(1)(f) of the General Data Protection Regulation is indicated as the basis for data processing.
    
6. Users personal data shall be kept for no longer than necessary to achieve the purpose of processing, i.e. until the withdrawal of consent if processing is based on such consent, until the statute of limitations for claims of the Administrator and the other party regarding the execution of concluded agreements (in the case of sales agreements/service agreements, 2 years, counting to the end of the year) and until the execution of an inquiry directed by e-mail or until the completion of the complaint processing process.
    
7. The Administrator may use profiling for direct marketing purposes, but decisions made on its basis by the Administrator do not relate to the conclusion or refusal of an agreement or the use of electronic services. Using customer profiles can help to tailor our experience to customer needs and result with: special discounts and discount codes. It can be an effective tool to: remind buyers of unfinished purchases, send a proposal for a product that may match a person's interests or preferences, or offer better terms compared to a standard offer. Though profiling might provide insights on customer needs it is the customer who decides whether to accept the discount received in this way, or better terms and make a purchase. Profiling involves the automatic analysis or prediction of a person's behavior on the Administrator site, e.g. by adding a specific product to a shopping cart, browsing a specific product page, or by analyzing an individual past activity history on the site. In order to perform such profiling the Administrator holds the personal data of the customer in question in order to be able to send him/her, e.g., a discount code.
    
8. Taking into account the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of different probability and severity, the Administrator shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with the Regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The Administrator uses technical measures to prevent unauthorized persons from obtaining and modifying, personal data sent electronically.

§ 3 Data sharing

1. The Administrator ensures that any personal information collected is used to fulfill obligations to users. This information will not be shared with third parties except in the following situations:
   1. the express consent of the subjects to such action is given beforehand, or
   2. if the obligation to provide such data arises or will arise under applicable law, such as to law enforcement agencies.
       
2. Additionally, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients:
   1. service providers who supply the Administrator with technical, IT and organizational solutions that enable the Administrator to conduct its business, including the website and the electronic services provided through it (in particular, computer software providers, marketing agencies, e-mail and hosting providers, software providers for managing the company and providing technical assistance to the Administrator and the product delivery operator) - the Administrator provides the collected Customer personal data to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a specified and explicit purpose of data processing in accordance with the present privacy policy.
   2. providers of accounting, legal and advisory services that provide accounting, legal or advisory support to the Administrator (in particular, an accounting company, law firm or debt collection company) - the Administrator shall make the collected Customer personal data available to the selected provider acting on its behalf only in the case and to the extent necessary to perform a specified purpose of data processing in accordance with the present privacy policy.
       
3. The Administrator may share anonymized data (i.e., data that does not identify specific Users) with third-party service providers in order to determine what makes advertisements and services more attractive to Users, and in this regard, due to the location of the software providers, data may be transferred - subject to the principles of their protection - to third countries, however, providing standard contractual provisions approved by the European Commission for the processing of personal data or having the appropriate authority to do so on the basis of bilateral data processing entrustment agreements between the European Union and the third country in question, while not being a member of the European Economic Area. The following entities that will process personal data on behalf of the Administrator:
   1. Google LLC. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyze website statistics, Google Tag manager: used to manage scripts by easily adding code snippets to a website or application and to track actions performed by users on a website, Google Ads used to display sponsored links in Google's search engine results and on collaborative sites within the Google AdSense program,
   2. Meta Platforms, Inc. (Headquarters: 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook pixel used to track conversions from Facebook ads, optimize them based on collected data and statistics, and build a targeted audience list for future ads.
       
4. The Administrator's website may use the Google Analytics features, the audience analysis service provided by Google, LLC. ("Google"). Google Analytics uses cookies to help website operators analyze how visitors use the site. The information generated by cookies about customer preferences is generally transmitted to and stored by Google on servers in the United States. According to current IT standards, the IP addresses of users visiting the Administrator site are shortened. Only in exceptional cases the complete IP address is sent to a Google server in the United States and shortened there. On behalf of the Administrator, Google will use this information to evaluate the website for its users, compile reports on website traffic and  provide other services related to website traffic and Internet usage to website operators. In such situation, Google will not combine the IP address transmitted within Google Analytics with any other data in its possession. For more information on how Google Analytics collects and uses data, please visit Google's official website at: www.google.com/policies/privacy/partners. Additionally, any User can prevent Google from collecting and processing data about their use of the website by downloading and installing a browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout.
    
5. When sharing data with third parties, the Administrator shall make every effort to ensure that this is done only with entities certified under the (former) EU-US and Switzerland-US Privacy Shield programs, which are available at www.privacyshield.gov. Such entities, when handling information originating in the European Economic Area (EEA), shall do so in accordance with the Privacy Shield program's Accountability for Onward Transfer principle. Where applicable, the Administrator will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union on July 16, 2020 with regard to the EU-US Privacy Shield and the European Data Protection Board guidelines, the Administrator continues to assess the legal regime of the countries to which data is transferred and, where necessary, updates measures to ensure adequate levels of protection.

§ 4 User rights

1. The user whose personal data is processed has the right to:
   1. access, rectification, restriction, erasure or portability - the data subject has the right to request from the Controller access to his/her personal data, rectification, erasure ("right to be forgotten") or restriction of processing, and has the right to object to processing, and has the right to portability of his/her data. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the GDPR Regulation.
   2. revoke consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the RODO Regulation), then he/she has the right to revoke consent at any time without affecting the legality of the processing performed on the basis of consent before its revocation.
   3. lodge a complaint to a supervisory authority - a person whose data is processed by the Administrator has the right to lodge a complaint to a supervisory authority in the manner and mode specified in the provisions of the RODO Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection in Warsaw.
   4. objection - the data subject has the right to object at any time - for reasons related to his or her particular situation - to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the administrator), including profiling under these provisions. In such case, the administrator shall no longer be allowed to process such personal data, unless the administrator demonstrates the existence of compelling legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.
   5. objection to direct marketing - if personal data is processed for the purposes of direct marketing (based on the legitimate interest of the Administrator, not on the basis of the data subject's consent), the data subject has the right to object at any time to the processing of personal data concerning him or her for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
       
2. The exercise of the above rights is carried out on the basis of the user request sent to the e-mail address sprzedaz@medica-group.pl. Such request should include the name of the user.
    
3. The user ensures that the data provided or published by him on the site is correct.

§ 5 Cookie Files

1. Cookies are pieces of IT data, in particular text files, stored on the users' terminal equipment (usually on the computer's hard drive or mobile device) for the purpose of saving certain settings and data by the user's browser in order to use the websites. These files allow to identify the user device, ensure efficient navigation between websites and improve overall comfort of using the website. With cookies, sites can keep you signed in and remember your site preferences - such as visits, clicks, and any previous actions.
    
2. „Cookies” include, in particular, the domain name of the website from which they originate, the time they are stored on the end device and a unique number used to identify the browser used to connect to the website.
    
3. „Cookies” are used for:
   1. adapting the content of the websites to your preferences and optimizing the use of the websites,
   2. creating anonymous statistics, which by helping to determine how the user uses the websites enable improvement of their structure and content,
   3. providing site users with advertising content tailored to their interests.
      "Cookies" are not used to identify the user, and on the basis of them his identity is not established.
       
4. There are different types of Internet cookies:
   1. Strictly necessary cookies - are absolutely necessary for the proper  website performance or the functionality you wish to use, without them we could not provide many of the services we offer. Some of them also ensure the security of the services we provide electronically.
   2. Functional cookies - are important for the website performance:
      • are mostly used to enhance the performance of a website; as without them, the website will work properly, but it will not be adjusted to the user preferences,
      • improve high level of website functionality; without these, the website functionality level may decrease and certain functions may not be available,
      • are necessary for correct functioning of websites, if you block cookies some features of the site may not work as intended.
   3. Business cookies - enable the implementation of the business model on the basis of which the website is provided; blocking them will not result in the unavailability of site functionality, but some features of the site may not work as intended, due to the website owner inability to realize revenue subsidizing its operation. This category includes, e.g., advertising "cookies".
   4. Website configuration cookies - allow to set up features and services on websites.
   5. Cookies for websites security and reliability - allow to verify authenticity and optimization of website performance.
   6. Authentication cookies - allow to inform when the user is logged in, so that the website can show relevant information and functions, cookies are used to perform cookie-based authentication to maintain the session for each user.
   7. Session cookies- are used to recognize the user when he/she moves from page to page within a website and to remember any information the user has entered. They are vital for websites to perform their actions.
   8. Session management cookies - optimize website performance and improve browsing experience.
   9. Advertising cookies - help attract customers with targeted ads and can be shared with other advertisers so that the performance of such ads can be monitored and measured; they help tailor content to the target audience and personalize user experience online and display better-targeted ads.
   10. Location cookies - allow to tailor the information displayed to user location.
   11. Analysis, research or audience auditing cookies -  enables the website owner to understand the customers preferences and, through analysis, improve and develop products and services. Anonymized data are collected and processed by the website owner or research company.
   12. Harmless cookies - are vital for a website to function properly, while others ensure additional features of websites are accessible, they do not track the users.
   13. Tracking cookies - collect data about the user, they do not include information that allows (without other data) to identify a specific user.
        
5. Cookies let website owners collect data for analytical purposes, remember user settings, and provide other functions that help to boost the customer browsing experience, however cookies are not designed to identify the user.  Although this information may sometimes have the character of personal data and enable certain behaviors across different sessions to a specific user. Personal data collected using cookies may be collected only for the purpose of performing certain functions for customers. Personal data is encrypted to prevent unauthorized access.
    
6. Cookies used by this website are not harmful either to the user or to the terminal device used by the user, so it is not recommended to disable cookies in browsers since many websites will not function properly. Web browsing software (web browser) usually by default allows to store cookies and similar technologies in the user end device. The User can manage cookies and change browser settings. To change the settings, check the browser subpages for instructions.
    
7. Cookies are also used to facilitate logging into a user account, using social media, and to enable switching between subpages on websites without having to log back into each subpage. Cookies are also used to secure websites, e.g. preventing unauthorized access.
    
8. The Administrator may use Internet log files (which contain technical data such as your IP address) to monitor traffic on its services, troubleshoot technical problems, detect and prevent fraud, and enforce the User Agreement.
    
9. The Administrator hereby informs you that the Site does not respond to Do Not Track (DNT) signals; however, you may disable certain forms of online tracking, including certain analytics and personalized advertising, by changing the cookie settings on your browser or using our cookie consent tools (if applicable).
    
10. Detailed information on how to change the settings for cookies and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the link):
    1. in Chrome browser
    2. in Firefox browser
    3. in Opera browser
    4. in Safari browser
    5. in  Microsoft Edge browser
        
11. For details on how to manage cookies on your cell phone or other mobile device, please refer to the user manual for your mobile device.